...
- A node creates the
ChangeMasterKeyMessage
message and sent it by discovery as a custom event. The goal is to verify that all nodes have the same master key.
- Initiating message should contain:
- New master key id.
- New master key hash.
- When server node processed message following actions are executed:
- It
checks that the cluster is active (WAL should be available for a write to correctly log changes and survive cluster restarts). Otherwise, error added to the message.- It obtain hash of new master key.
- Compares it with the one in message
- If it differs then error added to the message.
- Store locally master key id and hash.
- If on step1 there are some errors we log it and cancel process. Otherwise got to step3.
- The
ChangeMasterKeyFinishMessage
action message is sent by discovery as a custom event.- Action message sould contain:
- New master key id.
- New master key hash.
- When server node processed message following actions are executed:
- It checks that the cluster is active (WAL should be available for a write to correctly log changes and survive cluster restarts). Otherwise, error added to the message.
- Checks that master key id and hash is the same as it was taken from the first message. Otherwice, we log it and cancel process.
- Blocks creation of encrypted cache key.
- Reencrypt all cache group keys with new master key in a temporary datastructure. No changes in MetaStore.
- Create WAL logical record (
ChangeMasterKeyRecord
) that consist of:- New master key id
- Reenctyped cache group keys.
- Write cache group keys to
MetaStore
. - Unblock creation of encrypted cache key.
...
{"serverDuration": 146, "requestCorrelationId": "6f066b9753e8291f"}