...
This procedure usesitsownthread pool.
Thread pool configured in IgniteConfiguration.
For each partition file.
The file is read page by page (blocked by IGNITE-11998?).
For each page (following steps executed by manythreadsusinga producer-consumer pattern):
Page islocked from write operation into regular Ignite Durable Memory.
Page isread (from file) into memory. Note, this processdoesn't use regularoff-heapIgnite pages.
Page decrypted withthe previous key.
Page encrypted withthe new key.
Page is written intoa file.
Page id is added tothe re-encryptedpages set(Bloom filter as it has constant size).
Page is unlocked.
Progress ofre-encryptionis saved to WAL for failover after each X pages processed. X is configured in IgniteConfiguration.
Сompletion of partition re-encryption is accompanied by adding a WAL entry
Process state: FINISHED.
Motivation:
Memory footprint [Thread count]*[page size]
Minor affect on regular data operations.
It doesn'tdisplace hot pages from RAM duringthe file scan process.
Duringthe re-encryptionprocess page may be encrypted withthe previous key OR with the new one.
To decrypt page we have to do the following steps:
Block page fromre-encryption.
Check inre-encryptedpages set is this page processed(see «Pagesre-encryptionprocess description» #3.6)
If page not reencrypted yet we use old key for decryption.
If page reported as reencrypted(Bloom filter may be false positive) we:
Try to decrypt page with new key.
If fail we should try to use old key.
Unblock page from reencryption.
Ifthe node fails in the middle ofthe re-encryptionprocess we should resumethe re-encryptionprocess on node startup.
We should dothe following steps for started but not finished partition file:
Findthe last progress record in WAL.
Scan partition from the beginning to last progress record point and just add eache page to reencrypted pages set.
After it we have X pages that MAY BE reencrypted(and may be not). We should find fir not reencrypted page:
Trying to decrypt page with new key.
If fails then page is found.
We should continue reencryption process starting from it.
Administrator initiates process completion via interface by using “cache key removal” command.
Design assume, administrator will check that all nodes successfully change cache key and reencrypt all pages and all required nodes are alive.
Administrator initiates process via some kind of user interface(CLI, Visor, WebConsole, JMX, etc).
Message is sent by discovery.
Message should contain:
new cache key hash.
When server node processed message following actions are executed:
Received cache key hash compared with known cache key hash.
Previous cache key removed from MetaStore.