ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gautam Borad" <gbo...@gmail.com>
Subject Review Request 40747: RANGER-749 : Ranger KMS to support multiple KMS instances with keys across multiple clusters
Date Fri, 27 Nov 2015 11:07:42 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40747/
-----------------------------------------------------------

Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, Ramesh
Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.


Bugs: RANGER-749
    https://issues.apache.org/jira/browse/RANGER-749


Repository: ranger


Description
-------

Created a script for exporting Ranger KMS Keys to Keystore file so that it can be imported
into other Ranger KMS database and use the keys for copy file operation from one cluster to
another.


Diffs
-----

  kms/scripts/exportKeysToJCEKS.sh PRE-CREATION 
  kms/scripts/importJCEKSKeys.sh 9c2f9fb 
  kms/src/main/java/org/apache/hadoop/crypto/key/Ranger2JKSUtil.java PRE-CREATION 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java ff82f53 
  src/main/assembly/kms.xml 52ab5a0 

Diff: https://reviews.apache.org/r/40747/diff/


Testing
-------

Tested the following scenarios with multiple Ranger KMS: 

1. Each cluster is running a seperate KMS server instance and all are connected to same database.
   Tested creating keys, encryption zone and also the distcp command to copy file from one
encryption zone on one cluster to another encryption zone on another cluster.

2. Each cluster is running a seperate KMS server instance and all are connected to their own
database.
   Tested with export/import script.
   Tested creating keys, encryption zone and also the distcp command to copy file from one
encryption zone on one cluster to another encryption zone on another cluster.


Thanks,

Gautam Borad


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message