ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ankita Sinha <ankita.si...@freestoneinfotech.com>
Subject Review Request 44757: Add support for Hardware Security Modules (HSM) to Ranger
Date Mon, 14 Mar 2016 04:37:19 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44757/
-----------------------------------------------------------

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj,
Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.


Bugs: RANGER-868
    https://issues.apache.org/jira/browse/RANGER-868


Repository: ranger


Description
-------

** Problem Statement **
1. Ranger KMS needs to have a option of saving Master Key in HSM.
2. Ranger KMS need to support HSM HA.
3. Ranger KMS needs to have functionality of migrating Master Key to HSM from Ranger KMS DB
and vice versa.

** Proposed Solution **
1. To give option to Store Ranger KMS Master Key to either DB/HSM.
2. Create a new Provider in Ranger KMS to support HSM.
3. Develop Migration script for migrating Ranger KMS Master Key from HSM to Ranger KMS DB
and vice versa.


Diffs
-----

  kms/config/kms-webapp/dbks-site.xml edaff93 
  kms/scripts/DBMK2HSM.sh PRE-CREATION 
  kms/scripts/HSMMK2DB.sh PRE-CREATION 
  kms/scripts/install.properties cf5dd92 
  kms/scripts/setup.sh 0a825c7 
  kms/src/main/java/org/apache/hadoop/crypto/key/DB2HSMMKUtil.java PRE-CREATION 
  kms/src/main/java/org/apache/hadoop/crypto/key/HSM2DBMKUtil.java PRE-CREATION 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerHSM.java PRE-CREATION 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSMKI.java PRE-CREATION 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 23547a7 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 75a34b2 
  src/main/assembly/kms.xml e267687 

Diff: https://reviews.apache.org/r/44757/diff/


Testing
-------

** Testing Done **
1. Tested Ranger KMS with HSM enabled as well as disabled.
2. Tested Ranger KMS with HSM in secure environment.
3. Tested Ranger KMS in HSM HA mode.
4. Tested migration script for migrating Master Key from Ranger KMS DB to HSM.
5. Tested migration script for migrating Master Key from HSM to Ranger KMS DB.
6. Tested for all the Key operations (create, delete, rollover and list) through UI, CURL
and hadoop command.
7. Tested for Zone operations related operation.
8. Tested for Copying file from one Zone to another.


Thanks,

Ankita Sinha


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message