[jira] [Created] (KUDU-3522) A tablet server starts in non-functional state when enabling data-at-rest encryption

Wed, 01 Nov 2023 17:56:08 -0700 

Alexey Serbin created KUDU-3522:
-----------------------------------

             Summary: A tablet server starts in non-functional state when 
enabling data-at-rest encryption
                 Key: KUDU-3522
                 URL: https://issues.apache.org/jira/browse/KUDU-3522
             Project: Kudu
          Issue Type: Bug
          Components: security, tserver
    Affects Versions: 1.17.0, 1.16.0
            Reporter: Alexey Serbin


It's possible to configure a Kudu tablet server by enabling the data-at-rest 
encryption feature in such a way that the server runs in a non-functional 
state: {{kudu-tserver}} process starts and runs with no visible issues, but 
it's not able to host any tablet replicas.

It's easy to fix/address the issue by adding an extra sanity check: when 
opening an already existing FS data directory structure, make sure the server 
encryption key isn't empty if Kudu server is run with the 
{{\-\-encrypt_data_at_rest}} flag.  There might be more alternatives around.

The reproduction scenario for the issue is below.

# Start a tablet server without encryption-at-rest, making sure the tablet 
server starts and creates the directory structure on the file system.
 # Don't create any tables/ranges yet. Essentially, it's necessary to make sure 
not a single tablet replica is placed at the server yet.
 # Shut down the tablet server.
 # Update the configuration for the tablet server, enabling encryption-at-rest 
and specifying the key provider. For test purposes, it's enough to use the 
"default" key provider:
 {noformat}
--encrypt_data_at_rest=true
--encryption_key_provider=default
{noformat}
 # Start the tablet server.
 # Try to create a new tablet replica that would be placed at the tablet 
server.  That could be creation of a new table, or try to move a tablet replica 
from some other tablet server by using the {{kudu tablet change_config 
move_replica}} CLI tool.
 # Check logs of Kudu master or the {{kudu}} CLI tool: there should be error 
messages like {{Failed to initialize encryption: error:0607B083:digital 
envelope routines:EVP_CipherInit_ex:no cipher set}}
# No tablet replica can now be placed at the tablet server, while nothing 
suspicious can be found in the tablet server's log.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to