Hello Alexey Serbin, Kudu Jenkins, Andrew Wong, Bankim Bhavsar,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/17974
to look at the new patch set (#5).
Change subject: [encryption] KUDU-3331 Encrypt file system
......................................................................
[encryption] KUDU-3331 Encrypt file system
de02a34 introduced encryption support to Env in a self-contained way,
but it's not used across Kudu.
This commit integrates this encryption support into the project and
modifies several test suites to also run tests with encryption enabled.
I also renamed "encrypted" to "is_sensitive" in *FileOption as a file
with this flag will be encrypted only if encryption is enabled for the
process.
When encryption is enabled, the following files are encrypted:
- WAL segments
- LBM blocks and metadata
- FBM blocks
- tablet and consensus metadata
Logs, rolling logs, instance and block manager instance files,
configuration files in integration tests are not encrypted.
As FileCache is not used to access instance files, it only supports
handling sensitive files and can't be used to access unencrypted files.
As the PBC CLI tool needs can be used to dump encrypted (metadata) and
unencrypted files (instance) as well, it needs to be able to determine
if a file is encrypted or not. As encryption headers are not yet
implemented, I introduced a hack which checks the file name and treats
the file as unencrypted if it ends with "instance" and encrypted
otherwise.
I ran some benchmarks to compare running Kudu with encryption enabled
and disabled:
$ KUDU_ALLOW_SLOW_TESTS=1 ./bin/log_block_manager-test
--gtest_filter="*StartupBenchmark*" 2>startup-bench.txt && grep "Time spent
reopening" startup-bench.txt
Note: Google Test filter = *StartupBenchmark*
[==========] Running 2 tests from 1 test suite.
[----------] Global test environment set-up.
[----------] 2 tests from EncryptionEnabled/LogBlockManagerTest
[ RUN ] EncryptionEnabled/LogBlockManagerTest.StartupBenchmark/0
[ OK ] EncryptionEnabled/LogBlockManagerTest.StartupBenchmark/0 (30192 ms)
[ RUN ] EncryptionEnabled/LogBlockManagerTest.StartupBenchmark/1
[ OK ] EncryptionEnabled/LogBlockManagerTest.StartupBenchmark/1 (147586
ms)
[----------] 2 tests from EncryptionEnabled/LogBlockManagerTest (177779 ms
total)
[----------] Global test environment tear-down
[==========] 2 tests from 1 test suite ran. (177779 ms total)
[ PASSED ] 2 tests.
I1103 17:40:00.268719 31598 log_block_manager-test.cc:1074] Time spent
reopening block manager: real 1.835s user 0.110s sys 0.041s
I1103 17:40:02.084342 31598 log_block_manager-test.cc:1074] Time spent
reopening block manager: real 1.816s user 0.142s sys 0.000s
I1103 17:40:04.027940 31598 log_block_manager-test.cc:1074] Time spent
reopening block manager: real 1.944s user 0.127s sys 0.051s
I1103 17:40:05.838649 31598 log_block_manager-test.cc:1074] Time spent
reopening block manager: real 1.811s user 0.147s sys 0.003s
I1103 17:40:07.780369 31598 log_block_manager-test.cc:1074] Time spent
reopening block manager: real 1.942s user 0.140s sys 0.054s
I1103 17:40:09.581300 31598 log_block_manager-test.cc:1074] Time spent
reopening block manager: real 1.801s user 0.156s sys 0.001s
I1103 17:40:11.495551 31598 log_block_manager-test.cc:1074] Time spent
reopening block manager: real 1.914s user 0.142s sys 0.057s
I1103 17:40:13.302351 31598 log_block_manager-test.cc:1074] Time spent
reopening block manager: real 1.807s user 0.147s sys 0.002s
I1103 17:40:15.189821 31598 log_block_manager-test.cc:1074] Time spent
reopening block manager: real 1.870s user 0.136s sys 0.046s
I1103 17:40:17.010360 31598 log_block_manager-test.cc:1074] Time spent
reopening block manager: real 1.820s user 0.135s sys 0.002s
I1103 17:40:31.574581 31598 log_block_manager-test.cc:1074] Time spent
reopening block manager: real 2.258s user 0.118s sys 0.001s
I1103 17:40:33.885696 31598 log_block_manager-test.cc:1074] Time spent
reopening block manager: real 2.311s user 0.133s sys 0.054s
I1103 17:40:36.116078 31598 log_block_manager-test.cc:1074] Time spent
reopening block manager: real 2.218s user 0.132s sys 0.015s
I1103 17:40:38.349752 31598 log_block_manager-test.cc:1074] Time spent
reopening block manager: real 2.234s user 0.125s sys 0.043s
I1103 17:40:40.558445 31598 log_block_manager-test.cc:1074] Time spent
reopening block manager: real 2.209s user 0.130s sys 0.001s
I1103 17:40:42.805191 31598 log_block_manager-test.cc:1074] Time spent
reopening block manager: real 2.247s user 0.131s sys 0.039s
I1103 17:40:44.995265 31598 log_block_manager-test.cc:1074] Time spent
reopening block manager: real 2.190s user 0.146s sys 0.000s
I1103 17:40:47.269686 31598 log_block_manager-test.cc:1074] Time spent
reopening block manager: real 2.274s user 0.137s sys 0.046s
I1103 17:40:49.522470 31598 log_block_manager-test.cc:1074] Time spent
reopening block manager: real 2.253s user 0.134s sys 0.000s
I1103 17:40:51.816761 31598 log_block_manager-test.cc:1074] Time spent
reopening block manager: real 2.294s user 0.128s sys 0.044s
$ ./bin/dense_node-itest -num_tablets=1000 -num_seconds=240 2>dense-node.txt |
grep "Time spent restarting tserver"
I1103 17:00:33.196427 14424 dense_node-itest.cc:226] Time spent restarting
tserver: real 74.861s user 0.044s sys 0.177s
I1103 17:06:01.772245 14424 dense_node-itest.cc:226] Time spent restarting
tserver: real 69.005s user 0.041s sys 0.156s
$ perf stat --log-fd 3 -r 10 ./bin/tablet_server-test
--gtest_filter=TabletServerTest.TestDeleteTabletBenchmark 3>&1 2>/dev/null
>/dev/null
Performance counter stats for './bin/tablet_server-test
--gtest_filter=TabletServerTest.TestDeleteTabletBenchmark' (10 runs):
968.79 msec task-clock:u # 1.102 CPUs utilized
( +- 0.27% )
0 context-switches:u # 0.000 K/sec
0 cpu-migrations:u # 0.000 K/sec
11,216 page-faults:u # 0.012 M/sec
( +- 0.14% )
1,192,386,602 cycles:u # 1.231 GHz
( +- 0.50% ) (83.24%)
1,042,831,264 stalled-cycles-frontend:u # 87.46% frontend cycles
idle ( +- 0.43% ) (83.26%)
858,989,227 stalled-cycles-backend:u # 72.04% backend cycles
idle ( +- 0.33% ) (66.55%)
1,360,615,269 instructions:u # 1.14 insn per cycle
# 0.77 stalled cycles per
insn ( +- 0.38% ) (83.13%)
291,921,003 branches:u # 301.326 M/sec
( +- 0.27% ) (83.50%)
8,332,352 branch-misses:u # 2.85% of all branches
( +- 0.24% ) (83.45%)
0.87885 +- 0.00573 seconds time elapsed ( +- 0.65% )
$ perf stat --log-fd 3 -r 10 ./bin/tablet_server-test
--gtest_filter=TabletServerTest.TestDeleteTabletBenchmark
--encrypt_data_at_rest 3>&1 2>/dev/null >/dev/null
Performance counter stats for './bin/tablet_server-test
--gtest_filter=TabletServerTest.TestDeleteTabletBenchmark
--encrypt_data_at_rest' (10 runs):
988.61 msec task-clock:u # 1.099 CPUs utilized
( +- 0.62% )
0 context-switches:u # 0.000 K/sec
0 cpu-migrations:u # 0.000 K/sec
11,229 page-faults:u # 0.011 M/sec
( +- 0.13% )
1,223,443,798 cycles:u # 1.238 GHz
( +- 0.58% ) (83.40%)
1,066,930,822 stalled-cycles-frontend:u # 87.21% frontend cycles
idle ( +- 0.53% ) (83.78%)
875,815,760 stalled-cycles-backend:u # 71.59% backend cycles
idle ( +- 0.45% ) (66.88%)
1,389,694,090 instructions:u # 1.14 insn per cycle
# 0.77 stalled cycles per
insn ( +- 0.38% ) (83.26%)
296,238,671 branches:u # 299.651 M/sec
( +- 0.33% ) (83.18%)
8,548,361 branch-misses:u # 2.89% of all branches
( +- 0.37% ) (82.77%)
0
Change-Id: I909d0c4af0c1fca0d14c99a6627842dbe2ed7524
---
M src/kudu/consensus/consensus_meta-test.cc
M src/kudu/consensus/consensus_meta.cc
M src/kudu/consensus/log.cc
M src/kudu/consensus/log_index.cc
M src/kudu/consensus/log_util.cc
M src/kudu/fs/block_manager-test.cc
M src/kudu/fs/dir_manager.cc
M src/kudu/fs/dir_util.cc
M src/kudu/fs/file_block_manager.cc
M src/kudu/fs/fs_manager-test.cc
M src/kudu/fs/fs_manager.cc
M src/kudu/fs/log_block_manager-test-util.cc
M src/kudu/fs/log_block_manager-test.cc
M src/kudu/fs/log_block_manager.cc
M src/kudu/integration-tests/dense_node-itest.cc
M src/kudu/integration-tests/mini_cluster_fs_inspector.cc
M src/kudu/integration-tests/raft_consensus-itest.cc
M src/kudu/integration-tests/security-itest.cc
M src/kudu/mini-cluster/external_mini_cluster.cc
M src/kudu/mini-cluster/external_mini_cluster.h
M src/kudu/postgres/mini_postgres.cc
M src/kudu/ranger/ranger_client.cc
M src/kudu/security/test/mini_kdc.cc
M src/kudu/tablet/tablet_metadata.cc
M src/kudu/tools/kudu-tool-test.cc
M src/kudu/tools/tool_action_pbc.cc
M src/kudu/tserver/tablet_copy_client.cc
M src/kudu/tserver/tablet_copy_source_session-test.cc
M src/kudu/tserver/tablet_server-test.cc
M src/kudu/util/env-test.cc
M src/kudu/util/env.cc
M src/kudu/util/env.h
M src/kudu/util/env_posix.cc
M src/kudu/util/env_util.cc
M src/kudu/util/file_cache-test.cc
M src/kudu/util/file_cache.cc
M src/kudu/util/pb_util-test.cc
M src/kudu/util/pb_util.cc
M src/kudu/util/pb_util.h
M src/kudu/util/rolling_log.cc
M src/kudu/util/yamlreader-test.cc
41 files changed, 426 insertions(+), 166 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/74/17974/5
--
To view, visit http://gerrit.cloudera.org:8080/17974
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I909d0c4af0c1fca0d14c99a6627842dbe2ed7524
Gerrit-Change-Number: 17974
Gerrit-PatchSet: 5
Gerrit-Owner: Attila Bukor <[email protected]>
Gerrit-Reviewer: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Andrew Wong <[email protected]>
Gerrit-Reviewer: Attila Bukor <[email protected]>
Gerrit-Reviewer: Bankim Bhavsar <[email protected]>
Gerrit-Reviewer: Kudu Jenkins (120)
