Alexey Serbin has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/19616 )
Change subject: KUDU-3448 Add support for encrypting IPKI keys ...................................................................... KUDU-3448 Add support for encrypting IPKI keys This patch introduces a new flag, --ipki_private_key_password_cmd. If set, Kudu's internal PKI's root CA private key will be encrypted with the password that is output by the command set with this flag. The key is encrypted with AES-256-CBC and encoded in PKCS#8 format. The behavior is similar to --webserver_private_key_password_cmd, which is used to provide a command to decrypt the webserver certificate's private key. Currently, Kudu doesn't support rotating IPKI keys, so this flag can't be used on existing clusters, and if it was used on the first startup of a master, it must be used as long as that master exists, it won't be able to start without it. Change-Id: I71f2ec856f018d56efbf6901039eed2676fcbe23 Reviewed-on: http://gerrit.cloudera.org:8080/19616 Reviewed-by: Alexey Serbin <[email protected]> Reviewed-by: Zoltan Chovan <[email protected]> Tested-by: Kudu Jenkins --- M src/kudu/master/catalog_manager.cc M src/kudu/master/master-test.cc M src/kudu/master/sys_catalog-test.cc M src/kudu/rpc/messenger.cc M src/kudu/util/openssl_util.h M src/kudu/util/openssl_util_bio.h 6 files changed, 117 insertions(+), 13 deletions(-) Approvals: Alexey Serbin: Looks good to me, approved Zoltan Chovan: Looks good to me, but someone else must approve Kudu Jenkins: Verified -- To view, visit http://gerrit.cloudera.org:8080/19616 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: I71f2ec856f018d56efbf6901039eed2676fcbe23 Gerrit-Change-Number: 19616 Gerrit-PatchSet: 6 Gerrit-Owner: Attila Bukor <[email protected]> Gerrit-Reviewer: Abhishek Chennaka <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Ashwani Raina <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Mahesh Reddy <[email protected]> Gerrit-Reviewer: Tidy Bot (241) Gerrit-Reviewer: Zoltan Chovan <[email protected]> Gerrit-Reviewer: Ádám Bakai <[email protected]>
