> On 二月 17, 2022, 7:54 a.m., bhavik patel wrote: > > Thanks for the deatiled info and cleaning up the packing. > > > > can you please verify zone operations, import/export keys to jceks file and > > masterkey import/export operation. > > > > I just wan to make we are not breaking the existing functionality’s.
Tested: # Basic APIs passed 1. TestConnection by rangeradmin 2. Browes existing keys by rangeradmin 2. CreateKey by rangeradmin 3. KeyRoll by rangeradmin 4. generateeek by curl 5. decrypteek by curl # export passed ]$ ./exportKeysToJCEKS.sh mkeybak jceks Enter Password for the keystore FILE : Enter Password for the KEY(s) stored in the keystore: Keys from Ranger KMS Database has been successfully exported into mkeybak ]$ keytool -list -keystore mkeybak -storetype jceks Enter keystore password: Keystore type: JCEKS Keystore provider: SunJCE Your keystore contains 12 entries hell, Feb 17, 2022, SecretKeyEntry, hell-1-2-31, Feb 17, 2022, SecretKeyEntry, hell-1-2-31@0, Feb 17, 2022, SecretKeyEntry, hell-1-2-31@1, Feb 17, 2022, SecretKeyEntry, hell@0, Feb 17, 2022, SecretKeyEntry, hell@1, Feb 17, 2022, SecretKeyEntry, hell@2, Feb 17, 2022, SecretKeyEntry, hello-world, Feb 17, 2022, SecretKeyEntry, hello-world@0, Feb 17, 2022, SecretKeyEntry, hello-world@1, Feb 17, 2022, SecretKeyEntry, paladin, Feb 17, 2022, SecretKeyEntry, paladin@0, Feb 17, 2022, SecretKeyEntry, # import passed with a bit of accident bash -c 'function java() { /usr/bin/java -Djceks.key.serialFilter= "$@" ; } ; source ./importJCEKSKeys.sh mkeybak jceks' Enter Password for the keystore FILE : Enter Password for the KEY(s) stored in the keystore: Keys from mkeybak has been successfully imported into RangerDB. # Why -Djceks.key.serialFilter appears? See https://www.oracle.com/java/technologies/javase/8u171-relnotes.html#JDK-8189997 Since jdk-8u171, importJCEKSKeys is broken without -Djceks.key.serialFilter=. I tested it at tag-ranger-2.2, it is broken too. But that is another story, I wont fix it in that patch here. - Kirby ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73852/#review224066 ----------------------------------------------------------- On 二月 16, 2022, 10:29 a.m., Kirby Zhou wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73852/ > ----------------------------------------------------------- > > (Updated 二月 16, 2022, 10:29 a.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, > Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Mateen Mansoori, Mehul > Parikh, pengjianhua, Pradeep Agrawal, VaradreawiZTV VaradreawiZTV, Vishal > Suvagia, Velmurugan Periasamy, and Qiang Zhang. > > > Bugs: RANGER-3595 > https://issues.apache.org/jira/browse/RANGER-3595 > > > Repository: ranger > > > Description > ------- > > There are lots of .class files under ews/webapp/, and never used. > > > 1. place web.xml at correct location > 2. setup.sh want to patch hadoop-common.jar at runtime, it requires some file > inside ranger-kms.jar. But the patching of hadoop-common.jar is unnecessary. > > Regular webapp should have its own class files under > ews/webapp/WEB-INF/classes, and dependencies under ews/webapp/WEB-INF/lib, > and the Container should put its libraries under ews/lib. But at current, we > use directories sucn as ews/webapp/lib, ews/webapp/WEB-INF/classes/lib. It > looks dirty and ugly. > > > My patch here makes KMS no longer bring ranger-kms.jar, and place classes and > web.xml at correct location. as a alternative of > https://reviews.apache.org/r/73816/ > > > Now: > ews/lib contains ews bootstrap jars, > ews/webapp/WEB-INF/classes contains KMS app itself, > ews/webapp/WEB-INF/lib contains KMS dependencies, > ews/webapp/WEB-INF/lib/ranger-kms-plugin-impl contains ranger-kms-plugin. > > Additionaly, kms/pom.xml even depends on original hadoop-kms, which can > confuse developers, so I removed it. > > BTW: the bootstrap embedded server looks like too heavy and too much > dependeices. > > > Diffs > ----- > > distro/src/main/assembly/kms.xml 983a43e59 > kms/pom.xml 7a4f98df7 > kms/scripts/DBMK2HSM.sh 001199d97 > kms/scripts/DBMKTOAZUREKEYVAULT.sh cfe5a6b5e > kms/scripts/DBMKTOKEYSECURE.sh c0aa6e58c > kms/scripts/HSMMK2DB.sh 6c77f7340 > kms/scripts/KEYSECUREMKTOKMSDB.sh 340e05e2c > kms/scripts/VerifyIsDBMasterkeyCorrect.sh 1c9a2e148 > kms/scripts/exportKeysToJCEKS.sh f3205789b > kms/scripts/importJCEKSKeys.sh 5d4fe978f > kms/scripts/ranger-kms 429a31e5a > kms/scripts/setup.sh 2051df59a > kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java > c899bdf98 > kms/src/main/resources/META-INF/context.xml > kms/src/main/resources/WEB-INF/web.xml 5e2d489fe > > > Diff: https://reviews.apache.org/r/73852/diff/1/ > > > Testing > ------- > > mvn clean pacakge > fresh install and upgrade from 2.2.0 > > > Thanks, > > Kirby Zhou > >