wbtiger
/
foundationdb
mirror of https://github.com/apple/foundationdb.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Blob Worker Encryption doesn't use BG_METADATA_SOURCE (#9121) 

* bw encrypt doesnt use knob

* Trigger Build
This commit is contained in:
Nim Wijetunga 2023-01-11 14:03:25 -08:00 committed by GitHub
parent ac2a26d269
commit 1675502d76
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 19 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fdbserver/ApplyMetadataMutation.cpp
View File

@ -1333,7 +1333,6 @@ void applyMetadataMutations(SpanContext const& spanContext,
Version version,
Version popVersion,
bool initialCommit) {
TraceEvent("ApplyMetadataMutationsEncryptMode").detail("Mode", encryptMode.toString());
ApplyMetadataMutationsImpl(spanContext,
arena,
mutations,
@ -1354,7 +1353,6 @@ void applyMetadataMutations(SpanContext const& spanContext,
const VectorRef<MutationRef>& mutations,
const std::unordered_map<EncryptCipherDomainId, Reference<BlobCipherKey>>* pCipherKeys,
EncryptionAtRestMode encryptMode) {
TraceEvent("ApplyMetadataMutationsEncryptMode").detail("Mode", encryptMode.toString());
ApplyMetadataMutationsImpl(spanContext, resolverData, mutations, pCipherKeys, encryptMode).apply();
}

44
fdbserver/BlobWorker.actor.cpp
View File

@ -439,9 +439,6 @@ void checkGranuleLock(int64_t epoch, int64_t seqno, int64_t ownerEpoch, int64_t
}
}
bool isEncryptionOpSupported(EncryptionAtRestMode encryptMode) {
return encryptMode.isEncryptionEnabled() && SERVER_KNOBS->BG_METADATA_SOURCE == "tenant";
}
} // namespace
// Below actors asssit in fetching/lookup desired encryption keys. Following steps are done for an encryption key
@ -829,7 +826,7 @@ ACTOR Future<BlobFileIndex> writeDeltaFile(Reference<BlobWorkerData> bwData,
state Optional<BlobGranuleCipherKeysMeta> cipherKeysMeta;
state Arena arena;
if (isEncryptionOpSupported(bwData->encryptMode)) {
if (bwData->encryptMode.isEncryptionEnabled()) {
BlobGranuleCipherKeysCtx ciphKeysCtx = wait(getLatestGranuleCipherKeys(bwData, keyRange, &arena));
cipherKeysCtx = std::move(ciphKeysCtx);
cipherKeysMeta = BlobGranuleCipherKeysCtx::toCipherKeysMeta(cipherKeysCtx.get());
@ -1042,7 +1039,7 @@ ACTOR Future<BlobFileIndex> writeSnapshot(Reference<BlobWorkerData> bwData,
state Optional<BlobGranuleCipherKeysMeta> cipherKeysMeta;
state Arena arena;
if (isEncryptionOpSupported(bwData->encryptMode)) {
if (bwData->encryptMode.isEncryptionEnabled()) {
BlobGranuleCipherKeysCtx ciphKeysCtx = wait(getLatestGranuleCipherKeys(bwData, keyRange, &arena));
cipherKeysCtx = std::move(ciphKeysCtx);
cipherKeysMeta = BlobGranuleCipherKeysCtx::toCipherKeysMeta(cipherKeysCtx.get());
@ -1288,12 +1285,10 @@ ACTOR Future<BlobFileIndex> compactFromBlob(Reference<BlobWorkerData> bwData,
ASSERT(snapshotVersion < version);
state Optional<BlobGranuleCipherKeysCtx> snapCipherKeysCtx;
if (g_network && g_network->isSimulated() && isEncryptionOpSupported(bwData->encryptMode) &&
!snapshotF.cipherKeysMeta.present()) {
ASSERT(false);
}
ASSERT(!(g_network && g_network->isSimulated() && bwData->encryptMode.isEncryptionEnabled() &&
!snapshotF.cipherKeysMeta.present()));
if (snapshotF.cipherKeysMeta.present()) {
ASSERT(isEncryptionOpSupported(bwData->encryptMode));
ASSERT(bwData->encryptMode.isEncryptionEnabled());
CODE_PROBE(true, "fetching cipher keys for blob snapshot file");
BlobGranuleCipherKeysCtx keysCtx =
wait(getGranuleCipherKeysFromKeysMeta(bwData, snapshotF.cipherKeysMeta.get(), &filenameArena));
@ -1320,13 +1315,11 @@ ACTOR Future<BlobFileIndex> compactFromBlob(Reference<BlobWorkerData> bwData,
deltaF = files.deltaFiles[deltaIdx];
if (g_network && g_network->isSimulated() && isEncryptionOpSupported(bwData->encryptMode) &&
!deltaF.cipherKeysMeta.present()) {
ASSERT(false);
}
ASSERT(!(g_network && g_network->isSimulated() && bwData->encryptMode.isEncryptionEnabled() &&
!deltaF.cipherKeysMeta.present()));
if (deltaF.cipherKeysMeta.present()) {
ASSERT(isEncryptionOpSupported(bwData->encryptMode));
ASSERT(bwData->encryptMode.isEncryptionEnabled());
CODE_PROBE(true, "fetching cipher keys for delta file");
BlobGranuleCipherKeysCtx keysCtx =
wait(getGranuleCipherKeysFromKeysMeta(bwData, deltaF.cipherKeysMeta.get(), &filenameArena));
@ -3825,13 +3818,10 @@ ACTOR Future<Void> doBlobGranuleFileRequest(Reference<BlobWorkerData> bwData, Bl
.detail("FileName", chunk.snapshotFile.get().filename.toString())
.detail("Encrypted", encrypted);
}
if (g_network && g_network->isSimulated() && isEncryptionOpSupported(bwData->encryptMode) &&
!encrypted) {
ASSERT(false);
}
ASSERT(!(g_network && g_network->isSimulated() && bwData->encryptMode.isEncryptionEnabled() &&
!encrypted));
if (encrypted) {
ASSERT(isEncryptionOpSupported(bwData->encryptMode));
ASSERT(bwData->encryptMode.isEncryptionEnabled());
ASSERT(!chunk.snapshotFile.get().cipherKeysCtx.present());
CODE_PROBE(true, "fetching cipher keys from meta ref for snapshot file");
snapCipherKeysCtx = getGranuleCipherKeysFromKeysMetaRef(
@ -3848,12 +3838,10 @@ ACTOR Future<Void> doBlobGranuleFileRequest(Reference<BlobWorkerData> bwData, Bl
.detail("Encrypted", encrypted);
}
if (g_network && g_network->isSimulated() && isEncryptionOpSupported(bwData->encryptMode) &&
!encrypted) {
ASSERT(false);
}
ASSERT(!(g_network && g_network->isSimulated() && bwData->encryptMode.isEncryptionEnabled() &&
!encrypted));
if (encrypted) {
ASSERT(isEncryptionOpSupported(bwData->encryptMode));
ASSERT(bwData->encryptMode.isEncryptionEnabled());
ASSERT(!chunk.deltaFiles[deltaIdx].cipherKeysCtx.present());
CODE_PROBE(true, "fetching cipher keys from meta ref for delta files");
deltaCipherKeysCtxs.emplace(
@ -5127,8 +5115,8 @@ ACTOR Future<Void> blobWorker(BlobWorkerInterface bwInterf,
state Reference<BlobWorkerData> self(new BlobWorkerData(bwInterf.id(), dbInfo, cx));
self->id = bwInterf.id();
self->locality = bwInterf.locality;
// Since the blob worker gets initalized through the blob manager it is easier to fetch the encryption state using
// the DB Config rather than passing it through the initalization request for the blob manager and blob worker
// Since the blob worker gets initalized through the blob manager it is more reliable to fetch the encryption state
// using the DB Config rather than passing it through the initalization request for the blob manager and blob worker
DatabaseConfiguration config = wait(getDatabaseConfiguration(cx));
self->encryptMode = config.encryptionAtRestMode;
TraceEvent("BWEncryptionAtRestMode").detail("Mode", self->encryptMode.toString());

5
fdbserver/Resolver.actor.cpp
View File

@ -668,7 +668,9 @@ ACTOR Future<Void> resolverCore(ResolverInterface resolver,
actors.add(waitFailureServer(resolver.waitFailure.getFuture()));
actors.add(traceRole(Role::RESOLVER, resolver.id()));
TraceEvent("ResolverInit", resolver.id()).detail("RecoveryCount", initReq.recoveryCount);
TraceEvent("ResolverInit", resolver.id())
.detail("RecoveryCount", initReq.recoveryCount)
.detail("EncryptMode", initReq.encryptMode.toString());
// Wait until we can load the "real" logsystem, since we don't support switching them currently
while (!(initReq.masterLifetime.isEqual(db->get().masterLifetime) &&
@ -749,7 +751,6 @@ ACTOR Future<Void> resolver(ResolverInterface resolver,
InitializeResolverRequest initReq,
Reference<AsyncVar<ServerDBInfo> const> db) {
try {
TraceEvent("ResolverEncryptionAtRestMode").detail("Mode", initReq.encryptMode.toString());
state Future<Void> core = resolverCore(resolver, initReq, db);
loop choose {
when(wait(core)) {