Skip to content

AMBARI-24745. Enable encryption of sensitive data in Ambari DB using … #2755

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
3 commits merged into from Jan 18, 2019
Merged

AMBARI-24745. Enable encryption of sensitive data in Ambari DB using … #2755

3 commits merged into from Jan 18, 2019
+802 −339

Conversation

@ghost
Copy link

@ghost ghost commented Jan 5, 2019

…Ambari CLI (dlysnichenko)

What changes were proposed in this pull request?

Enable encryption of sensitive data on Ambari DB using Ambari CLI. This is an update to the existing "ambari-server setup-security", option #2 - Encrypt passwords stored in ambari.properties file.

In addition to what the current script does, the following must also happen:

  • Change the subtitle to "Encrypt passwords managed by Ambari."
  • Authenticate an Ambari administrator user
  • Ask the user if they want to encrypt sensitive service configuration data
  • Add command line options for authenticating an Ambari administrator and whether sensitive service configuration data is to be encrypted
  • Issue a request to Ambari to encrypt sensitive data (if the user wants this)

How was this patch tested?

Unit tests are pending
Checked encryption / re-encryption on live cluster.
Decryption is not implemented yet
Encryption without persisting master key is not possible (if we need it)

@ghost ghost self-assigned this Jan 5, 2019
@ghost ghost requested review from rlevas, smolnar82 and zeroflag January 5, 2019 15:12
@asfgit
Copy link

asfgit commented Jan 5, 2019

Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Ambari-Github-PullRequest-Builder/4811/
Test FAILed.
Test FAILured.

@smolnar82
Copy link
Contributor

smolnar82 commented Jan 7, 2019

retest this please

@asfgit
Copy link

asfgit commented Jan 7, 2019

Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Ambari-Github-PullRequest-Builder/4812/
Test FAILed.
Test FAILured.

@ghost
Copy link
Author

ghost commented Jan 11, 2019

Work still in progress.
Looks like case of a forgotten master key was present at the code, but has been broken for a long time

@asfgit
Copy link

asfgit commented Jan 11, 2019

FAILURE
5339 tests run, 72 skipped, 1 failed.
Test FAILed.
Test FAILured.

@ghost
Copy link
Author

ghost commented Jan 17, 2019

Added test coverage for sensitive data encryption, and for some previously not covered (non)persistent master key cases

@ghost ghost changed the title (WIP) AMBARI-24745. Enable encryption of sensitive data in Ambari DB using … AMBARI-24745. Enable encryption of sensitive data in Ambari DB using … Jan 17, 2019
@asfgit
Copy link

asfgit commented Jan 17, 2019

Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Ambari-Github-PullRequest-Builder/4835/
Test FAILed.
Test FAILured.

@rlevas
Copy link
Contributor

rlevas commented Jan 18, 2019 

2086438 [INFO] ------------------------------------------------------------------------
2086438 [INFO] Reactor Summary:
2086438 [INFO] 
2086438 [INFO] Ambari Main 3.0.0.0-SNAPSHOT ....................... SUCCESS [  6.267 s]
2086439 [INFO] Apache Ambari Project POM 3.0.0.0-SNAPSHOT ......... SUCCESS [  0.125 s]
2086439 [INFO] Ambari Web 3.0.0.0-SNAPSHOT ........................ FAILURE [02:36 min]
2086439 [INFO] Ambari Views 3.0.0.0-SNAPSHOT ...................... SUCCESS [  3.545 s]
2086439 [INFO] Ambari Admin View 3.0.0.0-SNAPSHOT ................. SUCCESS [02:39 min]
2086440 [INFO] ambari-utility 3.0.0.0-SNAPSHOT .................... SUCCESS [  6.530 s]
2086440 [INFO] Ambari Server SPI 3.0.0.0-SNAPSHOT ................. SUCCESS [  1.990 s]
2086440 [INFO] Ambari Service Advisor 1.0.0.0-SNAPSHOT ............ SUCCESS [  0.600 s]
2086440 [INFO] Ambari Server 3.0.0.0-SNAPSHOT ..................... SUCCESS [25:14 min]
2086440 [INFO] Ambari Functional Tests 3.0.0.0-SNAPSHOT ........... SUCCESS [02:42 min]
2086441 [INFO] Ambari Agent 3.0.0.0-SNAPSHOT ...................... SUCCESS [01:12 min]
2086441 [INFO] ------------------------------------------------------------------------
2086441 [INFO] BUILD FAILURE
2086441 [INFO] ------------------------------------------------------------------------

Ambari-web builds and tests fine for me locally and the changes in this patch appear to not be relevant.

retest this please

@ghost
Copy link
Author

ghost commented Jan 18, 2019

Test failure is unrelated (tests of server module passed)

2086438 [INFO] ------------------------------------------------------------------------
2086438 [INFO] Reactor Summary:
2086438 [INFO] 
2086438 [INFO] Ambari Main 3.0.0.0-SNAPSHOT ....................... SUCCESS [  6.267 s]
2086439 [INFO] Apache Ambari Project POM 3.0.0.0-SNAPSHOT ......... SUCCESS [  0.125 s]
2086439 [INFO] Ambari Web 3.0.0.0-SNAPSHOT ........................ FAILURE [02:36 min]
2086439 [INFO] Ambari Views 3.0.0.0-SNAPSHOT ...................... SUCCESS [  3.545 s]
2086439 [INFO] Ambari Admin View 3.0.0.0-SNAPSHOT ................. SUCCESS [02:39 min]
2086440 [INFO] ambari-utility 3.0.0.0-SNAPSHOT .................... SUCCESS [  6.530 s]
2086440 [INFO] Ambari Server SPI 3.0.0.0-SNAPSHOT ................. SUCCESS [  1.990 s]
2086440 [INFO] Ambari Service Advisor 1.0.0.0-SNAPSHOT ............ SUCCESS [  0.600 s]
2086440 [INFO] Ambari Server 3.0.0.0-SNAPSHOT ..................... SUCCESS [25:14 min]
2086440 [INFO] Ambari Functional Tests 3.0.0.0-SNAPSHOT ........... SUCCESS [02:42 min]
2086441 [INFO] Ambari Agent 3.0.0.0-SNAPSHOT ...................... SUCCESS [01:12 min]
2086441 [INFO] ------------------------------------------------------------------------

@asfgit
Copy link

asfgit commented Jan 18, 2019

Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Ambari-Github-PullRequest-Builder/4838/
Test PASSed.

@ghost ghost merged commit 97a6bc8 into apache:trunk Jan 18, 2019
@ghost ghost deleted the AMBARI-24745 branch January 18, 2019 15:07
vishalsuvagia pushed a commit to vishalsuvagia/ambari that referenced this pull request Feb 26, 2019
@Dmitriusan
AMBARI-24745. Enable encryption of sensitive data in Ambari DB using … (
4f49085 
apache#2755)

AMBARI-24745. Enable encryption of sensitive data in Ambari DB using Ambari CLI (dlysnichenko)
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

encryption security server setup server Ambari server

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@asfgit @smolnar82 @rlevas @zeroflag