hcq/oceanbase
hcq/oceanbase
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Rebuild master key version info after clone finished

Browse Source
This commit is contained in:
lalalafeier 2024-02-02 20:11:55 +00:00 committed by ob-robot
parent 0c67835d44
commit d59218486c
4 changed files with 87 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/rootserver/restore/ob_clone_scheduler.cpp
View File

@ -1904,6 +1904,10 @@ int ObCloneScheduler::convert_parameters_(
} else {
LOG_WARN("fail to get latest key id", KR(ret), K(user_tenant_id));
}
} else if (ObTdeMethodUtil::is_kms(tde_method)
&& OB_FAIL(ObEncryptionUtil::get_tde_kms_info(source_tenant_id, kms_info))) {
LOG_WARN("failed to get tde kms info", KR(ret), K(tde_method), K(source_tenant_id));
//TODO: TDE method can change | kms_info may change
}
/* If the source tenant has encrypt_info,
@ -1916,25 +1920,9 @@ int ObCloneScheduler::convert_parameters_(
LOG_WARN("fail to trim master key map", KR(ret), K(user_tenant_id), K(latest_master_key_id));
} else if (!clone_has_encrypt_info) {
//do nothing
} else if (OB_FAIL(sql.assign_fmt("ALTER SYSTEM SET tde_method = '%.*s'",
tde_method.length(), tde_method.ptr()))) {
LOG_WARN("failed to assign fmt", KR(ret), K(tde_method));
} else if (OB_FAIL(sql_proxy_->write(user_tenant_id, sql.ptr(), affected_row))) {
LOG_WARN("failed to execute", KR(ret), K(user_tenant_id), K(sql));
} else if (ObTdeMethodUtil::is_internal(tde_method)) {
// do nothing
} else if (OB_FAIL(ObEncryptionUtil::get_tde_kms_info(source_tenant_id, kms_info))) {
LOG_WARN("failed to get tde kms info", KR(ret), K(source_tenant_id));
//TODO: TDE method can change | kms_info may change
} else if (OB_UNLIKELY(kms_info.empty())) {
ret = OB_INVALID_ARGUMENT;
LOG_WARN("kms_info should not be empty", KR(ret));
} else if (FALSE_IT(sql.reset())) {
} else if (OB_FAIL(sql.assign_fmt("ALTER SYSTEM SET external_kms_info= '%.*s'",
kms_info.length(), kms_info.ptr()))) {
LOG_WARN("failed to assign fmt", KR(ret));
} else if (OB_FAIL(sql_proxy_->write(user_tenant_id, sql.ptr(), affected_row))) {
LOG_WARN("failed to execute", KR(ret), K(user_tenant_id));
} else if (OB_FAIL(ObRestoreCommonUtil::set_tde_parameters(sql_proxy_, rpc_proxy_,
user_tenant_id, tde_method, kms_info))) {
LOG_WARN("failed to set_tde_parameters", KR(ret), K(user_tenant_id), K(tde_method));
}
}
#endif

72
src/rootserver/restore/ob_restore_common_util.cpp
View File

@ -322,3 +322,75 @@ int ObRestoreCommonUtil::check_tenant_is_existed(ObMultiVersionSchemaService *sc
}
return ret;
}
int ObRestoreCommonUtil::set_tde_parameters(common::ObMySQLProxy *sql_proxy,
obrpc::ObCommonRpcProxy *rpc_proxy,
const uint64_t tenant_id,
const ObString &tde_method,
const ObString &kms_info)
{
int ret = OB_SUCCESS;
#ifdef OB_BUILD_TDE_SECURITY
ObSqlString sql;
int64_t affected_row = 0;
if (OB_UNLIKELY(!is_user_tenant(tenant_id)
|| !ObTdeMethodUtil::is_valid(tde_method)
|| NULL == sql_proxy
|| NULL == rpc_proxy)) {
ret = OB_INVALID_ARGUMENT;
LOG_WARN("invalid argument", KR(ret), K(tenant_id), K(tde_method), KP(sql_proxy), KP(rpc_proxy));
} else if (OB_FAIL(sql.assign_fmt("ALTER SYSTEM SET tde_method = '%.*s'",
tde_method.length(), tde_method.ptr()))) {
LOG_WARN("failed to assign fmt", KR(ret), K(tde_method));
} else if (OB_FAIL(sql_proxy->write(tenant_id, sql.ptr(), affected_row))) {
LOG_WARN("failed to execute", KR(ret), K(tenant_id), K(sql));
} else if (ObTdeMethodUtil::is_internal(tde_method)) {
// do nothing
} else if (FALSE_IT(sql.reset())) {
} else if (OB_UNLIKELY(kms_info.empty())) {
ret = OB_INVALID_ARGUMENT;
LOG_WARN("kms_info should not be empty", KR(ret));
} else if (OB_FAIL(sql.assign_fmt("ALTER SYSTEM SET external_kms_info= '%.*s'",
kms_info.length(), kms_info.ptr()))) {
LOG_WARN("failed to assign fmt", KR(ret));
} else if (OB_FAIL(sql_proxy->write(tenant_id, sql.ptr(), affected_row))) {
LOG_WARN("failed to execute", KR(ret), K(tenant_id));
}
if (OB_SUCC(ret)) {
const int64_t DEFAULT_TIMEOUT = GCONF.internal_sql_execute_timeout;
obrpc::ObReloadMasterKeyArg arg;
obrpc::ObReloadMasterKeyResult result;
arg.tenant_id_ = tenant_id;
if (OB_FAIL(rpc_proxy->timeout(DEFAULT_TIMEOUT).reload_master_key(arg, result))) {
LOG_WARN("fail to reload master key", KR(ret), K(arg), K(DEFAULT_TIMEOUT));
} else if (result.master_key_id_ > 0 ) {
bool is_active = false;
const int64_t SLEEP_US = 5 * 1000 * 1000L; // 5s
const int64_t MAX_WAIT_US = 60 * 1000 * 1000L; // 60s
const int64_t start = ObTimeUtility::current_time();
char master_key[OB_MAX_MASTER_KEY_LENGTH] = {'\0'};
int64_t master_key_len = 0;
uint64_t master_key_id = 0;
while (OB_SUCC(ret) && !is_active) {
if (ObTimeUtility::current_time() - start > MAX_WAIT_US) {
ret = OB_TIMEOUT;
LOG_WARN("use too much time", KR(ret), "cost_us", ObTimeUtility::current_time() - start);
} else if (OB_FAIL(ObMasterKeyGetter::get_active_master_key(tenant_id, master_key,
OB_MAX_MASTER_KEY_LENGTH,
master_key_len, master_key_id))) {
if (OB_KEYSTORE_OPEN_NO_MASTER_KEY == ret) {
ret = OB_SUCCESS;
LOG_INFO("master key is not active, need wait", K(tenant_id));
usleep(SLEEP_US);
} else {
LOG_WARN("fail to get active master key", KR(ret), K(tenant_id));
}
} else {
is_active = true;
}
}
}
}
#endif
return ret;
}

5
src/rootserver/restore/ob_restore_common_util.h
View File

@ -80,6 +80,11 @@ public:
static int check_tenant_is_existed(ObMultiVersionSchemaService *schema_service,
const uint64_t tenant_id,
bool &is_existed);
static int set_tde_parameters(common::ObMySQLProxy *sql_proxy,
obrpc::ObCommonRpcProxy *rpc_proxy,
const uint64_t tenant_id,
const ObString &tde_method,
const ObString &kms_info);
private:
DISALLOW_COPY_AND_ASSIGN(ObRestoreCommonUtil);

49
src/rootserver/restore/ob_restore_scheduler.cpp
View File

@ -503,52 +503,9 @@ int ObRestoreScheduler::convert_tde_parameters(
if (OB_FAIL(ret)) {
} else if (!ObTdeMethodUtil::is_valid(tde_method)) {
// do nothing
} else if (OB_FAIL(sql.assign_fmt("ALTER SYSTEM SET tde_method = '%s'", tde_method.ptr()))) {
LOG_WARN("failed to assign fmt", K(ret), K(sql));
} else if (OB_FAIL(sql_proxy_->write(tenant_id, sql.ptr(), affected_row))) {
LOG_WARN("failed to execute", K(ret), K(affected_row), K(sql));
} else if (ObTdeMethodUtil::is_internal(tde_method)) {
// do nothing
} else if (FALSE_IT(sql.reset())) {
} else if (OB_FAIL(sql.assign_fmt("ALTER SYSTEM SET external_kms_info= '%s'", kms_info.ptr()))) {
LOG_WARN("failed to assign fmt", K(ret), K(sql));
} else if (OB_FAIL(sql_proxy_->write(tenant_id, sql.ptr(), affected_row))) {
LOG_WARN("failed to execute", K(ret), K(affected_row), K(sql));
}
if (OB_SUCC(ret) && ObTdeMethodUtil::is_valid(tde_method)) {
const int64_t DEFAULT_TIMEOUT = GCONF.internal_sql_execute_timeout;
obrpc::ObReloadMasterKeyArg arg;
obrpc::ObReloadMasterKeyResult result;
arg.tenant_id_ = tenant_id;
if (OB_FAIL(rpc_proxy_->timeout(DEFAULT_TIMEOUT).reload_master_key(arg, result))) {
LOG_WARN("fail to reload master key", K(ret), K(arg), K(DEFAULT_TIMEOUT));
} else if (result.master_key_id_ > 0 ) {
bool is_active = false;
const int64_t SLEEP_US = 5 * 1000 * 1000L; // 5s
const int64_t MAX_WAIT_US = 60 * 1000 * 1000L; // 60s
const int64_t start = ObTimeUtility::current_time();
char master_key[OB_MAX_MASTER_KEY_LENGTH];
int64_t master_key_len = 0;
uint64_t master_key_id = 0;
while (OB_SUCC(ret) && !is_active) {
if (ObTimeUtility::current_time() - start > MAX_WAIT_US) {
ret = OB_TIMEOUT;
LOG_WARN("use too much time", K(ret), "cost_us", ObTimeUtility::current_time() - start);
} else if (OB_FAIL(ObMasterKeyGetter::get_active_master_key(tenant_id, master_key,
OB_MAX_MASTER_KEY_LENGTH,
master_key_len, master_key_id))) {
if (OB_KEYSTORE_OPEN_NO_MASTER_KEY == ret) {
ret = OB_SUCCESS;
LOG_INFO("master key is not active, need wait", K(tenant_id));
usleep(SLEEP_US);
} else {
LOG_WARN("fail to get active master key", K(tenant_id));
}
} else {
is_active = true;
}
}
}
} else if (OB_FAIL(ObRestoreCommonUtil::set_tde_parameters(sql_proxy_, rpc_proxy_,
tenant_id, tde_method, kms_info))) {
LOG_WARN("failed to set_tde_parameters", KR(ret), K(tenant_id), K(tde_method));
}
}
#endif