[MCOL-5019] creating different keys with cskeys on all nodes can break cluster(key not distributed properly) - Jira

XML

Word

Printable

Details

Type: Bug
Status: Confirmed (View Workflow)
Priority: Critical
Resolution: Unresolved
Affects Version/s: 6.2.1, 6.2.3
Fix Version/s: Icebox
Component/s: N/A
Labels:
- configuration
- encryption

Description

Usual process also on installation is

cskeys on every node.
cspasswd on every node
mcsSetConfig CrossEngineSupport Password on every node

cskeys creates a key on /var/lib/columnstore/.secrets
cspasswd creates an encrypted passwordstring based on this key.
mcsSetConfig write the encrypted passwordstring to Columnstore.xml

This works properly,
but if a change was done on Columnstore.xml (usually on node 1),
the Columnstore.xml will be distributed to all nodes,
but not the key.

Afterwards we have the situation, that
keys ( /var/lib/columnstore/.secrets) are different on every node,
but encrypted passwordstring in Columnstore.xml are the same on all nodes, based on the key on node1.

Workarround:

run cskeys on a one node

copy /var/lib/columnstore/.secrets to every other node

run cspasswd on each node

Suggestion:

If Columnstore distribute Columnstore.xml, it have also to distribute /var/lib/columnstore/.secrets (if any),
if Section:CrossEngineSupport Value:Password was changed in Columnstore.xml

Attachments

Activity

People

Assignee:: Alan Mologorsky

Reporter:: Richard Stracke

Votes:: 2 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2022-03-18 07:33

Updated:: 2024-12-20 08:07

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.