Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kms: replace KES client implementation with minio/kes #12207

Merged
merged 2 commits into from May 11, 2021
Merged

kms: replace KES client implementation with minio/kes #12207

merged 2 commits into from May 11, 2021

Conversation

aead
Copy link
Member

@aead aead commented May 3, 2021

Description

This commit replaces the custom KES client implementation
with the KES SDK from https://github.com/minio/kes

The SDK supports multi-server client load-balancing and
request retry out of the box. Therefore, this change reduces
the overall complexity within the MinIO server and there
is no need to maintain two separate client implementations.

Motivation and Context

KMS, KES

How to test this PR?

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Optimization (provides speedup with no functional changes)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • Fixes a regression (If yes, please add commit-id or PR # here)
  • Documentation updated
  • Unit tests added/updated

@aead aead requested a review from harshavardhana May 3, 2021 20:50
@minio minio deleted a comment from minio-trusted May 3, 2021
@minio minio deleted a comment from minio-trusted May 3, 2021
harshavardhana
harshavardhana requested changes May 4, 2021
View reviewed changes
cmd/common-main.go Outdated Show resolved Hide resolved
cmd/common-main.go Outdated Show resolved Hide resolved
cmd/common-main.go Outdated Show resolved Hide resolved
go.mod Outdated Show resolved Hide resolved
@aead aead force-pushed the kms-kes-client branch 2 times, most recently from c48dcd6 to d1f1f81 Compare May 4, 2021 16:43
@aead aead requested review from harshavardhana and Alevsk May 4, 2021 16:43
@harshavardhana
Copy link
Member

please fix the conflicts @aead

@aead aead force-pushed the kms-kes-client branch 3 times, most recently from f02a8be to dd050b3 Compare May 4, 2021 18:28
harshavardhana
harshavardhana requested changes May 6, 2021
View reviewed changes
pkg/certs/certs.go Outdated Show resolved Hide resolved
@aead aead force-pushed the kms-kes-client branch 3 times, most recently from ea7ddca to 81dfb1d Compare May 6, 2021 23:34
@aead aead requested a review from harshavardhana May 10, 2021 14:39
kms: replace KES client implementation with minio/kes
b194ee8 
This commit replaces the custom KES client implementation
with the KES SDK from https://github.com/minio/kes

The SDK supports multi-server client load-balancing and
request retry out of the box. Therefore, this change reduces
the overall complexity within the MinIO server and there
is no need to maintain two separate client implementations.

Signed-off-by: Andreas Auernhammer <aead@mail.de>
@harshavardhana
Copy link
Member

PTAL @Alevsk

@minio-trusted
Copy link
Contributor

Mint Automation

Test Result
mint-large-bucket.sh ✔️
mint-fs.sh ✔️
mint-gateway-s3.sh ✔️
mint-erasure.sh ✔️
mint-dist-erasure.sh ✔️
mint-zoned.sh ✔️
mint-gateway-nas.sh ✔️
mint-compress-encrypt-dist-erasure.sh more...

12207-008712a/mint-compress-encrypt-dist-erasure.sh.log:

Running with
SERVER_ENDPOINT:      minio-c3.minio.io:32460
ACCESS_KEY:           minio
SECRET_KEY:           ***REDACTED***
ENABLE_HTTPS:         0
SERVER_REGION:        us-east-1
MINT_DATA_DIR:        /mint/data
MINT_MODE:            full
ENABLE_VIRTUAL_STYLE: 0

To get logs, run 'docker cp 3febf3930cf7:/mint/log /tmp/mint-logs'

(1/15) Running aws-sdk-go tests ... done in 2 seconds
(2/15) Running aws-sdk-java tests ... done in 1 seconds
(3/15) Running aws-sdk-php tests ... done in 43 seconds
(4/15) Running aws-sdk-ruby tests ... done in 3 seconds
(5/15) Running awscli tests ... FAILED in 32 seconds
{
  "name": "awscli",
  "duration": 2859,
  "function": "aws --endpoint-url http://minio-c3.minio.io:32460 s3api copy-object --bucket awscli-mint-test-bucket-26961 --key datafile-1-kB-copy --copy-source awscli-mint-test-bucket-26961/datafile-1-kB\n",
  "status": "FAIL",
  "error": "Hash mismatch expected 084e1383b70fb0c51acc680fef370023, got ac57de7156d7fc25ac1a65f81fa3989b"
}
(5/15) Running healthcheck tests ... done in 0 seconds
(6/15) Running mc tests ... done in 49 seconds
(7/15) Running minio-dotnet tests ... done in 41 seconds
(8/15) Running minio-go tests ... FAILED in 2 minutes and 18 seconds
{
  "args": {},
  "duration": 1053,
  "error": "At least one of the pre-conditions you specified did not hold",
  "function": "CopyObjectPart(destination, source)",
  "message": "CopyObjectPart call failed",
  "name": "minio-go: testUnencryptedToSSES3CopyObjectPart",
  "status": "FAIL"
}
(8/15) Running minio-java tests ... FAILED in 2 minutes and 2 seconds
{
  "name": "minio-java",
  "function": "copyObject()",
  "args": "[match etag]",
  "duration": 122,
  "status": "FAIL",
  "error": "error occurred\nErrorResponse(code = PreconditionFailed, message = At least one of the pre-conditions you specified did not hold, bucketName = minio-java-test-nkqovr, objectName = minio-java-test-4fu91-copy, resource = /minio-java-test-nkqovr/minio-java-test-4fu91-copy, requestId = 167DDA2E2B551462, hostId = 22b91841-f1ee-4f7e-8063-68e68dfe02d9)\nrequest={method=PUT, url=http://minio-c3.minio.io:32460/minio-java-test-nkqovr/minio-java-test-4fu91-copy, headers=x-amz-copy-source-if-match: 71cff0a060f852067e443ad1e24ae26c-1\nx-amz-copy-source: /minio-java-test-ud9skq/minio-java-test-4fu91\nHost: minio-c3.minio.io:32460\nAccept-Encoding: identity\nUser-Agent: MinIO (Linux; amd64) minio-java/8.0.3\nContent-MD5: 1B2M2Y8AsgTpgAmY7PhCfg==\nx-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\nx-amz-date: 20210511T000212Z\nAuthorization: AWS4-HMAC-SHA256 Credential=*REDACTED*/20210511/us-east-1/s3/aws4_request, SignedHeaders=content-md5;host;x-amz-content-sha256;x-amz-copy-source;x-amz-copy-source-if-match;x-amz-date, Signature=*REDACTED*\n}\nresponse={code=412, headers=Accept-Ranges: bytes\nContent-Length: 412\nContent-Security-Policy: block-all-mixed-content\nContent-Type: application/xml\nETag: \"71cff0a060f852067e443ad1e24ae26c\"\nLast-Modified: Tue, 11 May 2021 00:02:12 GMT\nServer: MinIO\nVary: Origin\nX-Amz-Request-Id: 167DDA2E2B551462\nX-Xss-Protection: 1; mode=block\nDate: Tue, 11 May 2021 00:02:12 GMT\n}\n >>> [io.minio.MinioClient.execute(MinioClient.java:775), io.minio.MinioClient.execute(MinioClient.java:563), io.minio.MinioClient.executePut(MinioClient.java:904), io.minio.MinioClient.copyObject(MinioClient.java:1232), FunctionalTest.testCopyObjectMatchETag(FunctionalTest.java:1850), FunctionalTest.copyObject(FunctionalTest.java:2016), FunctionalTest.runObjectTests(FunctionalTest.java:3757), FunctionalTest.runTests(FunctionalTest.java:3783), FunctionalTest.main(FunctionalTest.java:3927)]"
}
(8/15) Running minio-js tests ... done in 48 seconds
(9/15) Running minio-py tests ... done in 2 minutes and 39 seconds
(10/15) Running s3cmd tests ... FAILED in 5 seconds
{
  "name": "s3cmd",
  "duration": "2833",
  "function": "test_put_object_multipart",
  "status": "FAIL",
  "error": "WARNING: MD5 Sums don't match!\nWARNING: Retrying upload of /mint/data/datafile-65-MB\nWARNING: MD5 Sums don't match!\nWARNING: Retrying upload of /mint/data/datafile-65-MB\nWARNING: MD5 Sums don't match!\nWARNING: Retrying upload of /mint/data/datafile-65-MB\nWARNING: MD5 Sums don't match!\nWARNING: Retrying upload of /mint/data/datafile-65-MB\nWARNING: MD5 Sums don't match!\nWARNING: Retrying upload of /mint/data/datafile-65-MB\nWARNING: MD5 Sums don't match!\nWARNING: Too many failures. Giving up on '/mint/data/datafile-65-MB'\nERROR: \nUpload of '/mint/data/datafile-65-MB' part 1 failed. Use\n  /usr/local/bin/s3cmd abortmp s3://s3cmd-test-bucket-1602/s3cmd-test-object-30813 cb4a324c-13dc-4fec-8b89-fc5629e6b72e\nto abort the upload, or\n  /usr/local/bin/s3cmd --upload-id cb4a324c-13dc-4fec-8b89-fc5629e6b72e put ...\nto continue the upload.\nERROR: Upload of '/mint/data/datafile-65-MB' failed too many times (Last reason: )"
}
(10/15) Running s3select tests ... done in 5 seconds
(11/15) Running security tests ... done in 0 seconds

Executed 11 out of 15 tests successfully.

Deleting image on docker hub
Deleting image locally

Alevsk
Alevsk approved these changes May 11, 2021
View reviewed changes
Copy link
Contributor

@Alevsk Alevsk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@harshavardhana harshavardhana merged commit d8eb7d3 into minio:master May 11, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@harshavardhana harshavardhana harshavardhana approved these changes

@Alevsk Alevsk Alevsk approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@aead @harshavardhana @minio-trusted @Alevsk