feat: support database encryption
This commit is contained in:
kailixu
parent
374ef4593c
commit
d64594932b
|
|
@ -94,8 +94,6 @@ extern char tsSnodeAddress[]; // 127.0.0.1:873
|
|||
// mnode
|
||||
extern int64_t tsMndSdbWriteDelta;
|
||||
extern int64_t tsMndLogRetention;
|
||||
extern int8_t tsGrant;
|
||||
extern int32_t tsMndGrantMode;
|
||||
extern bool tsMndSkipGrant;
|
||||
extern bool tsEnableWhiteList;
|
||||
|
||||
|
|
@ -104,6 +102,10 @@ extern int64_t tsDndStart;
|
|||
extern int64_t tsDndStartOsUptime;
|
||||
extern int64_t tsDndUpTime;
|
||||
|
||||
// dnode misc
|
||||
extern int8_t tsEncryptionKeyStat;
|
||||
extern int8_t tsGrant;
|
||||
|
||||
// monitor
|
||||
extern bool tsEnableMonitor;
|
||||
extern int32_t tsMonitorInterval;
|
||||
|
|
|
|||
|
|
@ -1158,6 +1158,7 @@ typedef struct {
|
|||
int32_t sqlLen;
|
||||
char* sql;
|
||||
int8_t withArbitrator;
|
||||
int8_t encryptAlgorithm;
|
||||
} SCreateDbReq;
|
||||
|
||||
int32_t tSerializeSCreateDbReq(void* buf, int32_t bufLen, SCreateDbReq* pReq);
|
||||
|
|
@ -1300,6 +1301,7 @@ typedef struct {
|
|||
int8_t replications;
|
||||
int8_t strict;
|
||||
int8_t cacheLast;
|
||||
int8_t encryptAlgorithm;
|
||||
int32_t tsdbPageSize;
|
||||
int32_t walRetentionPeriod;
|
||||
int32_t walRollPeriod;
|
||||
|
|
@ -1498,6 +1500,7 @@ typedef struct {
|
|||
char charset[TD_LOCALE_LEN]; // tsCharset
|
||||
int8_t ttlChangeOnWrite;
|
||||
int8_t enableWhiteList;
|
||||
int8_t encryptionKeyStat;
|
||||
} SClusterCfg;
|
||||
|
||||
typedef struct {
|
||||
|
|
|
|||
|
|
@ -303,6 +303,8 @@ int32_t* taosGetErrno();
|
|||
#define TSDB_CODE_MND_DB_OPTION_UNCHANGED TAOS_DEF_ERROR_CODE(0, 0x038A) //
|
||||
#define TSDB_CODE_MND_DB_INDEX_NOT_EXIST TAOS_DEF_ERROR_CODE(0, 0x038B)
|
||||
#define TSDB_CODE_MND_DB_RETENTION_PERIOD_ZERO TAOS_DEF_ERROR_CODE(0, 0x038C)
|
||||
#define TSDB_CODE_MND_INCONSIST_ENCRYPT_KEY TAOS_DEF_ERROR_CODE(0, 0x038D)
|
||||
#define TSDB_CODE_MND_INVALID_ENCRYPT_KEY TAOS_DEF_ERROR_CODE(0, 0x038E)
|
||||
// #define TSDB_CODE_MND_INVALID_DB_OPTION_DAYS TAOS_DEF_ERROR_CODE(0, 0x0390) // 2.x
|
||||
// #define TSDB_CODE_MND_INVALID_DB_OPTION_KEEP TAOS_DEF_ERROR_CODE(0, 0x0391) // 2.x
|
||||
// #define TSDB_CODE_MND_INVALID_TOPIC TAOS_DEF_ERROR_CODE(0, 0x0392) // 2.x
|
||||
|
|
|
|||
|
|
@ -397,6 +397,9 @@ typedef enum ELogicConditionType {
|
|||
#define TSDB_ENCRYPT_ALGO_SM2 2
|
||||
#define TSDB_ENCRYPT_ALGO_SM3 3
|
||||
#define TSDB_ENCRYPT_ALGO_SM4 4
|
||||
#define TSDB_DEFAULT_ENCRYPT_ALGO TSDB_ENCRYPT_ALGO_NONE
|
||||
#define TSDB_MIN_ENCRYPT_ALGO TSDB_ENCRYPT_ALGO_NONE
|
||||
#define TSDB_MAX_ENCRYPT_ALGO TSDB_ENCRYPT_ALGO_SM4
|
||||
#define TSDB_DEFAULT_CACHE_MODEL TSDB_CACHE_MODEL_NONE
|
||||
#define TSDB_MIN_DB_CACHE_SIZE 1 // MB
|
||||
#define TSDB_MAX_DB_CACHE_SIZE 65536
|
||||
|
|
@ -522,6 +525,7 @@ typedef enum ELogicConditionType {
|
|||
|
||||
enum { TRANS_STAT_INIT = 0, TRANS_STAT_EXECUTING, TRANS_STAT_EXECUTED, TRANS_STAT_ROLLBACKING, TRANS_STAT_ROLLBACKED };
|
||||
enum { TRANS_OPER_INIT = 0, TRANS_OPER_EXECUTE, TRANS_OPER_ROLLBACK };
|
||||
enum { ENCRYPT_KEY_STAT_UNKNOWN = 0, ENCRYPT_KEY_STAT_UNSET, ENCRYPT_KEY_STAT_SET, ENCRYPT_KEY_STAT_LOADED};
|
||||
|
||||
typedef struct {
|
||||
char dir[TSDB_FILENAME_LEN];
|
||||
|
|
|
|||
|
|
@ -77,8 +77,6 @@ int32_t tsSnapReplMaxWaitN = 128;
|
|||
// mnode
|
||||
int64_t tsMndSdbWriteDelta = 200;
|
||||
int64_t tsMndLogRetention = 2000;
|
||||
int8_t tsGrant = 1;
|
||||
int32_t tsMndGrantMode = 0;
|
||||
bool tsMndSkipGrant = false;
|
||||
bool tsEnableWhiteList = false; // ip white list cfg
|
||||
|
||||
|
|
@ -92,6 +90,10 @@ int64_t tsDndStart = 0;
|
|||
int64_t tsDndStartOsUptime = 0;
|
||||
int64_t tsDndUpTime = 0;
|
||||
|
||||
// dnode misc
|
||||
int8_t tsEncryptionKeyStat = 0;
|
||||
int8_t tsGrant = 1;
|
||||
|
||||
// monitor
|
||||
bool tsEnableMonitor = true;
|
||||
int32_t tsMonitorInterval = 30;
|
||||
|
|
@ -691,7 +693,6 @@ static int32_t taosAddServerCfg(SConfig *pCfg) {
|
|||
return -1;
|
||||
if (cfgAddInt64(pCfg, "mndLogRetention", tsMndLogRetention, 500, 10000, CFG_SCOPE_SERVER, CFG_DYN_NONE) != 0)
|
||||
return -1;
|
||||
if (cfgAddInt32(pCfg, "grantMode", tsMndGrantMode, 0, 10000, CFG_SCOPE_SERVER, CFG_DYN_NONE) != 0) return -1;
|
||||
if (cfgAddBool(pCfg, "skipGrant", tsMndSkipGrant, CFG_SCOPE_SERVER, CFG_DYN_NONE) != 0) return -1;
|
||||
|
||||
if (cfgAddString(pCfg, "monitorFqdn", tsMonitorFqdn, CFG_SCOPE_SERVER, CFG_DYN_NONE) != 0) return -1;
|
||||
|
|
@ -1209,7 +1210,6 @@ static int32_t taosSetServerCfg(SConfig *pCfg) {
|
|||
tsMndSdbWriteDelta = cfgGetItem(pCfg, "mndSdbWriteDelta")->i64;
|
||||
tsMndLogRetention = cfgGetItem(pCfg, "mndLogRetention")->i64;
|
||||
tsMndSkipGrant = cfgGetItem(pCfg, "skipGrant")->bval;
|
||||
tsMndGrantMode = cfgGetItem(pCfg, "grantMode")->i32;
|
||||
tsEnableWhiteList = cfgGetItem(pCfg, "enableWhiteList")->bval;
|
||||
|
||||
tsStartUdfd = cfgGetItem(pCfg, "udf")->bval;
|
||||
|
|
|
|||
|
|
@ -1177,6 +1177,7 @@ int32_t tSerializeSStatusReq(void *buf, int32_t bufLen, SStatusReq *pReq) {
|
|||
if (tEncodeCStr(&encoder, pReq->clusterCfg.locale) < 0) return -1;
|
||||
if (tEncodeCStr(&encoder, pReq->clusterCfg.charset) < 0) return -1;
|
||||
if (tEncodeI8(&encoder, pReq->clusterCfg.enableWhiteList) < 0) return -1;
|
||||
if (tEncodeI8(&encoder, pReq->clusterCfg.encryptionKeyStat) < 0) return -1;
|
||||
|
||||
// vnode loads
|
||||
int32_t vlen = (int32_t)taosArrayGetSize(pReq->pVloads);
|
||||
|
|
@ -1269,6 +1270,7 @@ int32_t tDeserializeSStatusReq(void *buf, int32_t bufLen, SStatusReq *pReq) {
|
|||
if (tDecodeCStrTo(&decoder, pReq->clusterCfg.locale) < 0) return -1;
|
||||
if (tDecodeCStrTo(&decoder, pReq->clusterCfg.charset) < 0) return -1;
|
||||
if (tDecodeI8(&decoder, &pReq->clusterCfg.enableWhiteList) < 0) return -1;
|
||||
if (tDecodeI8(&decoder, &pReq->clusterCfg.encryptionKeyStat) < 0) return -1;
|
||||
|
||||
// vnode loads
|
||||
int32_t vlen = 0;
|
||||
|
|
@ -3025,7 +3027,8 @@ int32_t tSerializeSCreateDbReq(void *buf, int32_t bufLen, SCreateDbReq *pReq) {
|
|||
|
||||
ENCODESQL();
|
||||
|
||||
if (tEncodeI32(&encoder, pReq->withArbitrator) < 0) return -1;
|
||||
if (tEncodeI8(&encoder, pReq->withArbitrator) < 0) return -1;
|
||||
if (tEncodeI8(&encoder, pReq->encryptAlgorithm) < 0) return -1;
|
||||
|
||||
tEndEncode(&encoder);
|
||||
|
||||
|
|
@ -3097,8 +3100,10 @@ int32_t tDeserializeSCreateDbReq(void *buf, int32_t bufLen, SCreateDbReq *pReq)
|
|||
DECODESQL();
|
||||
|
||||
pReq->withArbitrator = TSDB_DEFAULT_DB_WITH_ARBITRATOR;
|
||||
pReq->encryptAlgorithm = TSDB_DEFAULT_ENCRYPT_ALGO;
|
||||
if (!tDecodeIsEnd(&decoder)) {
|
||||
if (tDecodeI8(&decoder, &pReq->withArbitrator) < 0) return -1;
|
||||
if (tDecodeI8(&decoder, &pReq->encryptAlgorithm) < 0) return -1;
|
||||
}
|
||||
|
||||
tEndDecode(&decoder);
|
||||
|
|
@ -3982,6 +3987,7 @@ int32_t tSerializeSDbCfgRspImpl(SEncoder *encoder, const SDbCfgRsp *pRsp) {
|
|||
if (tEncodeI16(encoder, pRsp->sstTrigger) < 0) return -1;
|
||||
if (tEncodeI32(encoder, pRsp->keepTimeOffset) < 0) return -1;
|
||||
if (tEncodeI8(encoder, pRsp->withArbitrator) < 0) return -1;
|
||||
if (tEncodeI8(encoder, pRsp->encryptAlgorithm) < 0) return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -4055,8 +4061,10 @@ int32_t tDeserializeSDbCfgRspImpl(SDecoder *decoder, SDbCfgRsp *pRsp) {
|
|||
if (tDecodeI32(decoder, &pRsp->keepTimeOffset) < 0) return -1;
|
||||
}
|
||||
pRsp->withArbitrator = TSDB_DEFAULT_DB_WITH_ARBITRATOR;
|
||||
pRsp->encryptAlgorithm = TSDB_DEFAULT_ENCRYPT_ALGO;
|
||||
if (!tDecodeIsEnd(decoder)) {
|
||||
if (tDecodeI8(decoder, &pRsp->withArbitrator) < 0) return -1;
|
||||
if (tDecodeI8(decoder, &pRsp->encryptAlgorithm) < 0) return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
|
|
|||
|
|
@ -113,6 +113,7 @@ void dmSendStatusReq(SDnodeMgmt *pMgmt) {
|
|||
req.clusterCfg.checkTime = 0;
|
||||
req.clusterCfg.ttlChangeOnWrite = tsTtlChangeOnWrite;
|
||||
req.clusterCfg.enableWhiteList = tsEnableWhiteList ? 1 : 0;
|
||||
req.clusterCfg.encryptionKeyStat = tsEncryptionKeyStat; // ENCRYPT_TODO
|
||||
char timestr[32] = "1970-01-01 00:00:00.00";
|
||||
(void)taosParseTime(timestr, &req.clusterCfg.checkTime, (int32_t)strlen(timestr), TSDB_TIME_PRECISION_MILLI, 0);
|
||||
memcpy(req.clusterCfg.timezone, tsTimezoneStr, TD_TIMEZONE_LEN);
|
||||
|
|
|
|||
|
|
@ -141,6 +141,7 @@ typedef enum {
|
|||
DND_REASON_CHARSET_NOT_MATCH,
|
||||
DND_REASON_TTL_CHANGE_ON_WRITE_NOT_MATCH,
|
||||
DND_REASON_ENABLE_WHITELIST_NOT_MATCH,
|
||||
DND_REASON_ENCRYPTION_KEY_NOT_MATCH,
|
||||
DND_REASON_OTHERS
|
||||
} EDndReason;
|
||||
|
||||
|
|
@ -214,6 +215,7 @@ typedef struct {
|
|||
int64_t memAvail;
|
||||
int64_t memUsed;
|
||||
EDndReason offlineReason;
|
||||
int8_t encryptionKeyStat;
|
||||
uint16_t port;
|
||||
char fqdn[TSDB_FQDN_LEN];
|
||||
char ep[TSDB_EP_LEN];
|
||||
|
|
@ -379,6 +381,7 @@ typedef struct {
|
|||
int64_t walRetentionSize;
|
||||
int64_t walSegmentSize;
|
||||
int8_t withArbitrator;
|
||||
int8_t encryptAlgorithm;
|
||||
} SDbCfg;
|
||||
|
||||
typedef struct {
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@
|
|||
#include "tjson.h"
|
||||
|
||||
#define DB_VER_NUMBER 1
|
||||
#define DB_RESERVE_SIZE 41
|
||||
#define DB_RESERVE_SIZE 40
|
||||
|
||||
static SSdbRow *mndDbActionDecode(SSdbRaw *pRaw);
|
||||
static int32_t mndDbActionInsert(SSdb *pSdb, SDbObj *pDb);
|
||||
|
|
@ -141,6 +141,7 @@ SSdbRaw *mndDbActionEncode(SDbObj *pDb) {
|
|||
SDB_SET_INT64(pRaw, dataPos, pDb->compactStartTime, _OVER)
|
||||
SDB_SET_INT32(pRaw, dataPos, pDb->cfg.keepTimeOffset, _OVER)
|
||||
SDB_SET_INT8(pRaw, dataPos, pDb->cfg.withArbitrator, _OVER)
|
||||
SDB_SET_INT8(pRaw, dataPos, pDb->cfg.encryptAlgorithm, _OVER)
|
||||
|
||||
SDB_SET_RESERVE(pRaw, dataPos, DB_RESERVE_SIZE, _OVER)
|
||||
SDB_SET_DATALEN(pRaw, dataPos, _OVER)
|
||||
|
|
@ -233,6 +234,7 @@ static SSdbRow *mndDbActionDecode(SSdbRaw *pRaw) {
|
|||
SDB_GET_INT64(pRaw, dataPos, &pDb->compactStartTime, _OVER)
|
||||
SDB_GET_INT32(pRaw, dataPos, &pDb->cfg.keepTimeOffset, _OVER)
|
||||
SDB_GET_INT8(pRaw, dataPos, &pDb->cfg.withArbitrator, _OVER)
|
||||
SDB_GET_INT8(pRaw, dataPos, &pDb->cfg.encryptAlgorithm, _OVER)
|
||||
|
||||
SDB_GET_RESERVE(pRaw, dataPos, DB_RESERVE_SIZE, _OVER)
|
||||
taosInitRWLatch(&pDb->lock);
|
||||
|
|
@ -399,9 +401,12 @@ static int32_t mndCheckDbCfg(SMnode *pMnode, SDbCfg *pCfg) {
|
|||
if (pCfg->replications < TSDB_MIN_DB_REPLICA || pCfg->replications > TSDB_MAX_DB_REPLICA) return -1;
|
||||
#ifdef TD_ENTERPRISE
|
||||
if ((pCfg->replications == 2) ^ (pCfg->withArbitrator == TSDB_MAX_DB_WITH_ARBITRATOR)) return -1;
|
||||
if (pCfg->encryptAlgorithm < TSDB_MIN_ENCRYPT_ALGO || pCfg->encryptAlgorithm > TSDB_MAX_ENCRYPT_ALGO) return -1;
|
||||
#else
|
||||
if (pCfg->replications != 1 && pCfg->replications != 3) return -1;
|
||||
if (pCfg->encryptAlgorithm != TSDB_DEFAULT_ENCRYPT_ALGO) return -1;
|
||||
#endif
|
||||
|
||||
if (pCfg->strict < TSDB_DB_STRICT_OFF || pCfg->strict > TSDB_DB_STRICT_ON) return -1;
|
||||
if (pCfg->schemaless < TSDB_DB_SCHEMALESS_OFF || pCfg->schemaless > TSDB_DB_SCHEMALESS_ON) return -1;
|
||||
if (pCfg->cacheLast < TSDB_CACHE_MODEL_NONE || pCfg->cacheLast > TSDB_CACHE_MODEL_BOTH) return -1;
|
||||
|
|
@ -681,6 +686,7 @@ static int32_t mndCreateDb(SMnode *pMnode, SRpcMsg *pReq, SCreateDbReq *pCreate,
|
|||
.hashSuffix = pCreate->hashSuffix,
|
||||
.tsdbPageSize = pCreate->tsdbPageSize,
|
||||
.withArbitrator = pCreate->withArbitrator,
|
||||
.encryptAlgorithm = pCreate->encryptAlgorithm,
|
||||
};
|
||||
|
||||
dbObj.cfg.numOfRetensions = pCreate->numOfRetensions;
|
||||
|
|
@ -766,6 +772,32 @@ static void mndBuildAuditDetailInt64(char *detail, char *tmp, char *format, int6
|
|||
}
|
||||
}
|
||||
|
||||
static int32_t mndCheckDbEncryptKey(SMnode *pMnode, SCreateDbReq *pReq) {
|
||||
int32_t code = 0;
|
||||
SSdb *pSdb = pMnode->pSdb;
|
||||
SDnodeObj *pDnode = NULL;
|
||||
void *pIter = NULL;
|
||||
|
||||
if (pReq->encryptAlgorithm == TSDB_ENCRYPT_ALGO_NONE) goto _exit;
|
||||
if (tsEncryptionKeyStat != ENCRYPT_KEY_STAT_LOADED) {
|
||||
code = TSDB_CODE_MND_INVALID_ENCRYPT_KEY;
|
||||
goto _exit;
|
||||
}
|
||||
|
||||
int64_t curMs = taosGetTimestampMs();
|
||||
while ((pIter = sdbFetch(pSdb, SDB_DNODE, pIter, (void **)&pDnode))) {
|
||||
bool online = false;
|
||||
if (pDnode->encryptionKeyStat != tsEncryptionKeyStat && (online = mndIsDnodeOnline(pDnode, curMs))) {
|
||||
code = TSDB_CODE_MND_INVALID_ENCRYPT_KEY;
|
||||
sdbRelease(pSdb, pDnode);
|
||||
break;
|
||||
}
|
||||
sdbRelease(pSdb, pDnode);
|
||||
}
|
||||
_exit:
|
||||
return code;
|
||||
}
|
||||
|
||||
static int32_t mndProcessCreateDbReq(SRpcMsg *pReq) {
|
||||
SMnode *pMnode = pReq->info.node;
|
||||
int32_t code = -1;
|
||||
|
|
@ -816,6 +848,11 @@ static int32_t mndProcessCreateDbReq(SRpcMsg *pReq) {
|
|||
}
|
||||
}
|
||||
|
||||
if ((code = mndCheckDbEncryptKey(pMnode, &createReq)) != 0) {
|
||||
terrno = code;
|
||||
goto _OVER;
|
||||
}
|
||||
|
||||
pUser = mndAcquireUser(pMnode, pReq->info.conn.user);
|
||||
if (pUser == NULL) {
|
||||
goto _OVER;
|
||||
|
|
@ -1152,6 +1189,7 @@ static void mndDumpDbCfgInfo(SDbCfgRsp *cfgRsp, SDbObj *pDb) {
|
|||
cfgRsp->schemaless = pDb->cfg.schemaless;
|
||||
cfgRsp->sstTrigger = pDb->cfg.sstTrigger;
|
||||
cfgRsp->withArbitrator = pDb->cfg.withArbitrator;
|
||||
cfgRsp->encryptAlgorithm = pDb->cfg.encryptAlgorithm;
|
||||
}
|
||||
|
||||
static int32_t mndProcessGetDbCfgReq(SRpcMsg *pReq) {
|
||||
|
|
@ -1890,6 +1928,18 @@ static const char *getCacheModelStr(int8_t cacheModel) {
|
|||
return "unknown";
|
||||
}
|
||||
|
||||
static const char *getEncryptAlgorithmStr(int8_t encryptAlgorithm) {
|
||||
switch (encryptAlgorithm) {
|
||||
case TSDB_ENCRYPT_ALGO_NONE:
|
||||
return TSDB_ENCRYPT_ALGO_NONE_STR;
|
||||
case TSDB_ENCRYPT_ALGO_SM4:
|
||||
return TSDB_ENCRYPT_ALGO_SM4_STR;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
return "unknown";
|
||||
}
|
||||
|
||||
bool mndIsDbReady(SMnode *pMnode, SDbObj *pDb) {
|
||||
if (pDb->cfg.replications == 1) return true;
|
||||
|
||||
|
|
@ -2098,6 +2148,12 @@ static void mndDumpDbInfoData(SMnode *pMnode, SSDataBlock *pBlock, SDbObj *pDb,
|
|||
|
||||
pColInfo = taosArrayGet(pBlock->pDataBlock, cols++);
|
||||
colDataSetVal(pColInfo, rows, (const char *)&pDb->cfg.withArbitrator, false);
|
||||
|
||||
const char *encryptAlgorithmStr = getEncryptAlgorithmStr(pDb->cfg.encryptAlgorithm);
|
||||
char encryptAlgorithmVStr[24] = {0};
|
||||
STR_WITH_MAXSIZE_TO_VARSTR(encryptAlgorithmVStr, encryptAlgorithmStr, 24);
|
||||
pColInfo = taosArrayGet(pBlock->pDataBlock, cols++);
|
||||
colDataSetVal(pColInfo, rows, (const char *)encryptAlgorithmVStr, false);
|
||||
}
|
||||
|
||||
taosMemoryFree(buf);
|
||||
|
|
|
|||
|
|
@ -47,6 +47,8 @@ static const char *offlineReason[] = {
|
|||
"locale not match",
|
||||
"charset not match",
|
||||
"ttlChangeOnWrite not match",
|
||||
"enableWhiteList not match",
|
||||
"encryptionKey not match",
|
||||
"unknown",
|
||||
};
|
||||
|
||||
|
|
@ -462,10 +464,16 @@ static int32_t mndCheckClusterCfgPara(SMnode *pMnode, SDnodeObj *pDnode, const S
|
|||
}
|
||||
int8_t enable = tsEnableWhiteList ? 1 : 0;
|
||||
if (pCfg->enableWhiteList != enable) {
|
||||
mError("dnode:%d, enable :%d inconsistent with cluster:%d", pDnode->id, pCfg->enableWhiteList, enable);
|
||||
mError("dnode:%d, enableWhiteList:%d inconsistent with cluster:%d", pDnode->id, pCfg->enableWhiteList, enable);
|
||||
return DND_REASON_ENABLE_WHITELIST_NOT_MATCH;
|
||||
}
|
||||
|
||||
if (pCfg->encryptionKeyStat != tsEncryptionKeyStat) {
|
||||
mError("dnode:%d, encryptionKey:%d inconsistent with cluster:%d", pDnode->id, pCfg->encryptionKeyStat,
|
||||
tsEncryptionKeyStat);
|
||||
return DND_REASON_ENCRYPTION_KEY_NOT_MATCH;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -1550,7 +1558,7 @@ static int32_t mndRetrieveDnodes(SRpcMsg *pReq, SShowObj *pShow, SSDataBlock *pB
|
|||
ESdbStatus objStatus = 0;
|
||||
SDnodeObj *pDnode = NULL;
|
||||
int64_t curMs = taosGetTimestampMs();
|
||||
char buf[TSDB_CONN_ACTIVE_KEY_LEN + VARSTR_HEADER_SIZE]; // make sure TSDB_CONN_ACTIVE_KEY_LEN >= TSDB_EP_LEN
|
||||
char buf[TSDB_EP_LEN + VARSTR_HEADER_SIZE];
|
||||
|
||||
while (numOfRows < rows) {
|
||||
pShow->pIter = sdbFetchAll(pSdb, SDB_DNODE, pShow->pIter, (void **)&pDnode, &objStatus, true);
|
||||
|
|
|
|||
|
|
@ -104,6 +104,7 @@ void dumpDb(SSdb *pSdb, SJson *json) {
|
|||
tjsonAddStringToObject(item, "maxRows", i642str(pObj->cfg.maxRows));
|
||||
tjsonAddStringToObject(item, "precision", i642str(pObj->cfg.precision));
|
||||
tjsonAddStringToObject(item, "compression", i642str(pObj->cfg.compression));
|
||||
tjsonAddStringToObject(item, "encryptAlgorithm", i642str(pObj->cfg.encryptAlgorithm));
|
||||
tjsonAddStringToObject(item, "replications", i642str(pObj->cfg.replications));
|
||||
tjsonAddStringToObject(item, "strict", i642str(pObj->cfg.strict));
|
||||
tjsonAddStringToObject(item, "cacheLast", i642str(pObj->cfg.cacheLast));
|
||||
|
|
|
|||
|
|
@ -302,6 +302,7 @@ struct SVnodeCfg {
|
|||
int8_t isRsma;
|
||||
int8_t hashMethod;
|
||||
int8_t standby;
|
||||
int8_t encryptAlgorithm;
|
||||
STsdbCfg tsdbCfg;
|
||||
SWalCfg walCfg;
|
||||
SSyncCfg syncCfg;
|
||||
|
|
|
|||
|
|
@ -88,9 +88,10 @@ int vnodeEncodeConfig(const void *pObj, SJson *pJson) {
|
|||
if (tjsonAddIntegerToObject(pJson, "dbId", pCfg->dbId) < 0) return -1;
|
||||
if (tjsonAddIntegerToObject(pJson, "szPage", pCfg->szPage) < 0) return -1;
|
||||
if (tjsonAddIntegerToObject(pJson, "szCache", pCfg->szCache) < 0) return -1;
|
||||
if (tjsonAddIntegerToObject(pJson, "szBuf", pCfg->szBuf) < 0) return -1;
|
||||
if (tjsonAddIntegerToObject(pJson, "cacheLast", pCfg->cacheLast) < 0) return -1;
|
||||
if (tjsonAddIntegerToObject(pJson, "cacheLastSize", pCfg->cacheLastSize) < 0) return -1;
|
||||
if (tjsonAddIntegerToObject(pJson, "szBuf", pCfg->szBuf) < 0) return -1;
|
||||
if (tjsonAddIntegerToObject(pJson, "encryptAlgorithm", pCfg->encryptAlgorithm) < 0) return -1;
|
||||
if (tjsonAddIntegerToObject(pJson, "isHeap", pCfg->isHeap) < 0) return -1;
|
||||
if (tjsonAddIntegerToObject(pJson, "isWeak", pCfg->isWeak) < 0) return -1;
|
||||
if (tjsonAddIntegerToObject(pJson, "isTsma", pCfg->isTsma) < 0) return -1;
|
||||
|
|
@ -187,11 +188,13 @@ int vnodeDecodeConfig(const SJson *pJson, void *pObj) {
|
|||
if (code < 0) return -1;
|
||||
tjsonGetNumberValue(pJson, "szCache", pCfg->szCache, code);
|
||||
if (code < 0) return -1;
|
||||
tjsonGetNumberValue(pJson, "szBuf", pCfg->szBuf, code);
|
||||
if (code < 0) return -1;
|
||||
tjsonGetNumberValue(pJson, "cacheLast", pCfg->cacheLast, code);
|
||||
if (code < 0) return -1;
|
||||
tjsonGetNumberValue(pJson, "cacheLastSize", pCfg->cacheLastSize, code);
|
||||
if (code < 0) return -1;
|
||||
tjsonGetNumberValue(pJson, "szBuf", pCfg->szBuf, code);
|
||||
tjsonGetNumberValue(pJson, "encryptAlgorithm", pCfg->encryptAlgorithm, code);
|
||||
if (code < 0) return -1;
|
||||
tjsonGetNumberValue(pJson, "isHeap", pCfg->isHeap, code);
|
||||
if (code < 0) return -1;
|
||||
|
|
|
|||
|
|
@ -262,6 +262,18 @@ static const char* cacheModelStr(int8_t cacheModel) {
|
|||
return TSDB_CACHE_MODEL_NONE_STR;
|
||||
}
|
||||
|
||||
static const char* encryptAlgorithmStr(int8_t encryptAlgorithm) {
|
||||
switch (encryptAlgorithm) {
|
||||
case TSDB_ENCRYPT_ALGO_NONE:
|
||||
return TSDB_ENCRYPT_ALGO_NONE_STR;
|
||||
case TSDB_ENCRYPT_ALGO_SM4:
|
||||
return TSDB_ENCRYPT_ALGO_SM4_STR;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
return TSDB_CACHE_MODEL_NONE_STR;
|
||||
}
|
||||
|
||||
static void setCreateDBResultIntoDataBlock(SSDataBlock* pBlock, char* dbName, char* dbFName, SDbCfgInfo* pCfg) {
|
||||
blockDataEnsureCapacity(pBlock, 1);
|
||||
pBlock->info.rows = 1;
|
||||
|
|
@ -307,12 +319,12 @@ static void setCreateDBResultIntoDataBlock(SSDataBlock* pBlock, char* dbName, ch
|
|||
"CREATE DATABASE `%s` BUFFER %d CACHESIZE %d CACHEMODEL '%s' COMP %d DURATION %dm "
|
||||
"WAL_FSYNC_PERIOD %d MAXROWS %d MINROWS %d STT_TRIGGER %d KEEP %dm,%dm,%dm PAGES %d PAGESIZE %d PRECISION '%s' REPLICA %d "
|
||||
"WAL_LEVEL %d VGROUPS %d SINGLE_STABLE %d TABLE_PREFIX %d TABLE_SUFFIX %d TSDB_PAGESIZE %d "
|
||||
"WAL_RETENTION_PERIOD %d WAL_RETENTION_SIZE %" PRId64 " KEEP_TIME_OFFSET %d",
|
||||
"WAL_RETENTION_PERIOD %d WAL_RETENTION_SIZE %" PRId64 " KEEP_TIME_OFFSET %d ENCRYPT_ALGORITHM '%s'",
|
||||
dbName, pCfg->buffer, pCfg->cacheSize, cacheModelStr(pCfg->cacheLast), pCfg->compression, pCfg->daysPerFile,
|
||||
pCfg->walFsyncPeriod, pCfg->maxRows, pCfg->minRows, pCfg->sstTrigger, pCfg->daysToKeep0, pCfg->daysToKeep1, pCfg->daysToKeep2,
|
||||
pCfg->pages, pCfg->pageSize, prec, pCfg->replications, pCfg->walLevel, pCfg->numOfVgroups,
|
||||
1 == pCfg->numOfStables, hashPrefix, pCfg->hashSuffix, pCfg->tsdbPageSize, pCfg->walRetentionPeriod, pCfg->walRetentionSize,
|
||||
pCfg->keepTimeOffset);
|
||||
pCfg->keepTimeOffset, encryptAlgorithmStr(pCfg->encryptAlgorithm));
|
||||
|
||||
if (retentions) {
|
||||
len += sprintf(buf2 + VARSTR_HEADER_SIZE + len, " RETENTIONS %s", retentions);
|
||||
|
|
|
|||
|
|
@ -1264,6 +1264,7 @@ SNode* createDefaultDatabaseOptions(SAstCreateContext* pCxt) {
|
|||
pOptions->tablePrefix = TSDB_DEFAULT_HASH_PREFIX;
|
||||
pOptions->tableSuffix = TSDB_DEFAULT_HASH_SUFFIX;
|
||||
pOptions->withArbitrator = TSDB_DEFAULT_DB_WITH_ARBITRATOR;
|
||||
pOptions->encryptAlgorithm = TSDB_DEFAULT_ENCRYPT_ALGO;
|
||||
return (SNode*)pOptions;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -5152,6 +5152,7 @@ static int32_t buildCreateDbReq(STranslateContext* pCxt, SCreateDatabaseStmt* pS
|
|||
pReq->keepTimeOffset = pStmt->pOptions->keepTimeOffset;
|
||||
pReq->ignoreExist = pStmt->ignoreExists;
|
||||
pReq->withArbitrator = pStmt->pOptions->withArbitrator;
|
||||
pReq->encryptAlgorithm = pStmt->pOptions->encryptAlgorithm;
|
||||
return buildCreateDbRetentions(pStmt->pOptions->pRetentions, pReq);
|
||||
}
|
||||
|
||||
|
|
@ -5285,12 +5286,13 @@ static int32_t checkDbEncryptAlgorithmOption(STranslateContext* pCxt, SDatabaseO
|
|||
if (0 == strcasecmp(pOptions->encryptAlgorithmStr, TSDB_ENCRYPT_ALGO_NONE_STR)) {
|
||||
pOptions->encryptAlgorithm = TSDB_ENCRYPT_ALGO_NONE;
|
||||
} else if (0 == strcasecmp(pOptions->encryptAlgorithmStr, TSDB_ENCRYPT_ALGO_SM4_STR)) {
|
||||
pOptions->cacheModel = TSDB_CACHE_MODEL_LAST_ROW;
|
||||
pOptions->encryptAlgorithm = TSDB_ENCRYPT_ALGO_SM4;
|
||||
} else {
|
||||
return generateSyntaxErrMsgExt(&pCxt->msgBuf, TSDB_CODE_PAR_INVALID_DB_OPTION,
|
||||
"Invalid option encryptAlgorithm: %s", pOptions->encryptAlgorithmStr);
|
||||
"Invalid option encrypt_algorithm: %s", pOptions->encryptAlgorithmStr);
|
||||
}
|
||||
}
|
||||
|
||||
return TSDB_CODE_SUCCESS;
|
||||
}
|
||||
|
||||
|
|
@ -5571,6 +5573,10 @@ static int32_t checkDatabaseOptions(STranslateContext* pCxt, const char* pDbName
|
|||
code = checkDbEnumOption(pCxt, "withArbitrator", pOptions->withArbitrator, TSDB_MIN_DB_WITH_ARBITRATOR,
|
||||
TSDB_MAX_DB_WITH_ARBITRATOR);
|
||||
}
|
||||
if (TSDB_CODE_SUCCESS == code) {
|
||||
code = checkDbEnumOption(pCxt, "encryptionAlgorithm", pOptions->encryptAlgorithm, TSDB_MIN_ENCRYPT_ALGO,
|
||||
TSDB_MAX_ENCRYPT_ALGO);
|
||||
}
|
||||
if (TSDB_CODE_SUCCESS == code) {
|
||||
code = checkDbTbPrefixSuffixOptions(pCxt, pOptions->tablePrefix, pOptions->tableSuffix);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -243,6 +243,9 @@ TAOS_DEFINE_ERROR(TSDB_CODE_MND_DB_OPTION_UNCHANGED, "Database options not
|
|||
TAOS_DEFINE_ERROR(TSDB_CODE_MND_DB_INDEX_NOT_EXIST, "Index not exist")
|
||||
TAOS_DEFINE_ERROR(TSDB_CODE_MND_INVALID_SYS_TABLENAME, "Invalid system table name")
|
||||
TAOS_DEFINE_ERROR(TSDB_CODE_MND_DB_IN_CREATING, "Database in creating status")
|
||||
TAOS_DEFINE_ERROR(TSDB_CODE_MND_INCONSIST_ENCRYPT_KEY, "Inconsistent encryption key")
|
||||
TAOS_DEFINE_ERROR(TSDB_CODE_MND_INVALID_ENCRYPT_KEY, "The cluster has not been set properly for database encryption")
|
||||
|
||||
|
||||
// mnode-node
|
||||
TAOS_DEFINE_ERROR(TSDB_CODE_MND_MNODE_ALREADY_EXIST, "Mnode already exists")
|
||||
|
|
|
|||
Loading…
Reference in New Issue