Details
-
New Feature
-
Status: Resolved
-
Major
-
Resolution: Implemented
-
None
Description
Today, Ozone uses RSA to sign its issued tokens like block read/write tokens. This contributes significantly to Ozone Manager latency, i.e. > 80% of key read latency.
The absolute solution is to use symmetric keys algorithms, e.g. HmacSha256, to sign the tokens.
This Jira is the epic story of all the efforts to design and implement token signatures using symmetric key algorithms.
Design proposal: https://docs.google.com/document/d/1es32PId8XwDGONSRmp_NLvbSeALlf-fyXp0RJB5O3hg
Attachments
Attachments
Issue Links
1.
|
SCM: Implement symmetric SecretKeys lifescycle management |
|
Resolved | Duong |
2.
|
SCM: API for OM and Datanode to get secret keys |
|
Resolved | Duong |
3.
|
DN: Fetch symmetric secret keys from SCM to verify block tokens |
|
Resolved | Duong |
4.
|
OM and DN: Use symmetric secret keys to sign and verify tokens |
|
Resolved | Duong |
5.
|
Evaluate symmetric tokens performance |
|
Resolved | Duong |
6.
|
Integration test cases for block token |
|
Resolved | Duong |
7.
|
SCM: Authorize secret key APIs |
|
Resolved | Duong |
8.
|
Integrate secret keys to SCM snapshot |
|
Resolved | Duong |
9.
|
SecretKey related admin CLIs |
|
Resolved | Tanvi Penumudy |
10.
|
Monitoring metrics around SecretKey. |
|
Open | Tanvi Penumudy |
11.
|
OM perf with and without improvements |
|
Resolved | Ritesh Shukla |
12.
|
Update Ozone document for symmetric block token |
|
Resolved | Duong |
13.
|
Adapt TestBlockTokens to build with Hadoop 3.3 |
|
Resolved | Duong |