Investigate changes in SERVER-117223: Introduce a new SLS Oplog message for encrypted KEKs

XMLWordPrintableJSON

    • Type: Investigation
    • Resolution: Unresolved
    • Priority: Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • Tools and Replicator
    • 8

      Original Downstream Change Summary

      Any teams that tail the oplog need to be aware of a disaggregated storage change to introduce a new type of oplog message. This oplog message type is only generated in disaggregated storage.

      Description of Linked Ticket

      When rotating to a new KEK, we need to dump the encrypted KEK object out to the oplog specifically for PIT restore, since PIT restore starts at a checkpoint and then uses the oplog to jog the system to a specific point-in-time. The oplog therefore needs to have the encrypted KEK to decrypt future oplog messages encrypted with the new KEK.

            Assignee:
            Unassigned
            Reporter:
            Backlog - Core Eng Program Management Team
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: