[SERVER-19429] ESE usability - improve data file and storageEngine sanity checks Created: 15/Jul/15  Updated: 31/Aug/15  Resolved: 10/Aug/15

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 3.1.5
Fix Version/s: 3.1.7

Type: Improvement Priority: Major - P3
Reporter: Andreas Nilsson Assignee: Andreas Nilsson
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to WT-2012 Better Encryption API Error Message Closed
Backwards Compatibility: Fully Compatible
Sprint: Security 6 07/17/15, Security 7 08/10/15
Participants:

 Description   
  • Prevent starting the server with encryption enabled if there are existing clear text WT data files.
  • Error out if MMAPv1 files exists or storageEngine is explicitly set to MMAPv1.


 Comments   
Comment by Githook User [ 19/Jul/15 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-19429 ESE usability - improve error handling and messaging
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/283a21f9dca8641eba9b7d112dd4495110d024e8

Comment by Andreas Nilsson [ 16/Jul/15 ]

robert.guo I'm moving these ones over to the SERVER-19428 ticket instead and letting this one be focused on the data layer.

Comment by Robert Guo (Inactive) [ 15/Jul/15 ]

a few others:

  • starting mongod with keyfile encryption, then restarting with either no encryption or kmip gives confusing error message:
    • no keyfile gives: Invariant failure t src/mongo/base/checked_cast.h 61
    • kmip gives: Aborting due to exception in WT_ENCRYPTOR::customize: Location4043 metadata encryption key uuid string cannot be empty (I'm omitting the full stack since this is straightforward to repro)
  • starting mongod with kmip, then restarting with keyFile. Currently gives errorr: "2015-07-15T18:13:10.305-0400 I STORAGE [initandlisten] Encryption key manager initialized using system key with id:"
  • [nit] Error message for bad keyFile: "Unable to retrieve key system BadValue Encryption key in key has length 12, must be either 16 or 32" should specify the unit; 16 or 32 characters
  • [nit] Error message when keyFile doesn't exist: "Unable to retrieve key system InvalidPath error getting file key: No such file or directory." Missing some punctuation around "InvalidPath".
Generated at Thu Feb 08 03:50:56 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.