From c9d12408b24f26e6402c9722ca6ee59923c46fa3 Mon Sep 17 00:00:00 2001 From: Pavel Semyonov Date: Thu, 4 Jul 2024 17:50:15 +0700 Subject: [PATCH 01/11] Add tt integrity check options --- .../tooling/tt_cli/global_options.rst | 5 ++ doc/reference/tooling/tt_cli/pack.rst | 41 ++++++++++++ doc/reference/tooling/tt_cli/start.rst | 67 ++++++++++++++++--- 3 files changed, 102 insertions(+), 11 deletions(-) diff --git a/doc/reference/tooling/tt_cli/global_options.rst b/doc/reference/tooling/tt_cli/global_options.rst index 69c673d62d..ef78fd86a9 100644 --- a/doc/reference/tooling/tt_cli/global_options.rst +++ b/doc/reference/tooling/tt_cli/global_options.rst @@ -24,6 +24,11 @@ Global options Display help. +.. option:: --integrity-check PUBLIC_KEY + + Perform an integrity check using the specified public key before executing the operation. + Learn more in :ref:`tt-start-integrity-check`. + .. option:: -I, --internal Force the use of an internal module even if there is an diff --git a/doc/reference/tooling/tt_cli/pack.rst b/doc/reference/tooling/tt_cli/pack.rst index 748ed48996..1876544428 100644 --- a/doc/reference/tooling/tt_cli/pack.rst +++ b/doc/reference/tooling/tt_cli/pack.rst @@ -76,6 +76,43 @@ An example of the ``systemd-unit-params.yml`` file: INSTANCE: "inst:%i" TARANTOOL_WORKDIR: "/tmp" +.. _tt-pack-integrity-check: + +Generating files for integrity checks +------------------------------------- + +``tt pack`` can generate hashes and signatures to use for integrity checks +when running the application. These files are: + +- ``hashes.json`` and ``hashes.json.sig`` in each application directory. + ``hashes.json`` containsSHA256 checksums of executable files that the application uses + and its configuration file. ``hashes.json.sig`` contains a digital signature + for ``hashes.json``. + +- ``env-hashes.json`` and ``env-hashes.json.sig`` in the environment root are + a similar files for the ``tt`` environment. They contain checksums for + Tarantool and ``tt`` executables, and for the ``tt.yaml`` configuration file. + +To generate hashes and signatures for integrity check, use the ``--with-integrity-check`` +option. Its argument must be an RSA private key. + +.. note:: + + You can generate a key pair using `OpenSSL `__ as follows: + + .. code-block:: console + + $ openssl genrsa -traditional -out private.pem 2048 + $ openssl rsa -in private.pem -pubout > public.pem + +To create a ``tar.gz`` archive with integrity check artifacts: + +.. code-block:: console + + $ tt pack tgz --with-integrity-check private.pem + +Learn how to perform integrity checks upon application startup and in runtime in the :ref:``tt start `` reference. + .. _tt-pack-options: @@ -210,6 +247,10 @@ Options Include Tarantool and ``tt`` binaries in a bundle. +.. option:: --with-integrity-check PRIVATE_KEY + + Generate hashes and signatures for integrity checks at the application startup. + .. option:: --with-tarantool-deps Add Tarantool and ``tt`` as package dependencies. diff --git a/doc/reference/tooling/tt_cli/start.rst b/doc/reference/tooling/tt_cli/start.rst index 43d0c5c843..db76fcb8ad 100644 --- a/doc/reference/tooling/tt_cli/start.rst +++ b/doc/reference/tooling/tt_cli/start.rst @@ -12,10 +12,29 @@ inside the ``instances_enabled`` directory specified in the :ref:`tt configurati For detailed instructions on preparing and running Tarantool applications, see :ref:`admin-instance-environment-overview` and :ref:`admin-start_stop_instance`. -When called without arguments, starts all enabled applications in the current environment. - See also: :ref:`tt-stop`, :ref:`tt-restart`, :ref:`tt-status`. +To start all instances of the application stored in the ``app`` directory inside +``instances_enabled`` in accordance with its ``instances.yml``: + +.. code-block:: console + + $ tt start app + +To start the ``router`` instance of the ``app`` application: + +.. code-block:: console + + $ tt start app:router + +When called without arguments, starts all enabled applications in the current environment: + +.. code-block:: console + + $ tt start + +.. _tt-start-app-layout: + Application layout ------------------ @@ -38,6 +57,8 @@ For more information about Tarantool application layout, see :ref:`admin-instanc which is considered a legacy approach since Tarantool 3.0. For information about using ``tt`` with such applications, refer to the Tarantool 2.11 documentation. +.. _tt-start-background: + Running in the background ------------------------- @@ -52,19 +73,43 @@ process for status checks (:ref:`tt status `) and application stoppin If you start such an application with ``tt start``, ``tt`` won't be able to check the application status or stop it using the corresponding commands. -Examples --------- +.. _tt-start-integrity-check: + +Integrity check +--------------- + +``tt start`` can perform initial and periodical integrity checks of applications +that it starts. To make the integrity checks possible, you need to pack the application +using ``tt pack`` with the ``--with-integrity-check`` option. This option generates +and signs checksums of executables and configuration files in the current ``tt`` +environment. Learn more in :ref:`tt-pack-integrity-check`. + +To check the environment and application integrity when running the application, +start it with the :ref:`global option ` ``--integrity-check``. +Its argument must be a public key matching the private key that was used for +generating checksums. -* Start instances of the application stored in the ``app`` directory inside - ``instances_enabled`` in accordance with its ``instances.yml``: +.. code-block:: console + + $ tt --integrity-check public.pem start myapp + +After such a call, ``tt`` checks the environment and application integrity using +the checksums and starts the application in case of the success. Then, integrity +checks are performed periodically when the application is running. By default, +they are performed once every 24 hours. You can adjust the integrity check period +by adding the ``--integrity-check-period`` option: + +.. code-block:: console - .. code-block:: console + $ tt --integrity-check public.pem start myapp --integrity-check-period 60 - $ tt start app -* Start the ``router`` instance of the ``app`` application: +.. _tt-start-options: - .. code-block:: console +Options +------- - $ tt start app:router +.. option:: --integrity-check-interval NUMBER + Integrity check interval in seconds. Default: 86400 (24 hours). + Set this option to ``0`` to disable periodic checks. From 40d7b6597b031fab050ff52c9cb1b39b8d9d845f Mon Sep 17 00:00:00 2001 From: Pavel Semyonov Date: Thu, 4 Jul 2024 17:52:37 +0700 Subject: [PATCH 02/11] Add tt integrity check options --- doc/reference/tooling/tt_cli/global_options.rst | 5 +++++ doc/reference/tooling/tt_cli/pack.rst | 5 +++++ doc/reference/tooling/tt_cli/start.rst | 5 +++++ 3 files changed, 15 insertions(+) diff --git a/doc/reference/tooling/tt_cli/global_options.rst b/doc/reference/tooling/tt_cli/global_options.rst index ef78fd86a9..9c21ac9608 100644 --- a/doc/reference/tooling/tt_cli/global_options.rst +++ b/doc/reference/tooling/tt_cli/global_options.rst @@ -26,6 +26,11 @@ Global options .. option:: --integrity-check PUBLIC_KEY + .. admonition:: Enterprise Edition + :class: fact + + This option is supported by the `Enterprise Edition `_ only. + Perform an integrity check using the specified public key before executing the operation. Learn more in :ref:`tt-start-integrity-check`. diff --git a/doc/reference/tooling/tt_cli/pack.rst b/doc/reference/tooling/tt_cli/pack.rst index 1876544428..bf93eceae2 100644 --- a/doc/reference/tooling/tt_cli/pack.rst +++ b/doc/reference/tooling/tt_cli/pack.rst @@ -81,6 +81,11 @@ An example of the ``systemd-unit-params.yml`` file: Generating files for integrity checks ------------------------------------- +.. admonition:: Enterprise Edition + :class: fact + + The integrity check functionality is supported by the `Enterprise Edition `_ only. + ``tt pack`` can generate hashes and signatures to use for integrity checks when running the application. These files are: diff --git a/doc/reference/tooling/tt_cli/start.rst b/doc/reference/tooling/tt_cli/start.rst index db76fcb8ad..6d012751a0 100644 --- a/doc/reference/tooling/tt_cli/start.rst +++ b/doc/reference/tooling/tt_cli/start.rst @@ -78,6 +78,11 @@ process for status checks (:ref:`tt status `) and application stoppin Integrity check --------------- +.. admonition:: Enterprise Edition + :class: fact + + The integrity check functionality is supported by the `Enterprise Edition `_ only. + ``tt start`` can perform initial and periodical integrity checks of applications that it starts. To make the integrity checks possible, you need to pack the application using ``tt pack`` with the ``--with-integrity-check`` option. This option generates From 63b98e1e5a176edc65dc299ae43fcce3ce857123 Mon Sep 17 00:00:00 2001 From: Pavel Semyonov Date: Thu, 4 Jul 2024 18:08:40 +0700 Subject: [PATCH 03/11] Fix --- doc/reference/tooling/tt_cli/pack.rst | 6 +++--- doc/reference/tooling/tt_cli/start.rst | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/doc/reference/tooling/tt_cli/pack.rst b/doc/reference/tooling/tt_cli/pack.rst index bf93eceae2..98ab6667da 100644 --- a/doc/reference/tooling/tt_cli/pack.rst +++ b/doc/reference/tooling/tt_cli/pack.rst @@ -90,12 +90,12 @@ Generating files for integrity checks when running the application. These files are: - ``hashes.json`` and ``hashes.json.sig`` in each application directory. - ``hashes.json`` containsSHA256 checksums of executable files that the application uses + ``hashes.json`` contains SHA256 checksums of executable files that the application uses and its configuration file. ``hashes.json.sig`` contains a digital signature for ``hashes.json``. - ``env-hashes.json`` and ``env-hashes.json.sig`` in the environment root are - a similar files for the ``tt`` environment. They contain checksums for + similar files for the ``tt`` environment. They contain checksums for Tarantool and ``tt`` executables, and for the ``tt.yaml`` configuration file. To generate hashes and signatures for integrity check, use the ``--with-integrity-check`` @@ -116,7 +116,7 @@ To create a ``tar.gz`` archive with integrity check artifacts: $ tt pack tgz --with-integrity-check private.pem -Learn how to perform integrity checks upon application startup and in runtime in the :ref:``tt start `` reference. +Learn how to perform integrity checks upon application startup and in runtime in the :ref:`tt start ` reference. .. _tt-pack-options: diff --git a/doc/reference/tooling/tt_cli/start.rst b/doc/reference/tooling/tt_cli/start.rst index 6d012751a0..a19c2eac98 100644 --- a/doc/reference/tooling/tt_cli/start.rst +++ b/doc/reference/tooling/tt_cli/start.rst @@ -108,6 +108,7 @@ by adding the ``--integrity-check-period`` option: $ tt --integrity-check public.pem start myapp --integrity-check-period 60 +If an integrity check fails, ``tt`` stops the application. .. _tt-start-options: @@ -118,3 +119,5 @@ Options Integrity check interval in seconds. Default: 86400 (24 hours). Set this option to ``0`` to disable periodic checks. + + See also: :ref:`tt-start-integrity-check` \ No newline at end of file From 81665ebb1dd48bb91363b969e4350d8f1796839b Mon Sep 17 00:00:00 2001 From: Pavel Semyonov Date: Thu, 4 Jul 2024 19:39:00 +0700 Subject: [PATCH 04/11] Fix filename --- doc/reference/tooling/tt_cli/pack.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/reference/tooling/tt_cli/pack.rst b/doc/reference/tooling/tt_cli/pack.rst index 98ab6667da..e9e149444a 100644 --- a/doc/reference/tooling/tt_cli/pack.rst +++ b/doc/reference/tooling/tt_cli/pack.rst @@ -94,7 +94,7 @@ when running the application. These files are: and its configuration file. ``hashes.json.sig`` contains a digital signature for ``hashes.json``. -- ``env-hashes.json`` and ``env-hashes.json.sig`` in the environment root are +- ``env_hashes.json`` and ``env_hashes.json.sig`` in the environment root are similar files for the ``tt`` environment. They contain checksums for Tarantool and ``tt`` executables, and for the ``tt.yaml`` configuration file. From 49219ceb6d70848021fd05d990c2062079a0e085 Mon Sep 17 00:00:00 2001 From: Pavel Semyonov Date: Fri, 5 Jul 2024 16:59:58 +0700 Subject: [PATCH 05/11] Add tt cluster publish integrity check --- doc/reference/tooling/tt_cli/cluster.rst | 41 ++++++++++++++++++++++++ doc/reference/tooling/tt_cli/pack.rst | 2 +- doc/reference/tooling/tt_cli/start.rst | 25 +++++++++------ 3 files changed, 58 insertions(+), 10 deletions(-) diff --git a/doc/reference/tooling/tt_cli/cluster.rst b/doc/reference/tooling/tt_cli/cluster.rst index 19bee01cda..6c05eb2c50 100644 --- a/doc/reference/tooling/tt_cli/cluster.rst +++ b/doc/reference/tooling/tt_cli/cluster.rst @@ -112,6 +112,47 @@ and aborts in case of an error. To skip the validation, add the ``--force`` opti $ tt cluster publish myapp source.yaml --force +.. _tt-cluster-publish-integrity: + +Publishing configuration with integrity check +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. admonition:: Enterprise Edition + :class: fact + + The integrity check functionality is supported by the `Enterprise Edition `_ only. + +When called with the ``-with-integrity-check`` option, ``tt cluster publish`` +generates a checksum of the configuration it publishes. It signs the checksum using +the private key passed as the option argument, and writes it into the configuration store. + +.. code-block:: console + + $ tt cluster publish "http://localhost:2379/myapp" source.yaml --with-integrity-check private.pem + +If an application configuration is published this way, it can be checked for integrity +using the ``--integrity-check`` :ref:`global option `. + +.. code-block:: console + + $ tt --integrity-check public.pem start myapp + +Learn more about integrity checks upon application startup and in runtime in the :ref:`tt start ` reference. + +To update the configuration with integrity check, call ``tt cluster publish`` +with two options: + +- ``--integrity-check PUBLIC_KEY`` global option checks that the configuration wasn't changed + since it was published +- ``--with-integrity-check PRIVATE_KEY`` generates new checksums and signatures + for future integrity checks of the updated configuration. + +.. code-block:: console + + $ tt --integrity-check public.pem cluster publish \ + --with-integrity-check private.pem \ + "http://localhost:2379/myapp" source.yaml + .. _tt-cluster-show: show diff --git a/doc/reference/tooling/tt_cli/pack.rst b/doc/reference/tooling/tt_cli/pack.rst index e9e149444a..8db346e684 100644 --- a/doc/reference/tooling/tt_cli/pack.rst +++ b/doc/reference/tooling/tt_cli/pack.rst @@ -58,7 +58,7 @@ option to the ``tt pack`` call: .. important:: - The ``systemd-unit-params.yml`` file has a higher priority than the ``--unit-params-file`` option. + The ``systemd-unit-params.yml`` file has a higher priority than the ``--unit-params-file`` option. If this file exists, it overrides parameters from the file passed in the option. ``tt pack`` supports the following systemd unit parameters: diff --git a/doc/reference/tooling/tt_cli/start.rst b/doc/reference/tooling/tt_cli/start.rst index a19c2eac98..6042050947 100644 --- a/doc/reference/tooling/tt_cli/start.rst +++ b/doc/reference/tooling/tt_cli/start.rst @@ -83,14 +83,21 @@ Integrity check The integrity check functionality is supported by the `Enterprise Edition `_ only. -``tt start`` can perform initial and periodical integrity checks of applications -that it starts. To make the integrity checks possible, you need to pack the application -using ``tt pack`` with the ``--with-integrity-check`` option. This option generates -and signs checksums of executables and configuration files in the current ``tt`` +``tt start`` can perform initial and periodical integrity checks of the environment, +application, and centralized configuration. + +To enable the integrity checks of environment and application files, you need to pack +the application using ``tt pack`` with the ``--with-integrity-check`` option. +This option generates and signs checksums of executables and configuration files in the current ``tt`` environment. Learn more in :ref:`tt-pack-integrity-check`. -To check the environment and application integrity when running the application, -start it with the :ref:`global option ` ``--integrity-check``. +To enable the configuration integrity check, publish the configuration to a centralized +storage using ``tt cluster publish`` with the ``--with-integrity-check`` option. +This option generates and signs configuration checksums and saves them to the storage. +Learn more in :ref:`tt-cluster-publish-integrity`. + +To perform the integrity checks when running the application, start it with the +``--integrity-check`` :ref:`global option `. Its argument must be a public key matching the private key that was used for generating checksums. @@ -98,9 +105,9 @@ generating checksums. $ tt --integrity-check public.pem start myapp -After such a call, ``tt`` checks the environment and application integrity using -the checksums and starts the application in case of the success. Then, integrity -checks are performed periodically when the application is running. By default, +After such a call, ``tt`` checks the environment, application, and configuration integrity +using the checksums and starts the application in case of the success. Then, integrity +checks are performed periodically while the application is running. By default, they are performed once every 24 hours. You can adjust the integrity check period by adding the ``--integrity-check-period`` option: From c732f5a07968f587ce68fc464707c3ccd7ffec09 Mon Sep 17 00:00:00 2001 From: Pavel Semyonov Date: Fri, 5 Jul 2024 18:07:49 +0700 Subject: [PATCH 06/11] fix --- doc/reference/tooling/tt_cli/cluster.rst | 12 +++++++----- doc/reference/tooling/tt_cli/pack.rst | 2 ++ 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/doc/reference/tooling/tt_cli/cluster.rst b/doc/reference/tooling/tt_cli/cluster.rst index 6c05eb2c50..6fbb2edb6b 100644 --- a/doc/reference/tooling/tt_cli/cluster.rst +++ b/doc/reference/tooling/tt_cli/cluster.rst @@ -114,8 +114,8 @@ and aborts in case of an error. To skip the validation, add the ``--force`` opti .. _tt-cluster-publish-integrity: -Publishing configuration with integrity check -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Publishing configurations with integrity check +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. admonition:: Enterprise Edition :class: fact @@ -123,7 +123,7 @@ Publishing configuration with integrity check The integrity check functionality is supported by the `Enterprise Edition `_ only. When called with the ``-with-integrity-check`` option, ``tt cluster publish`` -generates a checksum of the configuration it publishes. It signs the checksum using +generates a hash of configurations it publishes. It signs the hash using the private key passed as the option argument, and writes it into the configuration store. .. code-block:: console @@ -139,12 +139,12 @@ using the ``--integrity-check`` :ref:`global option `. Learn more about integrity checks upon application startup and in runtime in the :ref:`tt start ` reference. -To update the configuration with integrity check, call ``tt cluster publish`` +To ensure the configuration integrity when updating it, call ``tt cluster publish`` with two options: - ``--integrity-check PUBLIC_KEY`` global option checks that the configuration wasn't changed since it was published -- ``--with-integrity-check PRIVATE_KEY`` generates new checksums and signatures +- ``--with-integrity-check PRIVATE_KEY`` generates new hash and signature for future integrity checks of the updated configuration. .. code-block:: console @@ -519,3 +519,5 @@ Options **Applicable to:** ``publish`` Generate hashes and signatures for integrity checks. + + See also: :ref:`tt-cluster-publish-integrity` diff --git a/doc/reference/tooling/tt_cli/pack.rst b/doc/reference/tooling/tt_cli/pack.rst index 8db346e684..ae5c8a62f9 100644 --- a/doc/reference/tooling/tt_cli/pack.rst +++ b/doc/reference/tooling/tt_cli/pack.rst @@ -256,6 +256,8 @@ Options Generate hashes and signatures for integrity checks at the application startup. + See also: :ref:`tt-pack-integrity-check` + .. option:: --with-tarantool-deps Add Tarantool and ``tt`` as package dependencies. From 1a22460173e1615f823189f5ba6a534806b2c0da Mon Sep 17 00:00:00 2001 From: Pavel Semyonov Date: Mon, 8 Jul 2024 17:23:13 +0700 Subject: [PATCH 07/11] Apply suggestions from code review Co-authored-by: Oleg Jukovec --- doc/reference/tooling/tt_cli/cluster.rst | 2 +- doc/reference/tooling/tt_cli/pack.rst | 2 +- doc/reference/tooling/tt_cli/start.rst | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/reference/tooling/tt_cli/cluster.rst b/doc/reference/tooling/tt_cli/cluster.rst index 6fbb2edb6b..0dfba5d1a8 100644 --- a/doc/reference/tooling/tt_cli/cluster.rst +++ b/doc/reference/tooling/tt_cli/cluster.rst @@ -122,7 +122,7 @@ Publishing configurations with integrity check The integrity check functionality is supported by the `Enterprise Edition `_ only. -When called with the ``-with-integrity-check`` option, ``tt cluster publish`` +When called with the ``--with-integrity-check`` option, ``tt cluster publish`` generates a hash of configurations it publishes. It signs the hash using the private key passed as the option argument, and writes it into the configuration store. diff --git a/doc/reference/tooling/tt_cli/pack.rst b/doc/reference/tooling/tt_cli/pack.rst index ae5c8a62f9..9b0f4ea165 100644 --- a/doc/reference/tooling/tt_cli/pack.rst +++ b/doc/reference/tooling/tt_cli/pack.rst @@ -103,7 +103,7 @@ option. Its argument must be an RSA private key. .. note:: - You can generate a key pair using `OpenSSL `__ as follows: + You can generate a key pair using `OpenSSL 3 `__ as follows: .. code-block:: console diff --git a/doc/reference/tooling/tt_cli/start.rst b/doc/reference/tooling/tt_cli/start.rst index 6042050947..a88df47c2b 100644 --- a/doc/reference/tooling/tt_cli/start.rst +++ b/doc/reference/tooling/tt_cli/start.rst @@ -31,7 +31,7 @@ When called without arguments, starts all enabled applications in the current en .. code-block:: console - $ tt start + $ tt start .. _tt-start-app-layout: @@ -91,7 +91,7 @@ the application using ``tt pack`` with the ``--with-integrity-check`` option. This option generates and signs checksums of executables and configuration files in the current ``tt`` environment. Learn more in :ref:`tt-pack-integrity-check`. -To enable the configuration integrity check, publish the configuration to a centralized +To add the configuration at the centralized storage integrity check, publish the configuration to a centralized storage using ``tt cluster publish`` with the ``--with-integrity-check`` option. This option generates and signs configuration checksums and saves them to the storage. Learn more in :ref:`tt-cluster-publish-integrity`. From f954090b98606a38b3793b7f4c3a8963ae616c09 Mon Sep 17 00:00:00 2001 From: Pavel Semyonov Date: Mon, 8 Jul 2024 17:30:24 +0700 Subject: [PATCH 08/11] fix --- doc/reference/tooling/tt_cli/cluster.rst | 1 + doc/reference/tooling/tt_cli/start.rst | 7 +++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/doc/reference/tooling/tt_cli/cluster.rst b/doc/reference/tooling/tt_cli/cluster.rst index 0dfba5d1a8..ca2afe9390 100644 --- a/doc/reference/tooling/tt_cli/cluster.rst +++ b/doc/reference/tooling/tt_cli/cluster.rst @@ -135,6 +135,7 @@ using the ``--integrity-check`` :ref:`global option `. .. code-block:: console + $ tt --integrity-check public.pem cluster show myapp $ tt --integrity-check public.pem start myapp Learn more about integrity checks upon application startup and in runtime in the :ref:`tt start ` reference. diff --git a/doc/reference/tooling/tt_cli/start.rst b/doc/reference/tooling/tt_cli/start.rst index a88df47c2b..826485bc77 100644 --- a/doc/reference/tooling/tt_cli/start.rst +++ b/doc/reference/tooling/tt_cli/start.rst @@ -91,8 +91,8 @@ the application using ``tt pack`` with the ``--with-integrity-check`` option. This option generates and signs checksums of executables and configuration files in the current ``tt`` environment. Learn more in :ref:`tt-pack-integrity-check`. -To add the configuration at the centralized storage integrity check, publish the configuration to a centralized -storage using ``tt cluster publish`` with the ``--with-integrity-check`` option. +To enable the integrity check of the configuration at the centralized storage, +publish the configuration to a this storage using ``tt cluster publish`` with the ``--with-integrity-check`` option. This option generates and signs configuration checksums and saves them to the storage. Learn more in :ref:`tt-cluster-publish-integrity`. @@ -115,6 +115,9 @@ by adding the ``--integrity-check-period`` option: $ tt --integrity-check public.pem start myapp --integrity-check-period 60 +Additionally, Tarantool checks the integrity of the modules that the application uses +at the load time, that is, when ``require(\`module\`)`` is called. + If an integrity check fails, ``tt`` stops the application. .. _tt-start-options: From c0de1e573d299beb160e423c242015ccf17f9b1b Mon Sep 17 00:00:00 2001 From: Pavel Semyonov Date: Mon, 8 Jul 2024 17:37:33 +0700 Subject: [PATCH 09/11] fix --- doc/reference/tooling/tt_cli/pack.rst | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/doc/reference/tooling/tt_cli/pack.rst b/doc/reference/tooling/tt_cli/pack.rst index 9b0f4ea165..828627ec94 100644 --- a/doc/reference/tooling/tt_cli/pack.rst +++ b/doc/reference/tooling/tt_cli/pack.rst @@ -86,7 +86,7 @@ Generating files for integrity checks The integrity check functionality is supported by the `Enterprise Edition `_ only. -``tt pack`` can generate hashes and signatures to use for integrity checks +``tt pack`` can generate checksums and signatures to use for integrity checks when running the application. These files are: - ``hashes.json`` and ``hashes.json.sig`` in each application directory. @@ -98,7 +98,7 @@ when running the application. These files are: similar files for the ``tt`` environment. They contain checksums for Tarantool and ``tt`` executables, and for the ``tt.yaml`` configuration file. -To generate hashes and signatures for integrity check, use the ``--with-integrity-check`` +To generate checksums and signatures for integrity check, use the ``--with-integrity-check`` option. Its argument must be an RSA private key. .. note:: @@ -116,7 +116,8 @@ To create a ``tar.gz`` archive with integrity check artifacts: $ tt pack tgz --with-integrity-check private.pem -Learn how to perform integrity checks upon application startup and in runtime in the :ref:`tt start ` reference. +Learn how to perform integrity checks at the application startup and in runtime +in the :ref:`tt start ` reference. .. _tt-pack-options: @@ -254,7 +255,7 @@ Options .. option:: --with-integrity-check PRIVATE_KEY - Generate hashes and signatures for integrity checks at the application startup. + Generate checksums and signatures for integrity checks at the application startup. See also: :ref:`tt-pack-integrity-check` From 306a4f4bcd1551975f762a6683e0a7560281b648 Mon Sep 17 00:00:00 2001 From: Pavel Semyonov Date: Wed, 10 Jul 2024 11:15:01 +0700 Subject: [PATCH 10/11] Apply suggestions from code review Co-authored-by: Kseniia Antonova <73473519+xuniq@users.noreply.github.com> --- doc/reference/tooling/tt_cli/cluster.rst | 2 +- doc/reference/tooling/tt_cli/start.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/reference/tooling/tt_cli/cluster.rst b/doc/reference/tooling/tt_cli/cluster.rst index ca2afe9390..cc332fd7fe 100644 --- a/doc/reference/tooling/tt_cli/cluster.rst +++ b/doc/reference/tooling/tt_cli/cluster.rst @@ -123,7 +123,7 @@ Publishing configurations with integrity check The integrity check functionality is supported by the `Enterprise Edition `_ only. When called with the ``--with-integrity-check`` option, ``tt cluster publish`` -generates a hash of configurations it publishes. It signs the hash using +generates a hash of the configurations it publishes. It signs the hash using the private key passed as the option argument, and writes it into the configuration store. .. code-block:: console diff --git a/doc/reference/tooling/tt_cli/start.rst b/doc/reference/tooling/tt_cli/start.rst index 826485bc77..11f0fd9956 100644 --- a/doc/reference/tooling/tt_cli/start.rst +++ b/doc/reference/tooling/tt_cli/start.rst @@ -92,7 +92,7 @@ This option generates and signs checksums of executables and configuration files environment. Learn more in :ref:`tt-pack-integrity-check`. To enable the integrity check of the configuration at the centralized storage, -publish the configuration to a this storage using ``tt cluster publish`` with the ``--with-integrity-check`` option. +publish the configuration to this storage using ``tt cluster publish`` with the ``--with-integrity-check`` option. This option generates and signs configuration checksums and saves them to the storage. Learn more in :ref:`tt-cluster-publish-integrity`. From f25651442abb00d1e588cd3cff29a358f1c36e7e Mon Sep 17 00:00:00 2001 From: Pavel Semyonov Date: Wed, 10 Jul 2024 11:27:09 +0700 Subject: [PATCH 11/11] Fix --- doc/reference/tooling/tt_cli/cluster.rst | 2 +- doc/reference/tooling/tt_cli/start.rst | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/reference/tooling/tt_cli/cluster.rst b/doc/reference/tooling/tt_cli/cluster.rst index cc332fd7fe..9177bb9c3c 100644 --- a/doc/reference/tooling/tt_cli/cluster.rst +++ b/doc/reference/tooling/tt_cli/cluster.rst @@ -123,7 +123,7 @@ Publishing configurations with integrity check The integrity check functionality is supported by the `Enterprise Edition `_ only. When called with the ``--with-integrity-check`` option, ``tt cluster publish`` -generates a hash of the configurations it publishes. It signs the hash using +generates a checksum of the configurations it publishes. It signs the checksum using the private key passed as the option argument, and writes it into the configuration store. .. code-block:: console diff --git a/doc/reference/tooling/tt_cli/start.rst b/doc/reference/tooling/tt_cli/start.rst index 11f0fd9956..63e78358d7 100644 --- a/doc/reference/tooling/tt_cli/start.rst +++ b/doc/reference/tooling/tt_cli/start.rst @@ -86,12 +86,12 @@ Integrity check ``tt start`` can perform initial and periodical integrity checks of the environment, application, and centralized configuration. -To enable the integrity checks of environment and application files, you need to pack +To enable integrity checks of environment and application files, you need to pack the application using ``tt pack`` with the ``--with-integrity-check`` option. This option generates and signs checksums of executables and configuration files in the current ``tt`` environment. Learn more in :ref:`tt-pack-integrity-check`. -To enable the integrity check of the configuration at the centralized storage, +To enable integrity check of the configuration at the centralized storage, publish the configuration to this storage using ``tt cluster publish`` with the ``--with-integrity-check`` option. This option generates and signs configuration checksums and saves them to the storage. Learn more in :ref:`tt-cluster-publish-integrity`. @@ -116,7 +116,7 @@ by adding the ``--integrity-check-period`` option: $ tt --integrity-check public.pem start myapp --integrity-check-period 60 Additionally, Tarantool checks the integrity of the modules that the application uses -at the load time, that is, when ``require(\`module\`)`` is called. +at the load time, that is, when ``require('module')`` is called. If an integrity check fails, ``tt`` stops the application.