accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Allen (JIRA)" <>
Subject [jira] [Commented] (ACCUMULO-1654) Bug in encryption-at-rest causes periodic IOExceptions
Date Fri, 16 Aug 2013 14:20:48 GMT


Michael Allen commented on ACCUMULO-1654:

Unfortunately I cannot think of a good way to create a test around this.  We only found the
bug when the OS and filesystem caching lined up *just so* such that one only got a few bytes
back from reading an IV rather than the whole 16 bytes.  Creating that kind of a boundary
condition within a real-world scenario with any consistency as to become part of an automated
suite.... I'm just not sure how I would go about it.  Fiddle with a bunch of OS settings?
 This one was definitely wiley and took a while to appear during a continuous ingest run (many
hours).  There was no consistent set of actions that lead to its appearance.

As far as the secret key handling strategy goes, I'd just consider it as part of the overall
bug fix for the encryption stuff.  No need for a separate line.
> Bug in encryption-at-rest causes periodic IOExceptions
> ------------------------------------------------------
>                 Key: ACCUMULO-1654
>                 URL:
>             Project: Accumulo
>          Issue Type: Sub-task
>          Components: tserver
>            Reporter: Michael Allen
>             Fix For: 1.6.0
>         Attachments: 0001-Fixed-a-bug-where-keys-and-IVs-from-encrypted-files-.patch
> During longevity testing of the encryption-at-rest version of Accumulo, we would occasionally
see IOExceptions that took the form of Zlib throwing an "incorrect header check" exception.
 These exceptions occurred only after a few hours of testing, during minor and major compaction
of various RFiles.  Downloading and examining the RFiles in question showed no obvious deformities
within the RFile structure.  
> Some careful debugging later, the crux of the problem turned out to be some calls to
read() when readFully() should have been used.  
> Patch coming forthwith.  Also included in this patch is another secret key handling strategy
that caches the secret key from HDFS when first read.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message