hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Abdelnur (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10869) JavaKeyStoreProvider backing jceks file may get corrupted
Date Mon, 21 Jul 2014 23:28:40 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10869?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14069507#comment-14069507
] 

Alejandro Abdelnur commented on HADOOP-10869:
---------------------------------------------

 KeyProvider should {{flush()}} to a temporary file, load temporary file to verify it is healthy
and then rename the temporary file to the actual file. The rename must be done in 2 steps
to enable recovery on startup if the rename process was not complete:

* rename CURRENT to OLD
* rename NEW to CURRENT
* delete OLD

On start up:

* if CURRENT exists, delete NEW & OLD
* if CURRENT does not exist and OLD exists, rename OLD back to CURRENT and delete NEW

> JavaKeyStoreProvider backing jceks file may get corrupted
> ---------------------------------------------------------
>
>                 Key: HADOOP-10869
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10869
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 3.0.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Arun Suresh
>
> Currently, flush writes to the same file jceks file, if there is a failure during a write,
the jceks file will be rendered unusable losing access to all keys stored in it.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message