hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "dengxiumao (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-11862) Add support key replicas mechanism for KMS HA
Date Thu, 23 Apr 2015 02:19:39 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-11862?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

dengxiumao updated HADOOP-11862:
--------------------------------
    Description: 
The patch [HADOOP-11620|https://issues.apache.org/jira/browse/HADOOP-11620] only supports
specification of multiple hostnames in the kms key provider uri. it means that it support
config as:
{quote}
<property>
 <name>hadoop.security.key.provider.path</name>
 <value>kms://http@[HOSTNAME1];[HOSTNAME2]:16000/kms</value>
</property>
{quote}
but HA is still not available,  if one of KMS instances goes down, Encrypted files, which
encrypted by the keys in the KMS,  can not be read.

  was:
The patch [HADOOP-11620|https://issues.apache.org/jira/browse/HADOOP-11620] only supports
specification of multiple hostnames in the kms key provider uri. it means that it support
config as:
{quote}
<property>
 <name>hadoop.security.key.provider.path</name>
 <value>kms://http@[HOSTNAME1];[HOSTNAME2]:16000/kms</value>
</property>
{quote}
but HA is still not available, keys can not share across KMS instances, if one of KMS instances
goes down, Encrypted files, which encrypted by the keys in the KMS,  can not be read.


> Add support key replicas mechanism for KMS HA
> ---------------------------------------------
>
>                 Key: HADOOP-11862
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11862
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: kms
>    Affects Versions: 2.6.0
>            Reporter: dengxiumao
>              Labels: kms
>
> The patch [HADOOP-11620|https://issues.apache.org/jira/browse/HADOOP-11620] only supports
specification of multiple hostnames in the kms key provider uri. it means that it support
config as:
> {quote}
> <property>
>  <name>hadoop.security.key.provider.path</name>
>  <value>kms://http@[HOSTNAME1];[HOSTNAME2]:16000/kms</value>
> </property>
> {quote}
> but HA is still not available,  if one of KMS instances goes down, Encrypted files, which
encrypted by the keys in the KMS,  can not be read.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message