hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wei-Chiu Chuang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-14104) Client should always ask namenode for kms provider path.
Date Wed, 01 Mar 2017 18:20:45 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-14104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15890737#comment-15890737
] 

Wei-Chiu Chuang commented on HADOOP-14104:
------------------------------------------

Hi [~shahrs87] thanks much for your patch. Looks good overall but I still have a few questions.

{quote}
According to current implementation of kms provider in client conf, there can only be one
kms.
{quote}
This is not a precise statement though, considering that multiple kms instances can be added
for load balancing purposes. Would you mind to update the release note once this patch gets
committed?

Preferably  also state (in the doc, maybe?) that this only works if both client and namenodes
are on a supported version, otherwise the client's local kms config is used.

Can we also add a test to ensure clients can access files in an encrypted remote cluster using
the token obtained from the remote NameNode?

> Client should always ask namenode for kms provider path.
> --------------------------------------------------------
>
>                 Key: HADOOP-14104
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14104
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: kms
>            Reporter: Rushabh S Shah
>            Assignee: Rushabh S Shah
>         Attachments: HADOOP-14104-trunk.patch, HADOOP-14104-trunk-v1.patch
>
>
> According to current implementation of kms provider in client conf, there can only be
one kms.
> In multi-cluster environment, if a client is reading encrypted data from multiple clusters
it will only get kms token for local cluster.
> Not sure whether the target version is correct or not.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message