Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 4569D200C39 for ; Thu, 2 Mar 2017 02:10:55 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 44024160B78; Thu, 2 Mar 2017 01:10:55 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 8751C160B70 for ; Thu, 2 Mar 2017 02:10:54 +0100 (CET) Received: (qmail 79639 invoked by uid 500); 2 Mar 2017 01:10:53 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 79628 invoked by uid 99); 2 Mar 2017 01:10:53 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 02 Mar 2017 01:10:53 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 0A3A2C0354 for ; Thu, 2 Mar 2017 01:10:53 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.451 X-Spam-Level: * X-Spam-Status: No, score=1.451 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001, SPF_NEUTRAL=0.652] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id 0GzQow8CI18X for ; Thu, 2 Mar 2017 01:10:52 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 96C0F618AC for ; Thu, 2 Mar 2017 01:10:51 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 0FE15E0534 for ; Thu, 2 Mar 2017 01:10:46 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 689D324164 for ; Thu, 2 Mar 2017 01:10:45 +0000 (UTC) Date: Thu, 2 Mar 2017 01:10:45 +0000 (UTC) From: "Yongjun Zhang (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HADOOP-14104) Client should always ask namenode for kms provider path. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Thu, 02 Mar 2017 01:10:55 -0000 [ https://issues.apache.org/jira/browse/HADOOP-14104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15891394#comment-15891394 ] Yongjun Zhang commented on HADOOP-14104: ---------------------------------------- HI [~shahrs87], Thanks much for working on this issue! I had a few nits and question about the patch here: 1. Since this is public API, we should introduce a new constructor with the addiitional parameter keyProviderUri to be backward compatible, instead of just modifying the existing one. {code} @InterfaceAudience.Public @InterfaceStability.Evolving public class FsServerDefaults implements Writable { ...... public FsServerDefaults(long blockSize, int bytesPerChecksum, int writePacketSize, short replication, int fileBufferSize, boolean encryptDataTransfer, long trashInterval, DataChecksum.Type checksumType, String keyProviderUri) { {code} 2. Suggest to add a KEY_PROVIDER_URI_DEFAULT to replce the "" here (in both FtpConfigKeys.java and LocalConfigKeys.java): {code} protected static FsServerDefaults getServerDefaults() throws IOException { return new FsServerDefaults( BLOCK_SIZE_DEFAULT, ...... CHECKSUM_TYPE_DEFAULT, ""); {code} 3. the following method swallows IOException and return false. Suggest to remove the {{@throws IOException}} and add a comment in the catch block about why it can be iegnored and false should be returned here. And a dd a space after the word {{catrch}}. {code} /** * Probe for encryption enabled on this filesystem. * See {@link DFSUtilClient#isHDFSEncryptionEnabled(Configuration)} * @return true if encryption is enabled * @throws IOException */ public boolean isHDFSEncryptionEnabled() { try { return DFSUtilClient.isHDFSEncryptionEnabled(getKeyProviderUri()); } catch(IOException ioe) { return false; } } {code} 4. Line 84 of KeyProviderCache.java (not introduced by your changei) {code} LOG.error("Could not create KeyProvider for DFSClient !!", e.getCause()); {code} suggest to replace e.getCause() with e, so we can see the full stack. 5. Currently {{getServerDefaults()}} contact NN every hour, to find if there is any update of keyprovider. If keyprovider changed within the hour, client code may get into exception, wonder if we have mechanism to handle the exception and update the keyprovider and try again? Thanks. > Client should always ask namenode for kms provider path. > -------------------------------------------------------- > > Key: HADOOP-14104 > URL: https://issues.apache.org/jira/browse/HADOOP-14104 > Project: Hadoop Common > Issue Type: Improvement > Components: kms > Reporter: Rushabh S Shah > Assignee: Rushabh S Shah > Attachments: HADOOP-14104-trunk.patch, HADOOP-14104-trunk-v1.patch > > > According to current implementation of kms provider in client conf, there can only be one kms. > In multi-cluster environment, if a client is reading encrypted data from multiple clusters it will only get kms token for local cluster. > Not sure whether the target version is correct or not. -- This message was sent by Atlassian JIRA (v6.3.15#6346) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org For additional commands, e-mail: common-issues-help@hadoop.apache.org