hadoop-hdfs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen Chu <s...@cloudera.com>
Subject Re: [VOTE] Merge fs-encryption branch to trunk
Date Sat, 09 Aug 2014 07:18:20 GMT
+1 (non-binding)

I have been testing encryption in conjunction with the Hadoop KMS and right
now the integration looks good to merge to trunk. I also tested on
platforms with outdated openssl and no encryption configs to verify no
regressions when users don't want to use this feature.

Thanks to those who worked on this enhancement and fixed the bugs found in
testing.

Stephen


On Fri, Aug 8, 2014 at 4:37 PM, Alejandro Abdelnur <tucu@cloudera.com>
wrote:

> +1
>
> I've been following the work closely, specially on the crypto streams and
> key handling, and providing dev support as well.
>
> Kudos to Andrew, Yi and Charles for doing the bulk of the work.
>
> thx
>
>
>
> On Fri, Aug 8, 2014 at 2:27 PM, Andrew Wang <andrew.wang@cloudera.com>
> wrote:
>
> > I should add that this vote will run for the standard 7 days for a
> > non-release vote, so will close at 12PM Pacific on August 15th.
> >
> >
> > On Fri, Aug 8, 2014 at 11:45 AM, Andrew Wang <andrew.wang@cloudera.com>
> > wrote:
> >
> > > Hi all,
> > >
> > > I'd like to call a vote to merge the fs-encryption branch to trunk.
> > > Development of this feature has been ongoing since March on HDFS-6134
> and
> > > HADOOP-10150, totally approximately 50 commits.
> > >
> > > The fs-encryption branch introduces support for transparent, end-to-end
> > > encryption within an "encryption zone". Each file stored within an
> > > encryption zone is automatically encrypted and decrypted with a unique
> > key.
> > > These per-file keys are encrypted with an encryption key only
> accessible
> > by
> > > the client, ensuring that only the client is able to decrypt sensitive
> > > data. Furthermore, there is support for native, hardware-accelerated
> AES
> > > encryption. For further details, please see the design doc on
> HDFS-6134.
> > >
> > > In terms of merge readiness, we've posted some successful consolidated
> > > patches to the JIRA for Jenkins runs. distcp and fs -cp support has
> also
> > > recently been completed, allowing users to securely copy encrypted
> files
> > > without first decrypting them. There is ongoing work to add support for
> > > WebHDFS, HttpFS, and other alternative access methods. Stephen Chu has
> > also
> > > posted a test plan, and has already identified a few issues that have
> > been
> > > fixed.
> > >
> > > Design and development of this feature was also a cross-company effort
> > > with many different contributors.
> > >
> > > I'd like to thank Charles Lamb, Yi Liu, Uma Maheswara Rao G, Colin
> > McCabe,
> > > and Juan Yu for their code contributions and reviews. Alejandro
> Abdelnur
> > > was also instrumental, doing a lot of the design work and as well as
> > > writing most of the Hadoop Key Mangement Server (KMS). Finally, I'd
> like
> > to
> > > thank everyone who gave feedback on the JIRAs. This includes Owen,
> > Sanjay,
> > > Larry, Mike Y, ATM, Todd, Nicholas, and Andy, among others.
> > >
> > > With that, here's my +1 to merge this to trunk.
> > >
> > > Thanks,
> > > Andrew
> > >
> >
>
>
>
> --
> Alejandro
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message