Return-Path: X-Original-To: apmail-hadoop-hdfs-dev-archive@minotaur.apache.org Delivered-To: apmail-hadoop-hdfs-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BE4C21071B for ; Fri, 17 Oct 2014 02:46:34 +0000 (UTC) Received: (qmail 3287 invoked by uid 500); 17 Oct 2014 02:46:34 -0000 Delivered-To: apmail-hadoop-hdfs-dev-archive@hadoop.apache.org Received: (qmail 3168 invoked by uid 500); 17 Oct 2014 02:46:34 -0000 Mailing-List: contact hdfs-dev-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: hdfs-dev@hadoop.apache.org Delivered-To: mailing list hdfs-dev@hadoop.apache.org Received: (qmail 3154 invoked by uid 99); 17 Oct 2014 02:46:34 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 17 Oct 2014 02:46:33 +0000 Date: Fri, 17 Oct 2014 02:46:33 +0000 (UTC) From: "Yi Liu (JIRA)" To: hdfs-dev@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Resolved] (HDFS-7256) Encryption Key created in Java Key Store after Namenode start unavailable for EZ Creation MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HDFS-7256?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yi Liu resolved HDFS-7256. -------------------------- Resolution: Not a Problem I mark it as "Not a Problem", please feel free to reopen it if you have different opinions. > Encryption Key created in Java Key Store after Namenode start unavailable for EZ Creation > ------------------------------------------------------------------------------------------ > > Key: HDFS-7256 > URL: https://issues.apache.org/jira/browse/HDFS-7256 > Project: Hadoop HDFS > Issue Type: Bug > Components: encryption, security > Affects Versions: 2.6.0 > Reporter: Xiaoyu Yao > > Hit an error on "RemoteException: Key ezkey1 doesn't exist." when creating EZ with a Key created after NN starts. > Briefly check the code and found that the KeyProivder is loaded by FSN only at the NN start. My work around is to restart the NN which triggers the reload of Key Provider. Is this expected? > Repro Steps: > Create a new Key after NN and KMS starts > hadoop/bin/hadoop key create ezkey1 -size 256 -provider jceks://file/home/hadoop/kms.keystore > List Keys > hadoop@SaturnVm:~/deploy$ hadoop/bin/hadoop key list -provider jceks://file/home/hadoop/kms.keystore -metadata > Listing keys for KeyProvider: jceks://file/home/hadoop/kms.keystore > ezkey1 : cipher: AES/CTR/NoPadding, length: 256, description: null, created: Thu Oct 16 18:51:30 EDT 2014, version: 1, attributes: null > key2 : cipher: AES/CTR/NoPadding, length: 128, description: null, created: Tue Oct 14 19:44:09 EDT 2014, version: 1, attributes: null > key1 : cipher: AES/CTR/NoPadding, length: 128, description: null, created: Tue Oct 14 17:52:36 EDT 2014, version: 1, attributes: null > Create Encryption Zone > hadoop/bin/hdfs dfs -mkdir /Ez1 > hadoop@SaturnVm:~/deploy$ hadoop/bin/hdfs crypto -createZone -keyName ezkey1 -path /Ez1 > RemoteException: Key ezkey1 doesn't exist. -- This message was sent by Atlassian JIRA (v6.3.4#6332)