hadoop-hdfs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xiao Chen (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HDFS-11210) Enhance key rolling to be atomic
Date Tue, 06 Dec 2016 06:32:58 GMT
Xiao Chen created HDFS-11210:
--------------------------------

             Summary: Enhance key rolling to be atomic
                 Key: HDFS-11210
                 URL: https://issues.apache.org/jira/browse/HDFS-11210
             Project: Hadoop HDFS
          Issue Type: Improvement
          Components: encryption, kms
    Affects Versions: 2.6.5
            Reporter: Xiao Chen
            Assignee: Xiao Chen


To support re-encrypting EDEK, we need to make sure after a key is rolled, no old version
EDEKs are used anymore. This includes various caches when generating EDEK.
This is not true currently, simply because no such requirements / necessities before.

This includes
- Client Provider(s), and corresponding cache(s).
When LoadBalancingKMSCP is used, we need to clear all KMSCPs.
- KMS server instance(s), and corresponding cache(s)
When KMS HA is configured with multiple KMS instances, only 1 will receive the {{rollNewVersion}}
request, we need to make sure other instances are rolled too.
- The Client instance inside NN(s), and corresponding cache(s)
When {{hadoop key roll}} is succeeded, the client provider inside NN should be drained too.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-help@hadoop.apache.org


Mime
View raw message