hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron T. Myers (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HDFS-3637) Add support for encrypting the DataTransferProtocol
Date Tue, 07 Aug 2012 16:38:10 GMT

     [ https://issues.apache.org/jira/browse/HDFS-3637?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Aaron T. Myers updated HDFS-3637:

    Attachment: HDFS-3637.patch

Thanks a lot for the updated review, Eli. I'm attaching an updated full patch including this

For reference, here's the diff which incorporates your latest feedback:

diff --git hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/RemoteBlockReader.java
index 8190b37..7a95626 100644
--- hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/RemoteBlockReader.java
+++ hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/RemoteBlockReader.java
@@ -489,7 +489,8 @@ public class RemoteBlockReader extends FSInputChecker implements BlockReader
   public IOStreamPair getStreams() {
-    // TODO: Make RemoteBlockReader support encryption.
+    // This class doesn't support encryption, which is the only thing this
+    // method is used for. See HDFS-3637.
     return null;
diff --git hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptedTransfer.java
index 6726663..0d21a37 100644
--- hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptedTransfer.java
+++ hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptedTransfer.java
@@ -330,8 +330,10 @@ public class TestEncryptedTransfer {
       assertEquals(PLAIN_TEXT, DFSTestUtil.readFile(fs, TEST_PATH));
       assertEquals(checksum, fs.getFileChecksum(TEST_PATH));
-      // Sleep for 15 seconds, after which the encryption key will no
-      // longer be valid.
+      // Sleep for 15 seconds, after which the encryption key will no longer be
+      // valid. It needs to be a few multiples of the block token lifetime,
+      // since several block tokens are valid at any given time (the current
+      // and the last two, by default.)
       LOG.info("Sleeping so that encryption keys expire...");
       Thread.sleep(15 * 1000);
       LOG.info("Done sleeping.");

I'm going to go ahead and commit this momentarily.
> Add support for encrypting the DataTransferProtocol
> ---------------------------------------------------
>                 Key: HDFS-3637
>                 URL: https://issues.apache.org/jira/browse/HDFS-3637
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: data-node, hdfs client, security
>    Affects Versions: 2.0.0-alpha
>            Reporter: Aaron T. Myers
>            Assignee: Aaron T. Myers
>         Attachments: HDFS-3637.patch, HDFS-3637.patch, HDFS-3637.patch, HDFS-3637.patch,
> Currently all HDFS RPCs performed by NNs/DNs/clients can be optionally encrypted. However,
actual data read or written between DNs and clients (or DNs to DNs) is sent in the clear.
When processing sensitive data on a shared cluster, confidentiality of the data read/written
from/to HDFS may be desired.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message