hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xiaoyu Yao (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HDFS-7256) Encryption Key created in Java Key Store after Namenode start unavailable for EZ Creation
Date Thu, 16 Oct 2014 23:17:34 GMT
Xiaoyu Yao created HDFS-7256:
--------------------------------

             Summary: Encryption Key created in Java Key Store after Namenode start unavailable
for EZ Creation 
                 Key: HDFS-7256
                 URL: https://issues.apache.org/jira/browse/HDFS-7256
             Project: Hadoop HDFS
          Issue Type: Bug
          Components: encryption, security
    Affects Versions: 2.6.0
            Reporter: Xiaoyu Yao


Hit an error on "RemoteException: Key ezkey1 doesn't exist." when creating EZ with a Key created
after NN starts.

Briefly check the code and found that the KeyProivder is loaded by FSN only at the NN start.
My work around is to restart the NN which triggers the reload of Key Provider. Is this expected?

Repro Steps:

Create a new Key after NN and KMS starts
hadoop/bin/hadoop key create ezkey1 -size 256 -provider jceks://file/home/hadoop/kms.keystore

List Keys
hadoop@SaturnVm:~/deploy$ hadoop/bin/hadoop key list -provider jceks://file/home/hadoop/kms.keystore
-metadata
Listing keys for KeyProvider: jceks://file/home/hadoop/kms.keystore
ezkey1 : cipher: AES/CTR/NoPadding, length: 256, description: null, created: Thu Oct 16 18:51:30
EDT 2014, version: 1, attributes: null
key2 : cipher: AES/CTR/NoPadding, length: 128, description: null, created: Tue Oct 14 19:44:09
EDT 2014, version: 1, attributes: null
key1 : cipher: AES/CTR/NoPadding, length: 128, description: null, created: Tue Oct 14 17:52:36
EDT 2014, version: 1, attributes: null

Create Encryption Zone
hadoop/bin/hdfs dfs -mkdir /Ez1
hadoop@SaturnVm:~/deploy$ hadoop/bin/hdfs crypto -createZone -keyName ezkey1 -path /Ez1
RemoteException: Key ezkey1 doesn't exist.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message