hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anatoli Shein (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-10596) libhdfs++: Implement hdfsFileIsEncrypted
Date Tue, 05 Jul 2016 21:14:11 GMT

    [ https://issues.apache.org/jira/browse/HDFS-10596?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15363263#comment-15363263
] 

Anatoli Shein commented on HDFS-10596:
--------------------------------------

In order to test this function we need an encryption zone in HDFS, and to set it up we need
a key provider service running (kms).

To get kms server to run I did the following modifications to the config files:

/etc/hadoop/kms-site.xml:
<property>
    <name>hadoop.kms.key.provider.uri</name>
    <value>jceks://file@/${user.home}/kms.keystore</value>
    <description>
      URI of the backing KeyProvider for the KMS.
    </description>
  </property>

  <property>
    <name>hadoop.security.keystore.java-keystore-provider.password-file</name>
    <value>kms.keystore.password</value>
    <description>
      If using the JavaKeyStoreProvider, the password for the keystore file.
    </description>
  </property>

/etc/hadoop/core-site.xml
<property>
    <name>hadoop.security.key.provider.path</name>
    <value>kms://http@localhost:16000/kms</value>
    <description>
        Path to KeyProvider for the KMS.
    </description>
</property>

Then I needed to create a password file like this:
touch .../hadoop-2.6.0/share/hadoop/kms/tomcat/webapps/kms/WEB-INF/classes/kms.keystore.password

After that I was able to start/stop KMS service from .../hadoop-2.6.0/sbin  directory like
this:
./kms.sh start
./kms.sh stop

Then I created a new encryption key:
hadoop key create myKey

And was able to list it:
hadoop key list -provider jceks://file@/home/anatoli/kms.keystore -metadata

Created a new directory:
hadoop fs -mkdir hdfs://localhost.localdomain:9433/zone

However I cannot create zone. This is the command I am trying:
hdfs crypto -createZone -keyName myKey -path hdfs://localhost.localdomain:9433/zone

And I get this error:
16/07/05 17:12:27 WARN util.NativeCodeLoader: Unable to load native-hadoop library for your
platform... using builtin-java classes where applicable
RemoteException: Can't create an encryption zone for /zone since no key provider is available.

Not sure how to go around this. Does anyone have any ideas?

> libhdfs++: Implement hdfsFileIsEncrypted
> ----------------------------------------
>
>                 Key: HDFS-10596
>                 URL: https://issues.apache.org/jira/browse/HDFS-10596
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: hdfs-client
>            Reporter: Anatoli Shein
>         Attachments: HDFS-10596.HDFS-8707.000.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message