hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xiao Chen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-12400) Provide a way for NN to drain the local key cache before re-encryption
Date Fri, 08 Sep 2017 03:50:00 GMT

    [ https://issues.apache.org/jira/browse/HDFS-12400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16158076#comment-16158076

Xiao Chen commented on HDFS-12400:

I think the timed out {{TestReencryptionWithKMS}} is more likely env: ran locally several
times, not reproduced. Other failed tests are not related to this patch.
Ran {noformat}mvn clean test -Dtest=TestReadStripedFileWithMissingBlocks,TestDFSAdminWithHA,TestDirectoryScanner,TestReconstructStripedFile,TestReencryptionWithKMS,TestWriteReadStripedFile,TestNameNodeStatusMXBean,TestEditLogRace,TestAuditLogs{noformat},
all passed.

Checkstyle is {{TestReencryption#dfsAdmin}} should be private instead of protected, but IMO
that's also not a good idea, because this follows {{TestEncryptionZones}} for consistency,
and accessing a protected member from child test class reads better than a getter method.

> Provide a way for NN to drain the local key cache before re-encryption
> ----------------------------------------------------------------------
>                 Key: HDFS-12400
>                 URL: https://issues.apache.org/jira/browse/HDFS-12400
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: encryption
>    Affects Versions: 3.0.0-beta1
>            Reporter: Xiao Chen
>            Assignee: Xiao Chen
>         Attachments: HDFS-12400.01.patch, HDFS-12400.02.patch
> In HDFS-12359, a fix for the KMS ACLs required for re-encryption was done. As part of
the fix,  the following code is used to make sure the local provider cache in the NN is drained.
> {code:java}
> if (dir.getProvider() instanceof CryptoExtension) {
>   ((CryptoExtension) dir.getProvider()).drain(keyName);
> }
> {code}
> This doesn't work, because the provider is {{KeyProviderCryptoExtension}} instead of
{{CryptoExtension}} - the latter is composite of the former.
> Unfortunately unit test didn't catch this, because it conveniently rolled the from the
NN's provider.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org

View raw message