hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rushabh S Shah (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-12974) Exception information can not be returned when I create transparent encryption zone.
Date Fri, 05 Jan 2018 21:07:01 GMT

    [ https://issues.apache.org/jira/browse/HDFS-12974?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16313882#comment-16313882

Rushabh S Shah commented on HDFS-12974:

Thanks [~zhenyi] for the updated patch.
bq. Don't think ValueQueue does any tricks to it - this is when creating the zones, so should
fail when getMetadata.
bq. <name>key.acl.key2.GENERATE_EEK</name>
IIUC the jira description, Fang has set the kms-acls for {{GENERATE_EEK}} operation to mr.
{{getMetadata}} has its own set of acls which are separate from {{GENERATE_EEK}} acls.
In {{FSDirEncryptionZoneOp#ensureKeyIsInitialized}} before returning  it does {{provider.warmUpEncryptedKeys(keyName)}}
which in turn will fill the {{KMSClientProvider#ValueQueue}} with EDEKs. I think its failing
there since namenode user {{hdfs}} is not allowed to {{generateEdek}}  via {{GENERATE_EEK}}

Also I don't understand why {{AuthorizationException}} overrides {{printStackTrace}} methods.
I don't see any other exceptions overriding those methods.
If we remove the overriden methods, then {{Throwable#printStackTrace(PrintWriter)}} will do
the right thing.

We can easily removed dozens of lines of code from Test class.
I don't see the need for creating ExecutorService.
Just create new instance of {{EncryptionFaultInjector}} with {{ensureKeyIsInitialized}} overriden.

> Exception information can not be returned when I create transparent encryption zone.
> ------------------------------------------------------------------------------------
>                 Key: HDFS-12974
>                 URL: https://issues.apache.org/jira/browse/HDFS-12974
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: encryption
>    Affects Versions: 3.0.0
>            Reporter: fang zhenyi
>            Assignee: fang zhenyi
>            Priority: Minor
>         Attachments: HDFS-12974.001.patch, HDFS-12974.002.patch, HDFS-12974.003.patch,
HDFS-12974.004.patch, HDFS-12974.005.patch
> When I add the following configuration to the kms-acl.xml file, I create encrypted space
and I can not get any exception information.
> <property>
>   <name>key.acl.key2.GENERATE_EEK</name>
>   <value>mr</value>
> </property>
> root@fangzhenyi01:~# hdfs crypto -createZone -keyName key2 -path /zone
> 2018-01-02 10:41:44,632 WARN util.NativeCodeLoader: Unable to load native-hadoop library
for your platform... using builtin-java classes where applicable
> RemoteException: 
> root@fangzhenyi01:~# 

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org

View raw message