You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by GitBox <gi...@apache.org> on 2020/07/10 03:19:20 UTC

[GitHub] [hadoop-ozone] iamabug opened a new pull request #1184: HDDS-2767. security/SecuringTDE.md

iamabug opened a new pull request #1184:
URL: https://github.com/apache/hadoop-ozone/pull/1184


   ## What changes were proposed in this pull request?
   
   translation to https://hadoop.apache.org/ozone/docs/0.5.0-beta/security/securingtde.html
   
   ## What is the link to the Apache JIRA
   
   https://issues.apache.org/jira/browse/HDDS-2767
   
   ## How was this patch tested?
   
   hugo server 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org

[GitHub] [hadoop-ozone] iamabug commented on pull request #1184: HDDS-2767. security/SecuringTDE.md

Posted by GitBox <gi...@apache.org>.

iamabug commented on pull request #1184:
URL: https://github.com/apache/hadoop-ozone/pull/1184#issuecomment-656459321


   @cxorm @smengcl @xiaoyuyao Please help review this if available, thanks.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org

[GitHub] [hadoop-ozone] xiaoyuyao merged pull request #1184: HDDS-2767. security/SecuringTDE.md

Posted by GitBox <gi...@apache.org>.

xiaoyuyao merged pull request #1184:
URL: https://github.com/apache/hadoop-ozone/pull/1184


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org

[GitHub] [hadoop-ozone] iamabug commented on a change in pull request #1184: HDDS-2767. security/SecuringTDE.md

Posted by GitBox <gi...@apache.org>.

iamabug commented on a change in pull request #1184:
URL: https://github.com/apache/hadoop-ozone/pull/1184#discussion_r454812178



##########
File path: hadoop-hdds/docs/content/security/SecuringTDE.zh.md
##########
@@ -0,0 +1,56 @@
+---
+title: "透明数据加密"
+date: "2019-April-03"
+summary: 透明数据加密（Transparent Data Encryption，TDE）以密文形式在磁盘上保存数据，但可以在用户访问的时候自动进行解密。TDE 以键或桶为单位进行加密。
+weight: 3
+icon: lock
+---
+<!---
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+
+Ozone TDE 的配置和使用和 HDFS TDE 十分相似，主要的区别是，Ozone 中桶级别的 TDE 必须在创建桶时启用。
+
+### 搭建密钥管理服务器
+
+必须要搭建密钥管理服务器（Key Management Server, KMS）并把它的 URI 提供给 Ozone/HDFS 才能使用 TDE。因为 Ozone 和 HDFS 可以使用相同的 KMS，所以可以在 *hdfs-site.xml* 中进行配置：
+
+参数名 |  值
+-----------------------------------|-----------------------------------------
+hadoop.security.key.provider.path  | KMS uri. <br> 比如 kms://http@kms-host:9600/kms
+
+### 使用 TDE
+如果你的集群已经配置好了 TDE，那么你只需要创建加密密钥并启用桶加密即可。
+
+创建加密密钥的方法为：
+    * 使用 hadoop 密钥命令创建桶加密密钥，和

Review comment:
       Sorry for this careless editing.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org

[GitHub] [hadoop-ozone] xiaoyuyao commented on a change in pull request #1184: HDDS-2767. security/SecuringTDE.md

Posted by GitBox <gi...@apache.org>.

xiaoyuyao commented on a change in pull request #1184:
URL: https://github.com/apache/hadoop-ozone/pull/1184#discussion_r453834965



##########
File path: hadoop-hdds/docs/content/security/SecuringTDE.zh.md
##########
@@ -0,0 +1,56 @@
+---
+title: "透明数据加密"
+date: "2019-April-03"
+summary: 透明数据加密（Transparent Data Encryption，TDE）以密文形式在磁盘上保存数据，但可以在用户访问的时候自动进行解密。TDE 以键或桶为单位进行加密。
+weight: 3
+icon: lock
+---
+<!---
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+
+Ozone TDE 的配置和使用和 HDFS TDE 十分相似，主要的区别是，Ozone 中桶级别的 TDE 必须在创建桶时启用。
+
+### 搭建密钥管理服务器

Review comment:
       NIT: 搭建=>配置

##########
File path: hadoop-hdds/docs/content/security/SecuringTDE.zh.md
##########
@@ -0,0 +1,56 @@
+---
+title: "透明数据加密"
+date: "2019-April-03"
+summary: 透明数据加密（Transparent Data Encryption，TDE）以密文形式在磁盘上保存数据，但可以在用户访问的时候自动进行解密。TDE 以键或桶为单位进行加密。
+weight: 3
+icon: lock
+---
+<!---
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+
+Ozone TDE 的配置和使用和 HDFS TDE 十分相似，主要的区别是，Ozone 中桶级别的 TDE 必须在创建桶时启用。
+
+### 搭建密钥管理服务器
+
+必须要搭建密钥管理服务器（Key Management Server, KMS）并把它的 URI 提供给 Ozone/HDFS 才能使用 TDE。因为 Ozone 和 HDFS 可以使用相同的 KMS，所以可以在 *hdfs-site.xml* 中进行配置：

Review comment:
       必须要搭建密钥管理服务器（Key Management Server, KMS）并把它的 URI 提供给 Ozone/HDFS 才能使用 TDE=》
   使用TDE之前，管理员必须提前配置密钥管理服务KMS， 并且把KMS的URI通过core-site.xml提供给Ozone。
   
   Please update the EN document as well。
   
   To use TDE, admin must setup a Key Management Server and provide that URI to
   Ozone via *core-site.xml*.
   
   

##########
File path: hadoop-hdds/docs/content/security/SecuringTDE.zh.md
##########
@@ -0,0 +1,56 @@
+---
+title: "透明数据加密"
+date: "2019-April-03"
+summary: 透明数据加密（Transparent Data Encryption，TDE）以密文形式在磁盘上保存数据，但可以在用户访问的时候自动进行解密。TDE 以键或桶为单位进行加密。
+weight: 3
+icon: lock
+---
+<!---
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+
+Ozone TDE 的配置和使用和 HDFS TDE 十分相似，主要的区别是，Ozone 中桶级别的 TDE 必须在创建桶时启用。
+
+### 搭建密钥管理服务器
+
+必须要搭建密钥管理服务器（Key Management Server, KMS）并把它的 URI 提供给 Ozone/HDFS 才能使用 TDE。因为 Ozone 和 HDFS 可以使用相同的 KMS，所以可以在 *hdfs-site.xml* 中进行配置：
+
+参数名 |  值
+-----------------------------------|-----------------------------------------
+hadoop.security.key.provider.path  | KMS uri. <br> 比如 kms://http@kms-host:9600/kms
+
+### 使用 TDE
+如果你的集群已经配置好了 TDE，那么你只需要创建加密密钥并启用桶加密即可。
+
+创建加密密钥的方法为：
+    * 使用 hadoop 密钥命令创建桶加密密钥，和

Review comment:
       Line 39-42 is dup and should be removed. 




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org

[GitHub] [hadoop-ozone] iamabug commented on a change in pull request #1184: HDDS-2767. security/SecuringTDE.md

Posted by GitBox <gi...@apache.org>.

iamabug commented on a change in pull request #1184:
URL: https://github.com/apache/hadoop-ozone/pull/1184#discussion_r454306212



##########
File path: hadoop-hdds/docs/content/security/SecuringTDE.zh.md
##########
@@ -0,0 +1,56 @@
+---
+title: "透明数据加密"
+date: "2019-April-03"
+summary: 透明数据加密（Transparent Data Encryption，TDE）以密文形式在磁盘上保存数据，但可以在用户访问的时候自动进行解密。TDE 以键或桶为单位进行加密。

Review comment:
       good call, done.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org

[GitHub] [hadoop-ozone] xiaoyuyao commented on a change in pull request #1184: HDDS-2767. security/SecuringTDE.md

Posted by GitBox <gi...@apache.org>.

xiaoyuyao commented on a change in pull request #1184:
URL: https://github.com/apache/hadoop-ozone/pull/1184#discussion_r453834375



##########
File path: hadoop-hdds/docs/content/security/SecuringTDE.zh.md
##########
@@ -0,0 +1,56 @@
+---
+title: "透明数据加密"
+date: "2019-April-03"
+summary: 透明数据加密（Transparent Data Encryption，TDE）以密文形式在磁盘上保存数据，但可以在用户访问的时候自动进行解密。TDE 以键或桶为单位进行加密。

Review comment:
       Can we remove this "TDE 以键或桶为单位进行加密"? Also please remove the EN part as well. 




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org