You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "dengxiumao (JIRA)" <ji...@apache.org> on 2015/04/22 04:42:59 UTC
[jira] [Updated] (HADOOP-11862) Add support key share across KMS
instances for KMS HA
[ https://issues.apache.org/jira/browse/HADOOP-11862?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
dengxiumao updated HADOOP-11862:
--------------------------------
Description:
The patch [HADOOP-11620|https://issues.apache.org/jira/browse/HADOOP-11620] only supports specification of multiple hostnames in the kms key provider uri. it means that it support config as:
bq.
<property>
<name>hadoop.security.key.provider.path</name>
<value>kms://http@[HOSTNAME1];[HOSTNAME2]:16000/kms</value>
</property>
but HA is still not available, keys can not share across KMS instances, if one of KMS instances goes down, Encrypted files, which encrypted by the keys in the KMS, can not be read.
> Add support key share across KMS instances for KMS HA
> -----------------------------------------------------
>
> Key: HADOOP-11862
> URL: https://issues.apache.org/jira/browse/HADOOP-11862
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Affects Versions: 2.6.0
> Reporter: dengxiumao
> Labels: kms, transparentenc
>
> The patch [HADOOP-11620|https://issues.apache.org/jira/browse/HADOOP-11620] only supports specification of multiple hostnames in the kms key provider uri. it means that it support config as:
> bq.
> <property>
> <name>hadoop.security.key.provider.path</name>
> <value>kms://http@[HOSTNAME1];[HOSTNAME2]:16000/kms</value>
> </property>
> but HA is still not available, keys can not share across KMS instances, if one of KMS instances goes down, Encrypted files, which encrypted by the keys in the KMS, can not be read.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)