qiushi fan created HADOOP-13303:
-----------------------------------
Summary: Detail Informations of KMS High Avalibale
Key: HADOOP-13303
URL: https://issues.apache.org/jira/browse/HADOOP-13303
Project: Hadoop Common
Issue Type: Improvement
Components: ha, kms
Affects Versions: 2.7.2
Reporter: qiushi fan
I have some confusions of kms HA recently.
1. we can set up multiple KMS instances behind a load balancer. Among all
these kms instances, there is only one master kms, others are slave kms. The
master kms can handle Key create/store/rollover/delete operations by directly
contacting with JCE keystore file. The slave kms can handle Key
create/store/rollover/delete operations by delegating it to the master kms.
so although we set up multiple kms, there is only one JCE keystore file, and
only the master kms can access to this file. Both the JCE keystore file and
the master kms don't have a backup. If one of them died, there is no way to
avoid losing data.
Is all of the above true? KMS doesn't have a solution to handle the failure of
master kms and JCE keystore file?
2. I heard another way to achieve kms HA: make use of
LoadBalancingKMSClientProvider. But I can't find detail informations of
LoadBalancingKMSClientProvider. So why the LoadBalancingKMSClientProvider can
achieve kms HA?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
