[
https://issues.apache.org/jira/browse/HADOOP-14104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15887103#comment-15887103
]
Andrew Wang commented on HADOOP-14104:
--------------------------------------
Thanks for working on this Rushabh, patch looks pretty close, just some nits:
* FtpConfigKeys and LocalConfigKeys, would still be nice to introduce a new
variable for documentation purposes
* I dislike non-trivial ternary statements, mind rewriting
DFSClient#getKeyProviderUri a bit? We can also dedupe the call to
{{getKeyProviderUri}} for clarity.
* Still could use a doc update in TransparentEncryption.md about how this is
fetched from server-side defaults.
Could you comment on potential additional overheads from invoking the NNto
query this config value? I don't see {{getServerDefaults}} used much right now,
so it looks like this will add another NN RPC to many client operations, for
both unencrypted and encrypted clusters. This is concerning.
> Client should always ask namenode for kms provider path.
> --------------------------------------------------------
>
> Key: HADOOP-14104
> URL: https://issues.apache.org/jira/browse/HADOOP-14104
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Reporter: Rushabh S Shah
> Assignee: Rushabh S Shah
> Attachments: HADOOP-14104-trunk.patch, HADOOP-14104-trunk-v1.patch
>
>
> According to current implementation of kms provider in client conf, there can
> only be one kms.
> In multi-cluster environment, if a client is reading encrypted data from
> multiple clusters it will only get kms token for local cluster.
> Not sure whether the target version is correct or not.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
