[
https://issues.apache.org/jira/browse/HADOOP-14104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15892797#comment-15892797
]
Yongjun Zhang commented on HADOOP-14104:
----------------------------------------
Thanks [~andrew.wang].
I gave some more thoughts, I think a better solution instead of the period
polling is, just like how client handle namenode HA, we can do the same for
KeyProvider. Say, if we specify keyproviderservice in config file to associate
with a list of KeyProviders, if one keyProvider is down, the client can try to
access the next one in the list (client failover). This is essentially
KeyProvider HA. But this would be a larger scope solution. Does this make
sense to you?
> Client should always ask namenode for kms provider path.
> --------------------------------------------------------
>
> Key: HADOOP-14104
> URL: https://issues.apache.org/jira/browse/HADOOP-14104
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Reporter: Rushabh S Shah
> Assignee: Rushabh S Shah
> Attachments: HADOOP-14104-trunk.patch, HADOOP-14104-trunk-v1.patch
>
>
> According to current implementation of kms provider in client conf, there can
> only be one kms.
> In multi-cluster environment, if a client is reading encrypted data from
> multiple clusters it will only get kms token for local cluster.
> Not sure whether the target version is correct or not.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
