[jira] [Commented] (HADOOP-14104) Client should always ask namenode for kms provider path.

Wed, 15 Nov 2017 15:43:53 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-14104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16254466#comment-16254466
 ] 

Daryn Sharp commented on HADOOP-14104:
--------------------------------------

bq. Having identical nameservices for multiple clusters is arguably a 
mis-configuration
No arguably, it is a misconfiguration.

Instead of adding more complexity like guids to an already terrible idea – a 
conf-based nameservice which is ironically what allows this problem to exist – 
in an attempt to disambiguate the shared name,  I have a simpler solution: 
_uniquely name your clusters_.  There's nothing to fix.

As trivia: RPC has the same "issue", although it's not as evident due to 
persistent connections unlike the kms & http.  If the RPC connection goes down 
(idle closes, connection issue, retriable exception, etc), it's going to 
reconnect with a token, possibly the wrong token because it was for the other 
NN.





> Client should always ask namenode for kms provider path.
> --------------------------------------------------------
>
>                 Key: HADOOP-14104
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14104
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: kms
>            Reporter: Rushabh S Shah
>            Assignee: Rushabh S Shah
>             Fix For: 2.9.0, 3.0.0-alpha4, 2.8.2
>
>         Attachments: HADOOP-14104-branch-2.8.patch, 
> HADOOP-14104-branch-2.patch, HADOOP-14104-trunk-v1.patch, 
> HADOOP-14104-trunk-v2.patch, HADOOP-14104-trunk-v3.patch, 
> HADOOP-14104-trunk-v4.patch, HADOOP-14104-trunk-v5.patch, 
> HADOOP-14104-trunk.patch
>
>
> According to current implementation of kms provider in client conf, there can 
> only be one kms.
> In multi-cluster environment, if a client is reading encrypted data from 
> multiple clusters it will only get kms token for local cluster.
> Not sure whether the target version is correct or not.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to