[
https://issues.apache.org/jira/browse/HADOOP-11862?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14506786#comment-14506786
]
dengxiumao commented on HADOOP-11862:
-------------------------------------
hi [~asuresh], thank you for your reply.
yes, the scenario as you said, actually will be loadbalanced and will shared
accross KMS instances.
But, it's not High Available(HA), there are 2 senarios:
1. if the KMS1 goes down, KMS2 and KMS3 will not available.
2. if the kms.keystore file was delete, the files encrypted by the keys in
kms.keystore won't be read.
So, I think if keys have several replicas, like HDFS replicas mechanism, it
will be really HA.
ps. maybe I should modify the title more clearly.
> Add support key share across KMS instances for KMS HA
> -----------------------------------------------------
>
> Key: HADOOP-11862
> URL: https://issues.apache.org/jira/browse/HADOOP-11862
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Affects Versions: 2.6.0
> Reporter: dengxiumao
> Labels: kms
>
> The patch [HADOOP-11620|https://issues.apache.org/jira/browse/HADOOP-11620]
> only supports specification of multiple hostnames in the kms key provider
> uri. it means that it support config as:
> {quote}
> <property>
> <name>hadoop.security.key.provider.path</name>
> <value>kms://http@[HOSTNAME1];[HOSTNAME2]:16000/kms</value>
> </property>
> {quote}
> but HA is still not available, keys can not share across KMS instances, if
> one of KMS instances goes down, Encrypted files, which encrypted by the keys
> in the KMS, can not be read.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
