[
https://issues.apache.org/jira/browse/HADOOP-11862?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14507542#comment-14507542
]
Arun Suresh commented on HADOOP-11862:
--------------------------------------
[~dengxiumao],
bq. But, it's not High Available(HA), there are 2 senarios:
Hmmm.. it is not HA for some operations (create / rollover / delete) most other
operations including get / encrypt / decrypt, they should be (since the keys
are actually cached by KMS.. and EDEKs generated by 1 KMS can be decrypted by
the other.. if the EZ key version is in cache). But yes, i agree, there is no
replica stored anywhere.. so for catastrophic failures where the backing KMS
does not come up, you lose data.
I would expect an enterprise deployment to use a more robust production quality
key store for which you can easily write a KeyProvider and use it as a backing
key store. But yes, we dont ship one with hadoop.
> Add support key share across KMS instances for KMS HA
> -----------------------------------------------------
>
> Key: HADOOP-11862
> URL: https://issues.apache.org/jira/browse/HADOOP-11862
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Affects Versions: 2.6.0
> Reporter: dengxiumao
> Labels: kms
>
> The patch [HADOOP-11620|https://issues.apache.org/jira/browse/HADOOP-11620]
> only supports specification of multiple hostnames in the kms key provider
> uri. it means that it support config as:
> {quote}
> <property>
> <name>hadoop.security.key.provider.path</name>
> <value>kms://http@[HOSTNAME1];[HOSTNAME2]:16000/kms</value>
> </property>
> {quote}
> but HA is still not available, keys can not share across KMS instances, if
> one of KMS instances goes down, Encrypted files, which encrypted by the keys
> in the KMS, can not be read.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
