[jira] [Updated] (HADOOP-11862) Add support key replicas mechanism for KMS HA

Wed, 22 Apr 2015 19:20:06 -0700 

     [ 
https://issues.apache.org/jira/browse/HADOOP-11862?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

dengxiumao updated HADOOP-11862:
--------------------------------
    Description: 
The patch [HADOOP-11620|https://issues.apache.org/jira/browse/HADOOP-11620] 
only supports specification of multiple hostnames in the kms key provider uri. 
it means that it support config as:
{quote}
<property>
 <name>hadoop.security.key.provider.path</name>
 <value>kms://http@[HOSTNAME1];[HOSTNAME2]:16000/kms</value>
</property>
{quote}
but HA is still not available,  if one of KMS instances goes down, Encrypted 
files, which encrypted by the keys in the KMS,  can not be read.

  was:
The patch [HADOOP-11620|https://issues.apache.org/jira/browse/HADOOP-11620] 
only supports specification of multiple hostnames in the kms key provider uri. 
it means that it support config as:
{quote}
<property>
 <name>hadoop.security.key.provider.path</name>
 <value>kms://http@[HOSTNAME1];[HOSTNAME2]:16000/kms</value>
</property>
{quote}
but HA is still not available, keys can not share across KMS instances, if one 
of KMS instances goes down, Encrypted files, which encrypted by the keys in the 
KMS,  can not be read.


> Add support key replicas mechanism for KMS HA
> ---------------------------------------------
>
>                 Key: HADOOP-11862
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11862
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: kms
>    Affects Versions: 2.6.0
>            Reporter: dengxiumao
>              Labels: kms
>
> The patch [HADOOP-11620|https://issues.apache.org/jira/browse/HADOOP-11620] 
> only supports specification of multiple hostnames in the kms key provider 
> uri. it means that it support config as:
> {quote}
> <property>
>  <name>hadoop.security.key.provider.path</name>
>  <value>kms://http@[HOSTNAME1];[HOSTNAME2]:16000/kms</value>
> </property>
> {quote}
> but HA is still not available,  if one of KMS instances goes down, Encrypted 
> files, which encrypted by the keys in the KMS,  can not be read.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to