[jira] [Commented] (HDFS-7256) Encryption Key created in Java Key Store after Namenode start unavailable for EZ Creation

Thu, 19 Mar 2015 18:06:07 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-7256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14370483#comment-14370483
 ] 

Yi Liu commented on HDFS-7256:
------------------------------

Hi Xiaoyu, {{hadoop.security.key.provider.path}} is only used as the default 
key provider when you use {{hadoop key}} command.
The failure you got is not related to this, it's because the kerberos 
authentication failed, I think your local keberos ticket cache (tgt) is out of 
date or you have not done a "kinit".   Even you remove this config, you can 
still get the same issue.

> Encryption Key created in Java Key Store after Namenode start unavailable for 
> EZ Creation 
> ------------------------------------------------------------------------------------------
>
>                 Key: HDFS-7256
>                 URL: https://issues.apache.org/jira/browse/HDFS-7256
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: encryption, security
>    Affects Versions: 2.6.0
>            Reporter: Xiaoyu Yao
>            Assignee: Yi Liu
>
> Hit an error on "RemoteException: Key ezkey1 doesn't exist." when creating EZ 
> with a Key created after NN starts.
> Briefly check the code and found that the KeyProivder is loaded by FSN only 
> at the NN start. My work around is to restart the NN which triggers the 
> reload of Key Provider. Is this expected?
> Repro Steps:
> Create a new Key after NN and KMS starts
> hadoop/bin/hadoop key create ezkey1 -size 256 -provider 
> jceks://file/home/hadoop/kms.keystore
> List Keys
> hadoop@SaturnVm:~/deploy$ hadoop/bin/hadoop key list -provider 
> jceks://file/home/hadoop/kms.keystore -metadata
> Listing keys for KeyProvider: jceks://file/home/hadoop/kms.keystore
> ezkey1 : cipher: AES/CTR/NoPadding, length: 256, description: null, created: 
> Thu Oct 16 18:51:30 EDT 2014, version: 1, attributes: null
> key2 : cipher: AES/CTR/NoPadding, length: 128, description: null, created: 
> Tue Oct 14 19:44:09 EDT 2014, version: 1, attributes: null
> key1 : cipher: AES/CTR/NoPadding, length: 128, description: null, created: 
> Tue Oct 14 17:52:36 EDT 2014, version: 1, attributes: null
> Create Encryption Zone
> hadoop/bin/hdfs dfs -mkdir /Ez1
> hadoop@SaturnVm:~/deploy$ hadoop/bin/hdfs crypto -createZone -keyName ezkey1 
> -path /Ez1
> RemoteException: Key ezkey1 doesn't exist.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to