[ https://issues.apache.org/jira/browse/HDFS-11210?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15857057#comment-15857057 ]
Xiao Chen commented on HDFS-11210: ---------------------------------- Thanks Andrew, if you have any other comments, please don't hold back. :) bq. Noticed you changed indexFor from modulo to a mask. What was the reason for this? The masking only works when the array size is a power of 2. Because I forgot to change the symbol bit to 0, hence all those test failures when {{int hashCode}} return a negative value. Instead of modulo then 0-out the first bit, I figured masking it once is more elegant. True it'll be problematic when array size isn't 2, maybe add a comment for future since array size is hardcoded currently? And finally we have the item in NN: bq. The Client instance inside NN(s), and corresponding cache(s). When {{hadoop key roll}} is succeeded, the client provider inside NN should be drained too. Still think my 1st comment of {{invalidateCache}} when receiving re-encrypt is the way to go, and should probably add that line to the mighty HDFS-10899.... > Enhance key rolling to guarantee new KeyVersion is returned from > generateEncryptedKeys after a key is rolled > ------------------------------------------------------------------------------------------------------------ > > Key: HDFS-11210 > URL: https://issues.apache.org/jira/browse/HDFS-11210 > Project: Hadoop HDFS > Issue Type: Improvement > Components: encryption, kms > Affects Versions: 2.6.5 > Reporter: Xiao Chen > Assignee: Xiao Chen > Attachments: HDFS-11210.01.patch, HDFS-11210.02.patch, > HDFS-11210.03.patch, HDFS-11210.04.patch, HDFS-11210.05.patch > > > To support re-encrypting EDEK, we need to make sure after a key is rolled, no > old version EDEKs are used anymore. This includes various caches when > generating EDEK. > This is not true currently, simply because no such requirements / necessities > before. > This includes > - Client Provider(s), and corresponding cache(s). > When LoadBalancingKMSCP is used, we need to clear all KMSCPs. > - KMS server instance(s), and corresponding cache(s) > When KMS HA is configured with multiple KMS instances, only 1 will receive > the {{rollNewVersion}} request, we need to make sure other instances are > rolled too. > - The Client instance inside NN(s), and corresponding cache(s) > When {{hadoop key roll}} is succeeded, the client provider inside NN should > be drained too. -- This message was sent by Atlassian JIRA (v6.3.15#6346) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org