[
https://issues.apache.org/jira/browse/HDFS-11885?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16043213#comment-16043213
]
Xiao Chen commented on HDFS-11885:
----------------------------------
Thanks Daryn, good question.
My understanding is mostly from HDFS-7209:
{quote}
Currently when creating file in an encryption zone for the first time, key
provider will get bunch of keys from KMS and fill in the queue. It will take
some time. We can initialize the key queue when creating the encryption zone by
admin.
{quote}
Each create only gets 1 edek, and there's the async thread in {{ValueQueue}} to
fill in the cache (e.g. 500 edeks). I could see values by ensuring the cache to
be filled proactively rather than depending lazily on the first create. But
maybe we can remove/reduce the sleep delay.
Would also like to hear [~andrew.wang]'s ideas. :)
> createEncryptionZone should not block on initializing EDEK cache
> ----------------------------------------------------------------
>
> Key: HDFS-11885
> URL: https://issues.apache.org/jira/browse/HDFS-11885
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: encryption
> Affects Versions: 2.6.5
> Reporter: Andrew Wang
> Assignee: Andrew Wang
> Priority: Critical
> Attachments: HDFS-11885.001.patch, HDFS-11885.002.patch,
> HDFS-11885.003.patch
>
>
> When creating an encryption zone, we call {{ensureKeyIsInitialized}}, which
> calls {{provider.warmUpEncryptedKeys(keyName)}}. This is a blocking call,
> which attempts to fill the key cache up to the low watermark.
> If the KMS is down or slow, this can take a very long time, and cause the
> createZone RPC to fail with a timeout.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
