[
https://issues.apache.org/jira/browse/HDFS-6767?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14078700#comment-14078700
]
Andrew Wang commented on HDFS-6767:
-----------------------------------
Yea, you can see the example Stephen put in the description:
{noformat}
rm: Failed to move to trash: hdfs://schu-enc2.vpc.com:8020/user/hdfs/enc.
Consider using -skipTrash option
{noformat}
We could improve this message to mention encryption zones and rename
restrictions. It seems reasonable to require users to specify -skipTrash, since
we can't preserve the existing behavior.
> Cannot remove directory within encryption zone to Trash
> -------------------------------------------------------
>
> Key: HDFS-6767
> URL: https://issues.apache.org/jira/browse/HDFS-6767
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: security
> Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
> Reporter: Stephen Chu
>
> Currently, users that want to remove an encrypted directory using the FsShell
> remove commands need to skip the trash.
> If users try to remove an encrypted directory while Trash is enabled, they
> will see the following error:
> {code}
> [hdfs@schu-enc2 ~]$ hdfs dfs -rm -r /user/hdfs/enc
> 2014-07-29 13:47:28,799 INFO [main] hdfs.DFSClient
> (DFSClient.java:<init>(604)) - Found KeyProvider: KeyProviderCryptoExtension:
> jceks://file@/home/hdfs/hadoop-data/test.jks
> 2014-07-29 13:47:29,563 INFO [main] fs.TrashPolicyDefault
> (TrashPolicyDefault.java:initialize(92)) - Namenode trash configuration:
> Deletion interval = 1440 minutes, Emptier interval = 0 minutes.
> rm: Failed to move to trash: hdfs://schu-enc2.vpc.com:8020/user/hdfs/enc.
> Consider using -skipTrash option
> {code}
> This is because the encrypted dir cannot be moved from an encryption zone, as
> the NN log explains:
> {code}
> 2014-07-29 13:47:29,596 INFO [IPC Server handler 8 on 8020] ipc.Server
> (Server.java:run(2120)) - IPC Server handler 8 on 8020, call
> org.apache.hadoop.hdfs.protocol.ClientProtocol.rename from 172.25.3.153:48295
> Call#9 Retry#0
> java.io.IOException: /user/hdfs/enc can't be moved from an encryption zone.
> at
> org.apache.hadoop.hdfs.server.namenode.EncryptionZoneManager.checkMoveValidity(EncryptionZoneManager.java:175)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirectory.unprotectedRenameTo(FSDirectory.java:526)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirectory.renameTo(FSDirectory.java:440)
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.renameToInternal(FSNamesystem.java:3593)
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.renameToInt(FSNamesystem.java:3555)
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.renameTo(FSNamesystem.java:3522)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.rename(NameNodeRpcServer.java:727)
> at
> org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.rename(ClientNamenodeProtocolServerSideTranslatorPB.java:542)
> at
> org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java)
> at
> org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:607)
> at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:932)
> at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2099)
> at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2095)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:415)
> at
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1626)
> at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2093)
> {code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
