[jira] [Updated] (HADOOP-11862) Add support key share across KMS instances for KMS HA

Tue, 21 Apr 2015 19:45:12 -0700 

     [ 
https://issues.apache.org/jira/browse/HADOOP-11862?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

dengxiumao updated HADOOP-11862:
--------------------------------
    Description: 
The patch [HADOOP-11620|https://issues.apache.org/jira/browse/HADOOP-11620] 
only supports specification of multiple hostnames in the kms key provider uri. 
it means that it support config as:
{quote}
<property>
 <name>hadoop.security.key.provider.path</name>
 <value>kms://http@[HOSTNAME1];[HOSTNAME2]:16000/kms</value>
</property>
{quote}
but HA is still not available, keys can not share across KMS instances, if one 
of KMS instances goes down, Encrypted files, which encrypted by the keys in the 
KMS,  can not be read.

  was:
The patch [HADOOP-11620|https://issues.apache.org/jira/browse/HADOOP-11620] 
only supports specification of multiple hostnames in the kms key provider uri. 
it means that it support config as:
bq.
<property>
 <name>hadoop.security.key.provider.path</name>
 <value>kms://http@[HOSTNAME1];[HOSTNAME2]:16000/kms</value>
</property>

but HA is still not available, keys can not share across KMS instances, if one 
of KMS instances goes down, Encrypted files, which encrypted by the keys in the 
KMS,  can not be read.


> Add support key share across KMS instances for KMS HA
> -----------------------------------------------------
>
>                 Key: HADOOP-11862
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11862
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: kms
>    Affects Versions: 2.6.0
>            Reporter: dengxiumao
>              Labels: kms, transparentenc
>
> The patch [HADOOP-11620|https://issues.apache.org/jira/browse/HADOOP-11620] 
> only supports specification of multiple hostnames in the kms key provider 
> uri. it means that it support config as:
> {quote}
> <property>
>  <name>hadoop.security.key.provider.path</name>
>  <value>kms://http@[HOSTNAME1];[HOSTNAME2]:16000/kms</value>
> </property>
> {quote}
> but HA is still not available, keys can not share across KMS instances, if 
> one of KMS instances goes down, Encrypted files, which encrypted by the keys 
> in the KMS,  can not be read.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to