[
https://issues.apache.org/jira/browse/HADOOP-11862?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
dengxiumao updated HADOOP-11862:
--------------------------------
External issue ID: HADOOP-11620 (was: 11620)
> Add support key share across KMS instances for KMS HA
> -----------------------------------------------------
>
> Key: HADOOP-11862
> URL: https://issues.apache.org/jira/browse/HADOOP-11862
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Affects Versions: 2.6.0
> Reporter: dengxiumao
> Labels: kms, transparentenc
>
> The patch [HADOOP-11620|https://issues.apache.org/jira/browse/HADOOP-11620]
> only supports specification of multiple hostnames in the kms key provider
> uri. it means that it support config as:
> {quote}
> <property>
> <name>hadoop.security.key.provider.path</name>
> <value>kms://http@[HOSTNAME1];[HOSTNAME2]:16000/kms</value>
> </property>
> {quote}
> but HA is still not available, keys can not share across KMS instances, if
> one of KMS instances goes down, Encrypted files, which encrypted by the keys
> in the KMS, can not be read.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
