[
https://issues.apache.org/jira/browse/HDFS-9244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15094619#comment-15094619
]
Zhe Zhang commented on HDFS-9244:
---------------------------------
[~xyao] Thanks for the comment. The most important use case we've seen is
"always-on encryption" -- the ability to setup {{/}} as an EZ plus the
flexibility to use different keys for descendant dirs later on. It has been
requested by many customers. The {{Trash}} use case is also useful -- it's not
directly supported by this change, but will require the concept of nested EZ.
Thanks for pointing out the possible issues. Upgrade won't cause issues,
because a lower-versioned cluster with non-nested EZ setup is always legitimate
under the new logic. Rollback won't be allowed from a nested-EZ cluster to
version < 2.8. The actual logic change is very simple -- basically just the
removal of an {{if}} check. So I don't think the change itself is hard to
support and maintain. The most challenging task is to clearly document the new
semantics so that external tools don't rely on the assumption that all data
under an EZ have the same key. I created HDFS-9644 to track the effort.
> Support nested encryption zones
> -------------------------------
>
> Key: HDFS-9244
> URL: https://issues.apache.org/jira/browse/HDFS-9244
> Project: Hadoop HDFS
> Issue Type: New Feature
> Components: encryption
> Reporter: Xiaoyu Yao
> Assignee: Zhe Zhang
> Attachments: HDFS-9244.00.patch, HDFS-9244.01.patch
>
>
> This JIRA is opened to track adding support of nested encryption zone based
> on [~andrew.wang]'s [comment
> |https://issues.apache.org/jira/browse/HDFS-8747?focusedCommentId=14654141&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14654141]
> for certain use cases.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
