[ https://issues.apache.org/jira/browse/IMPALA-7035?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16479817#comment-16479817 ]
ASF subversion and git services commented on IMPALA-7035: --------------------------------------------------------- Commit 5b824408af17d084a5ea3464e0ff913f2c94e4c4 in impala's branch refs/heads/master from [~philip] [ https://git-wip-us.apache.org/repos/asf?p=impala.git;h=5b82440 ] IMPALA-7035: Configure jceks.key.serialFilter for KMS. Configures a Java property for KMS to account for JDK 8u171's security fixes. I was seeing impala-py.test tests/metadata/test_hdfs_encryption.py fail with the following error: AssertionError: Error creating encryption zone: RemoteException: Can't recover key for testkey1 from keystore file:/home/impdev/Impala/testdata/cluster/cdh6/node-1/data/kms.keystore The issue is described in HDFS-13494, and I imagine it'll be fixed in due time. In the meanwhile, setting this property seems to do the trick. Change-Id: I2d21c9cce3b91e8fd8b2b4f1cda75e3958c977d5 Reviewed-on: http://gerrit.cloudera.org:8080/10418 Reviewed-by: Joe McDonnell <joemcdonn...@cloudera.com> Tested-by: Impala Public Jenkins <impala-public-jenk...@cloudera.com> > Impala HDFS Encryption tests failing after OpenJDK update > --------------------------------------------------------- > > Key: IMPALA-7035 > URL: https://issues.apache.org/jira/browse/IMPALA-7035 > Project: IMPALA > Issue Type: Task > Reporter: Philip Zeyliger > Priority: Major > > I have seen {{impala-py.test tests/metadata/test_hdfs_encryption.py}} fail > with the following error: > {{E AssertionError: Error creating encryption zone: RemoteException: Can't > recover key for testkey1 from keystore > [file:/home/impdev/Impala/testdata/cluster/cdh6/node-1/data/kms.keystore|file:///home/impdev/Impala/testdata/cluster/cdh6/node-1/data/kms.keystore]}} > I believe what's going on is described in > https://issues.apache.org/jira/browse/HDFS-13494. In short, the JDK now has a > special whitelist for an API as a result of a security vulnerability. > A workaround in the KMS init script to configure $HADOOP_OPTS seems to do the > trick. > -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org For additional commands, e-mail: issues-all-h...@impala.apache.org