Exception while creating encryption zone

Tue, 13 Sep 2016 02:21:07 -0700 

Hi all,

As I was trying to test Ranger KMS, I encountered some troubles.
I created a AES-128 key with ranger KMS named test_lchanel, and as I wanted
to use it to encrypt my home repository using : hdfs crypto -createZone
-keyName test_lchanel -path /user/lchanel, I got the following exception :

16/09/13 11:11:26 WARN retry.RetryInvocationHandler: Exception while
invoking ClientNamenodeProtocolTranslatorPB.createEncryptionZone over null.
Not retrying because try once and fail.
org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException):
        at org.apache.hadoop.ipc.Client.getRpcResponse(Client.java:1552)
        at org.apache.hadoop.ipc.Client.call(Client.java:1496)
        at org.apache.hadoop.ipc.Client.call(Client.java:1396)
        at
org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:233)
        at com.sun.proxy.$Proxy10.createEncryptionZone(Unknown Source)
        at
org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolTranslatorPB.createEncryptionZone(ClientNamenodeProtocolTranslatorPB.java:1426)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:497)
        at
org.apache.hadoop.io.retry.RetryInvocationHandler.invokeMethod(RetryInvocationHandler.java:278)
        at
org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(RetryInvocationHandler.java:194)
        at
org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(RetryInvocationHandler.java:176)
        at com.sun.proxy.$Proxy11.createEncryptionZone(Unknown Source)
        at
org.apache.hadoop.hdfs.DFSClient.createEncryptionZone(DFSClient.java:3337)
        at
org.apache.hadoop.hdfs.DistributedFileSystem.createEncryptionZone(DistributedFileSystem.java:2233)
        at
org.apache.hadoop.hdfs.client.HdfsAdmin.createEncryptionZone(HdfsAdmin.java:307)
        at
org.apache.hadoop.hdfs.tools.CryptoAdmin$CreateZoneCommand.run(CryptoAdmin.java:142)
        at org.apache.hadoop.hdfs.tools.CryptoAdmin.run(CryptoAdmin.java:73)
        at
org.apache.hadoop.hdfs.tools.CryptoAdmin.main(CryptoAdmin.java:82)
RemoteException:

As I know CPU must support AES to use such things, I checked on each
server's ILO admin interface and it seems my CPU support AES-128. In
addition, hadoop checknative returns a correct result :

16/09/13 11:16:48 INFO bzip2.Bzip2Factory: Successfully loaded &
initialized native-bzip2 library system-native
16/09/13 11:16:48 INFO zlib.ZlibFactory: Successfully loaded & initialized
native-zlib library
Native library checking:
hadoop:  true /usr/hdp/2.5.0.0-1245/hadoop/lib/native/libhadoop.so.1.0.0
zlib:    true /lib64/libz.so.1
snappy:  true /usr/hdp/2.5.0.0-1245/hadoop/lib/native/libsnappy.so.1
lz4:     true revision:99
bzip2:   true /lib64/libbz2.so.1
openssl: true /usr/lib64/libcrypto.so

Does someone see where my problem might come from ?

Thanks,


Loïc

Loïc CHANEL
System Big Data engineer
MS&T - WASABI - Worldline (Villeurbanne, France)

Reply via email to