Uploaded image for project: 'Apache HAWQ (Retired)'
  1. Apache HAWQ (Retired)
  2. HAWQ-1193 TDE support in HAWQ
  3. HAWQ-1510

Add TDE-related functionality into hawq command line tools

    XMLWordPrintableJSON

Details

    Description

      1, hawq init
      the only way to enable tde in hawq:
      user should give a key name(already created by hadoop key command) parameter when execuate the init command, it makes the whole hawq_default directory as an encryption zone.

      note:

      • cannot support transfer the existed(and non-empty) hawq_default directory into an encryption zone.
      • create encryption zone need hdfs superuser privilege, so if hawq user and hdfs superuser is not the same one, you should create the encryption zone on hawq directory manually before running hawq-init script, example: 
        hdfs crypto -createZone -keyName key_demo -path /hawq_default/

      command:

      hawq init cluster --tde_keyname key_demo

      2, hawq state
      show the encryption zone info if user enable tde in hawq.

      3, hawq register
      cannot register file in different encryption zones / un-encryption zones.

      4, hawq extract
      give user a warning of the table data is stored in encryption zone if user enable tde in hawq.

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #1280

          Activity

            People

              hongxu ma Hongxu Ma
              hongxu ma Hongxu Ma
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: