[HBASE-20898] Improve support for HDFS at-rest encryption - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Umbrella
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 2.0.0
Fix Version/s: None
Component/s: encryption
Labels:
None
Environment:

HBase 2 on Hadoop 2.6.0+ (HDFS at-rest encryption)

Description

Note * this has nothing to do with HBase's Transparent Encryption of Data At Rest.

HDFS's at rest encryption is "transparent" in that encrypt/decrypt itself doesn't require client side change. However, in practice, there re a few cases that need to be taken care of. For example, accessing KMS requires KMS delegation tokens. If HBase tools get only HDFS delegation tokens, it would fail to access files in HDFS encryption zone. Cases such as ~~HBASE-20403~~ suggests in some cases HBase behaves differently in HDFS-encrypted cluster.

I propose an umbrella jira to revisit the HDFS at-rest encryption support in various HBase subcomponents and tools, add additional tests and enhance the tools as we visit them.

Attachments

Issue Links

relates to

HBASE-16178 HBase restore command fails on cluster with encrypted HDFS

Open

Sub-Tasks

1.	Asyncfs should retry upon RetryStartFileException	Open	Unassigned
2.	Add Hadoop KMS dependency and basic HDFS at-rest encryption tests	Patch Available	Wei-Chiu Chuang
3.	Improve FsDelegationToken to support KMS delegation tokens	Open	Wei-Chiu Chuang
4.	Helper method to configure secure DFS cluster for tests	Resolved	Wei-Chiu Chuang

Activity

People

Assignee:: Wei-Chiu Chuang

Reporter:: Wei-Chiu Chuang

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 17/Jul/18 00:38

Updated:: 25/Jul/18 16:38