Home Explore Help
Register Sign In
apache
/
hadoop
mirror of https://github.com/apache/hadoop.git
2
0
Fork 1
Files Issues 0 Wiki
Browse Source

HDFS-6388. HDFS integration with KeyProvider. (clamb)

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/fs-encryption@1598783 13f79535-47bb-0310-9956-ffa450edef68
Charles Lamb 11 years ago
parent
f7921030cd
commit
4054a40891
2 changed files with 38 additions and 0 deletions
Unified View Show Diff Stats
  1. 2 0
      hadoop-common-project/hadoop-common/CHANGES-fs-encryption.txt
  2. 36 0
      hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java

+ 2 - 0
hadoop-common-project/hadoop-common/CHANGES-fs-encryption.txt
View File 

@@ -6,6 +6,8 @@ fs-encryption (Unreleased)
 
 
 
   NEW FEATURES
 
   NEW FEATURES
 
 
 
+    HDFS-6388. HDFS integration with KeyProvider. (clamb)
 
+
 
   IMPROVEMENTS
 
   IMPROVEMENTS
 
 
 
     HADOOP-10603. Crypto input and output streams implementing Hadoop stream
 
     HADOOP-10603. Crypto input and output streams implementing Hadoop stream

+ 36 - 0
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNode.java
View File 

@@ -27,6 +27,8 @@ import org.apache.commons.logging.LogFactory;
 
 import org.apache.hadoop.HadoopIllegalArgumentException;
 
 import org.apache.hadoop.HadoopIllegalArgumentException;
 
 import org.apache.hadoop.classification.InterfaceAudience;
 
 import org.apache.hadoop.classification.InterfaceAudience;
 
 import org.apache.hadoop.conf.Configuration;
 
 import org.apache.hadoop.conf.Configuration;
 
+import org.apache.hadoop.crypto.key.KeyProvider;
 
+import org.apache.hadoop.crypto.key.KeyProviderFactory;
 
 import org.apache.hadoop.fs.FileSystem;
 
 import org.apache.hadoop.fs.FileSystem;
 
 import org.apache.hadoop.fs.Trash;
 
 import org.apache.hadoop.fs.Trash;
 
 import org.apache.hadoop.ha.HAServiceProtocol.HAServiceState;
 
 import org.apache.hadoop.ha.HAServiceProtocol.HAServiceState;
 
@@ -270,6 +272,9 @@ public class NameNode implements NameNodeStatusMXBean {
 
   
   
   private NameNodeRpcServer rpcServer;
 
   private NameNodeRpcServer rpcServer;
 
 
 
+  /* The KeyProvider, if any. */
 
+  private KeyProvider provider = null;
 
+
 
   private JvmPauseMonitor pauseMonitor;
 
   private JvmPauseMonitor pauseMonitor;
 
   private ObjectName nameNodeStatusBeanName;
 
   private ObjectName nameNodeStatusBeanName;
 
   /**
 
   /**
 
@@ -581,6 +586,7 @@ public class NameNode implements NameNodeStatusMXBean {
 
       startHttpServer(conf);
 
       startHttpServer(conf);
 
     }
 
     }
 
     loadNamesystem(conf);
 
     loadNamesystem(conf);
 
+    initializeKeyProvider(conf);
 
 
 
     rpcServer = createRpcServer(conf);
 
     rpcServer = createRpcServer(conf);
 
     if (clientNamenodeAddress == null) {
 
     if (clientNamenodeAddress == null) {
 
@@ -699,6 +705,36 @@ public class NameNode implements NameNodeStatusMXBean {
 
     }
 
     }
 
   }
 
   }
 
 
 
+  private void initializeKeyProvider(final Configuration conf) {
 
+    try {
 
+      final List<KeyProvider> providers = KeyProviderFactory.getProviders(conf);
 
+      if (providers == null) {
 
+        return;
 
+      }
 
+
 
+      if (providers.size() == 0) {
 
+        LOG.info("No KeyProviders found.");
 
+        return;
 
+      }
 
+
 
+      if (providers.size() > 1) {
 
+        final String err =
 
+            "Multiple KeyProviders found. Only one is permitted.";
 
+        LOG.error(err);
 
+        throw new RuntimeException(err);
 
+      }
 
+      provider = providers.get(0);
 
+      if (provider.isTransient()) {
 
+        final String err =
 
+            "A KeyProvider was found but it is a transient provider.";
 
+        LOG.error(err);
 
+        throw new RuntimeException(err);
 
+      }
 
+    } catch (IOException e) {
 
+      LOG.error("Exception while initializing KeyProvider", e);
 
+    }
 
+  }
 
+
 
   /**
 
   /**
 
    * Start NameNode.
 
    * Start NameNode.
 
    * <p>
 
    * <p>