问题:使用Hadoop CDH 5.4中提供的KMS启用HDFS加密时,将文件放入加密区时会出现错误.
脚步:
加密Hadoop的步骤如下:
创建密钥[SUCCESS]
[tester@master ~]$ hadoop key create 'TDEHDP'
-provider kms://https@10.1.118.1/key_generator/kms -size 128
tde group has been successfully created with options
Options{cipher='AES/CTR/NoPadding', bitLength=128, description='null', attributes=null}.
KMSClientProvider[https://10.1.118.1/key_generator/kms/v1/] has been updated.
2.创建目录[SUCCESS]
[tester@master ~]$ hdfs dfs -mkdir /user/tester/vs_key_testdir
添加加密区[成功]
[tester@master ~]$ hdfs crypto -createZone -keyName 'TDEHDP'
-path /user/tester/vs_key_testdir
Added encryption zone /user/tester/vs_key_testdir
将文件复制到加密区[错误]
[tdetester@master ~]$ hdfs dfs -copyFromLocal test.txt /user/tester/vs_key_testdir
15/09/04 06:06:33错误hdfs.KeyProviderCache:用密钥[dfs.encryption.key.provider.uri]找不到uri来创建keyProvider !! copyFromLocal:没有配置KeyProvider,无法访问加密文件15/09/04 06:06:33错误hdfs.DFSClient:无法关闭inode 20823 org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.hdfs. server.namenode.LeaseExpiredException):/user/tester/vs_key_testdir/test.txt上没有租约.COPYING(inode 20823):文件不存在.持有人DFSClient_NONMAPREDUCE_1061684229_1没有任何打开的文件.
任何想法/建议都会有所帮助.