Configuring HDFS Partition Encryption
Scenario
After the KMS service is installed and connected to a third-party KMS server, the HDFS service can use transparent encryption.
This section describes how to create a key and encrypt HDFS partitions.
Prerequisites
- The KMS service has been installed and is running properly.
- The HDFS service has been interconnected with KMS. For details, see Interconnecting HDFS with KMS.
- The key used for encryption has been created. For details, see Key Management.
- A user, for example, user1, has been created. The user has the HDFS operation and key management permissions .
- The cluster client has been installed in a directory, for example, /opt/client.
Procedure
- Log in to the cluster client and access the client installation directory.
cd /opt/client
- Import the environment variables of the client and run the kinit command to authenticate the user.
source bigdata_env
kinit user1
- Create HDFS encrypted partitions.
hdfs dfs -mkdir partition directory // Create a new partition directory.
hdfs crypto -createZone -keyName key_name -path partition directory //Encrypt the partition.
hdfs crypto -listZones // Check the encrypted partition.
For example, run the following commands:
hdfs dfs -mkdir /secure
hdfs crypto -createZone -keyName key1 -path /secure
- Upload and download files to the newly encrypted partition and check whether the files can be properly displayed.
hdfs dfs -put test.txt /secure
hdfs dfs -get /secure/test.txt /opt
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
