Interconnecting HDFS with KMS
Scenario
After installing the KMS service in the MRS cluster, you need to configure the HDFS service in the FusionInsight Manager cluster and create encrypted partitions to encrypt storage data.
Prerequisites
The KMS service has been installed and connected to a third-party KMS server.
Procedure
- Log in to FusionInsight Manager.
- Choose Cluster > Name of the desired cluster > Services > HDFS > Configurations.
- In the search box on the right, search for the hadoop.security.key.provider.path parameter and configure the access address of the KMS service for generating and obtaining keys.
The parameter format is as follows:
kms://https@Host name of KMS instance 1;Host name of KMS instance 2...:KMS https port/kms
Example: kms://https@host4;host5:29800/kms
The access address must be the host name of the KMS service instead of the IP address. Otherwise, the KMS access fails.
- Click Save. In the dialog box that is displayed, click OK to save the configuration.
- Restart HDFS and other upper-layer services whose configurations have expired.
After enabling transparent data encryption, you need to download the cluster client again.
- After interconnecting HDFS with KMS, encrypt partition data. For details, see Transparent Encryption of Upper-layer Components.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
