Hi there,
I download sandbox HDP_2.3.2_virtualbox.ova for evaluating the TDE(transparent data encryption) feature. After simple setup, the HDFS CLI works as expected; but I also want to see TDE works with NFS.
As yo can see below, Both TDE and NFS works fine on their own. However, I can't make them to work together. In my tests, I created one encrypted /zone_encr dir and one unencrypted /zone_plain dir; I mounted the HDFS on /mnt/nfs.
Test 1: Unencrypted zone works fine.
copy file to/from /mnt/nfs/zone_plain/ works as epxected;
Test 2: Encrypted zone not working.
[hdfs@sandbox ~]$ cp test.txt /mnt/nfs/zone_encr/testx.txt
cp: cannot create regular file `/mnt/nfs/zone_encr/testx.txt': Permission denied
[hdfs@sandbox ~]$ cat /mnt/nfs/zone_encr/test2.txt
cat: /mnt/nfs/zone_encr/test2.txt: Stale file handle
Test 3: Giving hdfs all the KMS managed permissions
After giving "hdfs" all the permissions in the KMS policy (did it on the Ranger web site
http://127.0.0.1:6080/index.html#!/service/6/policies/18/edit ), I got different error when copying files to the directory:
[hdfs@sandbox ~]$ cp test.txt /mnt/nfs/zone_plain/fromNFS.txt
cp: cannot create regular file `/mnt/nfs/zone_plain/fromNFS.txt': Input/output error
On the other hand, read works:
[hdfs@sandbox ~]$ cat /mnt/nfs/zone_encr/test3.txt
Any suggestion?
Thanks
John Lee
