Reply
Expert Contributor
Posts: 68
Registered: ‎10-04-2016

Can't restore snapshot if the directory is encrypted by KTS

Version: 5.11

KTS/KMS: cloudera

Restore method: HDFS 'cp' cmd

I was able to restore non-encrypted directory from a snapshot. However, I was not able to restore a snap on an encrypted directory.  The error shows as follows: 

 
cp: User:hdfs not allowed to do 'DECRYPT_EEK' on 'rawKey'

I checked KMS ACL, user hdfs and group supergroup are blacklisted.

<property>
  <name>hadoop.kms.blacklist.DECRYPT_EEK</name>
  <value>hdfs supergroup</value>
</property>

  What is the alternative? Can restore user be set to another user?

Announcements