We have been using our cluster and now it is time to setup the encryption zones.
This has brought up two issues.
Files need to be copied from nonencrypted folders to encrypted folders. Here using hdfs dfs -cp fails, hadoop distcp -skipcrccheck -update fails, and hadoop distcp fails . How can files be copied into the newly created encrypted zones.
The hdfs user folder is populated with the admin our users and service users such as hdfs, hive, hue, impala, oozie, spark as well regular user directories. How should this folder be encrypted to not interfere with the services using it.
1) The user copying files from the nonencrypted folders to the encrypted folders need to have read access on the nonencrypted files and write access to the encryption zone and need to be able to decrypt EEK.
2) A zone can contain files for groups of users or a single user, key release is controlled by KMS ACLS.