Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Can't restore snapshot if the directory is encrypted by KTS

Highlighted

Can't restore snapshot if the directory is encrypted by KTS

Expert Contributor

Version: 5.11

KTS/KMS: cloudera

Restore method: HDFS 'cp' cmd

I was able to restore non-encrypted directory from a snapshot. However, I was not able to restore a snap on an encrypted directory.  The error shows as follows: 

 
cp: User:hdfs not allowed to do 'DECRYPT_EEK' on 'rawKey'

I checked KMS ACL, user hdfs and group supergroup are blacklisted.

<property>
  <name>hadoop.kms.blacklist.DECRYPT_EEK</name>
  <value>hdfs supergroup</value>
</property>

  What is the alternative? Can restore user be set to another user?

Don't have an account?
Coming from Hortonworks? Activate your account here