Support Questions
Find answers, ask questions, and share your expertise

HDFS Encryption - error in loading data into encryption zone (org.apache.hadoop.hdfs.server.namenode.LeaseExpiredException)

Expert Contributor

Hi - i've non-kerberized HDP 2.4 cluster, and i'm trying to evalaute/implement HDFS encryption.

I've created a encryption key & encryption zone.

When i try to add a file into encryption_zone, it goves error shown below

Reference ->

Any ideas ?


[root@sandbox ~]# sudo hadoop dfs -put myfile.txt /zone_encr DEPRECATED: Use of this script to execute hdfs command is deprecated. Instead use the hdfs command for it. put: User:root not allowed to do 'DECRYPT_EEK' on 'key1' 17/01/22 20:32:40 ERROR hdfs.DFSClient: Failed to close inode 43745 org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.hdfs.server.namenode.LeaseExpiredException): No lease on /zone_encr/myfile.txt._COPYING_ (inode 43745): File does not exist. Holder DFSClient_NONMAPREDUCE_-1520880249_1 does not have any open files. at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkLease( at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.completeFileInternal( at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.completeFile( at org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.complete( at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.complete( at org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod( at org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ at org.apache.hadoop.ipc.RPC$ at org.apache.hadoop.ipc.Server$Handler$ at org.apache.hadoop.ipc.Server$Handler$ at Method) at at at org.apache.hadoop.ipc.Server$ at at at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke( at com.sun.proxy.$Proxy9.complete(Unknown Source) at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolTranslatorPB.complete( at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke( at sun.reflect.DelegatingMethodAccessorImpl.invoke( at java.lang.reflect.Method.invoke( at at at com.sun.proxy.$Proxy10.complete(Unknown Source) at org.apache.hadoop.hdfs.DFSOutputStream.completeFile( at org.apache.hadoop.hdfs.DFSOutputStream.closeImpl( at org.apache.hadoop.hdfs.DFSOutputStream.close( at org.apache.hadoop.hdfs.DFSClient.closeAllFilesBeingWritten( at org.apache.hadoop.hdfs.DFSClient.closeOutputStreams( at org.apache.hadoop.hdfs.DistributedFileSystem.close( at org.apache.hadoop.fs.FileSystem$Cache.closeAll( at org.apache.hadoop.fs.FileSystem$Cache$ at org.apache.hadoop.util.ShutdownHookManager$


Re: HDFS Encryption - error in loading data into encryption zone (org.apache.hadoop.hdfs.server.namenode.LeaseExpiredException)

Expert Contributor

@Ali Bajwa - any ideas on this ?

i'm using this link you wrote -

Re: HDFS Encryption - error in loading data into encryption zone (org.apache.hadoop.hdfs.server.namenode.LeaseExpiredException)

@Karan Alang this is the error:

User:root not allowed to do 'DECRYPT_EEK' on 'key1'

Sounds like you may need to login to Ranger as keyadmin/keyadmin and create a policy that allows DECRYPT_EEK access for user root on the key called key1

Also the guide above was written back in HDP 2.3 timeframe.

For HDP 2.5, you can refer to this guide:

For HDP 2.4, there is an archive of above guide which can be downloaded here:

Re: HDFS Encryption - error in loading data into encryption zone (org.apache.hadoop.hdfs.server.namenode.LeaseExpiredException)

New Contributor

Still not able to find out resolution the above mentioned