Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

LUKS on HDFS

Solved Go to solution

LUKS on HDFS

New Contributor

We had an issue come up where we can't use Ranger for encryption on HDFS and the question is can we use LUKS encryption instead?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: LUKS on HDFS

New Contributor

@Mike Garris Yes you can use LUKS as disk level encryption. This will encrypted the data blocks at the Linux level. This will not encrypted the data at the HDFS filesystem level. Many people have easily and successfully deployed HDFS with LUKS encrypted disk. The preference would to install and configure Linux and LUKS at the same time and then just install HDFS after as you would with a normal HDP install.

4 REPLIES 4

Re: LUKS on HDFS

Contributor

@Mike Garris

Hi,

LUKS is a disk level encryption and hence is independent of the encryption supported by HDFS. Please see the link below to have an overview of the various levels of encryptions and where TDE sits.

https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/TransparentEncryption.html

Hope that answers your query.

Re: LUKS on HDFS

New Contributor

But this still relies on a backing KMS correct? Since we can't use Ranger, is there another method?

Highlighted

Re: LUKS on HDFS

New Contributor

@Mike Garris Yes you can use LUKS as disk level encryption. This will encrypted the data blocks at the Linux level. This will not encrypted the data at the HDFS filesystem level. Many people have easily and successfully deployed HDFS with LUKS encrypted disk. The preference would to install and configure Linux and LUKS at the same time and then just install HDFS after as you would with a normal HDP install.

Re: LUKS on HDFS

New Contributor

Excellent.

Don't have an account?
Coming from Hortonworks? Activate your account here