Support Questions

David chen · ‎11-13-2016

if enable Navigator after CDH has run for long time, the old data can not be encrpted, and the new encrypted data also can not be palced into the old diretory. right?

David chen · ‎11-17-2016

any ideas?

mjarnold · ‎04-16-2018

Assuming that you are referencing Cloudera Navigator Encrypt, as part of the process of encrypting a disk, you can move existing data onto that newly encrypted disk. See the navencrypt-move command.

If you are referring to HDFS Transparent Encryption, then you must create a new encryption zone in HDFS (effectively a new directory) and then copy your HDFS data into it. A lot of people ask "How can I encrypt an existing directory". You would have to perform two extra steps and have plenty of available disk space:

1. Rename the existing directory in HDFS: "hdfs dfs -mv /data /data.bak"

2. Set up the encryption zone for /data. "hadoop key create <keyname>; hdfs dfs -mkdir /data; hdfs crypto -createZone -keyName <keyname> -path /data"

3. Copy the data in /data.bak to /data. "hdfs dfs -cp /data.bak/\* /data/"

4. Remove /data.bak. "hdfs dfs -rm -R /data.bak"

Cloudera Community

Support Questions

Navigator can not encrypt the old data, right?

This problem has been solved!

This problem has been solved!