[
https://issues.apache.org/jira/browse/HADOOP-13317?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15515124#comment-15515124
]
Suraj Acharya commented on HADOOP-13317:
----------------------------------------
* The KMS does not support any other cipher other than AES/CTR in the current
implementation. One can change the cipher in core-site.xml but that will throw
an error since AES/CTR has been hardcoded.
* I havent put some information in the logs because of either sensitive matter
or access control. Putting material of a key is an information leak. Also, it
is an information leak to print out the metadata and other information while
being returned. I have logged mostly the incoming request information and the
reason is the same.
* Also, I didnt wish to put information where ACLs protect transaction.
* I know get what you are saying about the exceptions. I think we should make
that as a separate effort for the KMS. The reason being we will need to know
the exceptions we wish to handle.
> Add logs to KMS servier-side to improve supportability
> ------------------------------------------------------
>
> Key: HADOOP-13317
> URL: https://issues.apache.org/jira/browse/HADOOP-13317
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Reporter: Xiao Chen
> Assignee: Suraj Acharya
> Priority: Minor
> Labels: supportability
> Attachments: HADOOP-13317-1.patch, HADOOP-13317-2.patch,
> HADOOP-13317-3.patch, HADOOP-13317.patch
>
>
> [KMS.java|https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java]
> is the main class that serves KMS http requests. There're currently no logs
> at all, making trouble shooting difficult.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
