Package org.apache.hadoop.hdfs.server.namenode

Class ReencryptionHandler

java.lang.Object

org.apache.hadoop.hdfs.server.namenode.ReencryptionHandler

All Implemented Interfaces:

java.lang.Runnable

@Private
public class ReencryptionHandler
extends java.lang.Object
implements java.lang.Runnable

Class for handling re-encrypt EDEK operations.

For each EZ, ReencryptionHandler walks the tree in a depth-first order, and submits batches of (files + existing edeks) as re-encryption tasks to a thread pool. Each thread in the pool then contacts the KMS to re-encrypt the edeks. ReencryptionUpdater tracks the tasks and updates file xattrs with the new edeks.

File renames are disabled in the EZ that's being re-encrypted. Newly created files will have new edeks, because the edek cache is drained upon the submission of a re-encryption command.

It is assumed only 1 ReencryptionHandler will be running, because: 1. The bottleneck of the entire re-encryption appears to be on the KMS. 2. Even with multiple handlers, since updater requires writelock and is single-threaded, the performance gain is limited.

This class uses the FSDirectory lock for synchronization.

Field Summary

Fields

Modifier and Type	Field	Description
static org.slf4j.Logger	LOG

Method Summary

Modifier and Type	Method	Description
org.apache.hadoop.hdfs.server.namenode.ReencryptionHandler.ReencryptionPendingInodeIdCollector	getTraverser()
void	run()	Main loop.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOG

public static final org.slf4j.Logger LOG

Method Detail

run

public void run()

Main loop. It takes at most 1 zone per scan, and executes until the zone is completed. reencryptEncryptionZone(long).

Specified by:

run in interface java.lang.Runnable

getTraverser

public org.apache.hadoop.hdfs.server.namenode.ReencryptionHandler.ReencryptionPendingInodeIdCollector getTraverser()