static KeyProvider.Metadata ensureKeyIsInitialized(final FSDirectory fsd, final String keyName, final String src) throws IOException { KeyProviderCryptoExtension provider = fsd.getProvider(); if (provider == null) { throw new IOException("Can't create an encryption zone for " + src + " since no key provider is available."); } if (keyName == null || keyName.isEmpty()) { throw new IOException("Must specify a key name when creating an " + "encryption zone"); } EncryptionFaultInjector.getInstance().ensureKeyIsInitialized(); KeyProvider.Metadata metadata = provider.getMetadata(keyName); if (metadata == null) { /* * It would be nice if we threw something more specific than * IOException when the key is not found, but the KeyProvider API * doesn't provide for that. If that API is ever changed to throw * something more specific (e.g. UnknownKeyException) then we can * update this to match it, or better yet, just rethrow the * KeyProvider's exception. */ throw new IOException("Key " + keyName + " doesn't exist."); } // If the provider supports pool for EDEKs, this will fill in the pool provider.warmUpEncryptedKeys(keyName); return metadata; }
while (true) { try { kp.warmUpEncryptedKeys(keyNames); NameNode.LOG .info("Successfully warmed up {} EDEKs.", keyNames.length);
@Override public void warmUpEncryptedKeys(String... names) throws IOException { readLock.lock(); try { for (String name : names) { doAccessCheck(name, KeyOpType.GENERATE_EEK); } provider.warmUpEncryptedKeys(names); } finally { readLock.unlock(); } }