Delete Files from an Encryption Zone with Trash Enabled
The trash location for encrypted HDFS files is different than the default trash
location for unencrypted files
(/user/$USER/.Trash/Current/OriginalPathToDeletedFile
).
When trash is enabled and an encrypted file is deleted, the file is moved to the
.Trash
subdirectory under the root of the encryption zone as
/EncryptionZoneRoot/.Trash/$USER/Current/OriginalPathToDeletedFile
.
The file remains encrypted without additional decryption/re-encryption overhead
during the move to trash. The move operation preserves the name of the user who
executes the deletion, and the full path of the deleted file.
For example, if user hdp-admin
deletes file
/zone_name/file1
using the following command:
hdfs dfs -rm /zone_name/file1
file1
will remain encrypted, and it will be moved to the following
location within the encryption zone:
/zone_name/.Trash/hdp-admin/Current/zone_name/file1
A trash checkpoint will be created for the .Trash
subdirectory in
each encryption zone. Checkpoints will be deleted/created according to the value of
fs.trash.checkpoint.interval
(number of minutes between trash
checkpoints). A checkpoint for this example would be:
/zone_name/.Trash/hdp-admin/<CheckPointTimeStamp>/zone_name/file1
For additional information, see Apache HDFS-8831.