Trash behavior with HDFS Transparent Encryption enabled
You can delete files or directories that are part of an HDFS encryption zone. Moving and renaming files or directories is an important part of trash handling in HDFS.
HDFS creates a local .Trash directory every time a new encryption zone
is created. For example, when you create an encryption zone, /enc_zone,
HDFS will also create the /enc_zone/.Trash/ sub-directory. Files
deleted from enc_zone are moved to
/enc_zone/.Trash/<username>/Current/. After the checkpoint,
the Current directory is renamed to the current timestamp,
/enc_zone/.Trash/<username>/<timestamp>.
If you delete the entire encryption zone, it will be moved to the .Trash
directory under the user's home directory,
/users/<username>/.Trash/Current/enc_zone. Trash
checkpointing will occur only after the entire zone has been moved to
/users/<username>/.Trash. However, if the user's home
directory is already part of an encryption zone, then attempting to delete an encryption
zone will fail because you cannot move or rename directories across encryption
zones.
.Trash
directory using the -provisionTrash option as
follows:hdfs crypto -provisionTrash -path /enc_zoneIf required, you can use the following commands to manually create the
.Trash directory within an encryption zone. Make sure you run the
commands as an admin user.
hdfs dfs -mkdir /enc_zone/.Trash
hdfs dfs -chmod 1777 /enc_zone/.Trash