Bulk loads in secure mode.
This service addresses two issues:
- Moving files in a secure filesystem wherein the HBase Client
and HBase Server are different filesystem users.
- Does moving in a secure manner. Assuming that the filesystem
is POSIX compliant.
The algorithm is as follows:
- Create an hbase owned staging directory which is
world traversable (711):
/hbase/staging
- A user writes out data to his secure output directory:
/user/foo/data
- A call is made to hbase to create a secret staging directory
which globally rwx (777):
/user/staging/averylongandrandomdirectoryname
- The user moves the data into the random staging directory,
then calls bulkLoadHFiles()
Like delegation tokens the strength of the security lies in the length
and randomness of the secret directory.