[jira] [Created] (ZEPPELIN-1848) ZEPPELIN_NOTEBOOK_S3_KMS_KEY_ID defaults to search keys in us-east-1

Mikhail (JIRA) Thu, 22 Dec 2016 04:46:44 -0800

Mikhail created ZEPPELIN-1848:
---------------------------------

             Summary: ZEPPELIN_NOTEBOOK_S3_KMS_KEY_ID defaults to search keys 
in us-east-1
                 Key: ZEPPELIN-1848
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-1848
             Project: Zeppelin
          Issue Type: Bug
          Components: zeppelin-zengine
    Affects Versions: 0.6.2
         Environment: EMR
            Reporter: Mikhail
            Priority: Minor



Hi,

I am trying to setup Zeppelin to store encrypted notebooks in S3 with KMS in 
us-west-2. I have KMS key in us-west-2 as well.
However when I tried to add {{ZEPPELIN_NOTEBOOK_S3_KMS_KEY_ID}} pointing to 
that key, I got the following error in logs
{noformat}
 WARN [2016-12-22 11:48:53,275] ({main} NotebookRepoSync.java[<init>]:95) - 
Failed to sync with secondary storage on start {}
java.io.IOException: Unable to store note in S3: 
com.amazonaws.services.kms.model.NotFoundException: Key 
'arn:aws:kms:us-east-1:174485552022:key/a0d06e55-efdd-4f5a-aec6-03a64b08278b' 
does not exist (Service: AWSKMS; Status Code: 400; Error Code: 
NotFoundException; Request ID: 9c919bac-c83c-11e6-9b8a-250e451234bf)
        at 
org.apache.zeppelin.notebook.repo.S3NotebookRepo.save(S3NotebookRepo.java:223)
        at 
org.apache.zeppelin.notebook.repo.NotebookRepoSync.pushNotes(NotebookRepoSync.java:215)
        at 
org.apache.zeppelin.notebook.repo.NotebookRepoSync.sync(NotebookRepoSync.java:200)
        at 
org.apache.zeppelin.notebook.repo.NotebookRepoSync.<init>(NotebookRepoSync.java:93)
        at 
org.apache.zeppelin.server.ZeppelinServer.<init>(ZeppelinServer.java:83)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
... truncated
{noformat}
Notice that it tries to look up key in us-east-1 (default region) instead of 
us-west-2.
I believe it is about that code 
https://github.com/apache/zeppelin/blob/master/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/S3NotebookRepo.java#L100
 and the patch will look more or less like here 
http://stackoverflow.com/a/27173676/484050
I think this can be solved by introducing additional environment variable like 
{{ZEPPELIN_NOTEBOOK_S3_KMS_KEY_REGION}}.
Sorry, can't fix that myself.

Thanks,
Mikhail



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (ZEPPELIN-1848) ZEPPELIN_NOTEBOOK_S3_KMS_KEY_ID defaults to search keys in us-east-1

Reply via email to