diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java
index 085d3f8ada4..1fd6f705f69 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java
@@ -114,10 +114,6 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension,
private static final String CONFIG_PREFIX = "hadoop.security.kms.client.";
- /* It's possible to specify a timeout, in seconds, in the config file */
- public static final String TIMEOUT_ATTR = CONFIG_PREFIX + "timeout";
- public static final int DEFAULT_TIMEOUT = 60;
-
/* Number of times to retry authentication in the event of auth failure
* (normally happens due to stale authToken)
*/
@@ -433,7 +429,9 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension,
throw new IOException(ex);
}
}
- int timeout = conf.getInt(TIMEOUT_ATTR, DEFAULT_TIMEOUT);
+ int timeout = conf.getInt(
+ CommonConfigurationKeysPublic.KMS_CLIENT_TIMEOUT_SECONDS,
+ CommonConfigurationKeysPublic.KMS_CLIENT_TIMEOUT_DEFAULT);
authRetry = conf.getInt(AUTH_RETRY, DEFAULT_AUTH_RETRY);
configurator = new TimeoutConnConfigurator(timeout, sslFactory);
encKeyVersionQueue =
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
index 5b20d96294a..c8c1c52ef1d 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
@@ -688,6 +688,15 @@ public class CommonConfigurationKeysPublic {
/** Default value for KMS_CLIENT_ENC_KEY_CACHE_EXPIRY (12 hrs)*/
public static final int KMS_CLIENT_ENC_KEY_CACHE_EXPIRY_DEFAULT = 43200000;
+ /**
+ * @see
+ *
+ * core-default.xml
+ */
+ public static final String KMS_CLIENT_TIMEOUT_SECONDS =
+ "hadoop.security.kms.client.timeout";
+ public static final int KMS_CLIENT_TIMEOUT_DEFAULT = 60;
+
/**
* @see
*
diff --git a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
index 1085cb64382..6ef91b15885 100644
--- a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
+++ b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
@@ -2138,6 +2138,14 @@
key will be dropped. Default = 12hrs
+
+ hadoop.security.kms.client.timeout
+ 60
+
+ Sets value for KMS client connection timeout, and the read timeout
+ to KMS servers.
+
+
hadoop.security.kms.client.failover.sleep.base.millis
diff --git a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java
index 8bcbd67aee8..e03887fc714 100644
--- a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java
+++ b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java
@@ -1635,7 +1635,7 @@ public class TestKMS {
public void testKMSTimeout() throws Exception {
File confDir = getTestDir();
Configuration conf = createBaseKMSConf(confDir);
- conf.setInt(KMSClientProvider.TIMEOUT_ATTR, 1);
+ conf.setInt(CommonConfigurationKeysPublic.KMS_CLIENT_TIMEOUT_SECONDS, 1);
writeConf(confDir, conf);
ServerSocket sock;