Configure HDFS Encryption to use Ranger KMS Access
At this point, Ranger KMS should be installed and running. If you plan to use Ranger KMS for HDFS data at rest encryption, complete the following steps:
Create a link to /
etc/hadoop/conf/core-site.xml
under/etc/ranger/kms/conf
:sudo ln -s /etc/hadoop/conf/core-site.xml /etc/ranger/kms/conf/core-site.xml
Configure HDFS to access Ranger KMS.
In the left panel of the Ambari main menu, choose HDFS.
Choose the Configs tab at the top of the page, and then choose the Advanced tab partway down the page.
Specify the provider path (the URL where the Ranger KMS server is running) in the following two properties, if the path is not already specified:
In "Advanced core-site", specify
hadoop.security.key.provider.path
In "Advanced hdfs-site", specify
dfs.encryption.key.provider.uri
The Ranger KMS host is where Ranger KMS is installed. The Ranger KMS host name should have the following format:
kms://http@<kmshost>:9292/kms
Under Custom core-site.xml, set the value of the
hadoop.proxyuser.kms.groups
property to*
or service user.Restart the Ranger KMS service and the HDFS service.