Install Ranger KMS HSM via Ambari with JCEKS
Prerequirements
Install the SafeNet Luna SA Client Software
![[Note]](../common/images/admon/note.png) | Note |
|---|---|
You must have a separate partition for each KMS cluster. |
Steps
While configuring add the HSM related properties in Advanced dbks-site Menu (dbks-site.xml):
ranger.ks.hsm.enabled=trueranger.ks.hsm.partition.name=Partition Nameranger.ks.hsm.partition.password=_ranger.ks.hsm.partition.password.alias=ranger.kms.hsm.partition.passwordranger.ks.hsm.type=LunaProvider
Click on and follow the instructions to install Ranger KMS.
Ranger KMS will fail to start (expected behavior).
Execute this command on the cluster where Ranger KMS is installed:
python /usr/hdp/current/ranger-kms/ranger_credential_helper.py -l "/usr/hdp/current/ranger-kms/cred/lib/*" -f /etc/ranger/kms/rangerkms.jceks -k ranger.kms.hsm.partition.password -v <Partition_Password> -c 1
Restart the KMS from Ambari.