Security
Also available as:
PDF
loading table of contents...
Install Ranger KMS HSM via Ambari with JCEKS

Prerequirements

Install the SafeNet Luna SA Client Software

[Note]Note

You must have a separate partition for each KMS cluster.

Steps

  1. Installing the Ranger Key Management Service

  2. While configuring add the HSM related properties in Advanced dbks-site Menu (dbks-site.xml):

    • ranger.ks.hsm.enabled=true

    • ranger.ks.hsm.partition.name=Partition Name

    • ranger.ks.hsm.partition.password=_

    • ranger.ks.hsm.partition.password.alias=ranger.kms.hsm.partition.password

    • ranger.ks.hsm.type=LunaProvider

  3. Click on Next and follow the instructions to install Ranger KMS.

    Ranger KMS will fail to start (expected behavior).

  4. Execute this command on the cluster where Ranger KMS is installed:

    python /usr/hdp/current/ranger-kms/ranger_credential_helper.py -l "/usr/hdp/current/ranger-kms/cred/lib/*" -f /etc/ranger/kms/rangerkms.jceks -k ranger.kms.hsm.partition.password -v <Partition_Password> -c 1
  5. Restart the KMS from Ambari.