Configuring Apache HDFS Encryption
Also available as:
loading table of contents...

Install Ranger KMS HSM via Ambari with JCEKS

How to install the Ranger KMS HSM via Ambari with JCEKS.

  • Install the SafeNet Luna SA Client software (link below).
  • You must have a separate partition for each KMS cluster.
  1. Complete “Installing the Ranger Key Management Service”.
  2. While configuring add the HSM related properties in Advanced dbks-site Menu (dbks-site.xml):
    • ranger.ks.hsm.enabled=true

    • Name

    • ranger.ks.hsm.partition.password=_

    • ranger.ks.hsm.partition.password.alias=ranger.kms.hsm.partition.password

    • ranger.ks.hsm.type=LunaProvider

  3. Click on Next and follow the instructions to install Ranger KMS.
    Ranger KMS will fail to start (expected behavior).
  4. Execute this command on the cluster where Ranger KMS is installed:
    python /usr/hdp/current/ranger-kms/ -l "/usr/hdp/current/ranger-kms/cred/lib/*" -f /etc/ranger/kms/rangerkms.jceks -k ranger.kms.hsm.partition.password -v <Partition_Password> -c 1
  5. Restart the KMS from Ambari.