Hortonworks Docs » Data Platform 3.1.0 » Installing Apache Ranger KMS
Installing Apache Ranger KMS
Also available as:
PDF

Configure HDFS Encryption to use Ranger KMS Access

If you plan to use Ranger KMS for HDFS data at rest encryption, complete the following steps.

At this point, Ranger KMS should already be installed and running.
  1. Create a link to /etc/hadoop/conf/core-site.xml under /etc/ranger/kms/conf: sudo ln -s /etc/hadoop/conf/core-site.xml /etc/ranger/kms/conf/core-site.xml.
  2. Configure HDFS to access Ranger KMS.
    1. In the left panel of the Ambari main menu, choose HDFS.
    2. Choose the Configs tab at the top of the page, and then choose the Advanced tab partway down the page.
    3. Specify the provider path (the URL where the Ranger KMS server is running) in the following two properties, if the path is not already specified:
      • In "Advanced core-site", specify hadoop.security.key.provider.path
      • In "Advanced hdfs-site", specify dfs.encryption.key.provider.uri

      The Ranger KMS host is where Ranger KMS is installed. The Ranger KMS host name should have the following format:

      kms://http@<kmshost>:9292/kms

  3. Under Custom core-site.xml, set the value of the hadoop.proxyuser.kms.groups property to * or service user.
  4. Restart the Ranger KMS service and the HDFS service.
© 2012–2019, Hortonworks, Inc.
Document licensed under the Creative Commons Attribution ShareAlike 4.0 License.
Hortonworks.com | Documentation | Support | Community