Install Ranger KMS HSM via Ambari with JCEKS
How to install the Ranger KMS HSM via Ambari with JCEKS.
- Install the SafeNet Luna SA Client software (link below).
- You must have a separate partition for each KMS cluster.
- Complete “Installing the Ranger Key Management Service” up to configuring KMS settings.
On the KMS HSM tab, select Yes under Ranger KMS Enabled, then set the
- HSM Type: Luna Provider
- HSM Partition: Enter the HSM partition name.
- HSM partition password alias: Leave this set to the default value
- HSM Password:
Click Next and follow the instructions to finish installing
Ranger KMS will fail to start (expected behavior).
- Execute this command on the cluster where Ranger KMS is installed:
python /usr/hdp/current/ranger-kms/ranger_credential_helper.py -l "/usr/hdp/current/ranger-kms/cred/lib/*" -f /etc/ranger/kms/rangerkms.jceks -k ranger.kms.hsm.partition.password -v <Partition_Password> -c 1
- Restart KMS from Ambari.