Configuring Apache HDFS Encryption
Also available as:
loading table of contents...

Install Ranger KMS Keysecure Using Ambari with JCEKS

How to install Ranger KMS Keysecure using Ambari with JCEKS.

  1. Complete “Installing the Ranger Key Management Service” up to configuring KMS settings.
  2. On the KMS Keysecure tab, select Yes under Ranger KMS Keysecure Enabled, then set the following properties:
    • Keysecure MasterKey Name: Enter the Keysecure masterkey name.
    • Keysecure Login Username: Enter the Keysecure user name.
    • Keysecure Login Password: Enter the Keysecure user password.
    • Keysecure Login Password Alias: Leave this set to the default value.
    • Keysecure Hostname: Enter the Keysecure host name.
    • Keysecure Masterkey Size: Leave this set to the default value.
    • Keysecure sunpkcs11 cfg filepath: Enter the path to the sunpkcs11.cfg file, for example /opt/safenetConf/64/8.3.1/sunpkcs11.cfg.
  3. Click Next and follow the instructions to finish installing Ranger KMS.
    Ranger KMS will fail to start (expected behavior).
  4. Execute this command on the cluster where Ranger KMS is installed:
    python /usr/hdp/current/ranger-kms/ -l "/usr/hdp/current/ranger-kms/cred/lib/*" -f /etc/ranger/kms/rangerkms.jceks -k ranger.kms.hsm.partition.password -v <Partition_Password> -c 1
  5. Restart KMS from Ambari.