On the cluster home page, click the More Options (ellipsis) icon, then click Add
Service.
Select Ranger KMS, then click Continue.
On the Assign Roles page, click Continue.
On the Setup Database page, enter the Ranger KMS Database host name, database name,
user name, and password, then click Test Connection. After the database connection
is successful, click Continue.
On the Review Changes page, enter a master key password for Ranger KMS, then click
Continue.
On the Command Details page, select run options, then click Continue.
Click Finish on the Summary page.
The Ranger KMS service appears in the Cloudera Manager cluster components list. If
Ranger KMS was not started by the installation wizard, you can start the service by
clicking Actions > Start in the Ranger KMS service.
In Cloudera Manager, select the Ranger service, click Ranger Admin Web UI, then
log in as the Ranger KMS user (the default credentials are keyadmin/admin123). Click the
Edit icon for the cm_kms service, then update the KMS URL property.
Use the following format:
kms://http@<kms_host>:<kms_port>/kms
Change the host name from localhost to the KMS host name. The default port is
9292. For example:
kms://http@kms_host:9292/kms
If SSL is enabled, use https and port 9494. For example:
kms://https@kms_host:9494/kms
Click Save to save your changes.
Restart all services with stale configurations.
In Cloudera Manager click the Ranger KMS service, then select Actions > Create
Ranger Plugin Audit Directory. The Ranger KMS service is now ready to use and you
should be able to validate Ranger KMS policy enforcement.