Configuring Key Trustee Server High Availability Using Cloudera Manager
-
Pick one:
-
For new installations, use the Set up HDFS Data At Rest
Encryption wizard and follow the instructions in
Enabling HDFS Encryption Using the Wizard
. When prompted, make sure that the Enable High Availability option is selected. -
If you already have a Key Trustee Server service, and want to enable
high availability, see
Adding a Role Instance
for the Key Trustee Server service instead to add the Passive Key Trustee Server and Passive Database roles.
After completing the Add Role Instances wizard, the Passive Key Trustee Server and Passive Database roles fail to start. Complete the following manual actions to start these roles: -
For new installations, use the Set up HDFS Data At Rest
Encryption wizard and follow the instructions in
- Stop the Key Trustee Server service (Key Trustee Server service > Actions > Stop).
- Run the Set Up Key Trustee Server Database command (Key Trustee Server service > Actions > Set Up Key Trustee Server Database).
-
Run the following command on the Active Key Trustee Server:
sudo rsync -zcav --exclude .ssl /var/lib/keytrustee/.keytrustee root@keytrustee02.example.com:/var/lib/keytrustee/.Replace keytrustee02.example.com with the hostname of the Passive Key Trustee Server.
-
Run the following command on the Passive Key Trustee Server:
sudo ktadmin init -
Start the Key Trustee Server service (Key Trustee Server service > Actions > Start).
- Enable synchronous replication (Key Trustee Server service > Actions > Setup Enable Synchronous Replication in HA mode).
- Restart the Key Trustee Server service (Key Trustee Server service > Actions > Restart).
