Installing Cloudera Navigator Key HSM
Cloudera Navigator Key HSM is a universal hardware security module (HSM) driver that translates between the target HSM platform and Cloudera Navigator Key Trustee Server. Navigator Key HSM allows you to use a Key Trustee Server to securely store and retrieve encryption keys and other secure objects, without being limited solely to a hardware-based platform.
You must install Key HSM on the same host as Key Trustee Server. See Data at Rest Encryption Requirements for more information about encryption and Key HSM requirements.
Set up the Key HSM repository.
Download the Key HSM tarball and create a local Key HSM repository with the files from the tarball.
You must create an internal repository to install Cloudera Navigator Key HSM. For instructions on creating internal repositories, see Configuring a Local Package Repository.
Install the Key HSM repository.
Add the local Key HSM repository you created in Step 1. See Configuring a Local Package Repository for more information.Run the following command to import the GPG key:
$ sudo rpm --import http://repo.example.com/path/to/RPM-GPG-KEY-cloudera
Install the CDH repository.
Key Trustee Server and Key HSM depend on the
bigtop-utilspackage, which is included in the CDH repository. For instructions on adding the CDH repository, see Configuring a Local Package Repository.
Install Navigator Key HSM.
Run the following command to install the Navigator Key HSM package:
sudo yum install keytrustee-keyhsm
Cloudera Navigator Key HSM is installed to the
/usr/share/keytrustee-server-keyhsmdirectory by default.