Fixed Issues in Ranger KMS
Review the list of Ranger KMS issues that are resolved in Cloudera Runtime 7.3.1.
- OPSAPS-70657: KEYTRUSTEE_SERVER & RANGER_KMS_KTS migration to RANGER_KMS from Cloudera Runtime 7.1.x to UCL
- KEYTRUSTEE_SERVER and RANGER_KMS_KTS services are not supported starting from the Cloudera Runtime 7.3.1.0 release. Therefore added validation and confirmation messages to the Cloudera Manager upgrade wizard to alert the user to migrate KEYTRUSTEE_SERVER keys to RANGER_KMS before upgrading to Cloudera Runtime 7.3.1.0 release.
- OPSAPS-70656: Remove KEYTRUSTEE_SERVER & RANGER_KMS_KTS from Cloudera Manager for UCL
- The Keytrustee components - KEYTRUSTEE_SERVER and RANGER_KMS_KTS services are not supported starting from the Cloudera Runtime 7.3.1.0 release. These services cannot be installed or managed with Cloudera Manager 7.13.1.0 using Cloudera Runtime 7.3.1.0.
- CDPD-19186: Replacement of algorithm PBEWithMD5AndTripleDES for Ranger KMS key operations
- Support for PBKDF2WithHmacSHA256 is added in KMS.
Code to decrypt the Masterkey and all Zonekeys using the older algorithm and then re-encrypt it using the latest algorithm is implemented.
