Upgrading Cloudera Navigator Key Trustee Server 7.1.x
How to upgrade Cloudera Navigator Key Trustee Server 7.1.x.
From CDP Private Cloud Base 7.1.6, the KEYTRUSTEE_SERVER parcel is available in the same location in which the Cloudera runtime parcel is placed. If you have configured the parcel repository for CDP Private Cloud Base upgrade, the KEYTRUSTEE_SERVER parcel is displayed automatically.
Upgrading Cloudera Navigator Key Trustee Server 7.1.x Using Cloudera Manager
Minimum Required Role: Cluster Administrator (also provided by Full Administrator)
- Add your internal parcel repository to Cloudera Manager following the instructions in Configuring Cloudera Manager Server Parcel Settings.
Download, distribute, and activate the latest Key Trustee Server parcel on the
cluster containing the Key Trustee Server host, following the instructions in
- Stop the KTS service from CM.
- Navigate to the location /var/lib/keytrustee/.keytrustee/.ssl/
- Backup the cert files ssl-cert-keytrustee-pk.pem and ssl-cert-keytrustee.pem
mv ssl-cert-keytrustee-pk.pem ssl-cert-keytrustee-pk_backup.pem mv ssl-cert-keytrustee.pem ssl-cert-keytrustee_backup.pem
- Re generate the cert file using the command
- Configure the keyhsm to trust the new cert file.
keyhsm trust /var/lib/keytrustee/.keytrustee/.ssl/ssl-cert-keytrustee.pem
- For testing and validation execute below command
curl -vk https://$(hostname-f):11371/test_hsm
- Start the KTS service from CM.