You must add the key and value to Ranger KMS property. This procedure is not required if you are on Cloudera Manager 7.4.4 and above and CDP 7.1.5 and above.
You must set RANGER_KMS_SERVER_role_env_safety_valve setting to JAVA_OPTS in Cloudera Manager. This is needed only for non default zookeeper principal.
- Log in to Cloudera Manager UI
- Navigate to Clusters
- Select the Ranger KMS service
- Go to Configurations
- Search for RANGER_KMS_SERVER_role_env_safety_valve and add
key JAVA_OPTS and value
-Dzookeeper.sasl.client.username=<zookeeper custom principal name set on the cluster>For example, if the principal is set to custom principal value zk-test then,
- Start Ranger KMS service