Installing KMS (Navigator Key Trustee)

KMS (Navigator Key Trustee) is a new service in Cloudera Manager 5.3.0 and CDH 5.3.0. It is a custom Key Management Service (KMS) that uses Cloudera Navigator Key Trustee Server as the underlying key store, rather than the file-based Java KeyStore (JKS) used by the default Hadoop KMS.

To use the KMS (Navigator Key Trustee) service, you must first install the Key Trustee binaries.

Installing KMS (Navigator Key Trustee) after Upgrading Cloudera Manager

If you have just upgraded Cloudera Manager from a version that did not support KMS (Navigator Key Trustee), the Key Trustee binaries are not installed automatically. (Upgrading Cloudera Manager does not automatically upgrade CDH or other managed services). You can add the Key Trustee binaries using parcels; go to the Hosts tab, and select the Parcels tab. You should see at least one Key Trustee parcel available for download. See Parcels for detailed instructions on using parcels to install or upgrade Key Trustee. If you do not see any Key Trustee parcels available, click the Edit Settings button on the Parcels page to go to the Parcel configuration settings and verify that the Key Trustee parcel repo URL (https://archive.cloudera.com/navigator-keytrustee5/parcels/latest/) has been configured in the Parcels configuration page. See Parcel Configuration Settings for more details.

If your cluster is installed using packages, see (Optional) Install Key Trustee Key Provider for instructions on how to install the required software.

Post Installation Configuration

Contact your account team for assistance configuring KMS (Navigator Key Trustee) to communicate with an existing Key Trustee Server, or for assistance installing and configuring a new Key Trustee Server.

Installing Spark

Installing GPL Extras