KMS Installation

Hadoop Key Management Service (KMS) is a cryptographic key management server based on Hadoop's KeyProvider API. It provides a client which is a KeyProvider implementation that interacts with the KMS using the HTTP REST API. Both the KMS and its client support HTTP SPNEGO Kerberos authentication and SSL-secured communication. The KMS is a Java-based web application which runs using a pre-configured Tomcat server bundled with the Hadoop distribution.

Installing and Upgrading KMS

To install or upgrade KMS on a RHEL-compatible system:

$ sudo yum install hadoop-kms hadoop-kms-server

To install or upgrade KMS on a SLES system:

$ sudo zypper install hadoop-kms hadoop-kms-server

To install or upgrade Crunch on an Ubuntu or Debian system:

$ sudo apt-get install hadoop-kms hadoop-kms-server

Troubleshooting: upgrading hadoop-kms from 5.2.x and 5.3.x releases on SLES

The problem described in this section affects SLES upgrades from 5.2.x releases earlier than 5.2.4, and from 5.3.x releases earlier than 5.3.2.

Problem

The problem occurs when you try to upgrade the hadoop-kms package, for example:
Installing: hadoop-kms-2.5.0+cdh5.3.2+801-1.cdh5.3.2.p0.224.sles11 [error]
12:54:19 Installation of hadoop-kms-2.5.0+cdh5.3.2+801-1.cdh5.3.2.p0.224.sles11 failed:
12:54:19 (with --nodeps --force) Error: Subprocess failed. Error: RPM failed: warning: /var/cache/zypp/packages/cdh/RPMS/x86_64/hadoop-kms-2.5.0+cdh5.3.2+801-1.cdh5.3.2.p0.224.sles11.x86_64.rpm: Header V4 DSA signature: NOKEY, key ID e8f86acd
12:54:19 error: %postun(hadoop-kms-2.5.0+cdh5.3.1+791-1.cdh5.3.1.p0.17.sles11.x86_64) scriptlet failed, exit status 1
12:54:19 

What to Do

If you see an error similar to the one in the example above, proceed as follows:
  1. Abort, or ignore the error (it doesn't matter which):
    Abort, retry, ignore? [a/r/i] (a): i
  2. Perform cleanup.
    1. # rpm -qa hadoop-kms
      You will see two versions of hadoop-kms; for example:
      hadoop-kms-2.5.0+cdh5.3.1+791-1.cdh5.3.1.p0.17.sles11
      hadoop-kms-2.5.0+cdh5.3.2+801-1.cdh5.3.2.p0.224.sles11
    2. Remove the older version, in this example hadoop-kms-2.5.0+cdh5.3.1+791-1.cdh5.3.1.p0.17.sles11:
       # rpm -e --noscripts hadoop-kms-2.5.0+cdh5.3.1+791-1.cdh5.3.1.p0.17.sles11
      
  3. Verify that the older version of the package has been removed:
    # rpm -qa hadoop-kms
    Now you should see only the newer package:
    hadoop-kms-2.5.0+cdh5.3.2+801-1.cdh5.3.2.p0.224.sles11