Installing Key Trustee KMS
Key Trustee KMS is a custom Key Management Server (KMS) that uses Cloudera Navigator Key Trustee Server as the underlying keystore, instead of the file-based Java KeyStore (JKS) used by the default Hadoop KMS.
Key Trustee KMS is supported only in Cloudera Manager deployments. You can install the software using parcels or packages, but running Key Trustee KMS outside of Cloudera Manager is not supported.
The KMS (Navigator Key Trustee) service in Cloudera Manager 5.3 is renamed to Key Trustee KMS in Cloudera Manager 5.4.
Installing Key Trustee KMS Using Parcels
- Go to .
- If you do not see any Key Trustee KMS parcels available, click the Edit Settings button and verify that the Key Trustee parcel repo URL (https://archive.cloudera.com/navigator-keytrustee5/parcels/5.4/) is listed in the Remote Parcel Repository URLs section. See Configuring the Cloudera Manager Server to Use the Parcel URL for more information.
- Click Save Changes.
- Return to the Parcels page ( ).
- Download, distribute, and activate the Key Trustee KMS parcel. See Managing Parcels for detailed instructions on using parcels to install or upgrade components.
Installing Key Trustee KMS Using Packages
- Identify the appropriate repository for your operating system, and copy the repository URL:
- Add the repository to your system, using the appropriate procedure for your operating system:
Download the repository and copy it to the /etc/yum.repos.d/ directory. Refresh the package index by running sudo yum clean all.
Add the repository to your system using the following command:
$ sudo zypper addrepo -f repository_url
Refresh the package index by running sudo zypper refresh.
- Ubuntu or Debian
Copy the content of the appropriate cloudera.list file from the above repository table and append it to the /etc/apt/sources.list.d/cloudera.list file. Create the file if it does not exist. Refresh the package index by running sudo apt-get update.
- Add the CDH repository. See To add the CDH repository for instructions. If you want to create an internal CDH repository, see Creating a Local Yum Repository.
- Install the keytrustee-keyprovider package, using the appropriate command for your operating system:
$ sudo yum install keytrustee-keyprovider
$ sudo zypper install keytrustee-keyprovider
- Ubuntu or Debian
$ sudo apt-get install keytrustee-keyprovider
- Restart the Key Trustee KMS service ( ).