Upgrading Couldera Navigator HSM KMS

Setting Up an Internal Repository

You must create an internal repository to upgrade HSM KMS. For instructions on creating internal repositories (including Cloudera Manager, CDH, and Cloudera Navigator encryption components), see Using an Internal Parcel Repository if you are using parcels, or Using an Internal Package Repository if you are using packages.

Upgrading HSM KMS Using Parcels

To upgrade an HSM KMS using parcels:

  1. Go to Hosts > Parcels.
  2. Click Configuration and add your internal repository to the Remote Parcel Repository URLs section. See Configuring the Cloudera Manager Server to Use the Parcel URL for Hosted Repositories for more information.
  3. Click Save Changes.
  4. Download, distribute, and activate the KEYTRUSTEE parcel for the version to which you are upgrading. See Parcels for detailed instructions on using parcels to install or upgrade components.
  5. Restart the HSM KMS service (HSM KMS service > Actions > Restart).

Upgrading HSM KMS Using Packages

To upgrade an HSM KMS using packages:

  1. After Setting Up an Internal Repository, configure the HSM KMS host to use the repository. See Modifying Clients to Use the Internal Repository for more information.
  2. Add the CDH repository. See Step 1: Configure a Repository for instructions. If you want to create an internal CDH repository, see Using an Internal Package Repository.
  3. Upgrade the keytrustee-keyprovider package using the appropriate command for your operating system:
    • RHEL-compatible
      $ sudo yum install keytrustee-keyprovider
    • SLES
      $ sudo zypper install keytrustee-keyprovider
    • Ubuntu or Debian
      $ sudo apt-get install keytrustee-keyprovider
  4. Restart the HSM KMS service (HSM KMS service > Actions > Restart).