Issues Fixed in Cloudera Navigator Key HSM

Issues Fixed in Cloudera Navigator Key HSM 1.10.0

Minor stability improvements.

Issues Fixed in Cloudera Navigator Key HSM 1.9.0

Minor stability improvements.

Issues Fixed in Cloudera Navigator Key HSM 1.8.0

For new features in Key HSM 1.8.0, see What's New in Cloudera Navigator Key HSM 1.8.0.

Issues Fixed in Cloudera Navigator Key HSM 1.7.0

Using Key HSM with SafeNet KeySecure over TLS fails

When Key HSM is integrated with SafeNet KeySecure over TLS, Key HSM stops communicating with KeySecure after a period of time.

Issues Fixed in Cloudera Navigator Key HSM 1.6.0

Key HSM fails to start if the HSM contains a large number of keys

If the HSM stores a large number (hundreds) of keys, Key HSM fails to start with a timeout error similar to the following:

SEVERE: Timeout attempting to start services.
All services available:                           :[ Failed ]

Key HSM logs do not roll over

Key HSM logs do not roll over, resulting in a log file that perpetually grows larger.

Issues Fixed in Cloudera Navigator Key HSM 1.5.1

Upgrading Key HSM removes init script

Upgrading Key HSM from 1.4.x to 1.5.x removes the Key HSM init script and /usr/bin/keyhsm binary. With this fix, future upgrades (from 1.5.1 to a higher release) do not experience this issue. To resolve the issue after upgrading to 1.5.x, reinstall Key HSM (yum reinstall keytrustee-keyhsm).

Issues Fixed in Cloudera Navigator Key HSM 1.5.0

Interrupting key migration from Key Trustee Server to Key HSM can result in lost data

Interrupting key migration (for example, using Ctrl+C) when integrating Key Trustee Server with Key HSM can result in data loss.

Issues Fixed in Cloudera Navigator Key HSM 1.4.0

Inserting deposits to Key HSM with Luna HSM logs stack trace

Inserting deposits to Key HSM using a Luna HSM logs the following stack trace to keyhsm.log:
SEVERE: -----------------Extended reason------------------
Nov 21, 2014 4:39:11 PM com.cloudera.app.display.logging.AppLogger logInfo
INFO: com.safenetinc.luna.LunaCryptokiException.ThrowNew(LunaCryptokiException.java:66)
com.safenetinc.luna.LunaAPI.CheckSessionState(Native Method)
com.safenetinc.luna.LunaSession.isLoggedIn(LunaSession.java:149)
com.safenetinc.luna.LunaSlot.isLoggedIn(LunaSlot.java:155)
com.safenetinc.luna.LunaSlotManager.isLoggedIn(LunaSlotManager.java:585)
[...]
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1720)
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1679)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
java.lang.Thread.run(Thread.java:745)

service keyhsm trust only works with absolute path

Running service keyhsm trust cert_file fails if cert_file is a relative path.