- System Requirements
- What's New
Recommended Hardware and Supported Distributions
The recommended minimum hardware specifications are as follows:
- Processor: 2 GHz 64-bit quad core
- Memory: 16 GB RAM
- Storage: 40 GB on moderate- to high-performance disk drives
Key Trustee KMS supports the following Linux distributions:
- RHEL and CentOS: 5.7, 5.10, 6.4, 6.5, 6.6, 6.7, 7.1
- Oracle Enterprise Linux: 5.7, 5.10, 6.4, 6.5, 6.6, 6.7, 7.1
- SLES: 11 SP2, 11 SP3
- Debian: 7.1
- Ubuntu: 12.04, 14.04
The Key Trustee KMS workload is CPU-intensive. Cloudera recommends using machines with capabilities equivalent to your NameNode hosts, with Intel CPUs that support AES-NI for optimum performance.
Issues Fixed in Key Trustee KMS 5.5.4
Key Trustee KMS configuration file and keys are stored in a volatile location
If the Key Trustee KMS 5.5.0 parcel is deactivated, any existing GPG keys are also deactivated. If the parcel is then reactivated, new GPG keys (used to create an authenticated and private communication channel with the Key Trustee Server) are generated. The existing GPG keys that were in use before the deactivation are not lost; however, they become inactive. If remedial action is not taken before deactivation, this can result in a loss of access to HDFS Encryption Zone keys generated with the older set of GPG keys. This in turn leads to loss of access to all data in all encryption zones. As long as the Key Trustee KMS parcel directory is not deleted, access can be restored. Assistance from Cloudera Support may be required. See TSB 2016-121 for more information (requires login to the Cloudera Support Portal).
KMS ACLs read from wrong file
The UNDELETE and PURGE ACL entries were being read from kms-site.xml instead of kms-acls.xml.
Want to Get Involved or Learn More?
Check out our other resources
Receive expert Hadoop training through Cloudera University, the industry's only truly dynamic Hadoop training curriculum that’s updated regularly to reflect the state of the art in big data.