This is the documentation for Cloudera Enterprise 5.8.x. Documentation for other versions is available at Cloudera Documentation.

Managing the Navigator Key HSM Service

Use the keyhsm service for all basic server operations:
$ sudo service keyhsm
keyHsm service usage:
    setup <hsm name> - setup a new connection to an HSM
    trust <path>     - add a trusted client certificate
    validate         - validate that keyHSM is properly configured
    settings         - display the current server configuration
    start            - start the keyHSM proxy server
    status           - show the current keyHSM server status
    shutdown         - force keyHSM server to shut down
    reload           - reload the server (without shutdown)

The reload command causes the application to restart internal services without ending the process itself. If you want to stop and start the process, use the restart command.

Logging and Audits

The Navigator Key HSM logs contain all log and audit information, and by default are stored in the /var/log/keyhsm directory.

You can configure the maximum log size (in bytes) and maximum number of log files to retain by adding or editing the following entries in /usr/share/keytrustee-server-keyhsm/application.properties:

keyhsm.log.size = 100000000
keyhsm.roll.size = 3

The values used in this example are the default values, and are used if these parameters are not set.

To enable debug logging, add the debug parameter to the start command:

$ sudo service keyhsm start debug
  Note: You cannot start Key HSM in debug mode using the systemctl command on RHEL 7-compatible OS. You must use the service command.

This enables debug logging until the service is restarted without the debug parameter.

Page generated July 8, 2016.