Upgrading Key Trustee KMS
Important: Following these instructions
upgrades the software for the Key Trustee KMS service; this enables you to use Cloudera Navigator Key Trustee Server as the underlying keystore for HDFS Transparent Encryption. This does not upgrade Key Trustee Server. See Upgrading Cloudera Navigator Key Trustee Server for instructions on upgrading Key Trustee Server.
Key Trustee KMS is supported only in Cloudera Manager deployments. You can install the software using parcels or packages, but running Key Trustee KMS outside of Cloudera Manager is not supported.
Continue reading:
Setting Up an Internal Repository
You must create an internal repository to upgrade Key Trustee KMS. For instructions on creating internal repositories (including Cloudera Manager, CDH, and Cloudera Navigator encryption components), see Creating and Using a Remote Parcel Repository for Cloudera Manager if you are using parcels, or Creating and Using a Package Repository for Cloudera Manager if you are using packages.
Upgrading Key Trustee KMS Using Parcels
Important: Back up Key Trustee KMS before upgrading. See Backing Up and Restoring Key Trustee Server and Clients for instructions.
- Go to .
- Click Configuration and add your internal repository to the Remote Parcel Repository URLs section. See Configuring the Cloudera Manager Server to Use the Parcel URL for more information.
- Click Save Changes.
- Download, distribute, and activate the KEYTRUSTEE parcel for the version to which you are upgrading. See Parcels for detailed instructions on using parcels to install or upgrade components.
- Restart the Key Trustee KMS service ( ).
Upgrading Key Trustee KMS Using Packages
- After Setting Up an Internal Repository, configure the Key Trustee KMS host to use the repository. See Modifying Clients to Find the Repository for more information.
- Add the CDH repository. See To add the CDH repository for instructions. If you want to create an internal CDH repository, see Creating a Local Yum Repository.
- Upgrade the keytrustee-keyprovider package using the appropriate command for your operating system:
- RHEL-compatible
$ sudo yum install keytrustee-keyprovider
- SLES
$ sudo zypper install keytrustee-keyprovider
- Ubuntu or Debian
$ sudo apt-get install keytrustee-keyprovider
- RHEL-compatible
- Restart the Key Trustee KMS service ( ).
Page generated July 8, 2016.
<< Upgrading Cloudera Navigator Key HSM | ©2016 Cloudera, Inc. All rights reserved | Upgrading Cloudera Navigator Encrypt >> |
Terms and Conditions Privacy Policy |