THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- Create a principle to use with Ranger Repo for logging in KMS
- Create principal
| Code Block | ||
|---|---|---|
| ||
kadmin.local addprinc <principal name> Enter the password exit |
...
| Code Block |
|---|
kinit <principal name> Enter password klist kdestroy |
...
- Edit “hdfs-site.xml”
...
| Code Block | ||
|---|---|---|
| ||
Replace localhost with <internal host name> Go to path cd/usr/hdp/<version>/hadoop/conf/ vim hdfs-site.xml For property “dfs.encryption.key.provider.uri” ,enter the value “kms://http@<internal host name>:9292/kms” save and quite |
...
| Code Block |
|---|
su -l hdfs -c "/usr/hdp/<version>/hadoop/sbin/hadoop-daemon.sh stop namenode"
su -l hdfs -c "/usr/hdp/<version>/hadoop/sbin/hadoop-daemon.sh start namenode"
|
- Restart krb5kdc
...
| Code Block |
|---|
service krb5kdc restart |
...
- Run setup
| Code Block |
|---|
./setup.sh |
- start the KMS server
| Code Block |
|---|
rangee-kms start |
...
REPOSITORY_NAME: name specified in installed.properties (e.g kmsdev)
- KMS URL: kms://http@<internal host name>:9292/kms
- Username:Principle that will be used for kms (e.g.testkms1@EXAMPLE.COM)
- Password:Password for principle(e.g.testkms1 password)
- Check test connection
Please check the logged in user (for e.g “keyadmin”) has the permission for KMS operation You can navigate to KMS Tab and do all the operation related to the KMS.
...