Installing Navigator HSM KMS Backed by Luna HSM
Client Prerequisites
Navigator HSM KMS backed by Luna HSM is supported on Luna HSMs only. The Luna HSM client must be installed first.
For details about the required Luna software and firmware, refer to Navigator HSM KMS: Recommended Hardware and Supported Distributions.
Before performing the Luna HSM KMS setup, run the vt1 verify command (located at /usr/safenet/lunaclient/bin/vtl) to verify that the Luna HSM is configured correctly. See the Luna product documentation for details about how to configure the Luna HSM client.
Setting Up an Internal Repository
You must create an internal repository to install Navigator HSM KMS backed by Luna HSM. For instructions on creating internal repositories (including Cloudera Manager, CDH, and Cloudera Navigator encryption components), see Using an Internal Parcel Repository if you are using parcels, or Using an Internal Package Repositoryif you are using packages.
Installing Navigator HSM KMS Backed by Luna HSM Using Parcels
- Go to .
- Click Configuration and add your internal repository to the Remote Parcel Repository URLs section. See Configuring the Cloudera Manager Server to Use the Parcel URL for Hosted Repositories for more information.
- Download, distribute, and activate the Navigator HSM KMS parcel. See Managing Parcels for detailed instructions on using parcels to install or upgrade components.
Installing Navigator HSM KMS Backed by Luna HSM Using Packages
- After Setting Up an Internal Repository, configure the Navigator HSM KMS backed by Luna HSM host to use the repository. See Modifying Clients to Use the Internal Repository for more information.
- Because the keytrustee-keyprovider package depends on the hadoop-kms package, you must add the CDH repository. See Step 1: Configure a Repository for instructions.
- Install the keytrustee-keyprovider package using the appropriate command for your operating system:
- RHEL-compatible
$ sudo yum install keytrustee-keyprovider
- RHEL-compatible
Post-Installation Configuration
For instructions on configuring HSM KMS, see Enabling HDFS Encryption Using the Wizard.