Installing Cloudera Navigator Key HSM
Cloudera Navigator Key HSM is a universal hardware security module (HSM) driver that translates between the target HSM platform and Cloudera Navigator Key Trustee Server.
With Navigator Key HSM, you can use a Key Trustee Server to securely store and retrieve encryption keys and other secure objects, without being limited solely to a hardware-based platform.
Prerequisites
You must install Key HSM on the same host as Key Trustee Server. See Data at Rest Encryption Requirements for more information about encryption and Key HSM requirements.
Setting Up an Internal Repository
You must create an internal repository to install or upgrade Cloudera Navigator Key HSM. For instructions on creating internal repositories (including Cloudera Manager, CDH, and Cloudera Navigator encryption components), see Using an Internal Package Repository.
Installing Navigator Key HSM
- Set up the Key HSM Repository
Download the Key HSM tarball and create a local Key HSM repository with the files from the tarball. See Setting Up an Internal Repository above for more information.
- Install the Key HSM repository
Add the local Key HSM repository you created in Step 1. See Modifying Clients to Use the Internal Repository for more information.
Import the GPG key by running the following command:$ sudo rpm --import http://repo.example.com/path/to/RPM-GPG-KEY-cloudera
- Install the CDH Repository
Key Trustee Server and Key HSM depend on the bigtop-utils package, which is included in the CDH repository. For instructions on adding the CDH repository, see Step 1: Configure a Repository.
- Install Navigator Key HSM
Install the Navigator Key HSM package using yum:
$ sudo yum install keytrustee-keyhsm
Cloudera Navigator Key HSM is installed to the /usr/share/keytrustee-server-keyhsm directory by default.