Updated on 2024-11-29 GMT+08:00

Configuring Multi-Instance for RangerKMS

Scenario

After two RangerKMS instances are installed in an MRS cluster, you need to modify Ranger KMS configurations before configuring HDFS multi-instance transparent encryption.

If only one RangerKMS instance is installed, skip this section.

Prerequisites

Two RangerKMS instances have been installed.

Procedure

  1. Choose Cluster > Services > Ranger. Click Configurations then All Configurations, click RangerKMS(Role), and select Server.
  2. Change the values of the following parameters:

    Parameter

    Value

    Description

    hadoop.kms.authentication.signer.secret.provider

    zookeeper

    Select the ZooKeeper control token.

    hadoop.kms.authentication.signer.secret.provider.zookeeper.path

    /ranger-kms/hadoop-auth-signature-secret

    Ranger KMS record path in ZooKeeper.

  3. Click All Configurations, click RangerKMS(Role), and select Cache.
  4. Change the hadoop.kms.cache.enable value to false.
  5. Click Save. In the dialog box that is displayed, click OK to save the configuration.
  6. Restart RangerKMS and other upper-layer services whose configurations have expired.