Security
Also available as:
PDF
loading table of contents...
Migrate Ranger DB to HSM

Steps

  1. If running, stop the Ranger KMS server.

  2. Go to the Ranger KMS directory: /usr/hdp/version/ranger-kms.

    [Note]Note

    DB details from which Ranger KMS needs migration must be correctly configured (located in the xml config file of Ranger KMS).

    HSM details must be the KMS HSM to which we are migrating.

  3. Run: ./DBMK2HSM.sh provider HSM_PARTITION_NAME.

    For example:

    ./DBMK2HSM.sh LunaProvider par19

  4. Enter the partition password.

  5. After the migration is completed: if you want to run Ranger KMS according to the new configuration (either with HSM enabled or disabled,) update the Ranger KMS properties if required.

  6. Start Ranger KMS

    Note: After migration, when Ranger KMS is running with HSM enabled: from DB table “ranger_masterkey”, delete the Master Key row if it is not required as Master Key already being migrated to HSM.