Configure Ranger KMS HA
High availability (HA) allows the Ranger KMS service to deploy a backup in case the main host goes down.
|
IMPORTANT
The HA mode is enabled automatically when two or more Ranger KMS instances are detected.
|
Configuration in ADCM
To add an extra Ranger KMS component, follow the steps below:
-
In the cluster configuration menu, open the Services tab and run the Add Ranger KMS action for Ranger. Alternatively, in the Ranger service menu, you can go to the Components tab and run the Add action for Ranger KMS that leads to the same result.
The Add Ranger KMS action -
In the opened window, add an extra host for the Ranger KMS component and click Run.
The host-component mapping window -
Confirm the action in the pop-up window and wait for it to finish.
|
NOTE
For a kerberized cluster, SASL is used for authentication with the Kerberos user credentials. The name resolution rules are defined by the hadoop.kms.authentication.kerberos.name.rules parameter in the kms-site.xml parameter group available with the Show advanced flag enabled. By default, these rules concern only the service users (e.g. ranger, hive, yarn, etc.).
|
Check
To check if the HA mode is enabled, follow the steps below:
-
Log into Ranger Admin UI as
keyadmin. -
Enter the edit page for the Ranger KMS service.
Edit the Ranger KMS service
Edit the Ranger KMS service -
If the HA mode is enabled, the KMS URL parameter should have several KMS host URLs (
kms://http@<kms_host_1>;<kms_host_2>:9292/kms). Otherwise — there should be only one URL (dbks://http@<kms_host>:9292/kms). If SSL is enabled,httpwill be changed tohttpsand the port9292will be changed to9393.
The "KMS URL" parameter
The "KMS URL" parameter