You must create an internal repository to install or upgrade Cloudera Navigator Key HSM. For instructions on creating internal repositories (including Cloudera Manager, CDH, and Cloudera Navigator encryption components), see Creating and Using a Package Repository for Cloudera Manager.

  Important: If you have implemented Key Trustee Server high availability, upgrade Key HSM on each Key Trustee Server.

1. Install the Cloudera Repository

   Add the internal repository you created. See Modifying Clients to Find the Repository for more information.

   Import the GPG key by running the following command:

   $ sudo rpm --import http://repo.example.com/path/to/RPM-GPG-KEY-cloudera

2. Install the CDH Repository

   Key Trustee Server and Key HSM depend on the bigtop-utils package, which is included in the CDH repository. For instructions on adding the CDH repository, see To add the CDH repository. To create a local CDH repository, see Creating a Local Yum Repository for instructions.

3. Stop the Key HSM Service
   Stop the Key HSM service before upgrading:

   $ sudo service keyhsm shutdown

4. Upgrade Navigator Key HSM
   Upgrade the Navigator Key HSM package using yum:

   $ sudo yum update keytrustee-keyhsm

   Cloudera Navigator Key HSM is installed to the /usr/share/keytrustee-server-keyhsm directory by default.

5. Start the Key HSM Service
   Start the Key HSM service:

   $ sudo service keyhsm start