Important: Cloudera supports RHEL 7 with the following limitations:

• Only RHEL 7.3, 7.2 and 7.1 are supported. RHEL 7.0 is not supported.
• RHEL 7.1 is only supported with CDH 5.5 and higher.
• RHEL 7.2 is only supported with CDH 5.7 and higher.
• Only new installations of RHEL 7.2 and 7.1 are supported by Cloudera. For upgrades to RHEL 7.1 or 7.2, contact your OS vendor and see Does Red Hat support upgrades between major versions of Red Hat Enterprise Linux?.

1. Install the Cloudera Repository

   Add the internal repository you created. See Modifying Clients to Find the Repository for more information.

   Import the GPG key by running the following command:

   $ sudo rpm --import http://repo.example.com/path/to/gpg_gazzang.asc

2. Stop Navigator Encrypt
   Stop the Navigator Encrypt service:

   $ sudo service navencrypt-mount stop

   For RHEL 7, use systemctl instead:

   $ sudo systemctl stop navencrypt-mount

3. Upgrade Navigator Encrypt
   Upgrade the Navigator Encrypt client using yum:

   $ sudo yum update navencrypt

4. Start Navigator Encrypt
   Start the Navigator Encrypt service:

   $ sudo service navencrypt-mount start

   For RHEL 7, use systemctl instead:

   $ sudo systemctl start navencrypt-mount

1. Install the Cloudera Repository

   Add the internal repository you created. See Modifying Clients to Find the Repository for more information.

   Import the GPG key by running the following command:

   $ sudo rpm --import http://repo.example.com/path/to/gpg_gazzang.asc

2. Stop Navigator Encrypt
   Stop the Navigator Encrypt service:

   $ sudo service navencrypt-mount stop

3. Upgrade the Navigator Encrypt Client
   Upgrade Navigator Encrypt:

   $ sudo zypper update navencrypt

4. Enable Unsupported Modules
   Edit /etc/modprobe.d/unsupported-modules and set allow_unsupported_modules to 1. For example:

   #
   # Every kernel module has a flag 'supported'. If this flag is not set loading
   # this module will taint your kernel. You will not get much help with a kernel
   # problem if your kernel is marked as tainted. In this case you firstly have
   # to avoid loading of unsupported modules.
   #
   # Setting allow_unsupported_modules 1 enables loading of unsupported modules
   # by modprobe, setting allow_unsupported_modules 0 disables it. This can
   # be overridden using the --allow-unsupported-modules command line switch.
   allow_unsupported_modules 1

5. Start Navigator Encrypt
   Start the Navigator Encrypt service:

   $ sudo service navencrypt-mount start

1. Install the Cloudera Repository
   Add the internal repository you created. See Modifying Clients to Find the Repository for more information.

   • Ubuntu

     $ echo "deb http://repo.example.com/path/to/ubuntu/stable $DISTRIB_CODENAME main" | sudo tee -a /etc/apt/sources.list

   • Debian

     $ echo "deb http://repo.example.com/path/to/debian/stable $DISTRIB_CODENAME main" | sudo tee -a /etc/apt/sources.list

   Import the GPG key by running the following command:

   $ wget -O - http://repo.example.com/path/to/gpg_gazzang.asc | apt-key add -

   Update the repository index with apt-get update.

2. Stop Navigator Encrypt
   Stop the Navigator Encrypt service:

   $ sudo service navencrypt-mount stop

3. Upgrade the Navigator Encrypt Client
   Upgrade Navigator Encrypt:

   $ sudo apt-get install navencrypt

4. Start Navigator Encrypt
   Start the Navigator Encrypt service:

   $ sudo service navencrypt-mount start

The following lists best practices for upgrading operating systems (OS) and kernels on hosts that have Navigator Encrypt installed:

• Make sure that the version you are upgrading to is supported by Navigator Encrypt. See the product compatibility matrix for Product Compatibility Matrix for Cloudera Navigator Encryption for more information.
• Always test upgrades in a development or testing environment before upgrading production hosts.
• If possible, upgrade the entire operating system instead of only upgrading the kernel.
• If you need to upgrade the kernel only, make sure that your OS version supports the kernel version to which you are upgrading.
• Always back up the /etc/navencrypt directory before upgrading. If you have problems accessing encrypted data after upgrading the OS or kernel, restore /etc/navencrypt from your backup and try again.