Linux에서 AWS CloudHSM 클라이언트 SDK 3 업그레이드
AWS CloudHSM 클라이언트 SDK 3.1 이상에서는 클라이언트 대몬(daemon)의 버전과 설치한 모든 구성 요소가 일치해야 업그레이드할 수 있습니다. 모든 Linux 기반 시스템의 경우 단일 명령을 사용하여 동일한 버전의 PKCS #11 라이브러리, Java 암호화 확장(JCE) 공급자 또는 OpenSSL Dynamic Engine으로 클라이언트 대몬(daemon)을 일괄 업그레이드해야 합니다. CNG 및 KSP 공급자의 바이너리가 이미 클라이언트 대몬(daemon) 패키지에 포함되어 있으므로 이 요구 사항은 Windows 기반 시스템에는 적용되지 않습니다.
-
Red Hat 기반 Linux 시스템(Amazon Linux 및 CentOS 포함)에서는 다음 명령을 사용합니다.
rpm -qa | grep ^cloudhsm
-
Debian 기반 Linux 시스템에서는 다음 명령을 사용합니다.
apt list --installed | grep ^cloudhsm
-
Windows 시스템에서 다음 명령을 사용합니다.
wmic product get name,version
사전 조건
AWS CloudHSM 클라이언트 대몬(daemon)의 최신 버전을 다운로드하고 구성 요소를 선택합니다.
모든 구성 요소를 설치할 필요는 없습니다. 설치한 모든 구성 요소에 대해 클라이언트 대몬(daemon) 버전과 일치하도록 해당 구성 요소를 업그레이드해야 합니다.
최신 리눅스 클라이언트 대몬(daemon)
- Amazon Linux
-
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL6/cloudhsm-client-latest.el6.x86_64.rpm
- Amazon Linux 2
-
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-latest.el7.x86_64.rpm
- CentOS 7
-
sudo yum install wget
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-latest.el7.x86_64.rpm
- CentOS 8
-
sudo yum install wget
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL8/cloudhsm-client-latest.el8.x86_64.rpm
- RHEL 7
-
sudo yum install wget
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-latest.el7.x86_64.rpm
- RHEL 8
-
sudo yum install wget
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL8/cloudhsm-client-latest.el8.x86_64.rpm
- Ubuntu 16.04 LTS
-
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Xenial/cloudhsm-client_latest_amd64.deb
- Ubuntu 18.04 LTS
-
wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Bionic/cloudhsm-client_latest_u18.04_amd64.deb
최신 PKCS #11 라이브러리
- Amazon Linux
-
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL6/cloudhsm-client-pkcs11-latest.el6.x86_64.rpm
- Amazon Linux 2
-
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-pkcs11-latest.el7.x86_64.rpm
- CentOS 7
-
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-pkcs11-latest.el7.x86_64.rpm
- CentOS 8
-
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL8/cloudhsm-client-pkcs11-latest.el8.x86_64.rpm
- RHEL 7
-
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-pkcs11-latest.el7.x86_64.rpm
- RHEL 8
-
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL8/cloudhsm-client-pkcs11-latest.el8.x86_64.rpm
- Ubuntu 16.04 LTS
-
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Xenial/cloudhsm-client-pkcs11_latest_amd64.deb
- Ubuntu 18.04 LTS
-
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Bionic/cloudhsm-client-pkcs11_latest_u18.04_amd64.deb
최신 OpenSSL Dynamic Engine
- Amazon Linux
-
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL6/cloudhsm-client-dyn-latest.el6.x86_64.rpm
- Amazon Linux 2
-
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-dyn-latest.el7.x86_64.rpm
- CentOS 7
-
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-dyn-latest.el7.x86_64.rpm
- RHEL 7
-
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-dyn-latest.el7.x86_64.rpm
- Ubuntu 16.04 LTS
-
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Xenial/cloudhsm-client-dyn_latest_amd64.deb
최신 JCE 공급자
- Amazon Linux
-
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL6/cloudhsm-client-jce-latest.el6.x86_64.rpm
- Amazon Linux 2
-
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-jce-latest.el7.x86_64.rpm
- CentOS 7
-
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-jce-latest.el7.x86_64.rpm
- CentOS 8
-
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL8/cloudhsm-client-jce-latest.el8.x86_64.rpm
- RHEL 7
-
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL7/cloudhsm-client-jce-latest.el7.x86_64.rpm
- RHEL 8
-
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/EL8/cloudhsm-client-jce-latest.el8.x86_64.rpm
- Ubuntu 16.04 LTS
-
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Xenial/cloudhsm-client-jce_latest_amd64.deb
- Ubuntu 18.04 LTS
-
$ wget https://s3.amazonaws.com/cloudhsmv2-software/CloudHsmClient/Bionic/cloudhsm-client-jce_latest_u18.04_amd64.deb
1단계: 클라이언트 대몬(daemon) 중지
다음 명령을 사용하여 클라이언트 대몬(daemon)을 중지합니다.
- Amazon Linux
$ sudo stop cloudhsm-client
- Amazon Linux 2
$ sudo service cloudhsm-client stop
- CentOS 7
$ sudo service cloudhsm-client stop
- CentOS 8
$ sudo service cloudhsm-client stop
- RHEL 7
$ sudo service cloudhsm-client stop
- RHEL 8
$ sudo service cloudhsm-client stop
- Ubuntu 16.04 LTS
$ sudo service cloudhsm-client stop
- Ubuntu 18.04 LTS
$ sudo service cloudhsm-client stop
2단계: 클라이언트 SDK 업그레이드
다음 명령은 클라이언트 대몬(daemon) 및 구성 요소를 업그레이드하는 데 필요한 구문을 보여줍니다. 명령을 실행하기 전에 업그레이드하지 않으려는 구성 요소를 제거합니다.
- Amazon Linux
-
$ sudo yum install ./cloudhsm-client-latest.el6.x86_64.rpm \
<./cloudhsm-client-pkcs11-latest.el6.x86_64.rpm> \
<./cloudhsm-client-dyn-latest.el6.x86_64.rpm> \
<./cloudhsm-client-jce-latest.el6.x86_64.rpm>
- Amazon Linux 2
-
$ sudo yum install ./cloudhsm-client-latest.el7.x86_64.rpm \
<./cloudhsm-client-pkcs11-latest.el7.x86_64.rpm> \
<./cloudhsm-client-dyn-latest.el7.x86_64.rpm> \
<./cloudhsm-client-jce-latest.el7.x86_64.rpm>
- CentOS 7
-
$ sudo yum install ./cloudhsm-client-latest.el7.x86_64.rpm \
<./cloudhsm-client-pkcs11-latest.el7.x86_64.rpm> \
<./cloudhsm-client-dyn-latest.el7.x86_64.rpm> \
<./cloudhsm-client-jce-latest.el7.x86_64.rpm>
- CentOS 8
-
$ sudo yum install ./cloudhsm-client-latest.el8.x86_64.rpm \
<./cloudhsm-client-pkcs11-latest.el8.x86_64.rpm> \
<./cloudhsm-client-jce-latest.el8.x86_64.rpm>
- RHEL 7
-
$ sudo yum install ./cloudhsm-client-latest.el7.x86_64.rpm \
<./cloudhsm-client-pkcs11-latest.el7.x86_64.rpm> \
<./cloudhsm-client-dyn-latest.el7.x86_64.rpm> \
<./cloudhsm-client-jce-latest.el7.x86_64.rpm>
- RHEL 8
-
$ sudo yum install ./cloudhsm-client-latest.el8.x86_64.rpm \
<./cloudhsm-client-pkcs11-latest.el8.x86_64.rpm> \
<./cloudhsm-client-jce-latest.el8.x86_64.rpm>
- Ubuntu 16.04 LTS
-
$ sudo apt install ./cloudhsm-client_latest_amd64.deb \
<cloudhsm-client-pkcs11_latest_amd64.deb> \
<cloudhsm-client-dyn_latest_amd64.deb> \
<cloudhsm-client-jce_latest_amd64.deb>
- Ubuntu 18.04 LTS
-
$ sudo apt install ./cloudhsm-client_latest_u18.04_amd64.deb \
<cloudhsm-client-pkcs11_latest_amd64.deb> \
<cloudhsm-client-jce_latest_amd64.deb>
3단계: 클라이언트 대몬(daemon) 시작
다음 명령을 사용하여 클라이언트 대몬(daemon)을 시작합니다.
- Amazon Linux
$ sudo start cloudhsm-client
- Amazon Linux 2
$ sudo service cloudhsm-client start
- CentOS 7
$ sudo service cloudhsm-client start
- CentOS 8
$ sudo service cloudhsm-client start
- RHEL 7
$ sudo service cloudhsm-client start
- RHEL 8
$ sudo service cloudhsm-client start
- Ubuntu 16.04 LTS
$ sudo service cloudhsm-client start
- Ubuntu 18.04 LTS
$ sudo service cloudhsm-client start
- Ubuntu 20.04 LTS
$ sudo service cloudhsm-client start
- Ubuntu 22.04 LTS
OpenSSL Dynamic Engine에 대한 지원은 아직 제공되지 않습니다.
