Prerequisites and exceptions for the example configuration

Review the prerequisites and exceptions before adding the example configuration to the sudoers file.

  1. As a root user, you must create the repository file on the Cloudera Manager Server. For instance, as a root user you can create the /etc/yum.repos.d/cloudera-manager.repo file with the following content:
    name=Cloudera Manager 7.x.0
  2. To enable Auto-TLS, use the Cloudera Manager user interface:
    1. Administration > Security > Enable Auto-TLS wizard
    2. For information on how to generate an internal CA and corresponding certificates, see Use case 1: Use CM to generate an internal CA and corresponding certificates
  3. Database Configuration:
    1. To install the postgreSQL as the Cloudera Manager Database, the root user must run the following commands for the user1:
      i) user1@cmsudo-1 ~]$ echo 'LC_ALL="en_US.UTF-8"' >> /etc/locale.conf
      -bash: /etc/locale.conf file
      ii) sudo su -l postgres -c "postgresql-setup initdb"
    2. To enable MD5 authentication, user1 must have root permission:

      Edit pg_hba.conf , which is usually found in /var/lib/pgsql/data or /etc/postgresql/<version>/main. For more information, see step 2, Enable MD5 authentication.

  4. To install Ranger on any host and configure PostgreSQL database for Ranger, you need a new sudoers command list. For more information, see Configuring a PostgreSQL Database for Ranger or Ranger KMS
  5. For the KDC setup, you must manage the krb5.conf file through Cloudera Manager user interface. For more information, see Enable Kerberos using the wizard
  6. Cloudera Manager Upgrade:

    To set up the Cloudera Manager repository, user1 must have write access to the repository file. For more information, see Upgrading the Cloudera Manager Server

  7. If you are setting up a KTS cluster, do the following as root user:
    1. You must obtain root access to install a file under “/etc/systemd/system/” as a prerequisite for installing rng-tools package. After installing the “rng-tools” package, user1 will require root user to run the following commands:
      i) cp /usr/lib/systemd/system/rngd.service /etc/systemd/system/ 
      ii) sed -i -e 's/ExecStart=\ /sbin/rngd -f /ExecStart=\ /sbin\ /rngd -f -r \ / dev \ / urandom/'/etc/systemd/system/rngd.service
  8. Run the rsync command to copy the Key Trustee Server keys.
    rsync -zav --exclude .ssl /var/lib/keytrustee/ .keytrustee