Before you begin a production installation of Cloudera Manager,
Cloudera Runtime, and other managed services, review the CDP Private Cloud Base Requirements and Supported Versions , in addition to the
Cloudera Data Platform Release Notes.
For planning, best practices, and recommendations, review the CDP Private Cloud Base Reference Architecture .
important
In a typical installation process, socket's somax connection must NOT be set to a very
low value (default is 128, which is very low for Hadoop systems). Cloudera recommends that
you set socket's somax connection value to atleast 16000 OOTB via Cloudera Manager or host
inspector.
Security-Enhanced Linux (SELinux) allows you to set access control through policies.
However, if you are unable to deploy the Runtime cluster using your policies, you can set
SELinux in permissive mode on each host of your cluster before you deploy the Runtime
parcels.
caution
Cloudera recommends to disable
fapolicyd
daemon present in RHEL 8 (and later) systems before beginning
installation of Cloudera Manager application. Be informed that fapolicyd
is a
user space daemon that determines access rights to files based on attributes of the process
and file. It can be used to either blacklist or whitelist processes or file access. Proceed
with caution with enforcing the use of this daemon. Improper configuration may render the
system non-functional.
note
The importance of security in a production environment cannot be understated. TLS and
Kerberos form the baseline for secure operations of your CDP Runtime environment. Cloudera
supports security services such as Ranger and Atlas only when they are run on
clusters where Kerberos is enabled to authenticate users.
The following topics describe additional considerations you should be aware
of before beginning an installation: