Installing CDP Private Cloud Data Services

Follow the steps in this topic to install CDP Private Cloud Data Services.

If your ECS hosts are running the CentOS 8.4 or OEL 8.4 operating systems, you must install iptables on all the ECS hosts. (This step is not required when running RHEL 8.4.) Run the following command on each ECS host:
```
yum --setopt=tsflags=noscripts install -y iptables
```
If you are installing ECS on RHEL 8.x:,
1. Add the hosts you intend to use for ECS to Cloudera Manager, without specifying a cluster. See Add New Hosts To Cloudera Manager.
2. If you are using RHEL 8.4, and if the nm-cloud-setup.service and nm-cloud-setup.timer services are enabled, disable them by running the following command on each host you added:
```
systemctl disable nm-cloud-setup.service nm-cloud-setup.timer
```
  For more information, see Known issues and limitations.
3. If you disabled the nm-cloud-setup.service and nm-cloud-setup.timer services, reboot the added hosts.
In Cloudera Manager, on the top right corner, click Add > Add Cluster. The Select Cluster Type page appears.
In the Select Cluster Type page, select the cluster type as Private Cloud Containerized Cluster and click Continue.
On the Getting Started page of the installation wizard, select Internet or Air Gapped as the Install Method. To use a custom repository link provided to you by Cloudera, click Custom Repository. Click Continue.

Internet install method:

Air Gapped install method:

Click Continue.
In the Cluster Basics page, type a name for the Private Cloud cluster that you want to create in the Cluster Name field. From the Base Cluster drop-down list, select the cluster that has the storage and SDX services that you want this new Private Cloud Data Services instance to connect with. Click Continue.
In the Specify Hosts page, provide a list of available hosts or you can add new hosts. (If you already added the hosts to Cloudera Manager, enter the Fully Qualified Domain Name (FQDN) for those hosts.) You can provide the FQDN in the following patterns:
You can specify multiple addresses and address ranges by separating them by commas, semicolons, tabs, or blank spaces, or by placing them on separate lines. Use this technique to make more specific searches instead of searching overly wide ranges.
For example, use host[1-3].network.com to specify these hosts: host1.network.com, host2.network.com, host3.network.com.
Click Continue.
In the Select JDK page, select any one from the below options:
1. Manually manage JDK
2. Install a Cloudera-provided version of OpenJDK
3. Install a system-provided version of OpenJDK
In the Enter Login Credentials page select the SSH Username and provide the password.
The Install Agents page appears.
In the Assign Roles page, you can customize the roles assignment for your new Private Cloud Containerized cluster.

important
Cloudera does not recommend altering assignments unless you have specific requirements such as having selected a specific host for a specific role.

Click Continue.

In the Configure Docker Repository page, you must select one of the Docker repository options.

Use an embedded Docker Repository - Copies all images (Internet or AirGapped) to the embedded registry.

Use Cloudera’s default Docker Repository - Copies images from Internet to the embedded registry. This uses the default repository that is in manifest.json

note

Use Cloudera’s default Docker Repository option can be selected only if you have selected Internet as the install method.

You must ensure that the following ports are opened and allowed. This is required for completing the ECS installation.

Protocol	Port
TCP	7180-7192
TCP	19001
TCP	5000
TCP	9000

Inbound rules for ECS Server nodes.

Protocol	Port
TCP	9345
TCP	6443
UDP	8472
TCP	10250
TCP	2379
TCP	2380
TCP	30000-32767

Inbound Rules for ECS Agent.

Protocol	Port
UDP	4789

If you select Use an embedded Docker Repository option, then you can download and deploy the Data Services that you need for your cluster.

By selecting Default, all the data services will be downloaded and deployed.
By selecting Select the optional images:
- If you switch off the Machine Learning toggle key, then the Machine Learning runtimes will not be installed.
- If you switch on the Machine Learning toggle key, then the Machine Learning runtimes will be installed.

Click Continue.

In the Configure Data Services page, you can modify configuration settings such as the data storage directory, number of replicas, and so on. If there are multiple disks mounted on each host with different characteristics (HDD and SSD), then Local Path Storage Directory must point to the path belonging to the optimal storage. Ensure that you have reviewed your changes. If you want to specify a custom certificate, place the certificate and the private key in a specific location on the Cloudera Manager server host and specify the paths in the input boxes labelled as Ingress Controller TLS/SSL Server Certificate/Private Key File below. This certificate will be copied to the Control Plane during the installation process.

Click Continue.
In the Configure Databases page, follow the instructions in the wizard to use your external existing databases with CDP Private Cloud.

Click Continue.

For production environments, Cloudera recommends that you use databases that you have previously created. These databases must all be on the same host and that host must be a PostgreSQL database server running version 10 or 12.

Ensure that you have selected the Use TLS for Connections Between the Control Plane and the Database option if you have plans to use Cloudera Data Warehouse (CDW). Enabling the Private Cloud Base Cluster PostgreSQL database to use an SSL connection to encrypt client-server communication is a requirement for CDW in CDP Private Cloud.
In the Install Parcels page, the selected parcels are downloaded and installed on the host cluster. Click Continue.
In the Inspect Cluster page, you can inspect your network performance and hosts. If the inspect tool displays any issues, you can fix those issues and run the inspect tool again.

Click Continue.
In the Install Data Services page, you will see the installation process.
After the installation is complete, you will see the Summary image. You can Launch CDP Private Cloud.
After the installation is complete, you can access your Private Cloud Data Services instance from Cloudera Manager > click Open Private Cloud Data Services.

If the installation fails, and you see the following error message in the stderr output during the Install Longhorn UI step, retry the installation by clicking the Resume button.

++ openssl passwd -stdin -apr1 + echo 'cm-longhorn:$apr1$gp2nrbtq$1KYPGI0QNlFJ2lo5sV62l0' + kubectl -n longhorn-system create secret generic basic-auth --from-file=auth + rm -f auth + kubectl -n longhorn-system apply -f /opt/cloudera/cm-agent/service/ecs/longhorn-ingress.yaml Error from server (InternalError): error when creating "/opt/cloudera/cm-agent/service/ecs/longhorn-ingress.yaml": 
Internal error occurred: failed calling webhook "validate.nginx.ingress.kubernetes.io": Post "https://rke2-ingress-nginx-controller-admission.kube-system.svc:443/networking/v1/ingresses?timeout=10s": x509: certificate signed by unknown authority

Click Open Private Cloud Data Services to launch your Private Cloud Experiences instance.
Log in using the default username and password admin.
In the Welcome to CDP Private Cloud page, click Change Password to change the Local Administrator Account password.
Set up external authentication using the URL of the LDAP server and a CA certificate of your secure LDAP. Follow the instructions on the Welcome to CDP Private Cloud page to complete this step.
Click Test Connection to ensure that you are able to connect to the configured LDAP server.
Create your first Virtual Warehouse in the CDW Data Service
Provision an ML Workspace in the CML Data Service
Add a CDE service in the CDE Data Service