Cloudera Docs

Installing CDP Private Cloud Data Services using ECS

Follow the steps in this topic to install CDP Private Cloud Data Services.

  1. If your ECS hosts are running the CentOS 8.4 or OEL 8.4 operating systems, you must install iptables on all the ECS hosts. (This step is not required when running RHEL 8.4.) Run the following command on each ECS host:
    yum --setopt=tsflags=noscripts install -y iptables
  2. If you are installing ECS on RHEL 8.x:,
    1. Add the hosts you intend to use for ECS to Cloudera Manager, without specifying a cluster. See Add New Hosts To Cloudera Manager.
    2. If you are using RHEL 8.4, and if the nm-cloud-setup.service and nm-cloud-setup.timer services are enabled, disable them by running the following command on each host you added: 
      systemctl disable nm-cloud-setup.service nm-cloud-setup.timer
      For more information, see Known issues and limitations.
    3. If you disabled the nm-cloud-setup.service and nm-cloud-setup.timer services, reboot the added hosts.
  3. In Cloudera Manager, on the top right corner, click Add > Add Cluster. The Select Cluster Type page appears.
  4. In the Select Cluster Type page, select the cluster type as Private Cloud Containerized Cluster and click Continue.
  5. On the Getting Started page of the installation wizard, select Internet or Air Gapped as the Install Method. To use a custom repository link provided to you by Cloudera, click Custom Repository. Click Continue.

    Internet install method:

    Air Gapped install method:

    Click Continue.

  6. In the Cluster Basics page, type a name for the Private Cloud cluster that you want to create in the Cluster Name field. From the Base Cluster drop-down list, select the cluster that has the storage and SDX services that you want this new Private Cloud Data Services instance to connect with. Click Continue.
  7. In the Specify Hosts page, provide a list of available hosts or you can add new hosts. (If you already added the hosts to Cloudera Manager, enter the Fully Qualified Domain Name (FQDN) for those hosts.) You can provide the FQDN in the following patterns:
    You can specify multiple addresses and address ranges by separating them by commas, semicolons, tabs, or blank spaces, or by placing them on separate lines. Use this technique to make more specific searches instead of searching overly wide ranges.

    For example, use host[1-3].network.com to specify these hosts: host1.network.com, host2.network.com, host3.network.com.

    Click Continue.



  8. In the Select JDK page, select any one from the below options:
    1. Manually manage JDK
    2. Install a Cloudera-provided version of OpenJDK
    3. Install a system-provided version of OpenJDK


  9. In the Enter Login Credentials page select the SSH Username and provide the password.


  10. The Install Agents page appears.


  11. In the Assign Roles page, you can customize the roles assignment for your new Private Cloud Containerized cluster.

    Click Continue.

  12. Configure a Docker Repository.
    There are several options for configuring a Docker Repository. For more information about these options, see Docker repository access.
    On the Configure Docker Repository page, select one of these options:
    • Embedded Docker Repository

      If you select the Internet Install Method option on the Getting Started page, images are copied over the internet from the Cloudera repository.

      If you select the Air Gapped option, images are copied from a local http mirror you have set up in your environment.

      Select Default to deploy all of the default Docker images to the repository, or select Select the Optional Images to choose which images to deploy. If you will be deploying Cloudera Machine Learning (CML), toggle the Cloudera Machine Learning switch on to copy the images for CML.

    • Cloudera default Docker Repository
      This option requires that cluster hosts have access to the internet and you have selected Internet as the install method.
      1. Ensure that the following ports are opened and allowed. This is required for completing the ECS installation.
        Protocol Port
        TCP 7180-7192
        TCP 19001
        TCP 5000
        TCP 9000
      2. Inbound rules for ECS Server nodes.
        Protocol Port
        TCP 9345
        TCP 6443
        UDP 8472
        TCP 10250
        TCP 2379
        TCP 2380
        TCP 30000-32767
      3. Inbound Rules for ECS Agent.
        Protocol Port
        UDP 4789
    • Custom Docker Repository

      This option requires that you set up a Docker Repository in your environment and that all cluster hosts have connectivity to the repository.

      You must enter the following options:
      • Custom Docker Repository – Enter the URL for your Docker Repository
      • Docker Username – Enter the username for the Docker Repository.
      • Docker Password – Enter the password for the Docker Repository.
      • Docker Certificate – Click the Choose File button to upload a TLS certificate to secure communications with the Docker Repository.
      Click the Generate the copy-docker script button to generate and download a script that copies the Docker images from Cloudera, or (for air-gapped installation) from a local http mirror in your network.
      Run the script from a machine that is running Docker locally and has access to the Docker images using the following commands:
      docker login [***URL for Docker Repository***] -u [***username of user with write access***]

bash copy-docker.txt

      The copying operation may take 4 - 5 hours.

  13. In the Configure Data Services page, you can modify configuration settings such as the data storage directory, number of replicas, and so on. If there are multiple disks mounted on each host with different characteristics (HDD and SSD), then Local Path Storage Directory must point to the path belonging to the optimal storage. Ensure that you have reviewed your changes. If you want to specify a custom certificate, place the certificate and the private key in a specific location on the Cloudera Manager server host and specify the paths in the input boxes labelled as Ingress Controller TLS/SSL Server Certificate/Private Key File below. This certificate will be copied to the Control Plane during the installation process.

    Click Continue.

  14. In the Configure Databases page, follow the instructions in the wizard to use your external existing databases with CDP Private Cloud.

    Click Continue.



    For production environments, Cloudera recommends that you use databases that you have previously created. These databases must all be on the same host and that host must be a PostgreSQL database server running version 10 or 12.

    Ensure that you have selected the Use TLS for Connections Between the Control Plane and the Database option if you have plans to use Cloudera Data Warehouse (CDW). Enabling the Private Cloud Base Cluster PostgreSQL database to use an SSL connection to encrypt client-server communication is a requirement for CDW in CDP Private Cloud.

  15. In the Install Parcels page, the selected parcels are downloaded and installed on the host cluster. Click Continue.
  16. In the Inspect Cluster page, you can inspect your network performance and hosts. If the inspect tool displays any issues, you can fix those issues and run the inspect tool again.

    Click Continue.

  17. In the Install Data Services page, you will see the installation process.
  18. After the installation is complete, you will see the Summary image. You can Launch CDP Private Cloud.
  19. After the installation is complete, you can access your Private Cloud Data Services instance from Cloudera Manager > click Open Private Cloud Data Services.

If the installation fails, and you see the following error message in the stderr output during the Install Longhorn UI step, retry the installation by clicking the Resume button.

++ openssl passwd -stdin -apr1 + echo 'cm-longhorn:$apr1$gp2nrbtq$1KYPGI0QNlFJ2lo5sV62l0' + kubectl -n longhorn-system create secret generic basic-auth --from-file=auth + rm -f auth + kubectl -n longhorn-system apply -f /opt/cloudera/cm-agent/service/ecs/longhorn-ingress.yaml Error from server (InternalError): error when creating "/opt/cloudera/cm-agent/service/ecs/longhorn-ingress.yaml": 
Internal error occurred: failed calling webhook "validate.nginx.ingress.kubernetes.io": Post "https://rke2-ingress-nginx-controller-admission.kube-system.svc:443/networking/v1/ingresses?timeout=10s": x509: certificate signed by unknown authority