Cloudera Manager Installation and Setup

Install Cloudera Manager, install Cloudera Manager agents and daemons, add Cloudera Management service, enable TLS, and finally configure clusters to use Kerberos.

  1. Get the blueprint of your old cluster that becomes the template of the new cluster. Ensure that you have downloaded the Ambari blueprint. If not, download Ambari blueprint. For more information, see Download Cluster Blueprints.
  2. Preconfigure the databases for:
    • Cloudera Manager Server
    • Cloudera Management Service roles - Reports Manager
    • Data Analytics Studio (DAS) Supported with PostgreSQL only.
    • Hue
    • Each Hive metastore
    • Oozie
    • Data Analytics Studio
    • Schema Registry
    • Streams Messaging Manager

      For more information, see Setup Cloudera Manager database and Install and Configure Databases.

  3. Prepare to install and configure the Cloudera Manager packages. For more information, see Configuring Repository. Do this if you have not done it already. Confirm that the repo is set up.
  4. Install Cloudera Manager Server. For more information on installing Cloudera Manager Server, see Installing Cloudera Manager.
  5. Install Agents on all hosts in the cluster. It is possible to add hosts to Cloudera Manager using the Installation Wizard.

    It is easier to install the Cloudera Manager agents (daemons and agent packages) on all cluster hosts:

    Once installed, update the server_host=localhost line in the /etc/cloudera-scm-agent/config.ini the Cloudera Manager agent configuration file on each host to %server_host=<cloudera manager server>;.

  6. Start Cloudera Manager Server and Cloudera Manager agents on all hosts.
  7. Install Cloudera Manager User licence. For more information, see Installation Wizard. (Upload the License file and stop).
  8. Add Cloudera Manager management service to the cluster. To add services to the cluster, see Select Services.
  9. Enable Cloudera Manager TLS (Optional) if you want:
    • Certificate management: Creating certificates, keystores, and truststores.
    • Certificate distribution or configuration:
      • Copying keystores & truststores to servers.
      • Configuring services to reference these keystores & truststores.
      • Configuring related TLS properties for service.
    • Ensure that you compare Manual TLS and Auto TLS and then proceed. For more information, see Comparing manual TLS and Auto-TLS
    • If you select the Manual TLS option, you must manually configure TLS. For more information, see Manually configure TLS Encryption for Cloudera Manager.
    • If you select the Auto TLS option 1, Cloudera Manager handles it independent of any company certificate authority. This is basically creating a private certificate authority that only Cloudera Manager knows about.
      • If you want TLS but you do not have any of the external certificate management infrastructures then you will probably want this.
      • The benefit is you get full automation for the cluster side (management & certificate distribution and configuration) but requires client configuration to trust the private certificate authority. For more information, see Auto TLS 1
    • If you select Auto TLS option 2a, Cloudera Manager handles certificate management based on a company certificate authority. Cloudera Manager generates certificates on your behalf using the certificate authority and performs distribution and configuration for you.
      • If you want TLS and are willing to extend trust from an external certificate authority to Cloudera Manager and allow Cloudera Manager to generate certificates will want this.
      • The benefit is you get full automation for the cluster side (management & certificate distribution and configuration) but requires extending trust to Cloudera Manager. Clients need not require any additional configuration because they would already trust the global company certificate authority. For more information, see Auto TLS 2
    • If you select AutoTLS option 2b, you are only doing certificate distribution and configuration because you are doing certificate management outside of Cloudera Manager and manually loading those certificates into Cloudera Manager's certificate repository.
      • If you want TLS but are unwilling to extend trust from an external certificate authority to Cloudera Manager will want this.
      • The benefit is you get partially automated for the cluster side (certificate distribution and configuration only). Per-host or per-service certificate management done outside of Cloudera Manager and certificates manually uploaded into Cloudera Manager by an admin. For more information, see Auto TLS 2
  10. Set up Kerberos. If you have a Kerberos cluster, then you must add the KDC details in the Administration>Security>Kerberos Credentials>Setup KDC for Cloudera Manager page using Cloudera Manager. For more information on Kerberos and Active Directory, see Enabling Kerberos authentication for CDP