Cloudera Manager Installation and Setup
Install Cloudera Manager, install Cloudera Manager agents and daemons, add Cloudera Management service, enable TLS, and finally configure clusters to use Kerberos.
Get the blueprint of your old cluster that becomes the template of the new
cluster. Ensure that you have downloaded the Ambari blueprint. If not, download
Ambari blueprint. For more information, see Download Cluster Blueprints.
Preconfigure the databases for:
- Cloudera Manager Server
- Cloudera Management Service roles - Reports Manager
- Data Analytics Studio (DAS) Supported with PostgreSQL only.
- Each Hive metastore
- Data Analytics Studio
- Schema Registry
- Streams Messaging Manager
- Prepare to install and configure the Cloudera Manager packages. For more information, see Configuring Repository. Do this if you have not done it already. Confirm that the repo is set up.
- Install Cloudera Manager Server. For more information on installing Cloudera Manager Server, see Installing Cloudera Manager.
Install Agents on all hosts in the cluster. It is possible to add hosts to
Cloudera Manager using the Installation Wizard.
It is easier to install the Cloudera Manager agents (daemons and agent packages) on all cluster hosts:
Once installed, update the server_host=localhost line in the /etc/cloudera-scm-agent/config.ini the Cloudera Manager agent configuration file on each host to
%server_host=<cloudera manager server>;.
- Start Cloudera Manager Server and Cloudera Manager agents on all hosts.
Install Cloudera Manager User licence. For more information, see Installation Wizard. (Upload the
License file and stop).
- Add Cloudera Manager management service to the cluster. To add services to the cluster, see Select Services.
Enable Cloudera Manager TLS (Optional) if you want:
- Certificate management: Creating certificates, keystores, and truststores.
- Certificate distribution or configuration:
- Copying keystores & truststores to servers.
- Configuring services to reference these keystores & truststores.
- Configuring related TLS properties for service.
- Ensure that you compare Manual TLS and Auto TLS and then proceed. For more information, see Comparing manual TLS and Auto-TLS
- If you select the Manual TLS option, you must manually configure TLS. For more information, see Manually configure TLS Encryption for Cloudera Manager.
- If you select the Auto TLS option 1, Cloudera Manager handles it
independent of any company certificate authority. This is basically
creating a private certificate authority that only Cloudera Manager
- If you want TLS but you do not have any of the external certificate management infrastructures then you will probably want this.
- The benefit is you get full automation for the cluster side (management & certificate distribution and configuration) but requires client configuration to trust the private certificate authority. For more information, see Auto TLS 1
- If you select Auto TLS option 2a, Cloudera Manager handles certificate
management based on a company certificate authority. Cloudera Manager
generates certificates on your behalf using the certificate authority
and performs distribution and configuration for you.
- If you want TLS and are willing to extend trust from an external certificate authority to Cloudera Manager and allow Cloudera Manager to generate certificates will want this.
- The benefit is you get full automation for the cluster side (management & certificate distribution and configuration) but requires extending trust to Cloudera Manager. Clients need not require any additional configuration because they would already trust the global company certificate authority. For more information, see Auto TLS 2
- If you select AutoTLS option 2b, you are only doing certificate
distribution and configuration because you are doing certificate
management outside of Cloudera Manager and manually loading those
certificates into Cloudera Manager's certificate repository.
- If you want TLS but are unwilling to extend trust from an external certificate authority to Cloudera Manager will want this.
- The benefit is you get partially automated for the cluster side (certificate distribution and configuration only). Per-host or per-service certificate management done outside of Cloudera Manager and certificates manually uploaded into Cloudera Manager by an admin. For more information, see Auto TLS 2
Set up Kerberos. If you have a Kerberos cluster, then you must add the KDC
details in the Administration>Security>Kerberos Credentials>Setup KDC
for Cloudera Manager page using Cloudera Manager. For more
information on Kerberos and Active Directory, see Enabling Kerberos
authentication for CDP