Cloudera Manager Server Properties
Categories:
Advanced
| Display Name | Description | Property Name | Default Value | API Name | Required |
|---|---|---|---|---|---|
| Command Eviction Age | Length of time after which inactive commands are evicted from the database. Default is two years. | 730 day(s) |
command_eviction_age_hours
|
true | |
| Cloudera Manager Server Local Data Storage Directory | Local path used by Cloudera Manager for storing data, including command result files. Note that changes to this configuration will only apply to commands started after the change. It is highly recommended that existing data be migrated over to the new location for the data to be accessible via and managed by Cloudera Manager. | /var/lib/cloudera-scm-server |
command_storage_path
|
false | |
| Enable Debugging of API | When enabled, the server log will contain traces of all API calls. | false |
enable_api_debug
|
true | |
| Extra JVM arguments for Java-based services | A list of extra JVM arguments that Cloudera Manager will append to the command line for Java-based services. |
extra_jvm_opts
|
false | ||
| Agent Heartbeat Logging Directory | Specifies the location where Agent heartbeat requests and responses should be logged, for debugging purposes. If empty, logging is disabled. |
heartbeat_logging_dir
|
false | ||
| Offline Command Timeout | The amount of time (in seconds) to wait for all requested hosts to be offlined. If all requested hosts are not transitioned to offline in this interval, the command fails. If timeout occurs, hosts that transitioned to maintenance stay in maintenance, and those that failed to transition are returned to the normal state. | 10 minute(s) |
offline_default_timeout
|
false | |
| Cloudera Manager Descriptor Fetch Timeout | Timeout for Cloudera Management Service roles to fetch deployment descriptor from Cloudera Manager service. This may need to be increased for larger deployments where Management roles are timing out trying to fetch the descriptor. |
scm.server.proxy.timeout
|
10 second(s) |
scm_proxy_timeout
|
true |
| Tags Limit | The maximum number of tags that can be created globally. Note that creating more tags than are allowed by the default limit may lead to decreased performance of Cloudera Manager. | 100000 |
tags_limit
|
false | |
| Maximum Number of Time-Series Streams Returned Per Heatmap | The maximum number of time-series streams returned by a single time-series heatmap query. The default is 10,000 streams. This value can be set higher, but increasing it may negatively impact chart performance and may require more resources be given to the Cloudera Manager Server, Host Monitor, and Service Monitor. | 10000 |
tsquery_heatmap_streams_limit
|
true | |
| Time-Series Request Timeout | Timeout for requests to Service and Host Monitor. | 20 second(s) |
tsquery_request_timeout
|
true | |
| Maximum Number of Time-Series Streams Returned Per Scatter Plot | The maximum number of time-series streams returned by a single time-series scatter plot. The default is 1000 streams. This value can be set higher, but increasing it may negatively impact chart performance and may require more resources be given to the Cloudera Manager Server, Host Monitor, and Service Monitor. | 1000 |
tsquery_scatter_streams_limit
|
true | |
| Maximum Number Of Time-Series Streams Returned Per Line-Based Chart | The maximum number of time-series streams that will be returned by a single time-series query. The default is 250 streams. This value can be set higher, but increasing it may negatively impact chart performance and may require more resources be given to the Cloudera Manager Server, Host Monitor, and Service Monitor. | 250 |
tsquery_streams_limit
|
true | |
| Maximum Number of Time-Series Streams Returned Per Table | The maximum number of time-series streams returned in a single time-series table. The default is 2000 streams. This value can be set higher, but increasing it may negatively impact chart performance and may require more resources be given to the Cloudera Manager Server, Host Monitor, and Service Monitor. | 2000 |
tsquery_table_streams_limit
|
true |
Altus
| Display Name | Description | Property Name | Default Value | API Name | Required |
|---|---|---|---|---|---|
| Telemetry Altus Account | The account to use for data collection to Altus. This by itself does not enable telemetry. Telemetry needs to be explicitly enabled for specific services. |
telemetry_altus_account
|
false |
Custom Service Descriptors
| Display Name | Description | Property Name | Default Value | API Name | Required |
|---|---|---|---|---|---|
| Enable Local Descriptor Repository | When enabled, the server will read custom service descriptors from the local filesystem. | true |
csd_repo_enabled
|
true | |
| Local Descriptor Repository Path | Path to the local repository where custom service descriptors are located. | /opt/cloudera/csd |
csd_repo_path
|
true |
External Authentication
| Display Name | Description | Property Name | Default Value | API Name | Required |
|---|---|---|---|---|---|
| Authentication Backend Order | The order in which authentication back ends are used for authenticating a user. Emergency Administrator Access allows Full and User Administrators in the local database to authenticate if external authentication is not functioning. | DB_ONLY |
auth_backend_order
|
true | |
| External Authentication Program Path | An external script (or binary) to use to authenticate users. Username is passed as the first command line argument. The password is passed over stdin. You can configure the return codes for the external script on the Roles page. A negative return value indicates a failure. A failure description can be printed to stderr. |
auth_script
|
false | ||
| Authorization Backend Order. | The order in which authorization back ends are used for authorizing a user.This determines where a user's roles come from. If "Database and External" is chosen, then the union of all roles is used. | EXTERNAL_AND_DB |
authorization_backend_order
|
true | |
| Enable SPNEGO/Kerberos Authentication for the Admin Console and API | When enabled, you can authenticate to the Cloudera Manager Admin Console and API using Kerberos via the SPNEGO protocol. If you have not imported Kerberos admin credentials, you must also specify the Kerberos principal for SPNEGO authentication and Kerberos keytab file for SPNEGO authentication. This method of authentication is in addition to the configured external authentication methods. | false |
krb_auth_enable
|
true | |
| Exclude Users for SPNEGO/Kerberos Authentication | Users in this list will not be allowed to authenticate to Cloudera Manager using SPNEGO/Kerberos. They can still authenticate using other methods. | admin |
krb_auth_exclude_users
|
false | |
| Keytab File for SPNEGO Authentication Override | This is a path to the keytab file that Cloudera Manager will use for SPNEGO/Kerberos authentication. You can leave this blank to have Cloudera Manager automatically generate this keytab. |
krb_auth_keytab
|
false | ||
| Kerberos Principal for SPNEGO Authentication Override | This is the full name of the service principal that Cloudera Manager will use for SPNEGO/Kerberos authentication. It is usually "HTTP/fqdn@REALM" where "fqdn" is the Cloudera Manager host and "REALM" is the Kerberos domain. The Kerberos keytab file for SPNEGO authentication must contain an entry for this principal. You can leave this blank to have Cloudera Manager automatically generate this principal. |
krb_auth_principal
|
false | ||
| LDAP Bind User Distinguished Name | Distinguished name of the user to bind to AD as for user authentication search/bind and group lookup for role authorization. For openLDAP based directories this should be a DN string, for Active Directory this can be just a username, combined with the "Active Directory Domain" value for login. For example username in the field and example.com in the active directory domain will result in the User Principal Name value of username@example.com being used to bind. If you put a UPM value here, do not over-configure the "active directory domain" field otherwise you will end up presenting username@example.com@example.com for binds.
AD will accept a UPN value or the DN value as a valid Bind DN;
An example of a Distinguished Name (DN): CN=cdh admin,OU=svcaccount,DC=example,DC=com
An example of a UPN value: cdhadmin@example.com |
ldap_bind_dn
|
false | ||
| LDAP Bind Distinguished Name for Monitoring | Distinguished name of the user to bind as for LDAP monitoring purposes. A name compliant to RFC 2253 is required here. |
ldap_bind_dn_monitoring
|
false | ||
| LDAP Bind Password | The password of the bind user. |
ldap_bind_pw
|
false | ||
| LDAP Bind Password for Monitoring | Password of the bind user used for LDAP monitoring purposes. If empty, the password of the authentication bind user will be used. |
ldap_bind_pw_monitoring
|
false | ||
| LDAP Distinguished Name Pattern | This setting is deprecated and soon to be removed, do not use LDAP Distinguished Name Pattern for configuration moving forward. It is not necessary to use and deprecated as a configuration approach for LDAP and AD in general. |
ldap_dn_pattern
|
false | ||
| LDAP Group Search Base | The distinguished name indicating the path within the directory information tree to begin user searches from. For example in AD it would be cn=groups,dc=example,dc=com. Or in an openLDAP compatible situation it would be something like ou=groups,dc=example,dc=com. Check with your directory administration team on the proper search base to configure for your environment. |
ldap_group_search_base
|
false | ||
| LDAP Group Search Filter | The search filter to use for finding groups for authorization of authenticated users for their Cloudera Manager role. For Active Directory and openLDAP compatible directories this will usually be (member={0}), where {0} will be replaced by DN string for a successfully authenticated user through the search/bind process. This requires configuration of the LDAP Bind User Distinguished Name field. |
ldap_group_search_filter
|
false | ||
| External Authentication Type | The type of external authentication to use. | ACTIVE_DIRECTORY |
ldap_type
|
true | |
| LDAP URL | The URL of the LDAP server. The URL must be prefixed with ldap:// or ldaps://. The URL can optionally specify a custom port, for example: ldaps://ldap_server.example.com:1636. Note that usernames and passwords will be transmitted in the clear unless either an ldaps:// URL is used, or "Enable LDAP TLS" is turned on (where available). Also note that encryption must be in use between the client and this service for the same reason.For more detail on the LDAP URL format, see RFC 2255 |
ldap_url
|
false | ||
| LDAP User Search Base | The distinguished name indicating the path within the directory information tree to begin user searches from. For example in AD it would be cn=users,dc=example,dc=com. Or in an openLDAP compatible situation it would be something like ou=people,dc=example,dc=com. Check with your directory administration team on the proper user search base to configure for your environment. |
ldap_user_search_base
|
false | ||
| LDAP User Search Filter | The search filter to use for finding users. For AD configuration it will be (sAMAccountName={0}) and for openLDAP compatible directories it will usually be (uid={0}). Note that a custom attribute can also be used if the directory is configured differently for user names. The {0} expands the currently authenticating user''s name entered in the login form for the query. |
ldap_user_search_filter
|
false | ||
| Active Directory Domain | Use this field for Active Directory configurations only, when combined with a simple username value in the "LDAP Bind User Distinguished Name" field, it will result in a UPM of user@example.com used for search/bind operations for authenticated user lookups. |
nt_domain
|
false | ||
| Allowed Groups for Knox Proxy | When Apache Knox makes a proxy request to Cloudera Manager, the proxied user must belong to one of these LDAP groups. This configuration is only used if LDAP authentication is enabled and the Authorization Backend Order is not Database Only. A wildcard "*" entry allows any group. |
proxyuser_knox_groups
|
false | ||
| Allowed Hosts for Knox Proxy | When Apache Knox makes a proxy request to Cloudera Manager, the request must come from one of these hosts. You can specify either an IP address or a fully-qualified domain name. If using multiple Knox gateways, make sure that all gateway hosts are listed here. A wildcard "*" entry allows any host. |
proxyuser_knox_hosts
|
false | ||
| Knox Proxy Principal | This is the service name of the Kerberos principal that Apache Knox will use to authenticate to Cloudera Manager when making proxy requests. Usually, this should be set to "knox" when using Knox to proxy to Cloudera Manager. If empty, Cloudera Manager will not accept proxy requests from any principal. The service name does not have to be a valid user. |
proxyuser_knox_principal
|
false | ||
| Allowed Users for Knox Proxy | When Apache Knox makes a proxy request to Cloudera Manager, the proxied user must be one of these users. A wildcard "*" entry allows any user. |
proxyuser_knox_users
|
false | ||
| SAML Entity Alias | Unique alias used to identify the selected instance of local service provider based on used URL. | clouderaManager |
saml_entity_alias
|
false | |
| SAML Entity Base URL | The Base URL used to construct redirect URLs reported in this server's SP metadata. Leave this blank to let the server calculate the base URL itself. |
saml_entity_base_url
|
false | ||
| SAML Entity ID | The ID that Cloudera Manager will use to identify itself to the IDP. This value should be unique to this Cloudera Manager installation. | clouderaManager |
saml_entity_id
|
true | |
| Alias of SAML Sign/Encrypt Private Key | The alias used to identify the sign/encrypt private key in the SAML keystore. |
saml_key_alias
|
false | ||
| SAML Sign/Encrypt Private Key Password | The password for the sign/encrypt private key in the SAML keystore. |
saml_key_password
|
false | ||
| SAML Keystore Password | The password for the SAML keystore. |
saml_keystore_password
|
false | ||
| Path to SAML Keystore File | The filesystem path to the keystore file containing the SP private key and any necessary public certificates to validate the IDP. |
saml_keystore_path
|
false | ||
| SAML Login URL | If your IDP does not support SP-initiated SSO (very uncommon), you use a separate login URL, outside of Cloudera Manager. Provide that URL here so that Cloudera Manager can use it when a user needs to log in. |
saml_login_url
|
false | ||
| Path to SAML IDP Metadata File | The filesystem path to the IDP metadata XML file. |
saml_metadata_path
|
false | ||
| SAML Attribute Identifier for User Role | The URN OID that will identify the user's role in the SAML attributes. Only has an effect when 'Attribute' based role assignment is used. | urn:oid:2.5.4.11 |
saml_oid_role
|
true | |
| SAML Attribute Identifier for User ID | The URN OID that will identify the user's ID in the SAML attributes. | urn:oid:0.9.2342.19200300.100.1.1 |
saml_oid_user
|
true | |
| SAML Response Binding | The SAML Binding format that the IDP is asked to use when sending authentication responses. | ARTIFACT |
saml_response_binding
|
true | |
| SAML Role Assignment Mechanism | The mechanism to use for assigning roles to users. 'Attribute' assigns roles based on a SAML attribute. 'Script' assigns roles based on the result of an external script. | ATTRIBUTE |
saml_role_mapper
|
true | |
| Path to SAML Role Assignment Script | An external script (or binary) to use to assign roles to SAML users. The username is passed as the first command-line argument. You can configure the return codes for the external script on the Roles page. A negative return value indicates a failure. |
saml_role_script
|
false | ||
| Source of User ID in SAML Response | Whether the user ID should be obtained from the SAML response's NameID field or from an attribute | ATTRIBUTE |
saml_user_source
|
true |
Kerberos
| Display Name | Description | Property Name | Default Value | API Name | Required |
|---|---|---|---|---|---|
| Active Directory Account Prefix | Prefix used in names while creating accounts in Active Directory. The prefix can be up to 10 characters long and can be set to identify accounts used for authentication by CDH processes. Used only if Active Directory KDC is used for authentication. |
ad_account_prefix
|
false | ||
| Active Directory Account Properties | Active Directory account properties used in credential generation. Used only if Active Directory KDC is being used for authentication. | accountExpires=0, objectClass=top, objectClass=person, objectClass=organizationalPerson, objectClass=user |
ad_account_properties
|
false | |
| Active Directory Delete Accounts on Credential Regeneration | Set this option to true if regeneration of credentials should automatically delete the associated Active Directory accounts. Used only if Active Directory KDC is used for authentication. | false |
ad_delete_on_regenerate
|
false | |
| Active Directory Suffix | Active Directory suffix where all the accounts used by CDH daemons will be created. Used only if Active Directory KDC is being used for authentication. | ou=hadoop, DC=hadoop, DC=com |
ad_kdc_domain
|
true | |
| Active Directory LDAP Port | Port to use for LDAP when using Active Directory for authentication. This port is going to transmit encrypted information protected by Kerberos SASL. | 389 |
ad_ldap_port
|
true | |
| Active Directory LDAPS Port | Port to use for LDAP over TLS/SSL when using Active Directory for authentication. | 636 |
ad_ldaps_port
|
true | |
| Active Directory Password Properties | Active Directory password properties used in password generation. Used only if Active Directory KDC is being used for authentication. | length=12, minLowerCaseLetters=2, minUpperCaseLetters=2, minDigits=2, minSpaces=0, minSpecialChars=0, specialChars=?.!$%^*()-_+=~ |
ad_password_properties
|
false | |
| Active Directory Set Encryption Types | Set this option to true if creation of Active Directory accounts should automatically turn on the associated encryption types represented by the msDS-EncryptionTypes field. Used only if Active Directory KDC is used for authentication. | false |
ad_set_encryption_types
|
false | |
| Custom Kerberos Keytab Retrieval Script | Specify the path to a custom script (or executable) to retrieve a Kerberos keytab. The script should take two arguments: a destination file to write the keytab to, and the full principal name to retrieve the key for. If this property is specified, Cloudera Manager ignores all other properties specified for Kerberos setup. |
gen_keytab_script
|
false | ||
| Active Directory Domain Controller Override | If multiple Active Directory Domain Controllers are behind a load-balancer, Cloudera Manager should be provided with the address of one of them. Cloudera Manager then sends commands to create accounts to that Domain Controller only. Note: This setting is used only while creating accounts. CDH services use the value entered in the KDC Server Host field only while authenticating. |
kdc_account_creation_host_override
|
false | ||
| KDC Admin Server Host | Host where the KDC Admin server is located. Port number is optional and can be provided as hostname[:port] |
admin_server
|
kdc_admin_host
|
false | |
| KDC Server Host | Host where the KDC server is located. Port number is optional and can be provided as hostname[:port] |
kdc
|
kdc_host
|
false | |
| KDC Type | Type of KDC used for authentication in CDH clusters | MIT KDC |
kdc_type
|
true | |
| DNS Lookup KDC | Indicate whether DNS SRV records should be used to locate the KDCs and other servers for a realm, if they are not listed in the krb5.conf information for the realm. |
dns_lookup_kdc
|
false |
krb_dns_lookup_kdc
|
true |
| Domain Name(s) | Domain(s) which are mapped to this Kerberos Realm. This is used to generate [domain_realm] section. Also, the first domain is used as default_domain in [realms] section |
krb_domain
|
false | ||
| Kerberos Encryption Types | Encryption types supported by KDC. Note: To use AES encryption, make sure you have deployed JCE Unlimited Strength Policy File by following the instructions here. | rc4-hmac |
krb_enc_types
|
false | |
| Forwardable Tickets | If this flag is true, initial tickets will be forwardable by default, if allowed by the KDC. |
forwardable
|
true |
krb_forwardable
|
true |
| KDC Timeout | The maximum time to wait for a reply from the KDC. A time of 0 seconds means "use the client's default". |
kdc_timeout
|
3 second(s) |
krb_kdc_timeout
|
false |
| Advanced Configuration Snippet (Safety Valve) for [libdefaults] section of krb5.conf | For advanced use only. Any text here will be emitted verbatim in the [libdefaults] section of krb5.conf. |
krb_libdefaults_safety_valve
|
false | ||
| Manage krb5.conf through Cloudera Manager | Whether Cloudera Manager should configure and deploy krb5.conf on secure clusters. If this property is not checked, then you must ensure that krb5.conf is deployed on hosts in a secure cluster as well as on Cloudera Manager Server's host. | false |
krb_manage_krb5_conf
|
false | |
| Advanced Configuration Snippet (Safety Valve) for remaining krb5.conf | For advanced use only. Cloudera Manager configures the [libdefaults], [realms] and [domain_realm] section of krb5.conf. Any text here will be emitted verbatim after them in krb5.conf. |
krb_other_safety_valve
|
false | ||
| Advanced Configuration Snippet (Safety Valve) for the Default Realm in krb5.conf | For advanced use only. Any text here will be emitted verbatim in the [realms] section of krb5.conf for the specified security realm. If you want to add realms besides the default one, configure them using Advanced Configuration Snippet (Safety Valve) for remaining krb5.conf. |
krb_realms_safety_valve
|
false | ||
| Kerberos Renewable Lifetime | Default renewable lifetime for initial ticket requests. |
renew_lifetime
|
7 day(s) |
krb_renew_lifetime
|
true |
| Kerberos Ticket Lifetime | Default lifetime for initial ticket requests. |
ticket_lifetime
|
1 day(s) |
krb_ticket_lifetime
|
true |
| Maximum Renewable Life for Principals | Maximum renewable lifetime for Kerberos principals generated by Cloudera Manager. This property is used only if MIT KDC is used. Set this property to zero if the KDC should provide the maximum renewable lifetime. Note: Principals with non-renewable tickets are not recommended because they can prevent Hadoop services from functioning. | 5 day(s) |
max_renew_life
|
true | |
| Kerberos Security Realm | The realm to use for Kerberos security. Note: Changing this setting would clear up all existing credentials and keytabs from Cloudera Manager. |
default_realm
|
HADOOP.COM |
security_realm
|
true |
| Kerberos Trusted Realms | List of Kerberos realms that all services on this Cloudera Manager should trust. This parameter is used to configure and verify krb5.conf file. The parameter is auto-configured while adding a peer, but it is recommended that users ensure the values are correct. |
trusted_realms
|
trusted_realms
|
false |
Monitoring
| Display Name | Description | Property Name | Default Value | API Name | Required |
|---|---|---|---|---|---|
| Cross Entity Aggregate Generation Filters | Specifies two filters, a blacklist and a whitelist, that impact cross-entity aggregates generated by the Cloudera Manager monitoring system. By default, cross-entity aggregates are generated for all types. The blacklist entries can be used to disable generation of cross-entity aggregates, and whitelist entries can be used to force their creation.The JSON structure of this field is as follows:
|
blacklist: streams : [ ], types : [ KUDU_REPLICA::KUDU_TABLET::STATISTICAL ] , whitelist: streams : [ ], types : [ ] |
cross_entity_aggregate_filters
|
false | |
| Set health status to Bad if the Agent heartbeats fail | If an Agent fails to send this number of expected consecutive heartbeats to the Server, a "Bad" health status is assigned to that Agent. | 10 time(s) |
missed_hb_bad
|
true | |
| Set health status to Concerning if the Agent heartbeats fail | If an Agent fails to send this number of expected consecutive heartbeats to the Server, a "Concerning" health status is assigned to that Agent. | 5 time(s) |
missed_hb_concerning
|
true |
Network
| Display Name | Description | Property Name | Default Value | API Name | Required |
|---|---|---|---|---|---|
| Proxy Password | The basic authentication password for the proxy. |
parcel_proxy_password
|
false | ||
| Proxy Port | The port for the proxy server to be used when the Cloudera Manager Server accesses the Internet, such as when downloading parcels and uploading diagnostic data. |
parcel_proxy_port
|
false | ||
| Proxy Protocol | The protocol to use for the proxy server when the Cloudera Manager Server accesses the Internet, such as when downloading parcels and uploading diagnostic data. | HTTP |
parcel_proxy_protocol
|
true | |
| Proxy Server | The proxy server to be used when the Cloudera Manager Server accesses the Internet, such as when downloading parcels and uploading diagnostic data. |
parcel_proxy_server
|
false | ||
| Proxy User | The basic authentication user name for the proxy. |
parcel_proxy_user
|
false | ||
| Enable Automatic Authentication for Cloudera Repositories | You must enable this option if you are accessing Cloudera Repositories that require authentication. Cloudera Manager will use the configured HTTP authentication override username and password if configured, or the information from the installed license. You can disable this option if you are using local repository mirrors, if you have an internal alias or mirror to archive.cloudera.com, or if you are only using the public Cloudera Repositories that do not require authentication. | true |
remote_repo_auth
|
false | |
| HTTP authentication password override for Cloudera Repositories | Use this only in consultation with Cloudera Support. Specify an override password for HTTP authentication for Cloudera Repositories. You must also specify HTTP authentication override username. |
remote_repo_override_password
|
false | ||
| HTTP authentication username override for Cloudera Repositories | Use this only in consultation with Cloudera Support. Specify an override username for HTTP authentication for Cloudera Repositories. You must also specify an HTTP authentication override password. |
remote_repo_override_user
|
false |
Other
| Display Name | Description | Property Name | Default Value | API Name | Required |
|---|---|---|---|---|---|
| Allow Usage Data Collection | Allows Cloudera to collect usage data, including the use of Google Analytics. | true |
allow_usage_data
|
true | |
| CDP Private Cloud Repository URLs | URLs of the remote repositories where Cloudera Manager can download the CDP Private Cloud installer. There should be a manifest.json under these URLs. If you are using local mirror repositories, do not delete these local mirrors until after the corresponding CDP Private Cloud deployment has been upgraded or uninstalled. | https://archive.cloudera.com/p/cdp-pvc/latest |
cdppc_repo_urls
|
false | |
| Custom Banner Text | The custom banner is used to display customer specific text in the header area. |
custom_banner_html
|
false | ||
| Custom Header Color | The custom header color is used to distinguish different instances of Cloudera Manager. | BLACK |
custom_header_color
|
true | |
| Custom Information Assurance Policy Text | An information assurance policy statement that must be agreed to in order for a user to login. |
custom_ia_policy
|
false | ||
| Enable Embedded Database Check | When this option is unchecked, warnings about the embedded PostgreSQL database are suppressed. | true |
enable_embedded_db_check
|
false | |
| Enable Events Widget Auto-Search | When enabled, the Events widget at the bottom of many pages will auto-fire its default search on page load. | true |
events_widget_search_on_load
|
true | |
| Maximum Cluster Count Shown In Full | When the number of clusters exceeds this number, only the cluster summary information will be shown on the home page. | 2 |
home_page_full_limit
|
true | |
| System Identifier | An identifier for this system, to be included with diagnostic data bundles. | default |
system_identifier
|
true |
Parcels
| Display Name | Description | Property Name | Default Value | API Name | Required |
|---|---|---|---|---|---|
| Automatically Distribute Available Parcels | Whether available parcels should be automatically distributed to any cluster that already has parcels of the same product. | false |
distribute_parcels_automatically
|
true | |
| Automatically Download New Parcels | Whether new parcels discovered on the remote parcel repository should be automatically downloaded. | false |
download_parcels_automatically
|
true | |
| Cloudera Manager Manages Parcels | Whether Cloudera Manager should manage which parcels should be present on all managed hosts. | true |
manages_parcels
|
true | |
| Automatically Downloaded Products | If automatic parcel downloading is enabled, the list of products that will be downloaded. | CDH |
parcel_autodownload_products
|
false | |
| Automatically Remove Old Parcels | Whether parcels for old versions of an activated product should be removed from a cluster when they are no longer in use. | false |
parcel_cleanup_automatically
|
true | |
| Number of Old Parcel Versions to Retain | If automatic removal of old parcels is enabled, the number of old parcels to keep. Any old parcels beyond this value will any be removed. If this is set to zero, no old parcels will be retained. | 3 |
parcel_cleanup_threshold
|
true | |
| Parcel Distribution Rate Limit | Per-second rate limit for parcel distribution. The default of 50MiB/second allows for parcel distribution to saturate about half of a Gigabit link. | 50 MiB |
parcel_distribute_rate_limit_kbs_per_second
|
true | |
| Maximum Parcel Uploads | Maximum number of concurrent uploads allowed to distribute parcels to individual hosts. The maximum allowed number of concurrent uploads is 50. | 10 |
parcel_max_upload
|
true | |
| Validate Parcel Relations | Enforce that parcel dependencies are satisfied and conflicts are prevented when activating parcels. Parcel relations (Depends, Conflicts, and Replaces) can be defined the manifests of parcel repositories. Cloudera Manager can also enforce some default relations if none are defined in the manifest. | true |
parcel_relation_validation
|
true | |
| Local Parcel Repository Path | Path to the local package parcel repository from which binaries are served to the Agents. | /opt/cloudera/parcel-repo |
parcel_repo_path
|
true | |
| Create System-Wide Symlinks for Active Parcels | Whether system-wide symlinks should be created for the active parcels (for example, /usr/bin/hadoop). | true |
parcel_symlinks
|
true | |
| Parcel Update Frequency | How often to check local and remote parcel repositories for new parcels and if any old parcels should be cleaned up. Setting a value of 0 disables the parcel check. | 1 hour(s) |
parcel_update_freq
|
true | |
| Create Users and Groups, and Apply File Permissions for Parcels | Whether a parcel's specified users, groups and file permissions should be applied. This may not be desired if custom users and groups are being used, or if they have to be created externally (eg: in LDAP) | true |
parcel_users_groups_permissions
|
true | |
| Remote Parcel Repository URLs | URLs of the remote parcel repositories where Cloudera Manager checks for new parcels. When checking for new parcels, Cloudera Manager sends the ID of the server and the server version to the repository host. The special variable {latest_supported} is replaced with the latest version of CDH that Cloudera Manager supports when checks are made. | https://archive.cloudera.com/p/cdh7/latest_supported/parcels/ https://archive.cloudera.com/cdh7/latest_supported/parcels/ https://archive.cloudera.com/p/cdh6/latest_supported/parcels/ https://archive.cloudera.com/cdh6/latest_supported/parcels/ https://archive.cloudera.com/p/cdh5/parcels/latest https://archive.cloudera.com/cdh5/parcels/5.16/ https://parcels.repos.intel.com/mkl/latest |
remote_parcel_repo_urls
|
false | |
| Retain Downloaded Parcel Files | Whether downloaded parcel files be kept by Agents after they have been unpacked. Keeping the parcel files consumes additional disk space but allows downloads to be avoided if the parcel ever needs to be unpacked again. | true |
retain_parcels_in_cache
|
true |
Performance
| Display Name | Description | Property Name | Default Value | API Name | Required |
|---|---|---|---|---|---|
| Send Agent heartbeat every | The interval between each heartbeat that is sent from Agents to the server | 15 second(s) |
heartbeat_interval
|
true | |
| Agent heartbeat requester | Whether heartbeat request must be made on-demand instead of relying on the next periodic heartbeat. System property setting "cmf.heartbeat.enableExplicit=false" takes precedence over this configuration. | true |
heartbeat_requester
|
true |
Ports and Addresses
| Display Name | Description | Property Name | Default Value | API Name | Required |
|---|---|---|---|---|---|
| Agent Port to connect to Server | Specify the port for Agents to use to connect to the Server. Must be 1024 or higher. | 7182 |
agent_port
|
true | |
| Cloudera Manager Hostname Override | Override to use for Cloudera Manager's hostname. Normally this is determined automatically, but this can be used if InetAddress.getLocalhost() is returning the loopback address. |
cm_host_name
|
false | ||
| Cloudera Manager Frontend URL | If you are using a proxy such as Knox or a load balancer to access Cloudera Manager, specify the frontend URL of that proxy here. This will be used as a prefix for generating URLs and quick links. This should be in the form of https://server:port and should not contain any path information starting at /cmf. After making a change, restart the Alert Publisher role to ensure all emails are generated using this url. |
frontend_url
|
frontend_url
|
false | |
| HTTP Port for Admin Console | Specify the HTTP port to use to access the Server via the Admin Console. Must be 1024 or higher. | 7180 |
http_port
|
true | |
| HTTPS Port for Admin Console | Specify the HTTPS port to use to access the Server via the Admin Console. Must be 1024 or higher. | 7183 |
https_port
|
true |
Replication
| Display Name | Description | Property Name | Default Value | API Name | Required |
|---|---|---|---|---|---|
| Custom Kerberos Keytab Location (to be used for replication for secure clusters on this Cloudera Manager) | Define a custom Kerberos keytab location on the Cloudera Manager host to use for replication. If this configuration is specified, the "Custom Kerberos Principal Name" must also be specified. The keytab should be owned by the user running the Cloudera Manager server process (typically "cloudera-scm") and should be configured with a filesystem access control of "0400". |
bdr_replication_kerberos_keytab_location
|
false | ||
| Custom Kerberos Principal Name (to be used for replication for secure clusters on this Cloudera Manager) | Define a custom Kerberos principal name with an entry in the custom keytab defined in "Custom Kerberos Keytab Location". The principal should be a fully qualified name of an existing principal (eg. adminuser@MY.COMPANY.COM) and the principal must have an entry in the keytab specified in "Custom Kerberos Keytab Location". The principal should also be a superuser in all distributed file system services on secure clusters in this Cloudera Manager. |
bdr_replication_kerberos_principal_name
|
false |
Reports
| Display Name | Description | Property Name | Default Value | API Name | Required |
|---|---|---|---|---|---|
| Report Configurations | List of configurations for the Cluster Utilization Report. | [ name: Default, tenantType: POOL, daysOfWeek: [], isAllDay: true, startHourOfDay: 0, endHourOfDay: 23 , name: Weekdays, tenantType: POOL, daysOfWeek: [1, 2, 3, 4, 5], isAllDay: true, startHourOfDay: 0, endHourOfDay: 23 ] |
report_configurations
|
true |
Security
| Display Name | Description | Property Name | Default Value | API Name | Required |
|---|---|---|---|---|---|
| Use TLS Encryption for Agents | Select this option to enable TLS encryption between the Server and Agents. | false |
agent_tls
|
false | |
| JKS Keystore File Password for Automatic TLS configuration | The password for JKS keystore file used for automatic TLS configuration of Cloudera Manager server, agent and services. |
auto_tls_keystore_password
|
false | ||
| JKS Truststore File Password for Automatic TLS configuration | The password for JKS truststore file used for automatic TLS configuration of Cloudera Manager server, agent and services. |
auto_tls_truststore_password
|
false | ||
| Automatic configuration of TLS for services | Allows automatic configuration of TLS for services using Cloudera Manager's TLS configuration without specifying TLS related settings like keystore path, password etc. for each service. | NONE |
auto_tls_type
|
false | |
| Redaction Parameters for Diagnostic Bundles | Note: Do not edit this property in the classic layout. Switch to the new layout to edit and test your rules inline.Use this property to define a list of rules to be followed for redacting sensitive information from diagnostic bundles. Click + to add a new redaction rule. You can choose one of the preconfigured rules or add a custom rule. When specifying a custom rule, the Search field should contain a regular expression to be matched against the data. If a match is found, it is replaced by the contents of the Replace field.Trigger is an optional field. It can be used to specify a simple string to be searched in the data. If the string is found, the redactor attempts to find a match for the Search regex. If no trigger is specified, redaction occurs by matching the Search regular expression. Use the Trigger field to enhance performance: simple string matching is faster than regular expression matching.Test your rules by entering sample text into the Test Redaction Rules text box and clicking Test Redaction. If no rules match, the text you entered is returned unchanged. | version: 1, rules: [ description: Redact passwords from json files, caseSensitive: false, trigger: password, search: \password\[ ]*:[ ]*\[^\]+\, replace: \password\: \BUNDLE-REDACTED\ , description: Redact password= and password:, caseSensitive: false, trigger: password, search: password[:=][^ \\\\\]+, replace: password=BUNDLE-REDACTED , description: Redact passwd= and passwd:, caseSensitive: false, trigger: passwd, search: passwd[:=][^ \\\\\]+, replace: passwd=BUNDLE-REDACTED , description: Redact pass= and pass:, caseSensitive: false, trigger: pass, search: pass[:=][^ \\\\\]+, replace: pass=BUNDLE-REDACTED , description: Redact PASSWORD, , caseSensitive: false, trigger: PASSWORD, , search: PASSWORD, [^\\\\\]+, replace: PASSWORD, BUNDLE-REDACTED , description: Redact key= and key:, caseSensitive: false, trigger: key, search: key[:=][^ \\\\\]+, replace: key=BUNDLE-REDACTED , description: Redact secret= and secret:, caseSensitive: false, trigger: secret, search: secret[:=][^ \\\\\]+, replace: secret=BUNDLE-REDACTED , description: Redact credential= and credential:, caseSensitive: false, trigger: credential, search: credential[:=][^ \\\\\]+, replace: credential=BUNDLE-REDACTED , description: Redact token= and token:, caseSensitive: false, trigger: token, search: token[:=][^ \\\\\]+, replace: token=BUNDLE-REDACTED , description: Redact keyid= and keyid:, caseSensitive: false, trigger: keyid, search: keyid[:=][^ \\\\\]+, replace: keyid=BUNDLE-REDACTED ] |
diag_bundle_redaction_policy
|
false | |
| Host certificate generator command. | Utility to be executed on CM server host to generate certificates for a new host. Host name will be passed as the sole positional argument. The process is expected to write to stdout a zip file containing keys/certificates. |
host_cert_generator
|
false | ||
| Cloudera Manager TLS/SSL Server JKS Keystore File Password | The password for the Cloudera Manager JKS keystore file. |
keystore_password
|
false | ||
| Cloudera Manager TLS/SSL Server JKS Keystore File Location | The path to the TLS/SSL keystore file containing the server certificate and private key used for TLS/SSL. Used when Cloudera Manager is acting as a TLS/SSL server. The keystore must be in JKS format. |
keystore_path
|
false | ||
| Last login audit | Enable audit for last login of current user. | true |
last_login_enabled
|
false | |
| Verify Agent Hostname Against Certificate | Select this option to verify that agent hostnames must match their TLS client certificates. | true |
need_agent_hostname_validation
|
true | |
| Use TLS Authentication of Agents to Server | Select this option to enable TLS Authentication of Agents to the Server. | false |
need_agent_validation
|
true | |
| Minimum password length | Minimum number of characters, including letters, digits, and special characters required in the password for local Cloudera Manager users. | 0 |
password_min_length
|
false | |
| Minimum number of digits required in password | Specifies the minimum number of digits required in the password. | 0 |
password_min_no_of_digits
|
false | |
| Minimum number of letters required in password | Specifies the minimum number of letters required in the password. | 0 |
password_min_no_of_letters
|
false | |
| Minimum number of special characters required in password | Specifies the minimum number of non-alphanumeric characters required in the password. | 0 |
password_min_no_of_special_chars
|
false | |
| HTTP Referer Check | Whether to verify "Referer" in HTTP header for state changing requests. This protects against cross-site request forgery, but may need to be turned off if browsers or proxies in your environment do not specify the header. | true |
referer_check
|
true | |
| Maximum Number of Active User Sessions | Restrict users to a certain number of active sessions at a time. If set, a user is limited to the specified number of sessions, and the oldest session is terminiated if the user logs in somewhere else. If not set, users can be logged in from as many places as they choose. If the user has 'Remember Me' turned on, or SAML is used for authentication, the user is automatically logged back in each time the session is ended. '0' means no limit is applied. | 0 |
session_limit_concurrency
|
true | |
| Allow 'Remember Me' Option | Whether to allow a user to select 'Remember Me' when logging in. If this is set, the user will not need to log in again for two weeks (unless the server is restarted during that time). If the user chooses 'Remember Me', then the session timeout is ignored. | true |
session_remember_me
|
true | |
| Session Timeout | The length of time a user's session can be idle for before the user must log in again. | 30 minute(s) |
session_timeout
|
true | |
| Show Stacktraces On Error Pages | Control whether stacktraces are shown on error pages. While stacktraces help with debugging, they can sometimes expose sensitive information to a potentially malicious user. | false |
show_stacktraces
|
true | |
| Server SSL Certificate Host Name. | Host name associated with CM Server SSL certificate to be passed to configuration of newly added host as the host agents are to connect to. |
ssl_certificate_hostname
|
false | ||
| Supported SSL/TLS versions | The SSL/TLS protocol versions to accept HTTPS connections from. Note that the available cipher suites also affect which protocol versions can be negotiated, and some cipher suites are only available in higher versions. | SSLv2Hello, TLSv1.2 |
supported_tls_versions
|
true | |
| Cloudera Manager TLS/SSL Client Trust Store Password | The password for the Cloudera Manager TLS/SSL Certificate Trust Store File. This password is not required to access the trust store; this field can be left blank. This password provides optional integrity checking of the file. The contents of trust stores are certificates, and certificates are public information. |
truststore_password
|
false | ||
| Cloudera Manager TLS/SSL Client Trust Store File | The location on disk of the trust store, in .jks format, used to confirm the authenticity of TLS/SSL servers that Cloudera Manager might connect to. This is used when Cloudera Manager is the client in a TLS/SSL connection. This trust store must contain the certificate(s) used to sign the service(s) connected to. If this parameter is not provided, the default list of well-known certificate authorities is used instead. |
truststore_path
|
false | ||
| Use TLS Encryption for Admin Console | Enable TLS encryption (HTTPS) between the user and the Cloudera Manager Admin Console. When checked, the HTTPS port will be used. | false |
web_tls
|
false |
Support
| Display Name | Description | Property Name | Default Value | API Name | Required |
|---|---|---|---|---|---|
| Number of Diagnostic Bundles to Keep | The maximum number of command results to keep before deleting them from local storage. This property is used for the commands that generate large result files. A value of -1 indicates no limit. | 10 |
cluster_stats_count
|
false | |
| Scheduled Diagnostic Data Size (MB) | Approximate size in MB of scheduled diagnostic data bundle | 100 |
cluster_stats_default_size_mb
|
false | |
| Use HTTPS to Upload Diagnostic Data | Whether to use HTTPS to upload diagnostic data bundles instead of the now-deprecated SFTP. Uses proxy settings from the network setting. | true |
cluster_stats_http
|
true | |
| Diagnostic Data Bundle Directory | Local directory to store diagnostic data bundles. Leave blank to store bundles for 24 hours. This directory must be writable by the cloudera-scm user. |
cluster_stats_path
|
false | ||
| Scheduled Diagnostic Data Collection Frequency | Frequency of automatically collecting diagnostic data and sending to Cloudera support. | WEEKLY |
cluster_stats_schedule
|
true | |
| Scheduled Diagnostic Data Collection Time | Time of day to collect and send diagnostic data to Cloudera |
cluster_stats_start
|
false | ||
| Diagnostic Data Temp Directory | Local path to assemble diagnostic data bundles. Leave blank to assemble these bundles in your JVM temp directory. Set this value if you run out of disk space while collecting diagnostic data. |
cluster_stats_tmp_path
|
false | ||
| Send Diagnostic Data to Cloudera Automatically | Allows the Server to automatically send diagnostic data when a collection is triggered. | true |
phone_home
|
true |
Suppressions
| Display Name | Description | Property Name | Default Value | API Name | Required |
|---|---|---|---|---|---|
| Suppress Parameter Validation: Active Directory Account Prefix | Whether to suppress configuration warnings produced by the built-in parameter validation for the Active Directory Account Prefix parameter. | false |
scm_config_suppression_ad_account_prefix
|
true | |
| Suppress Parameter Validation: Active Directory Suffix | Whether to suppress configuration warnings produced by the built-in parameter validation for the Active Directory Suffix parameter. | false |
scm_config_suppression_ad_kdc_domain
|
true | |
| Suppress Parameter Validation: Active Directory LDAP Port | Whether to suppress configuration warnings produced by the built-in parameter validation for the Active Directory LDAP Port parameter. | false |
scm_config_suppression_ad_ldap_port
|
true | |
| Suppress Parameter Validation: Active Directory LDAPS Port | Whether to suppress configuration warnings produced by the built-in parameter validation for the Active Directory LDAPS Port parameter. | false |
scm_config_suppression_ad_ldaps_port
|
true | |
| Suppress Parameter Validation: Agent Port to connect to Server | Whether to suppress configuration warnings produced by the built-in parameter validation for the Agent Port to connect to Server parameter. | false |
scm_config_suppression_agent_port
|
true | |
| Suppress Parameter Validation: External Authentication Program Path | Whether to suppress configuration warnings produced by the built-in parameter validation for the External Authentication Program Path parameter. | false |
scm_config_suppression_auth_script
|
true | |
| Suppress Parameter Validation: JKS Keystore File Password for Automatic TLS configuration | Whether to suppress configuration warnings produced by the built-in parameter validation for the JKS Keystore File Password for Automatic TLS configuration parameter. | false |
scm_config_suppression_auto_tls_keystore_password
|
true | |
| Suppress Parameter Validation: JKS Truststore File Password for Automatic TLS configuration | Whether to suppress configuration warnings produced by the built-in parameter validation for the JKS Truststore File Password for Automatic TLS configuration parameter. | false |
scm_config_suppression_auto_tls_truststore_password
|
true | |
| Suppress Parameter Validation: Custom Kerberos Keytab Location (to be used for replication for secure clusters on this Cloudera Manager) | Whether to suppress configuration warnings produced by the built-in parameter validation for the Custom Kerberos Keytab Location (to be used for replication for secure clusters on this Cloudera Manager) parameter. | false |
scm_config_suppression_bdr_replication_kerberos_keytab_location
|
true | |
| Suppress Parameter Validation: Custom Kerberos Principal Name (to be used for replication for secure clusters on this Cloudera Manager) | Whether to suppress configuration warnings produced by the built-in parameter validation for the Custom Kerberos Principal Name (to be used for replication for secure clusters on this Cloudera Manager) parameter. | false |
scm_config_suppression_bdr_replication_kerberos_principal_name
|
true | |
| Suppress Parameter Validation: CDP Private Cloud Repository URLs | Whether to suppress configuration warnings produced by the built-in parameter validation for the CDP Private Cloud Repository URLs parameter. | false |
scm_config_suppression_cdppc_repo_urls
|
true | |
| Suppress Parameter Validation: Diagnostic Data Bundle Directory | Whether to suppress configuration warnings produced by the built-in parameter validation for the Diagnostic Data Bundle Directory parameter. | false |
scm_config_suppression_cluster_stats_path
|
true | |
| Suppress Parameter Validation: Diagnostic Data Temp Directory | Whether to suppress configuration warnings produced by the built-in parameter validation for the Diagnostic Data Temp Directory parameter. | false |
scm_config_suppression_cluster_stats_tmp_path
|
true | |
| Suppress Parameter Validation: Cloudera Manager Hostname Override | Whether to suppress configuration warnings produced by the built-in parameter validation for the Cloudera Manager Hostname Override parameter. | false |
scm_config_suppression_cm_host_name
|
true | |
| Suppress Parameter Validation: Cloudera Manager Server Local Data Storage Directory | Whether to suppress configuration warnings produced by the built-in parameter validation for the Cloudera Manager Server Local Data Storage Directory parameter. | false |
scm_config_suppression_command_storage_path
|
true | |
| Suppress Parameter Validation: Cross Entity Aggregate Generation Filters | Whether to suppress configuration warnings produced by the built-in parameter validation for the Cross Entity Aggregate Generation Filters parameter. | false |
scm_config_suppression_cross_entity_aggregate_filters
|
true | |
| Suppress Parameter Validation: Local Descriptor Repository Path | Whether to suppress configuration warnings produced by the built-in parameter validation for the Local Descriptor Repository Path parameter. | false |
scm_config_suppression_csd_repo_path
|
true | |
| Suppress Parameter Validation: Custom Banner Text | Whether to suppress configuration warnings produced by the built-in parameter validation for the Custom Banner Text parameter. | false |
scm_config_suppression_custom_banner_html
|
true | |
| Suppress Parameter Validation: Custom Information Assurance Policy Text | Whether to suppress configuration warnings produced by the built-in parameter validation for the Custom Information Assurance Policy Text parameter. | false |
scm_config_suppression_custom_ia_policy
|
true | |
| Suppress Parameter Validation: Redaction Parameters for Diagnostic Bundles | Whether to suppress configuration warnings produced by the built-in parameter validation for the Redaction Parameters for Diagnostic Bundles parameter. | false |
scm_config_suppression_diag_bundle_redaction_policy
|
true | |
| Suppress Parameter Validation: Extra JVM arguments for Java-based services | Whether to suppress configuration warnings produced by the built-in parameter validation for the Extra JVM arguments for Java-based services parameter. | false |
scm_config_suppression_extra_jvm_opts
|
true | |
| Suppress Parameter Validation: Cloudera Manager Frontend URL | Whether to suppress configuration warnings produced by the built-in parameter validation for the Cloudera Manager Frontend URL parameter. | false |
scm_config_suppression_frontend_url
|
true | |
| Suppress Parameter Validation: Custom Kerberos Keytab Retrieval Script | Whether to suppress configuration warnings produced by the built-in parameter validation for the Custom Kerberos Keytab Retrieval Script parameter. | false |
scm_config_suppression_gen_keytab_script
|
true | |
| Suppress Parameter Validation: Agent Heartbeat Logging Directory | Whether to suppress configuration warnings produced by the built-in parameter validation for the Agent Heartbeat Logging Directory parameter. | false |
scm_config_suppression_heartbeat_logging_dir
|
true | |
| Suppress Parameter Validation: Host certificate generator command. | Whether to suppress configuration warnings produced by the built-in parameter validation for the Host certificate generator command. parameter. | false |
scm_config_suppression_host_cert_generator
|
true | |
| Suppress Parameter Validation: HTTP Port for Admin Console | Whether to suppress configuration warnings produced by the built-in parameter validation for the HTTP Port for Admin Console parameter. | false |
scm_config_suppression_http_port
|
true | |
| Suppress Parameter Validation: HTTPS Port for Admin Console | Whether to suppress configuration warnings produced by the built-in parameter validation for the HTTPS Port for Admin Console parameter. | false |
scm_config_suppression_https_port
|
true | |
| Suppress Parameter Validation: Active Directory Domain Controller Override | Whether to suppress configuration warnings produced by the built-in parameter validation for the Active Directory Domain Controller Override parameter. | false |
scm_config_suppression_kdc_account_creation_host_override
|
true | |
| Suppress Parameter Validation: KDC Admin Server Host | Whether to suppress configuration warnings produced by the built-in parameter validation for the KDC Admin Server Host parameter. | false |
scm_config_suppression_kdc_admin_host
|
true | |
| Suppress Parameter Validation: KDC Server Host | Whether to suppress configuration warnings produced by the built-in parameter validation for the KDC Server Host parameter. | false |
scm_config_suppression_kdc_host
|
true | |
| Suppress Parameter Validation: Cloudera Manager TLS/SSL Server JKS Keystore File Password | Whether to suppress configuration warnings produced by the built-in parameter validation for the Cloudera Manager TLS/SSL Server JKS Keystore File Password parameter. | false |
scm_config_suppression_keystore_password
|
true | |
| Suppress Parameter Validation: Cloudera Manager TLS/SSL Server JKS Keystore File Location | Whether to suppress configuration warnings produced by the built-in parameter validation for the Cloudera Manager TLS/SSL Server JKS Keystore File Location parameter. | false |
scm_config_suppression_keystore_path
|
true | |
| Suppress Parameter Validation: Exclude Users for SPNEGO/Kerberos Authentication | Whether to suppress configuration warnings produced by the built-in parameter validation for the Exclude Users for SPNEGO/Kerberos Authentication parameter. | false |
scm_config_suppression_krb_auth_exclude_users
|
true | |
| Suppress Parameter Validation: Keytab File for SPNEGO Authentication Override | Whether to suppress configuration warnings produced by the built-in parameter validation for the Keytab File for SPNEGO Authentication Override parameter. | false |
scm_config_suppression_krb_auth_keytab
|
true | |
| Suppress Parameter Validation: Kerberos Principal for SPNEGO Authentication Override | Whether to suppress configuration warnings produced by the built-in parameter validation for the Kerberos Principal for SPNEGO Authentication Override parameter. | false |
scm_config_suppression_krb_auth_principal
|
true | |
| Suppress Parameter Validation: Domain Name(s) | Whether to suppress configuration warnings produced by the built-in parameter validation for the Domain Name(s) parameter. | false |
scm_config_suppression_krb_domain
|
true | |
| Suppress Configuration Validator: Validator for Advanced Configuration Snippet (Safety Valve) for remaining krb5.conf | Whether to suppress configuration warnings produced by the Validator for Advanced Configuration Snippet (Safety Valve) for remaining krb5.conf configuration validator. | false |
scm_config_suppression_krb_domain_realm
|
true | |
| Suppress Parameter Validation: Kerberos Encryption Types | Whether to suppress configuration warnings produced by the built-in parameter validation for the Kerberos Encryption Types parameter. | false |
scm_config_suppression_krb_enc_types
|
true | |
| Suppress Parameter Validation: KDC Timeout | Whether to suppress configuration warnings produced by the built-in parameter validation for the KDC Timeout parameter. | false |
scm_config_suppression_krb_kdc_timeout
|
true | |
| Suppress Parameter Validation: Advanced Configuration Snippet (Safety Valve) for [libdefaults] section of krb5.conf | Whether to suppress configuration warnings produced by the built-in parameter validation for the Advanced Configuration Snippet (Safety Valve) for [libdefaults] section of krb5.conf parameter. | false |
scm_config_suppression_krb_libdefaults_safety_valve
|
true | |
| Suppress Parameter Validation: Advanced Configuration Snippet (Safety Valve) for remaining krb5.conf | Whether to suppress configuration warnings produced by the built-in parameter validation for the Advanced Configuration Snippet (Safety Valve) for remaining krb5.conf parameter. | false |
scm_config_suppression_krb_other_safety_valve
|
true | |
| Suppress Parameter Validation: Advanced Configuration Snippet (Safety Valve) for the Default Realm in krb5.conf | Whether to suppress configuration warnings produced by the built-in parameter validation for the Advanced Configuration Snippet (Safety Valve) for the Default Realm in krb5.conf parameter. | false |
scm_config_suppression_krb_realms_safety_valve
|
true | |
| Suppress Parameter Validation: Kerberos Renewable Lifetime | Whether to suppress configuration warnings produced by the built-in parameter validation for the Kerberos Renewable Lifetime parameter. | false |
scm_config_suppression_krb_renew_lifetime
|
true | |
| Suppress Parameter Validation: Kerberos Ticket Lifetime | Whether to suppress configuration warnings produced by the built-in parameter validation for the Kerberos Ticket Lifetime parameter. | false |
scm_config_suppression_krb_ticket_lifetime
|
true | |
| Suppress Parameter Validation: LDAP Bind User Distinguished Name | Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Bind User Distinguished Name parameter. | false |
scm_config_suppression_ldap_bind_dn
|
true | |
| Suppress Parameter Validation: LDAP Bind Distinguished Name for Monitoring | Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Bind Distinguished Name for Monitoring parameter. | false |
scm_config_suppression_ldap_bind_dn_monitoring
|
true | |
| Suppress Parameter Validation: LDAP Bind Password | Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Bind Password parameter. | false |
scm_config_suppression_ldap_bind_pw
|
true | |
| Suppress Parameter Validation: LDAP Bind Password for Monitoring | Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Bind Password for Monitoring parameter. | false |
scm_config_suppression_ldap_bind_pw_monitoring
|
true | |
| Suppress Parameter Validation: LDAP Distinguished Name Pattern | Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Distinguished Name Pattern parameter. | false |
scm_config_suppression_ldap_dn_pattern
|
true | |
| Suppress Parameter Validation: LDAP Group Search Base | Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Group Search Base parameter. | false |
scm_config_suppression_ldap_group_search_base
|
true | |
| Suppress Parameter Validation: LDAP Group Search Filter | Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Group Search Filter parameter. | false |
scm_config_suppression_ldap_group_search_filter
|
true | |
| Suppress Parameter Validation: LDAP URL | Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP URL parameter. | false |
scm_config_suppression_ldap_url
|
true | |
| Suppress Parameter Validation: LDAP User Search Base | Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP User Search Base parameter. | false |
scm_config_suppression_ldap_user_search_base
|
true | |
| Suppress Parameter Validation: LDAP User Search Filter | Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP User Search Filter parameter. | false |
scm_config_suppression_ldap_user_search_filter
|
true | |
| Suppress Configuration Validator: Mixed Packages And Parcels | Whether to suppress configuration warnings produced by the Mixed Packages And Parcels configuration validator. | false |
scm_config_suppression_mixed_packages_and_parcels
|
true | |
| Suppress Parameter Validation: Active Directory Domain | Whether to suppress configuration warnings produced by the built-in parameter validation for the Active Directory Domain parameter. | false |
scm_config_suppression_nt_domain
|
true | |
| Suppress Parameter Validation: Automatically Downloaded Products | Whether to suppress configuration warnings produced by the built-in parameter validation for the Automatically Downloaded Products parameter. | false |
scm_config_suppression_parcel_autodownload_products
|
true | |
| Suppress Parameter Validation: Proxy Password | Whether to suppress configuration warnings produced by the built-in parameter validation for the Proxy Password parameter. | false |
scm_config_suppression_parcel_proxy_password
|
true | |
| Suppress Parameter Validation: Proxy Port | Whether to suppress configuration warnings produced by the built-in parameter validation for the Proxy Port parameter. | false |
scm_config_suppression_parcel_proxy_port
|
true | |
| Suppress Parameter Validation: Proxy Server | Whether to suppress configuration warnings produced by the built-in parameter validation for the Proxy Server parameter. | false |
scm_config_suppression_parcel_proxy_server
|
true | |
| Suppress Parameter Validation: Proxy User | Whether to suppress configuration warnings produced by the built-in parameter validation for the Proxy User parameter. | false |
scm_config_suppression_parcel_proxy_user
|
true | |
| Suppress Parameter Validation: Local Parcel Repository Path | Whether to suppress configuration warnings produced by the built-in parameter validation for the Local Parcel Repository Path parameter. | false |
scm_config_suppression_parcel_repo_path
|
true | |
| Suppress Parameter Validation: Allowed Groups for Knox Proxy | Whether to suppress configuration warnings produced by the built-in parameter validation for the Allowed Groups for Knox Proxy parameter. | false |
scm_config_suppression_proxyuser_knox_groups
|
true | |
| Suppress Parameter Validation: Allowed Hosts for Knox Proxy | Whether to suppress configuration warnings produced by the built-in parameter validation for the Allowed Hosts for Knox Proxy parameter. | false |
scm_config_suppression_proxyuser_knox_hosts
|
true | |
| Suppress Parameter Validation: Knox Proxy Principal | Whether to suppress configuration warnings produced by the built-in parameter validation for the Knox Proxy Principal parameter. | false |
scm_config_suppression_proxyuser_knox_principal
|
true | |
| Suppress Parameter Validation: Allowed Users for Knox Proxy | Whether to suppress configuration warnings produced by the built-in parameter validation for the Allowed Users for Knox Proxy parameter. | false |
scm_config_suppression_proxyuser_knox_users
|
true | |
| Suppress Parameter Validation: Remote Parcel Repository URLs | Whether to suppress configuration warnings produced by the built-in parameter validation for the Remote Parcel Repository URLs parameter. | false |
scm_config_suppression_remote_parcel_repo_urls
|
true | |
| Suppress Parameter Validation: HTTP authentication password override for Cloudera Repositories | Whether to suppress configuration warnings produced by the built-in parameter validation for the HTTP authentication password override for Cloudera Repositories parameter. | false |
scm_config_suppression_remote_repo_override_password
|
true | |
| Suppress Parameter Validation: HTTP authentication username override for Cloudera Repositories | Whether to suppress configuration warnings produced by the built-in parameter validation for the HTTP authentication username override for Cloudera Repositories parameter. | false |
scm_config_suppression_remote_repo_override_user
|
true | |
| Suppress Parameter Validation: Report Configurations | Whether to suppress configuration warnings produced by the built-in parameter validation for the Report Configurations parameter. | false |
scm_config_suppression_report_configurations
|
true | |
| Suppress Parameter Validation: SAML Entity Alias | Whether to suppress configuration warnings produced by the built-in parameter validation for the SAML Entity Alias parameter. | false |
scm_config_suppression_saml_entity_alias
|
true | |
| Suppress Parameter Validation: SAML Entity Base URL | Whether to suppress configuration warnings produced by the built-in parameter validation for the SAML Entity Base URL parameter. | false |
scm_config_suppression_saml_entity_base_url
|
true | |
| Suppress Parameter Validation: SAML Entity ID | Whether to suppress configuration warnings produced by the built-in parameter validation for the SAML Entity ID parameter. | false |
scm_config_suppression_saml_entity_id
|
true | |
| Suppress Parameter Validation: Alias of SAML Sign/Encrypt Private Key | Whether to suppress configuration warnings produced by the built-in parameter validation for the Alias of SAML Sign/Encrypt Private Key parameter. | false |
scm_config_suppression_saml_key_alias
|
true | |
| Suppress Parameter Validation: SAML Sign/Encrypt Private Key Password | Whether to suppress configuration warnings produced by the built-in parameter validation for the SAML Sign/Encrypt Private Key Password parameter. | false |
scm_config_suppression_saml_key_password
|
true | |
| Suppress Parameter Validation: SAML Keystore Password | Whether to suppress configuration warnings produced by the built-in parameter validation for the SAML Keystore Password parameter. | false |
scm_config_suppression_saml_keystore_password
|
true | |
| Suppress Parameter Validation: Path to SAML Keystore File | Whether to suppress configuration warnings produced by the built-in parameter validation for the Path to SAML Keystore File parameter. | false |
scm_config_suppression_saml_keystore_path
|
true | |
| Suppress Parameter Validation: SAML Login URL | Whether to suppress configuration warnings produced by the built-in parameter validation for the SAML Login URL parameter. | false |
scm_config_suppression_saml_login_url
|
true | |
| Suppress Parameter Validation: Path to SAML IDP Metadata File | Whether to suppress configuration warnings produced by the built-in parameter validation for the Path to SAML IDP Metadata File parameter. | false |
scm_config_suppression_saml_metadata_path
|
true | |
| Suppress Parameter Validation: SAML Attribute Identifier for User Role | Whether to suppress configuration warnings produced by the built-in parameter validation for the SAML Attribute Identifier for User Role parameter. | false |
scm_config_suppression_saml_oid_role
|
true | |
| Suppress Parameter Validation: SAML Attribute Identifier for User ID | Whether to suppress configuration warnings produced by the built-in parameter validation for the SAML Attribute Identifier for User ID parameter. | false |
scm_config_suppression_saml_oid_user
|
true | |
| Suppress Parameter Validation: Path to SAML Role Assignment Script | Whether to suppress configuration warnings produced by the built-in parameter validation for the Path to SAML Role Assignment Script parameter. | false |
scm_config_suppression_saml_role_script
|
true | |
| Suppress Configuration Validator: Cloudera Manager Server Restart | Whether to suppress configuration warnings produced by the Cloudera Manager Server Restart configuration validator. | false |
scm_config_suppression_scm_server_restart
|
true | |
| Suppress Parameter Validation: Kerberos Security Realm | Whether to suppress configuration warnings produced by the built-in parameter validation for the Kerberos Security Realm parameter. | false |
scm_config_suppression_security_realm
|
true | |
| Suppress Parameter Validation: Server SSL Certificate Host Name. | Whether to suppress configuration warnings produced by the built-in parameter validation for the Server SSL Certificate Host Name. parameter. | false |
scm_config_suppression_ssl_certificate_hostname
|
true | |
| Suppress Parameter Validation: System Identifier | Whether to suppress configuration warnings produced by the built-in parameter validation for the System Identifier parameter. | false |
scm_config_suppression_system_identifier
|
true | |
| Suppress Configuration Validator: Tags Limit Validator | Whether to suppress configuration warnings produced by the Tags Limit Validator configuration validator. | false |
scm_config_suppression_tags_limit
|
true | |
| Suppress Configuration Validator: TLS With Kerberos Validator | Whether to suppress configuration warnings produced by the TLS With Kerberos Validator configuration validator. | false |
scm_config_suppression_tls_with_kerberos_validator
|
true | |
| Suppress Parameter Validation: Kerberos Trusted Realms | Whether to suppress configuration warnings produced by the built-in parameter validation for the Kerberos Trusted Realms parameter. | false |
scm_config_suppression_trusted_realms
|
true | |
| Suppress Parameter Validation: Cloudera Manager TLS/SSL Client Trust Store Password | Whether to suppress configuration warnings produced by the built-in parameter validation for the Cloudera Manager TLS/SSL Client Trust Store Password parameter. | false |
scm_config_suppression_truststore_password
|
true | |
| Suppress Parameter Validation: Cloudera Manager TLS/SSL Client Trust Store File | Whether to suppress configuration warnings produced by the built-in parameter validation for the Cloudera Manager TLS/SSL Client Trust Store File parameter. | false |
scm_config_suppression_truststore_path
|
true |
