Core Configuration Properties in Cloudera Runtime 7.1.2
Role groups:
Gateway
Categories:
Advanced
Display Name | Description | Property Name | Default Value | API Name | Required |
---|---|---|---|---|---|
Deploy Directory | The directory where the client configs will be deployed | /etc/hadoop |
client_config_root_dir
|
true | |
Core Configuration Client Environment Advanced Configuration Snippet (Safety Valve) for hadoop-env.sh | For advanced use only, key-value pairs (one on each line) to be inserted into the client configuration for hadoop-env.sh |
core_client_env_safety_valve
|
false | ||
Client Java Configuration Options | These are Java command-line arguments. Commonly, garbage collection flags, PermGen, or extra debugging flags would be passed here. | -Djava.net.preferIPv4Stack=true |
core_client_java_opts
|
false | |
Gateway Logging Advanced Configuration Snippet (Safety Valve) | For advanced use only, a string to be inserted into log4j.properties for this role only. |
log4j_safety_valve
|
false |
Logs
Display Name | Description | Property Name | Default Value | API Name | Required |
---|---|---|---|---|---|
Gateway Logging Threshold | The minimum log level for Gateway logs | INFO |
log_threshold
|
false |
Monitoring
Display Name | Description | Property Name | Default Value | API Name | Required |
---|---|---|---|---|---|
Enable Configuration Change Alerts | When set, Cloudera Manager will send alerts when this entity's configuration changes. | false |
enable_config_alerts
|
false |
Other
Display Name | Description | Property Name | Default Value | API Name | Required |
---|---|---|---|---|---|
Alternatives Priority | The priority level that the client configuration will have in the Alternatives system on the hosts. Higher priority levels will cause Alternatives to prefer this configuration over any others. | 90 |
client_config_priority
|
true |
Resource Management
Display Name | Description | Property Name | Default Value | API Name | Required |
---|---|---|---|---|---|
Client Java Heap Size in Bytes | Maximum size in bytes for the Java process heap memory. Passed to Java -Xmx. | 256 MiB |
core_client_java_heapsize
|
false |
Suppressions
Display Name | Description | Property Name | Default Value | API Name | Required |
---|---|---|---|---|---|
Suppress Configuration Validator: CDH Version Validator | Whether to suppress configuration warnings produced by the CDH Version Validator configuration validator. | false |
role_config_suppression_cdh_version_validator
|
true | |
Suppress Parameter Validation: Deploy Directory | Whether to suppress configuration warnings produced by the built-in parameter validation for the Deploy Directory parameter. | false |
role_config_suppression_client_config_root_dir
|
true | |
Suppress Parameter Validation: Core Configuration Client Environment Advanced Configuration Snippet (Safety Valve) for hadoop-env.sh | Whether to suppress configuration warnings produced by the built-in parameter validation for the Core Configuration Client Environment Advanced Configuration Snippet (Safety Valve) for hadoop-env.sh parameter. | false |
role_config_suppression_core_client_env_safety_valve
|
true | |
Suppress Parameter Validation: Client Java Configuration Options | Whether to suppress configuration warnings produced by the built-in parameter validation for the Client Java Configuration Options parameter. | false |
role_config_suppression_core_client_java_opts
|
true | |
Suppress Parameter Validation: Gateway Logging Advanced Configuration Snippet (Safety Valve) | Whether to suppress configuration warnings produced by the built-in parameter validation for the Gateway Logging Advanced Configuration Snippet (Safety Valve) parameter. | false |
role_config_suppression_log4j_safety_valve
|
true |
Service-Wide
Categories:
Advanced
Display Name | Description | Property Name | Default Value | API Name | Required |
---|---|---|---|---|---|
Core Configuration Service Environment Advanced Configuration Snippet (Safety Valve) | For advanced use only, key-value pairs (one on each line) to be inserted into a role's environment. Applies to configurations of all roles in this service except client configuration. |
CORE_SETTINGS_service_env_safety_valve
|
false | ||
Cluster-wide Advanced Configuration Snippet (Safety Valve) for core-site.xml | For advanced use only, a string to be inserted into core-site.xml. Applies to all roles and client configurations in this HDFS service as well as all its dependent services. Any configs added here will be overridden by their default values in HDFS (which can be found in hdfs-default.xml). |
core_site_safety_valve
|
false | ||
HDFS Service Advanced Configuration Snippet (Safety Valve) for hadoop-policy.xml | For advanced use only, a string to be inserted into hadoop-policy.xml. Applies to configurations of all roles in this service except client configuration. |
hadoop_policy_config_safety_valve
|
false | ||
HDFS Advanced Configuration Snippet (Safety Valve) for ssl-client.xml | For advanced use only, a string to be inserted into ssl-client.xml. Applies cluster-wide, but can be overridden by individual services. |
hdfs_ssl_client_safety_valve
|
false | ||
HDFS Service Advanced Configuration Snippet (Safety Valve) for ssl-server.xml | For advanced use only, a string to be inserted into ssl-server.xml. Applies to configurations of all roles in this service except client configuration. |
hdfs_ssl_server_safety_valve
|
false | ||
System Group | The group that this service's processes should run as (except the HttpFS server, which has its own group) | hdfs |
process_groupname
|
true | |
System User | The user that this service's processes should run as. | hdfs |
process_username
|
true |
Monitoring
Display Name | Description | Property Name | Default Value | API Name | Required |
---|---|---|---|---|---|
Enable Service Level Health Alerts | When set, Cloudera Manager will send alerts when the health of this service reaches the threshold specified by the EventServer setting eventserver_health_events_alert_threshold | true |
enable_alerts
|
false | |
Enable Configuration Change Alerts | When set, Cloudera Manager will send alerts when this entity's configuration changes. | false |
enable_config_alerts
|
false | |
Service Triggers | The configured triggers for this service. This is a JSON-formatted list of triggers. These triggers are evaluated as part as the health system. Every trigger expression is parsed, and if the trigger condition is met, the list of actions provided in the trigger expression is executed. Each trigger has the following fields:
[{"triggerName": "sample-trigger",
"triggerExpression": "IF (SELECT fd_open WHERE roleType = DataNode and last(fd_open) > 500) DO health:bad",
"streamThreshold": 10, "enabled": "true"}] See the trigger rules documentation for more details on how to write triggers using tsquery.The JSON format is evolving and may change and, as a result, backward compatibility is not guaranteed between releases. |
[] |
service_triggers
|
true | |
Service Monitor Derived Configs Advanced Configuration Snippet (Safety Valve) | For advanced use only, a list of derived configuration properties that will be used by the Service Monitor instead of the default ones. |
smon_derived_configs_safety_valve
|
false |
Other
Display Name | Description | Property Name | Default Value | API Name | Required |
---|---|---|---|---|---|
Default Filesystem | The defaultFs to use in the cluster. |
core.defaultFs
|
core_defaultfs
|
false | |
KMS Service | The Key Management Server used by HDFS. This must be set to use encryption for data at rest. |
kms_service
|
false | ||
Object Store Service | Select an Object Store service to enable cloud storage support. Once enabled, the cloud storage can be used in Impala and Hue services, via fully-qualified URIs. |
object_store_service
|
false |
Proxy
Display Name | Description | Property Name | Default Value | API Name | Required |
---|---|---|---|---|---|
HDFS Proxy User Groups | Comma-delimited list of groups to allow the HDFS user to impersonate. The default '*' allows all groups. To disable entirely, use a string that does not correspond to a group name, such as '_no_group_'. |
hadoop.proxyuser.hdfs.groups
|
* |
hdfs_proxy_user_groups_list
|
false |
HDFS Proxy User Hosts | Comma-delimited list of hosts where you want to allow the HDFS user to impersonate other users. The default '*' allows all hosts. To disable entirely, use a string that doesn't correspond to a host name, such as '_no_host'. |
hadoop.proxyuser.hdfs.hosts
|
* |
hdfs_proxy_user_hosts_list
|
false |
Hive Proxy User Groups | Comma-delimited list of groups that you want to allow the Hive user to impersonate. The default '*' allows all groups. To disable entirely, use a string that doesn't correspond to a group name, such as '_no_group_'. |
hadoop.proxyuser.hive.groups
|
* |
hive_proxy_user_groups_list
|
false |
Hive Proxy User Hosts | Comma-delimited list of hosts where you want to allow the Hive user to impersonate other users. The default '*' allows all hosts. To disable entirely, use a string that doesn't correspond to a host name, such as '_no_host'. |
hadoop.proxyuser.hive.hosts
|
* |
hive_proxy_user_hosts_list
|
false |
HTTP Proxy User Groups | Comma-delimited list of groups that you want to allow the HTTP user to impersonate. The default '*' allows all groups. To disable entirely, use a string that doesn't correspond to a group name, such as '_no_group_'. This is used by WebHCat. |
hadoop.proxyuser.HTTP.groups
|
* |
HTTP_proxy_user_groups_list
|
false |
HTTP Proxy User Hosts | Comma-delimited list of hosts where you want to allow the HTTP user to impersonate other users. The default '*' allows all hosts. To disable entirely, use a string that doesn't correspond to a host name, such as '_no_host'. This is used by WebHCat. |
hadoop.proxyuser.HTTP.hosts
|
* |
HTTP_proxy_user_hosts_list
|
false |
HttpFS Proxy User Groups | Comma-delimited list of groups to allow the HttpFS user to impersonate. The default '*' allows all groups. To disable entirely, use a string that does not correspond to a group name, such as '_no_group_'. |
hadoop.proxyuser.httpfs.groups
|
* |
httpfs_proxy_user_groups_list
|
false |
HttpFS Proxy User Hosts | Comma-delimited list of hosts where you allow the HttpFS user to impersonate other users. The default '*' allows all hosts. To disable entirely, use a string that doesn't correspond to a host name, such as '_no_host'. |
hadoop.proxyuser.httpfs.hosts
|
* |
httpfs_proxy_user_hosts_list
|
false |
Hue Proxy User Groups | Comma-delimited list of groups that you want to allow the Hue user to impersonate. The default '*' allows all groups. To disable entirely, use a string that doesn't correspond to a group name, such as '_no_group_'. |
hadoop.proxyuser.hue.groups
|
* |
hue_proxy_user_groups_list
|
false |
Hue Proxy User Hosts | Comma-delimited list of hosts where you want to allow the Hue user to impersonate other users. The default '*' allows all hosts. To disable entirely, use a string that doesn't correspond to a host name, such as '_no_host'. |
hadoop.proxyuser.hue.hosts
|
* |
hue_proxy_user_hosts_list
|
false |
Impala Proxy User Groups | Comma-delimited list of groups that you want to allow the Impala user to impersonate. The default '*' allows all groups. To disable entirely, use a string that doesn't correspond to a group name, such as '_no_group_'. |
hadoop.proxyuser.impala.groups
|
* |
impala_proxy_user_groups_list
|
false |
Impala Proxy User Hosts | Comma-delimited list of hosts where you want to allow the Impala user to impersonate other users. The default '*' allows all hosts. To disable entirely, use a string that doesn't correspond to a host name, such as '_no_host'. |
hadoop.proxyuser.impala.hosts
|
* |
impala_proxy_user_hosts_list
|
false |
Knox Proxy User Groups | Comma-delimited list of groups that you want to allow the Knox user to impersonate. The default '*' allows all groups. To disable entirely, use a string that doesn't correspond to a group name, such as '_no_group_'. |
hadoop.proxyuser.knox.groups
|
* |
knox_proxy_user_groups_list
|
false |
Knox Proxy User Hosts | Comma-delimited list of hosts where you want to allow the Knox user to impersonate other users. The default '*' allows all hosts. To disable entirely, use a string that doesn't correspond to a host name, such as '_no_host'. |
hadoop.proxyuser.knox.hosts
|
* |
knox_proxy_user_hosts_list
|
false |
Livy Proxy User Groups | Comma-delimited list of groups that you want to allow the Livy user to impersonate. The default '*' allows all groups. To disable entirely, use a string that doesn't correspond to a group name, such as '_no_group_'. |
hadoop.proxyuser.livy.groups
|
* |
livy_proxy_user_groups_list
|
false |
Livy Proxy User Hosts | Comma-delimited list of hosts where you want to allow the Livy user to impersonate other users. The default '*' allows all hosts. To disable entirely, use a string that doesn't correspond to a host name, such as '_no_host'. |
hadoop.proxyuser.livy.hosts
|
* |
livy_proxy_user_hosts_list
|
false |
Oozie Proxy User Groups | Allows the oozie superuser to impersonate any members of a comma-delimited list of groups. The default '*' allows all groups. To disable entirely, use a string that doesn't correspond to a group name, such as '_no_group_'. |
hadoop.proxyuser.oozie.groups
|
* |
oozie_proxy_user_groups_list
|
false |
Oozie Proxy User Hosts | Comma-delimited list of hosts where you want to allow the oozie user to impersonate other users. The default '*' allows all hosts. To disable entirely, use a string that doesn't correspond to a host name, such as '_no_host'. |
hadoop.proxyuser.oozie.hosts
|
* |
oozie_proxy_user_hosts_list
|
false |
Phoenix Proxy User Groups | Comma-delimited list of groups that you want to allow the Phoenix user to impersonate. The default '*' allows all groups. To disable entirely, use a string that doesn't correspond to a group name, such as '_no_group_'. |
hadoop.proxyuser.phoenix.groups
|
* |
phoenix_proxy_user_groups_list
|
false |
Phoenix Proxy User Hosts | Comma-delimited list of hosts where you want to allow the Phoenix user to impersonate other users. The default '*' allows all hosts. To disable entirely, use a string that doesn't correspond to a host name, such as '_no_host'. |
hadoop.proxyuser.phoenix.hosts
|
* |
phoenix_proxy_user_hosts_list
|
false |
Service Monitor Proxy User Groups | Allows the Cloudera Service Monitor user to impersonate any members of a comma-delimited list of groups. The default '*' allows all groups. This property is used only if Service Monitor is using a different Kerberos principal than the Hue service. To disable entirely, use a string that does not correspond to a group name, such as '_no_group_'. |
hadoop.proxyuser.smon.groups
|
* |
smon_proxy_user_groups_list
|
false |
Service Monitor Proxy User Hosts | Comma-delimited list of hosts where you want to allow the Cloudera Service Monitor user to impersonate other users. The default '*' allows all hosts. This property is used only if Service Monitor is using a different Kerberos principal than the Hue service. To disable entirely, use a string that does not correspond to a host name, such as '_no_host'. |
hadoop.proxyuser.smon.hosts
|
* |
smon_proxy_user_hosts_list
|
false |
Telemetry Publisher Proxy User Groups | Allows the Cloudera Telemetry Publisher user to impersonate any members of a comma-delimited list of groups. The default '*' allows all groups. This property is used only if Telemetry Publisher is using a different Kerberos principal than the Hue service. To disable entirely, use a string that does not correspond to a group name, such as '_no_group_'. |
hadoop.proxyuser.telepub.groups
|
* |
telepub_proxy_user_groups_list
|
false |
Telemetry Publisher Proxy User Hosts | Comma-delimited list of hosts where you want to allow the Cloudera Telemetry Publisher user to impersonate other users. The default '*' allows all hosts. This property is used only if Telemetry Publisher is using a different Kerberos principal than the Hue service. To disable entirely, use a string that does not correspond to a host name, such as '_no_host'. |
hadoop.proxyuser.telepub.hosts
|
* |
telepub_proxy_user_hosts_list
|
false |
YARN Proxy User Groups | Comma-delimited list of groups that you want to allow the YARN user to impersonate. The default '*' allows all groups. To disable entirely, use a string that does not correspond to a group name, such as '_no_group_'. |
hadoop.proxyuser.yarn.groups
|
* |
yarn_proxy_user_groups_list
|
false |
YARN Proxy User Hosts | Comma-delimited list of hosts that you want to allow the YARN user to impersonate. The default '*' allows all hosts. To disable entirely, use a string that does not correspond to a host name, such as '_no_host'. |
hadoop.proxyuser.yarn.hosts
|
* |
yarn_proxy_user_hosts_list
|
false |
Security
Display Name | Description | Property Name | Default Value | API Name | Required |
---|---|---|---|---|---|
Additional Rules to Map Kerberos Principals to Short Names | Additional mapping rules that will be inserted before rules generated from the list of trusted realms and before the default rule. After changing this value and restarting the service, any services depending on this one must be restarted as well. The hadoop.security.auth_to_local property is configured using this information. Default rules are generated by Cloudera Manager and substituted in place of the literal {DEFAULT_RULES} if it is specified in this value. | DEFAULT_RULES |
extra_auth_to_local_rules
|
false | |
Authorized Admin Groups | Comma-separated list of groups authorized to perform admin operations on Hadoop. This is emitted only if authorization is enabled. |
hadoop_authorized_admin_groups
|
false | ||
Authorized Admin Users | Comma-separated list of users authorized to perform admin operations on Hadoop. This is emitted only if authorization is enabled. | * |
hadoop_authorized_admin_users
|
false | |
Authorized Groups | Comma-separated list of groups authorized to used Hadoop. This is emitted only if authorization is enabled. |
hadoop_authorized_groups
|
false | ||
Authorized Users | Comma-separated list of users authorized to used Hadoop. This is emitted only if authorization is enabled. | * |
hadoop_authorized_users
|
false | |
Hadoop User Group Mapping Search Base | The search base for the LDAP connection. This is a distinguished name, and will typically be the root of the LDAP directory. |
hadoop.security.group.mapping.ldap.base
|
hadoop_group_mapping_ldap_base
|
false | |
Hadoop User Group Mapping LDAP Bind User Password | The password of the bind user. |
hadoop.security.group.mapping.ldap.bind.password
|
hadoop_group_mapping_ldap_bind_passwd
|
false | |
Hadoop User Group Mapping LDAP Bind User Distinguished Name | Distinguished name of the user to bind to AD as for user authentication search/bind and group lookup for role authorization. For openLDAP based directories this should be a DN string, for Active Directory this can be just a username, combined with the "Active Directory Domain" value for login. For example username in the field and example.com in the active directory domain will result in the User Principal Name value of username@example.com being used to bind. If you put a UPM value here, do not over-configure the "active directory domain" field otherwise you will end up presenting username@example.com@example.com for binds.
AD will accept a UPN value or the DN value as a valid Bind DN;
An example of a Distinguished Name (DN): CN=cdh admin,OU=svcaccount,DC=example,DC=com
An example of a UPN value: cdhadmin@example.com |
hadoop.security.group.mapping.ldap.bind.user
|
hadoop_group_mapping_ldap_bind_user
|
false | |
Hadoop User Group Mapping LDAP Group Search Filter | An additional filter to use when searching for groups. |
hadoop.security.group.mapping.ldap.search.filter.group
|
(objectClass=group) |
hadoop_group_mapping_ldap_group_filter
|
false |
Hadoop User Group Mapping LDAP Group Name Attribute | The attribute of the group object that identifies the group name. The default will usually be appropriate for all LDAP systems. |
hadoop.security.group.mapping.ldap.search.attr.group.name
|
cn |
hadoop_group_mapping_ldap_group_name_attr
|
false |
Hadoop User Group Mapping LDAP TLS/SSL Truststore | File path to a jks-format truststore containing the TLS/SSL certificate used sign the LDAP server's certificate. Note that in previous releases this was erroneously referred to as a "keystore". |
hadoop.security.group.mapping.ldap.ssl.keystore
|
hadoop_group_mapping_ldap_keystore
|
false | |
Hadoop User Group Mapping LDAP TLS/SSL Truststore Password | The password for the TLS/SSL truststore. |
hadoop.security.group.mapping.ldap.ssl.keystore.password
|
hadoop_group_mapping_ldap_keystore_passwd
|
false | |
Hadoop User Group Mapping LDAP Group Membership Attribute | The attribute of the group object that identifies the users that are members of the group. The default will usually be appropriate for any LDAP installation. |
hadoop.security.group.mapping.ldap.search.attr.member
|
member |
hadoop_group_mapping_ldap_member_attr
|
false |
Hadoop User Group Mapping LDAP URL | The URL of the LDAP Server. The URL must be prefixed with ldap:// or ldaps:// . The URL can optionally specify a custom port if necessary, but by default the ldap:// will connect to port 389, and the ldaps:// will connect to port 636. Note that passwords will be in the clear if ldap:// is used, and by fall 2020 Active directory servers will no longer allow non LDAPS connections to bind to AD hosts with LDAP signing enabled. See microsoft knowledge document 935834 for more information. |
hadoop.security.group.mapping.ldap.url
|
hadoop_group_mapping_ldap_url
|
false | |
Hadoop User Group Mapping LDAP TLS/SSL Enabled | Whether or not to use TLS/SSL when connecting to the LDAP server. |
hadoop.security.group.mapping.ldap.use.ssl
|
false |
hadoop_group_mapping_ldap_use_ssl
|
false |
Hadoop User Group Mapping LDAP User Search Filter | An additional filter to use when searching for LDAP users. The default will usually be appropriate for Active Directory installations. If connecting to a generic LDAP server, ''sAMAccountName'' will likely be replaced with ''uid''. {0} is a special string used to denote where the username fits into the filter. |
hadoop.security.group.mapping.ldap.search.filter.user
|
(&(objectClass=user)(sAMAccountName=0)) |
hadoop_group_mapping_ldap_user_filter
|
false |
Hadoop HTTP Authentication Cookie Domain | The domain to use for the HTTP cookie that stores the authentication token. In order for authentiation to work correctly across all Hadoop nodes' web-consoles the domain must be correctly set. Important: when using IP addresses, browsers ignore cookies with domain settings. For this setting to work properly all nodes in the cluster must be configured to generate URLs with hostname.domain names on it. |
hadoop_http_auth_cookie_domain
|
false | ||
Hadoop RPC Protection | Quality of protection for secured RPC connections between NameNode and HDFS clients. For effective RPC protection, enable Kerberos authentication. |
hadoop.rpc.protection
|
authentication |
hadoop_rpc_protection
|
false |
Enable Kerberos Authentication for HTTP Web-Consoles | Enables Kerberos authentication for Hadoop HTTP web consoles for all roles of this service using the SPNEGO protocol. Note: This is effective only if Kerberos is enabled for the HDFS service. | false |
hadoop_secure_web_ui
|
false | |
Hadoop Secure Authentication | Choose the authentication mechanism used by Hadoop |
hadoop.security.authentication
|
simple |
hadoop_security_authentication
|
false |
Hadoop Secure Authorization | Enable authorization |
hadoop.security.authorization
|
false |
hadoop_security_authorization
|
false |
Hadoop User Group Mapping Implementation | Class for user to group mapping (get groups for a given user). |
hadoop.security.group.mapping
|
org.apache.hadoop.security.ShellBasedUnixGroupsMapping |
hadoop_security_group_mapping
|
false |
Hadoop TLS/SSL Enabled | Enable TLS/SSL encryption for HDFS, MapReduce, and YARN web UIs, as well as encrypted shuffle for MapReduce and YARN. |
hadoop.ssl.enabled
|
false |
hdfs_hadoop_ssl_enabled
|
false |
Kerberos Principal | Kerberos principal short name used by all roles of this service. | hdfs |
kerberos_princ_name
|
true | |
Log and Query Redaction Policy | Note: Do not edit this property in the classic layout. Switch to the new layout to use preconfigured redaction rules and test your rules inline.Use this property to define a list of rules to be followed for redacting sensitive information from log files and query strings. Click + to add a new redaction rule. You can choose one of the preconfigured rules or add a custom rule. When specifying a custom rule, the Search field should contain a regular expression that will be matched against the data. If a match is found, it is replaced by the contents of the Replace field.Trigger is an optional field. It can be used to specify a simple string to be searched in the data. If the string is found, the redactor attempts to find a match for the Search regex. If no trigger is specified, redaction occurs by matching the Search regular expression. Use the Trigger field to enhance performance: simple string matching is faster than regular expression matching.Test your rules by entering sample text into the Test Redaction Rules text box and clicking Test Redaction. If no rules match, the text you entered is returned unchanged. |
redaction_policy
|
version: 1, rules: [ description: Redact passwords from json files, trigger: password, search: \password\[ ]*:[ ]*\[^\]+\, caseSensitive: false, replace: \password\: \LOG-REDACTED\ , description: Redact password\u003d and password:, trigger: password, search: password[:\u003d][^ \\\\\]+, caseSensitive: false, replace: password\u003dLOG-REDACTED , description: Redact passwd\u003d and passwd:, trigger: passwd, search: passwd[:\u003d][^ \\\\\]+, caseSensitive: false, replace: passwd\u003dLOG-REDACTED , description: Redact pass\u003d and pass:, trigger: pass, search: pass[:\u003d][^ \\\\\]+, caseSensitive: false, replace: pass\u003dLOG-REDACTED , description: Redact PASSWORD, , trigger: PASSWORD, , search: PASSWORD, [^\\\\\]+, caseSensitive: false, replace: PASSWORD, LOG-REDACTED , description: Redact secret\u003d and secret:, trigger: secret, search: secret[:\u003d][^ \\\\\]+, caseSensitive: false, replace: secret\u003dLOG-REDACTED , description: Credit Card numbers (with separator), search: \\d4[^\\w:]\\d4[^\\w:]\\d4[^\\w:]\\d4, caseSensitive: true, replace: XXXX-XXXX-XXXX-XXXX , description: Social Security numbers (with separator), search: \\d3[^\\w:]\\d2[^\\w:]\\d4, caseSensitive: true, replace: XXX-XX-XXXX ] |
redaction_policy
|
false |
Enable Log and Query Redaction | Enable/Disable the Log and Query Redaction Policy for this cluster. |
redaction_policy_enabled
|
true |
redaction_policy_enabled
|
false |
Enable Security Audit Logger | Enable security audit logger for HDFS and dependent services |
security_logger_enabled
|
true |
security_logger_enabled
|
false |
Cluster-Wide Default TLS/SSL Client Truststore Location | Path to the TLS/SSL client truststore file. Defines a cluster-wide default that can be overridden by individual services. This truststore must be in JKS format. The truststore contains certificates of trusted servers, or of Certificate Authorities trusted to identify servers. The contents of the truststore can be modified without restarting any roles. By default, changes to its contents are picked up within ten seconds. If not set, the default Java truststore is used to verify certificates. |
ssl.client.truststore.location
|
ssl_client_truststore_location
|
false | |
Cluster-Wide Default TLS/SSL Client Truststore Password | Password for the TLS/SSL client truststore. Defines a cluster-wide default that can be overridden by individual services. |
ssl.client.truststore.password
|
ssl_client_truststore_password
|
false | |
Hadoop TLS/SSL Server Keystore Key Password | Password that protects the private key contained in the server keystore used for encrypted shuffle and encrypted web UIs. Applies to all configurations of daemon roles of this service. |
ssl.server.keystore.keypassword
|
ssl_server_keystore_keypassword
|
false | |
Hadoop TLS/SSL Server Keystore File Location | Path to the keystore file containing the server certificate and private key used for encrypted shuffle and encrypted web UIs. Applies to configurations of all daemon roles of this service. |
ssl.server.keystore.location
|
ssl_server_keystore_location
|
false | |
Hadoop TLS/SSL Server Keystore File Password | Password for the server keystore file used for encrypted shuffle and encrypted web UIs. Applies to configurations of all daemon roles of this service. |
ssl.server.keystore.password
|
ssl_server_keystore_password
|
false | |
SSL/TLS Cipher Suite | The SSL/TLS cipher suites to use. "Modern 2018" is a modern set of cipher suites as of 2018, according to the Mozilla server-side TLS recommendations. These cipher suites use strong cryptography and are preferred unless interaction with older clients is required. These modern cipher suites are compatible with Firefox 27, Chrome 22, Internet Explorer 11, Opera 14, Safari 7, Android 4.4, and Java 8. "Intermediate 2018" is an intermediate set of cipher suites as of 2018, according to the Mozilla server-side TLS recommendations. Select the Intermediate 2018 cipher suites if you require compatibility with a wider range of clients, legacy browsers, or older Linux tools. |
ssl.server.exclude.cipher.list
|
modern2018 |
tls_ciphers
|
false |
Trusted Kerberos Realms | List of Kerberos realms that Hadoop services should trust. If empty, defaults to the default_realm property configured in the krb5.conf file. After changing this value and restarting the service, all services depending on this service must also be restarted. Adds mapping rules for each domain to the hadoop.security.auth_to_local property in core-site.xml. |
trusted_realms
|
false |
Suppressions
Display Name | Description | Property Name | Default Value | API Name | Required |
---|---|---|---|---|---|
Suppress Configuration Validator: CDH Version Validator | Whether to suppress configuration warnings produced by the CDH Version Validator configuration validator. | false |
role_config_suppression_cdh_version_validator
|
true | |
Suppress Configuration Validator: Deploy Directory | Whether to suppress configuration warnings produced by the Deploy Directory configuration validator. | false |
role_config_suppression_client_config_root_dir
|
true | |
Suppress Configuration Validator: Core Configuration Client Environment Advanced Configuration Snippet (Safety Valve) for hadoop-env.sh | Whether to suppress configuration warnings produced by the Core Configuration Client Environment Advanced Configuration Snippet (Safety Valve) for hadoop-env.sh configuration validator. | false |
role_config_suppression_core_client_env_safety_valve
|
true | |
Suppress Configuration Validator: Client Java Configuration Options | Whether to suppress configuration warnings produced by the Client Java Configuration Options configuration validator. | false |
role_config_suppression_core_client_java_opts
|
true | |
Suppress Configuration Validator: Gateway Logging Advanced Configuration Snippet (Safety Valve) | Whether to suppress configuration warnings produced by the Gateway Logging Advanced Configuration Snippet (Safety Valve) configuration validator. | false |
role_config_suppression_log4j_safety_valve
|
true | |
Suppress Configuration Validator: Heap Dump Directory | Whether to suppress configuration warnings produced by the Heap Dump Directory configuration validator. | false |
role_config_suppression_oom_heap_dump_dir
|
true | |
Suppress Configuration Validator: Custom Control Group Resources (overrides Cgroup settings) | Whether to suppress configuration warnings produced by the Custom Control Group Resources (overrides Cgroup settings) configuration validator. | false |
role_config_suppression_rm_custom_resources
|
true | |
Suppress Configuration Validator: Stacks Collection Directory | Whether to suppress configuration warnings produced by the Stacks Collection Directory configuration validator. | false |
role_config_suppression_stacks_collection_directory
|
true | |
Suppress Configuration Validator: Balancer Log Directory | Whether to suppress configuration warnings produced by the Balancer Log Directory configuration validator. | false |
role_config_suppression_storageoperations_log_dir
|
true | |
Suppress Configuration Validator: Storage Operations Environment Advanced Configuration Snippet (Safety Valve) | Whether to suppress configuration warnings produced by the Storage Operations Environment Advanced Configuration Snippet (Safety Valve) configuration validator. | false |
role_config_suppression_storageoperations_role_env_safety_valve
|
true | |
Suppress Parameter Validation: Default Filesystem | Whether to suppress configuration warnings produced by the built-in parameter validation for the Default Filesystem parameter. | false |
service_config_suppression_core_defaultfs
|
true | |
Suppress Parameter Validation: Core Configuration Service Environment Advanced Configuration Snippet (Safety Valve) | Whether to suppress configuration warnings produced by the built-in parameter validation for the Core Configuration Service Environment Advanced Configuration Snippet (Safety Valve) parameter. | false |
service_config_suppression_core_settings_service_env_safety_valve
|
true | |
Suppress Parameter Validation: Cluster-wide Advanced Configuration Snippet (Safety Valve) for core-site.xml | Whether to suppress configuration warnings produced by the built-in parameter validation for the Cluster-wide Advanced Configuration Snippet (Safety Valve) for core-site.xml parameter. | false |
service_config_suppression_core_site_safety_valve
|
true | |
Suppress Parameter Validation: Additional Rules to Map Kerberos Principals to Short Names | Whether to suppress configuration warnings produced by the built-in parameter validation for the Additional Rules to Map Kerberos Principals to Short Names parameter. | false |
service_config_suppression_extra_auth_to_local_rules
|
true | |
Suppress Configuration Validator: Gateway Count Validator | Whether to suppress configuration warnings produced by the Gateway Count Validator configuration validator. | false |
service_config_suppression_gateway_count_validator
|
true | |
Suppress Parameter Validation: Authorized Admin Groups | Whether to suppress configuration warnings produced by the built-in parameter validation for the Authorized Admin Groups parameter. | false |
service_config_suppression_hadoop_authorized_admin_groups
|
true | |
Suppress Parameter Validation: Authorized Admin Users | Whether to suppress configuration warnings produced by the built-in parameter validation for the Authorized Admin Users parameter. | false |
service_config_suppression_hadoop_authorized_admin_users
|
true | |
Suppress Parameter Validation: Authorized Groups | Whether to suppress configuration warnings produced by the built-in parameter validation for the Authorized Groups parameter. | false |
service_config_suppression_hadoop_authorized_groups
|
true | |
Suppress Parameter Validation: Authorized Users | Whether to suppress configuration warnings produced by the built-in parameter validation for the Authorized Users parameter. | false |
service_config_suppression_hadoop_authorized_users
|
true | |
Suppress Parameter Validation: Hadoop User Group Mapping Search Base | Whether to suppress configuration warnings produced by the built-in parameter validation for the Hadoop User Group Mapping Search Base parameter. | false |
service_config_suppression_hadoop_group_mapping_ldap_base
|
true | |
Suppress Parameter Validation: Hadoop User Group Mapping LDAP Bind User Password | Whether to suppress configuration warnings produced by the built-in parameter validation for the Hadoop User Group Mapping LDAP Bind User Password parameter. | false |
service_config_suppression_hadoop_group_mapping_ldap_bind_passwd
|
true | |
Suppress Parameter Validation: Hadoop User Group Mapping LDAP Bind User Distinguished Name | Whether to suppress configuration warnings produced by the built-in parameter validation for the Hadoop User Group Mapping LDAP Bind User Distinguished Name parameter. | false |
service_config_suppression_hadoop_group_mapping_ldap_bind_user
|
true | |
Suppress Parameter Validation: Hadoop User Group Mapping LDAP Group Search Filter | Whether to suppress configuration warnings produced by the built-in parameter validation for the Hadoop User Group Mapping LDAP Group Search Filter parameter. | false |
service_config_suppression_hadoop_group_mapping_ldap_group_filter
|
true | |
Suppress Parameter Validation: Hadoop User Group Mapping LDAP Group Name Attribute | Whether to suppress configuration warnings produced by the built-in parameter validation for the Hadoop User Group Mapping LDAP Group Name Attribute parameter. | false |
service_config_suppression_hadoop_group_mapping_ldap_group_name_attr
|
true | |
Suppress Parameter Validation: Hadoop User Group Mapping LDAP TLS/SSL Truststore | Whether to suppress configuration warnings produced by the built-in parameter validation for the Hadoop User Group Mapping LDAP TLS/SSL Truststore parameter. | false |
service_config_suppression_hadoop_group_mapping_ldap_keystore
|
true | |
Suppress Parameter Validation: Hadoop User Group Mapping LDAP TLS/SSL Truststore Password | Whether to suppress configuration warnings produced by the built-in parameter validation for the Hadoop User Group Mapping LDAP TLS/SSL Truststore Password parameter. | false |
service_config_suppression_hadoop_group_mapping_ldap_keystore_passwd
|
true | |
Suppress Parameter Validation: Hadoop User Group Mapping LDAP Group Membership Attribute | Whether to suppress configuration warnings produced by the built-in parameter validation for the Hadoop User Group Mapping LDAP Group Membership Attribute parameter. | false |
service_config_suppression_hadoop_group_mapping_ldap_member_attr
|
true | |
Suppress Parameter Validation: Hadoop User Group Mapping LDAP URL | Whether to suppress configuration warnings produced by the built-in parameter validation for the Hadoop User Group Mapping LDAP URL parameter. | false |
service_config_suppression_hadoop_group_mapping_ldap_url
|
true | |
Suppress Parameter Validation: Hadoop User Group Mapping LDAP User Search Filter | Whether to suppress configuration warnings produced by the built-in parameter validation for the Hadoop User Group Mapping LDAP User Search Filter parameter. | false |
service_config_suppression_hadoop_group_mapping_ldap_user_filter
|
true | |
Suppress Parameter Validation: Hadoop HTTP Authentication Cookie Domain | Whether to suppress configuration warnings produced by the built-in parameter validation for the Hadoop HTTP Authentication Cookie Domain parameter. | false |
service_config_suppression_hadoop_http_auth_cookie_domain
|
true | |
Suppress Parameter Validation: HDFS Service Advanced Configuration Snippet (Safety Valve) for hadoop-policy.xml | Whether to suppress configuration warnings produced by the built-in parameter validation for the HDFS Service Advanced Configuration Snippet (Safety Valve) for hadoop-policy.xml parameter. | false |
service_config_suppression_hadoop_policy_config_safety_valve
|
true | |
Suppress Parameter Validation: HDFS Proxy User Groups | Whether to suppress configuration warnings produced by the built-in parameter validation for the HDFS Proxy User Groups parameter. | false |
service_config_suppression_hdfs_proxy_user_groups_list
|
true | |
Suppress Parameter Validation: HDFS Proxy User Hosts | Whether to suppress configuration warnings produced by the built-in parameter validation for the HDFS Proxy User Hosts parameter. | false |
service_config_suppression_hdfs_proxy_user_hosts_list
|
true | |
Suppress Parameter Validation: HDFS Advanced Configuration Snippet (Safety Valve) for ssl-client.xml | Whether to suppress configuration warnings produced by the built-in parameter validation for the HDFS Advanced Configuration Snippet (Safety Valve) for ssl-client.xml parameter. | false |
service_config_suppression_hdfs_ssl_client_safety_valve
|
true | |
Suppress Parameter Validation: HDFS Service Advanced Configuration Snippet (Safety Valve) for ssl-server.xml | Whether to suppress configuration warnings produced by the built-in parameter validation for the HDFS Service Advanced Configuration Snippet (Safety Valve) for ssl-server.xml parameter. | false |
service_config_suppression_hdfs_ssl_server_safety_valve
|
true | |
Suppress Parameter Validation: Hive Proxy User Groups | Whether to suppress configuration warnings produced by the built-in parameter validation for the Hive Proxy User Groups parameter. | false |
service_config_suppression_hive_proxy_user_groups_list
|
true | |
Suppress Parameter Validation: Hive Proxy User Hosts | Whether to suppress configuration warnings produced by the built-in parameter validation for the Hive Proxy User Hosts parameter. | false |
service_config_suppression_hive_proxy_user_hosts_list
|
true | |
Suppress Parameter Validation: HTTP Proxy User Groups | Whether to suppress configuration warnings produced by the built-in parameter validation for the HTTP Proxy User Groups parameter. | false |
service_config_suppression_http_proxy_user_groups_list
|
true | |
Suppress Parameter Validation: HTTP Proxy User Hosts | Whether to suppress configuration warnings produced by the built-in parameter validation for the HTTP Proxy User Hosts parameter. | false |
service_config_suppression_http_proxy_user_hosts_list
|
true | |
Suppress Parameter Validation: HttpFS Proxy User Groups | Whether to suppress configuration warnings produced by the built-in parameter validation for the HttpFS Proxy User Groups parameter. | false |
service_config_suppression_httpfs_proxy_user_groups_list
|
true | |
Suppress Parameter Validation: HttpFS Proxy User Hosts | Whether to suppress configuration warnings produced by the built-in parameter validation for the HttpFS Proxy User Hosts parameter. | false |
service_config_suppression_httpfs_proxy_user_hosts_list
|
true | |
Suppress Parameter Validation: Hue Proxy User Groups | Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Proxy User Groups parameter. | false |
service_config_suppression_hue_proxy_user_groups_list
|
true | |
Suppress Parameter Validation: Hue Proxy User Hosts | Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Proxy User Hosts parameter. | false |
service_config_suppression_hue_proxy_user_hosts_list
|
true | |
Suppress Parameter Validation: Impala Proxy User Groups | Whether to suppress configuration warnings produced by the built-in parameter validation for the Impala Proxy User Groups parameter. | false |
service_config_suppression_impala_proxy_user_groups_list
|
true | |
Suppress Parameter Validation: Impala Proxy User Hosts | Whether to suppress configuration warnings produced by the built-in parameter validation for the Impala Proxy User Hosts parameter. | false |
service_config_suppression_impala_proxy_user_hosts_list
|
true | |
Suppress Parameter Validation: Kerberos Principal | Whether to suppress configuration warnings produced by the built-in parameter validation for the Kerberos Principal parameter. | false |
service_config_suppression_kerberos_princ_name
|
true | |
Suppress Parameter Validation: Knox Proxy User Groups | Whether to suppress configuration warnings produced by the built-in parameter validation for the Knox Proxy User Groups parameter. | false |
service_config_suppression_knox_proxy_user_groups_list
|
true | |
Suppress Parameter Validation: Knox Proxy User Hosts | Whether to suppress configuration warnings produced by the built-in parameter validation for the Knox Proxy User Hosts parameter. | false |
service_config_suppression_knox_proxy_user_hosts_list
|
true | |
Suppress Parameter Validation: Livy Proxy User Groups | Whether to suppress configuration warnings produced by the built-in parameter validation for the Livy Proxy User Groups parameter. | false |
service_config_suppression_livy_proxy_user_groups_list
|
true | |
Suppress Parameter Validation: Livy Proxy User Hosts | Whether to suppress configuration warnings produced by the built-in parameter validation for the Livy Proxy User Hosts parameter. | false |
service_config_suppression_livy_proxy_user_hosts_list
|
true | |
Suppress Parameter Validation: Oozie Proxy User Groups | Whether to suppress configuration warnings produced by the built-in parameter validation for the Oozie Proxy User Groups parameter. | false |
service_config_suppression_oozie_proxy_user_groups_list
|
true | |
Suppress Parameter Validation: Oozie Proxy User Hosts | Whether to suppress configuration warnings produced by the built-in parameter validation for the Oozie Proxy User Hosts parameter. | false |
service_config_suppression_oozie_proxy_user_hosts_list
|
true | |
Suppress Parameter Validation: Phoenix Proxy User Groups | Whether to suppress configuration warnings produced by the built-in parameter validation for the Phoenix Proxy User Groups parameter. | false |
service_config_suppression_phoenix_proxy_user_groups_list
|
true | |
Suppress Parameter Validation: Phoenix Proxy User Hosts | Whether to suppress configuration warnings produced by the built-in parameter validation for the Phoenix Proxy User Hosts parameter. | false |
service_config_suppression_phoenix_proxy_user_hosts_list
|
true | |
Suppress Parameter Validation: System Group | Whether to suppress configuration warnings produced by the built-in parameter validation for the System Group parameter. | false |
service_config_suppression_process_groupname
|
true | |
Suppress Parameter Validation: System User | Whether to suppress configuration warnings produced by the built-in parameter validation for the System User parameter. | false |
service_config_suppression_process_username
|
true | |
Suppress Parameter Validation: Log and Query Redaction Policy | Whether to suppress configuration warnings produced by the built-in parameter validation for the Log and Query Redaction Policy parameter. | false |
service_config_suppression_redaction_policy
|
true | |
Suppress Parameter Validation: Service Triggers | Whether to suppress configuration warnings produced by the built-in parameter validation for the Service Triggers parameter. | false |
service_config_suppression_service_triggers
|
true | |
Suppress Parameter Validation: Service Monitor Derived Configs Advanced Configuration Snippet (Safety Valve) | Whether to suppress configuration warnings produced by the built-in parameter validation for the Service Monitor Derived Configs Advanced Configuration Snippet (Safety Valve) parameter. | false |
service_config_suppression_smon_derived_configs_safety_valve
|
true | |
Suppress Parameter Validation: Service Monitor Proxy User Groups | Whether to suppress configuration warnings produced by the built-in parameter validation for the Service Monitor Proxy User Groups parameter. | false |
service_config_suppression_smon_proxy_user_groups_list
|
true | |
Suppress Parameter Validation: Service Monitor Proxy User Hosts | Whether to suppress configuration warnings produced by the built-in parameter validation for the Service Monitor Proxy User Hosts parameter. | false |
service_config_suppression_smon_proxy_user_hosts_list
|
true | |
Suppress Parameter Validation: Cluster-Wide Default TLS/SSL Client Truststore Location | Whether to suppress configuration warnings produced by the built-in parameter validation for the Cluster-Wide Default TLS/SSL Client Truststore Location parameter. | false |
service_config_suppression_ssl_client_truststore_location
|
true | |
Suppress Parameter Validation: Cluster-Wide Default TLS/SSL Client Truststore Password | Whether to suppress configuration warnings produced by the built-in parameter validation for the Cluster-Wide Default TLS/SSL Client Truststore Password parameter. | false |
service_config_suppression_ssl_client_truststore_password
|
true | |
Suppress Parameter Validation: Hadoop TLS/SSL Server Keystore Key Password | Whether to suppress configuration warnings produced by the built-in parameter validation for the Hadoop TLS/SSL Server Keystore Key Password parameter. | false |
service_config_suppression_ssl_server_keystore_keypassword
|
true | |
Suppress Parameter Validation: Hadoop TLS/SSL Server Keystore File Location | Whether to suppress configuration warnings produced by the built-in parameter validation for the Hadoop TLS/SSL Server Keystore File Location parameter. | false |
service_config_suppression_ssl_server_keystore_location
|
true | |
Suppress Parameter Validation: Hadoop TLS/SSL Server Keystore File Password | Whether to suppress configuration warnings produced by the built-in parameter validation for the Hadoop TLS/SSL Server Keystore File Password parameter. | false |
service_config_suppression_ssl_server_keystore_password
|
true | |
Suppress Configuration Validator: Storage Operations Count Validator | Whether to suppress configuration warnings produced by the Storage Operations Count Validator configuration validator. | false |
service_config_suppression_storageoperations_count_validator
|
true | |
Suppress Parameter Validation: Telemetry Publisher Proxy User Groups | Whether to suppress configuration warnings produced by the built-in parameter validation for the Telemetry Publisher Proxy User Groups parameter. | false |
service_config_suppression_telepub_proxy_user_groups_list
|
true | |
Suppress Parameter Validation: Telemetry Publisher Proxy User Hosts | Whether to suppress configuration warnings produced by the built-in parameter validation for the Telemetry Publisher Proxy User Hosts parameter. | false |
service_config_suppression_telepub_proxy_user_hosts_list
|
true | |
Suppress Parameter Validation: Trusted Kerberos Realms | Whether to suppress configuration warnings produced by the built-in parameter validation for the Trusted Kerberos Realms parameter. | false |
service_config_suppression_trusted_realms
|
true | |
Suppress Parameter Validation: YARN Proxy User Groups | Whether to suppress configuration warnings produced by the built-in parameter validation for the YARN Proxy User Groups parameter. | false |
service_config_suppression_yarn_proxy_user_groups_list
|
true | |
Suppress Parameter Validation: YARN Proxy User Hosts | Whether to suppress configuration warnings produced by the built-in parameter validation for the YARN Proxy User Hosts parameter. | false |
service_config_suppression_yarn_proxy_user_hosts_list
|
true |
Storage Operations
Categories:
Advanced
Display Name | Description | Property Name | Default Value | API Name | Required |
---|---|---|---|---|---|
Deploy Directory | The directory where the client configs will be deployed | /etc/hadoop |
client_config_root_dir
|
true | |
Core Configuration Client Environment Advanced Configuration Snippet (Safety Valve) for hadoop-env.sh | For advanced use only, key-value pairs (one on each line) to be inserted into the client configuration for hadoop-env.sh |
core_client_env_safety_valve
|
false | ||
Client Java Configuration Options | These are Java command-line arguments. Commonly, garbage collection flags, PermGen, or extra debugging flags would be passed here. | -Djava.net.preferIPv4Stack=true |
core_client_java_opts
|
false | |
Storage Operations Logging Advanced Configuration Snippet (Safety Valve) | For advanced use only, a string to be inserted into log4j.properties for this role only. |
log4j_safety_valve
|
false | ||
Heap Dump Directory | Path to directory where heap dumps are generated when java.lang.OutOfMemoryError error is thrown. This directory is automatically created if it does not exist. If this directory already exists, role user must have write access to this directory. If this directory is shared among multiple roles, it should have 1777 permissions. The heap dump files are created with 600 permissions and are owned by the role user. The amount of free space in this directory should be greater than the maximum Java Process heap size configured for this role. |
oom_heap_dump_dir
|
/tmp |
oom_heap_dump_dir
|
false |
Dump Heap When Out of Memory | When set, generates heap dump file when java.lang.OutOfMemoryError is thrown. | true |
oom_heap_dump_enabled
|
true | |
Kill When Out of Memory | When set, a SIGKILL signal is sent to the role process when java.lang.OutOfMemoryError is thrown. | true |
oom_sigkill_enabled
|
true | |
Automatically Restart Process | When set, this role's process is automatically (and transparently) restarted in the event of an unexpected failure. This configuration applies in the time after the Start Wait Timeout period. | false |
process_auto_restart
|
true | |
Enable Metric Collection | Cloudera Manager agent monitors each service and each of its role by publishing metrics to the Cloudera Manager Service Monitor. Setting it to false will stop Cloudera Manager agent from publishing any metric for corresponding service/roles. This is usually helpful for services that generate large amount of metrics which Service Monitor is not able to process. | true |
process_should_monitor
|
true | |
Process Start Retry Attempts | Number of times to try starting a role's process when the process exits before the Start Wait Timeout period. After a process is running beyond the Start Wait Timeout, the retry count is reset. Setting this configuration to zero will prevent restart of the process during the Start Wait Timeout period. | 3 |
process_start_retries
|
false | |
Process Start Wait Timeout | The time in seconds to wait for a role's process to start successfully on a host. Processes which exit/crash before this time will be restarted until reaching the limit specified by the Start Retry Attempts count parameter. Setting this configuration to zero will turn off this feature. | 20 |
process_start_secs
|
false | |
Storage Operations Environment Advanced Configuration Snippet (Safety Valve) | For advanced use only, key-value pairs (one on each line) to be inserted into a role's environment. Applies to configurations of this role except client configuration. |
STORAGEOPERATIONS_role_env_safety_valve
|
false |
Logs
Display Name | Description | Property Name | Default Value | API Name | Required |
---|---|---|---|---|---|
Storage Operations Logging Threshold | The minimum log level for Storage Operations logs | INFO |
log_threshold
|
false | |
Storage Operations Maximum Log File Backups | The maximum number of rolled log files to keep for Storage Operations logs. Typically used by log4j or logback. | 10 |
max_log_backup_index
|
false | |
Storage Operations Max Log Size | The maximum size, in megabytes, per log file for Storage Operations logs. Typically used by log4j or logback. | 200 MiB |
max_log_size
|
false | |
Balancer Log Directory | Directory where Balancer will place its log files. |
hadoop.log.dir
|
/var/log/ |
storageoperations_log_dir
|
false |
Monitoring
Display Name | Description | Property Name | Default Value | API Name | Required |
---|---|---|---|---|---|
Enable Configuration Change Alerts | When set, Cloudera Manager will send alerts when this entity's configuration changes. | false |
enable_config_alerts
|
false | |
Metric Filter | Defines a Metric Filter for this role. Cloudera Manager Agents will not send filtered metrics to the Service Monitor. Define the following fields:
jvm_heap_used_mb metric:
{
"includeHealthTestMetricSet": true,
"filterType": "whitelist",
"metrics": ["jvm_heap_used_mb"]
} |
monitoring_metric_filter
|
false |
Other
Display Name | Description | Property Name | Default Value | API Name | Required |
---|---|---|---|---|---|
Alternatives Priority | The priority level that the client configuration will have in the Alternatives system on the hosts. Higher priority levels will cause Alternatives to prefer this configuration over any others. | 90 |
client_config_priority
|
true |
Performance
Display Name | Description | Property Name | Default Value | API Name | Required |
---|---|---|---|---|---|
Maximum Process File Descriptors | If configured, overrides the process soft and hard rlimits (also called ulimits) for file descriptors to the configured value. |
rlimit_fds
|
false |
Resource Management
Display Name | Description | Property Name | Default Value | API Name | Required |
---|---|---|---|---|---|
Client Java Heap Size in Bytes | Maximum size in bytes for the Java process heap memory. Passed to Java -Xmx. | 256 MiB |
core_client_java_heapsize
|
false | |
Cgroup CPU Shares | Number of CPU shares to assign to this role. The greater the number of shares, the larger the share of the host's CPUs that will be given to this role when the host experiences CPU contention. Must be between 2 and 262144. Defaults to 1024 for processes not managed by Cloudera Manager. |
cpu.shares
|
1024 |
rm_cpu_shares
|
true |
Custom Control Group Resources (overrides Cgroup settings) | Custom control group resources to assign to this role, which will be enforced by the Linux kernel. These resources should exist on the target hosts, otherwise an error will occur when the process starts. Use the same format as used for arguments to the cgexec command: resource1,resource2:path1 or resource3:path2 For example: 'cpu,memory:my/path blkio:my2/path2' ***These settings override other cgroup settings.*** |
custom.cgroups
|
rm_custom_resources
|
false | |
Cgroup I/O Weight | Weight for the read I/O requests issued by this role. The greater the weight, the higher the priority of the requests when the host experiences I/O contention. Must be between 100 and 1000. Defaults to 1000 for processes not managed by Cloudera Manager. |
blkio.weight
|
500 |
rm_io_weight
|
true |
Cgroup Memory Hard Limit | Hard memory limit to assign to this role, enforced by the Linux kernel. When the limit is reached, the kernel will reclaim pages charged to the process. If reclaiming fails, the kernel may kill the process. Both anonymous as well as page cache pages contribute to the limit. Use a value of -1 to specify no limit. By default processes not managed by Cloudera Manager will have no limit. If the value is -1, Cloudera Manager will not monitor Cgroup memory usage therefore some of the charts will show 'No Data' |
memory.limit_in_bytes
|
-1 MiB |
rm_memory_hard_limit
|
true |
Cgroup Memory Soft Limit | Soft memory limit to assign to this role, enforced by the Linux kernel. When the limit is reached, the kernel will reclaim pages charged to the process if and only if the host is facing memory pressure. If reclaiming fails, the kernel may kill the process. Both anonymous as well as page cache pages contribute to the limit. Use a value of -1 to specify no limit. By default processes not managed by Cloudera Manager will have no limit. If the value is -1, Cloudera Manager will not monitor Cgroup memory usage therefore some of the charts will show 'No Data' |
memory.soft_limit_in_bytes
|
-1 MiB |
rm_memory_soft_limit
|
true |
Stacks Collection
Display Name | Description | Property Name | Default Value | API Name | Required |
---|---|---|---|---|---|
Stacks Collection Data Retention | The amount of stacks data that is retained. After the retention limit is reached, the oldest data is deleted. |
stacks_collection_data_retention
|
100 MiB |
stacks_collection_data_retention
|
false |
Stacks Collection Directory | The directory in which stacks logs are placed. If not set, stacks are logged into a stacks subdirectory of the role's log directory. |
stacks_collection_directory
|
stacks_collection_directory
|
false | |
Stacks Collection Enabled | Whether or not periodic stacks collection is enabled. |
stacks_collection_enabled
|
false |
stacks_collection_enabled
|
true |
Stacks Collection Frequency | The frequency with which stacks are collected. |
stacks_collection_frequency
|
5.0 second(s) |
stacks_collection_frequency
|
false |
Stacks Collection Method | The method used to collect stacks. The jstack option involves periodically running the jstack command against the role's daemon process. The servlet method is available for those roles that have an HTTP server endpoint exposing the current stacks traces of all threads. When the servlet method is selected, that HTTP endpoint is periodically scraped. |
stacks_collection_method
|
jstack |
stacks_collection_method
|
false |
Suppressions
Display Name | Description | Property Name | Default Value | API Name | Required |
---|---|---|---|---|---|
Suppress Configuration Validator: CDH Version Validator | Whether to suppress configuration warnings produced by the CDH Version Validator configuration validator. | false |
role_config_suppression_cdh_version_validator
|
true | |
Suppress Parameter Validation: Deploy Directory | Whether to suppress configuration warnings produced by the built-in parameter validation for the Deploy Directory parameter. | false |
role_config_suppression_client_config_root_dir
|
true | |
Suppress Parameter Validation: Core Configuration Client Environment Advanced Configuration Snippet (Safety Valve) for hadoop-env.sh | Whether to suppress configuration warnings produced by the built-in parameter validation for the Core Configuration Client Environment Advanced Configuration Snippet (Safety Valve) for hadoop-env.sh parameter. | false |
role_config_suppression_core_client_env_safety_valve
|
true | |
Suppress Parameter Validation: Client Java Configuration Options | Whether to suppress configuration warnings produced by the built-in parameter validation for the Client Java Configuration Options parameter. | false |
role_config_suppression_core_client_java_opts
|
true | |
Suppress Parameter Validation: Storage Operations Logging Advanced Configuration Snippet (Safety Valve) | Whether to suppress configuration warnings produced by the built-in parameter validation for the Storage Operations Logging Advanced Configuration Snippet (Safety Valve) parameter. | false |
role_config_suppression_log4j_safety_valve
|
true | |
Suppress Parameter Validation: Heap Dump Directory | Whether to suppress configuration warnings produced by the built-in parameter validation for the Heap Dump Directory parameter. | false |
role_config_suppression_oom_heap_dump_dir
|
true | |
Suppress Parameter Validation: Custom Control Group Resources (overrides Cgroup settings) | Whether to suppress configuration warnings produced by the built-in parameter validation for the Custom Control Group Resources (overrides Cgroup settings) parameter. | false |
role_config_suppression_rm_custom_resources
|
true | |
Suppress Parameter Validation: Stacks Collection Directory | Whether to suppress configuration warnings produced by the built-in parameter validation for the Stacks Collection Directory parameter. | false |
role_config_suppression_stacks_collection_directory
|
true | |
Suppress Parameter Validation: Balancer Log Directory | Whether to suppress configuration warnings produced by the built-in parameter validation for the Balancer Log Directory parameter. | false |
role_config_suppression_storageoperations_log_dir
|
true | |
Suppress Parameter Validation: Storage Operations Environment Advanced Configuration Snippet (Safety Valve) | Whether to suppress configuration warnings produced by the built-in parameter validation for the Storage Operations Environment Advanced Configuration Snippet (Safety Valve) parameter. | false |
role_config_suppression_storageoperations_role_env_safety_valve
|
true |