Key Trustee Server Properties in CDH 5.6.0

activedatabase

Advanced

Display Name Description Related Name Default Value API Name Required
Active Database Environment Advanced Configuration Snippet (Safety Valve) For advanced use only, key-value pairs (one on each line) to be inserted into a role's environment. Applies to configurations of this role except client configuration. DB_ACTIVE_role_env_safety_valve false
Automatically Restart Process When set, this role's process is automatically (and transparently) restarted in the event of an unexpected failure. false process_auto_restart true

Monitoring

Display Name Description Related Name Default Value API Name Required
Enable Configuration Change Alerts When set, Cloudera Manager will send alerts when this entity's configuration changes. false enable_config_alerts false

Other

Display Name Description Related Name Default Value API Name Required
Database Storage Directory Directory (local file system) where the Key Trustee Server database will be stored. db_root /var/lib/keytrustee/db db_root false

Performance

Display Name Description Related Name Default Value API Name Required
Maximum Process File Descriptors If configured, overrides the process soft and hard rlimits (also called ulimits) for file descriptors to the configured value. rlimit_fds false

Ports and Addresses

Display Name Description Related Name Default Value API Name Required
Key Trustee Server Database Port The Key Trustee Server database server port. db_port 11381 db_port true

Resource Management

Display Name Description Related Name Default Value API Name Required
Cgroup CPU Shares Number of CPU shares to assign to this role. The greater the number of shares, the larger the share of the host's CPUs that will be given to this role when the host experiences CPU contention. Must be between 2 and 262144. Defaults to 1024 for processes not managed by Cloudera Manager. cpu.shares 1024 rm_cpu_shares true
Cgroup I/O Weight Weight for the read I/O requests issued by this role. The greater the weight, the higher the priority of the requests when the host experiences I/O contention. Must be between 100 and 1000. Defaults to 1000 for processes not managed by Cloudera Manager. blkio.weight 500 rm_io_weight true
Cgroup Memory Hard Limit Hard memory limit to assign to this role, enforced by the Linux kernel. When the limit is reached, the kernel will reclaim pages charged to the process. If reclaiming fails, the kernel may kill the process. Both anonymous as well as page cache pages contribute to the limit. Use a value of -1 B to specify no limit. By default processes not managed by Cloudera Manager will have no limit. memory.limit_in_bytes -1 MiB rm_memory_hard_limit true
Cgroup Memory Soft Limit Soft memory limit to assign to this role, enforced by the Linux kernel. When the limit is reached, the kernel will reclaim pages charged to the process if and only if the host is facing memory pressure. If reclaiming fails, the kernel may kill the process. Both anonymous as well as page cache pages contribute to the limit. Use a value of -1 B to specify no limit. By default processes not managed by Cloudera Manager will have no limit. memory.soft_limit_in_bytes -1 MiB rm_memory_soft_limit true

Suppressions

Display Name Description Related Name Default Value API Name Required
Suppress Configuration Validator: CDH Version Validator Whether to suppress configuration warnings produced by the CDH Version Validator configuration validator. false role_config_suppression_cdh_version_validator true
Suppress Parameter Validation: Active Database Environment Advanced Configuration Snippet (Safety Valve) Whether to suppress configuration warnings produced by the built-in parameter validation for the Active Database Environment Advanced Configuration Snippet (Safety Valve) parameter. false role_config_suppression_db_active_role_env_safety_valve true
Suppress Parameter Validation: Database Storage Directory Whether to suppress configuration warnings produced by the built-in parameter validation for the Database Storage Directory parameter. false role_config_suppression_db_root true

activekeytrusteeserver

Advanced

Display Name Description Related Name Default Value API Name Required
Active Key Trustee Server Environment Advanced Configuration Snippet (Safety Valve) For advanced use only, key-value pairs (one on each line) to be inserted into a role's environment. Applies to configurations of this role except client configuration. KEYTRUSTEE_ACTIVE_SERVER_role_env_safety_valve false
Active Key Trustee Server XML Override For advanced use only, replace entire XML in the logback configuration file for Active Key Trustee Server, ignoring all logging configuration. logback_safety_valve logback_safety_valve false
Automatically Restart Process When set, this role's process is automatically (and transparently) restarted in the event of an unexpected failure. false process_auto_restart true
Active Key Trustee Server Advanced Configuration Snippet (Safety Valve) for ssl.properties For advanced use only. A string to be inserted into ssl.properties for this role only. ssl.properties_role_safety_valve false

Logs

Display Name Description Related Name Default Value API Name Required
Active Key Trustee Server Logging Threshold The minimum log level for Active Key Trustee Server logs INFO log_threshold false
Active Key Trustee Server Maximum Log File Backups The maximum number of rolled log files to keep for Active Key Trustee Server logs. Typically used by log4j or logback. 10 max_log_backup_index false
Active Key Trustee Server Max Log Size The maximum size, in megabytes, per log file for Active Key Trustee Server logs. Typically used by log4j or logback. 200 MiB max_log_size false

Monitoring

Display Name Description Related Name Default Value API Name Required
Enable Configuration Change Alerts When set, Cloudera Manager will send alerts when this entity's configuration changes. false enable_config_alerts false

Performance

Display Name Description Related Name Default Value API Name Required
Maximum Process File Descriptors If configured, overrides the process soft and hard rlimits (also called ulimits) for file descriptors to the configured value. rlimit_fds false

Ports and Addresses

Display Name Description Related Name Default Value API Name Required
Key Trustee Server Port The Key Trustee Server port number. keytrustee_port 11371 keytrustee_port true

Resource Management

Display Name Description Related Name Default Value API Name Required
Cgroup CPU Shares Number of CPU shares to assign to this role. The greater the number of shares, the larger the share of the host's CPUs that will be given to this role when the host experiences CPU contention. Must be between 2 and 262144. Defaults to 1024 for processes not managed by Cloudera Manager. cpu.shares 1024 rm_cpu_shares true
Cgroup I/O Weight Weight for the read I/O requests issued by this role. The greater the weight, the higher the priority of the requests when the host experiences I/O contention. Must be between 100 and 1000. Defaults to 1000 for processes not managed by Cloudera Manager. blkio.weight 500 rm_io_weight true
Cgroup Memory Hard Limit Hard memory limit to assign to this role, enforced by the Linux kernel. When the limit is reached, the kernel will reclaim pages charged to the process. If reclaiming fails, the kernel may kill the process. Both anonymous as well as page cache pages contribute to the limit. Use a value of -1 B to specify no limit. By default processes not managed by Cloudera Manager will have no limit. memory.limit_in_bytes -1 MiB rm_memory_hard_limit true
Cgroup Memory Soft Limit Soft memory limit to assign to this role, enforced by the Linux kernel. When the limit is reached, the kernel will reclaim pages charged to the process if and only if the host is facing memory pressure. If reclaiming fails, the kernel may kill the process. Both anonymous as well as page cache pages contribute to the limit. Use a value of -1 B to specify no limit. By default processes not managed by Cloudera Manager will have no limit. memory.soft_limit_in_bytes -1 MiB rm_memory_soft_limit true

Security

Display Name Description Related Name Default Value API Name Required
Active Key Trustee Server TLS/SSL Server CA Certificate (PEM Format) The path to the TLS/SSL file containing the certificate of the certificate authority (CA) and any intermediate certificates used to sign the server certificate. Used when Active Key Trustee Server is acting as a TLS/SSL server. The certificate file must be in PEM format. ssl.cacert.location ssl_server_ca_certificate_location false
Active Key Trustee Server TLS/SSL Server Certificate File (PEM Format) The path to the TLS/SSL file containing the server certificate key used for TLS/SSL. Used when Active Key Trustee Server is acting as a TLS/SSL server. The certificate file must be in PEM format. ssl.cert.location /var/lib/keytrustee/.keytrustee/.ssl/ssl-cert-keytrustee.pem ssl_server_certificate_location false
Active Key Trustee Server TLS/SSL Server Private Key File (PEM Format) The path to the TLS/SSL file containing the private key used for TLS/SSL. Used when Active Key Trustee Server is acting as a TLS/SSL server. The certificate file must be in PEM format. ssl.privatekey.location /var/lib/keytrustee/.keytrustee/.ssl/ssl-cert-keytrustee-pk.pem ssl_server_privatekey_location false
Active Key Trustee Server TLS/SSL Private Key Password The password for the private key in the Active Key Trustee Server TLS/SSL Server Certificate and Private Key file. If left blank, the private key is not protected by a password. ssl.privatekey.password ssl_server_privatekey_password false

Suppressions

Display Name Description Related Name Default Value API Name Required
Suppress Configuration Validator: CDH Version Validator Whether to suppress configuration warnings produced by the CDH Version Validator configuration validator. false role_config_suppression_cdh_version_validator true
Suppress Parameter Validation: Active Key Trustee Server Environment Advanced Configuration Snippet (Safety Valve) Whether to suppress configuration warnings produced by the built-in parameter validation for the Active Key Trustee Server Environment Advanced Configuration Snippet (Safety Valve) parameter. false role_config_suppression_keytrustee_active_server_role_env_safety_valve true
Suppress Parameter Validation: Active Key Trustee Server XML Override Whether to suppress configuration warnings produced by the built-in parameter validation for the Active Key Trustee Server XML Override parameter. false role_config_suppression_logback_safety_valve true
Suppress Parameter Validation: Active Key Trustee Server Advanced Configuration Snippet (Safety Valve) for ssl.properties Whether to suppress configuration warnings produced by the built-in parameter validation for the Active Key Trustee Server Advanced Configuration Snippet (Safety Valve) for ssl.properties parameter. false role_config_suppression_ssl.properties_role_safety_valve true
Suppress Parameter Validation: Active Key Trustee Server TLS/SSL Server CA Certificate (PEM Format) Whether to suppress configuration warnings produced by the built-in parameter validation for the Active Key Trustee Server TLS/SSL Server CA Certificate (PEM Format) parameter. false role_config_suppression_ssl_server_ca_certificate_location true
Suppress Parameter Validation: Active Key Trustee Server TLS/SSL Server Certificate File (PEM Format) Whether to suppress configuration warnings produced by the built-in parameter validation for the Active Key Trustee Server TLS/SSL Server Certificate File (PEM Format) parameter. false role_config_suppression_ssl_server_certificate_location true
Suppress Parameter Validation: Active Key Trustee Server TLS/SSL Server Private Key File (PEM Format) Whether to suppress configuration warnings produced by the built-in parameter validation for the Active Key Trustee Server TLS/SSL Server Private Key File (PEM Format) parameter. false role_config_suppression_ssl_server_privatekey_location true
Suppress Parameter Validation: Active Key Trustee Server TLS/SSL Private Key Password Whether to suppress configuration warnings produced by the built-in parameter validation for the Active Key Trustee Server TLS/SSL Private Key Password parameter. false role_config_suppression_ssl_server_privatekey_password true

passivedatabase

Advanced

Display Name Description Related Name Default Value API Name Required
Passive Database Environment Advanced Configuration Snippet (Safety Valve) For advanced use only, key-value pairs (one on each line) to be inserted into a role's environment. Applies to configurations of this role except client configuration. DB_PASSIVE_role_env_safety_valve false
Automatically Restart Process When set, this role's process is automatically (and transparently) restarted in the event of an unexpected failure. false process_auto_restart true

Monitoring

Display Name Description Related Name Default Value API Name Required
Enable Configuration Change Alerts When set, Cloudera Manager will send alerts when this entity's configuration changes. false enable_config_alerts false

Other

Display Name Description Related Name Default Value API Name Required
Database Storage Directory Directory (local file system) where the Key Trustee Server database will be stored. db_root /var/lib/keytrustee/db db_root false
Retry Attempts Number of times a connection attempt will be made before giving up. retry_attempts 30 retry_attempts true
Retry Timeout Number of secconds to wait between retries. retry_timeout 1 second(s) retry_timeout true

Performance

Display Name Description Related Name Default Value API Name Required
Maximum Process File Descriptors If configured, overrides the process soft and hard rlimits (also called ulimits) for file descriptors to the configured value. rlimit_fds false

Ports and Addresses

Display Name Description Related Name Default Value API Name Required
Key Trustee Server Database Port The Key Trustee Server database server port. db_port 11381 db_port true

Resource Management

Display Name Description Related Name Default Value API Name Required
Cgroup CPU Shares Number of CPU shares to assign to this role. The greater the number of shares, the larger the share of the host's CPUs that will be given to this role when the host experiences CPU contention. Must be between 2 and 262144. Defaults to 1024 for processes not managed by Cloudera Manager. cpu.shares 1024 rm_cpu_shares true
Cgroup I/O Weight Weight for the read I/O requests issued by this role. The greater the weight, the higher the priority of the requests when the host experiences I/O contention. Must be between 100 and 1000. Defaults to 1000 for processes not managed by Cloudera Manager. blkio.weight 500 rm_io_weight true
Cgroup Memory Hard Limit Hard memory limit to assign to this role, enforced by the Linux kernel. When the limit is reached, the kernel will reclaim pages charged to the process. If reclaiming fails, the kernel may kill the process. Both anonymous as well as page cache pages contribute to the limit. Use a value of -1 B to specify no limit. By default processes not managed by Cloudera Manager will have no limit. memory.limit_in_bytes -1 MiB rm_memory_hard_limit true
Cgroup Memory Soft Limit Soft memory limit to assign to this role, enforced by the Linux kernel. When the limit is reached, the kernel will reclaim pages charged to the process if and only if the host is facing memory pressure. If reclaiming fails, the kernel may kill the process. Both anonymous as well as page cache pages contribute to the limit. Use a value of -1 B to specify no limit. By default processes not managed by Cloudera Manager will have no limit. memory.soft_limit_in_bytes -1 MiB rm_memory_soft_limit true

Suppressions

Display Name Description Related Name Default Value API Name Required
Suppress Configuration Validator: CDH Version Validator Whether to suppress configuration warnings produced by the CDH Version Validator configuration validator. false role_config_suppression_cdh_version_validator true
Suppress Parameter Validation: Passive Database Environment Advanced Configuration Snippet (Safety Valve) Whether to suppress configuration warnings produced by the built-in parameter validation for the Passive Database Environment Advanced Configuration Snippet (Safety Valve) parameter. false role_config_suppression_db_passive_role_env_safety_valve true
Suppress Parameter Validation: Database Storage Directory Whether to suppress configuration warnings produced by the built-in parameter validation for the Database Storage Directory parameter. false role_config_suppression_db_root true
Suppress Parameter Validation: Retry Timeout Whether to suppress configuration warnings produced by the built-in parameter validation for the Retry Timeout parameter. false role_config_suppression_retry_timeout true

passivekeytrusteeserver

Advanced

Display Name Description Related Name Default Value API Name Required
Passive Key Trustee Server Environment Advanced Configuration Snippet (Safety Valve) For advanced use only, key-value pairs (one on each line) to be inserted into a role's environment. Applies to configurations of this role except client configuration. KEYTRUSTEE_PASSIVE_SERVER_role_env_safety_valve false
Passive Key Trustee Server XML Override For advanced use only, replace entire XML in the logback configuration file for Passive Key Trustee Server, ignoring all logging configuration. logback_safety_valve logback_safety_valve false
Automatically Restart Process When set, this role's process is automatically (and transparently) restarted in the event of an unexpected failure. false process_auto_restart true
Passive Key Trustee Server Advanced Configuration Snippet (Safety Valve) for ssl.properties For advanced use only. A string to be inserted into ssl.properties for this role only. ssl.properties_role_safety_valve false

Logs

Display Name Description Related Name Default Value API Name Required
Passive Key Trustee Server Logging Threshold The minimum log level for Passive Key Trustee Server logs INFO log_threshold false
Passive Key Trustee Server Maximum Log File Backups The maximum number of rolled log files to keep for Passive Key Trustee Server logs. Typically used by log4j or logback. 10 max_log_backup_index false
Passive Key Trustee Server Max Log Size The maximum size, in megabytes, per log file for Passive Key Trustee Server logs. Typically used by log4j or logback. 200 MiB max_log_size false

Monitoring

Display Name Description Related Name Default Value API Name Required
Enable Configuration Change Alerts When set, Cloudera Manager will send alerts when this entity's configuration changes. false enable_config_alerts false

Performance

Display Name Description Related Name Default Value API Name Required
Maximum Process File Descriptors If configured, overrides the process soft and hard rlimits (also called ulimits) for file descriptors to the configured value. rlimit_fds false

Ports and Addresses

Display Name Description Related Name Default Value API Name Required
Key Trustee Server Port The Key Trustee Server port number. keytrustee_port 11371 keytrustee_port true

Resource Management

Display Name Description Related Name Default Value API Name Required
Cgroup CPU Shares Number of CPU shares to assign to this role. The greater the number of shares, the larger the share of the host's CPUs that will be given to this role when the host experiences CPU contention. Must be between 2 and 262144. Defaults to 1024 for processes not managed by Cloudera Manager. cpu.shares 1024 rm_cpu_shares true
Cgroup I/O Weight Weight for the read I/O requests issued by this role. The greater the weight, the higher the priority of the requests when the host experiences I/O contention. Must be between 100 and 1000. Defaults to 1000 for processes not managed by Cloudera Manager. blkio.weight 500 rm_io_weight true
Cgroup Memory Hard Limit Hard memory limit to assign to this role, enforced by the Linux kernel. When the limit is reached, the kernel will reclaim pages charged to the process. If reclaiming fails, the kernel may kill the process. Both anonymous as well as page cache pages contribute to the limit. Use a value of -1 B to specify no limit. By default processes not managed by Cloudera Manager will have no limit. memory.limit_in_bytes -1 MiB rm_memory_hard_limit true
Cgroup Memory Soft Limit Soft memory limit to assign to this role, enforced by the Linux kernel. When the limit is reached, the kernel will reclaim pages charged to the process if and only if the host is facing memory pressure. If reclaiming fails, the kernel may kill the process. Both anonymous as well as page cache pages contribute to the limit. Use a value of -1 B to specify no limit. By default processes not managed by Cloudera Manager will have no limit. memory.soft_limit_in_bytes -1 MiB rm_memory_soft_limit true

Security

Display Name Description Related Name Default Value API Name Required
Passive Key Trustee Server TLS/SSL Server CA Certificate (PEM Format) The path to the TLS/SSL file containing the certificate of the certificate authority (CA) and any intermediate certificates used to sign the server certificate. Used when Passive Key Trustee Server is acting as a TLS/SSL server. The certificate file must be in PEM format. ssl.cacert.location ssl_server_ca_certificate_location false
Passive Key Trustee Server TLS/SSL Server Certificate File (PEM Format) The path to the TLS/SSL file containing the server certificate key used for TLS/SSL. Used when Passive Key Trustee Server is acting as a TLS/SSL server. The certificate file must be in PEM format. ssl.cert.location /var/lib/keytrustee/.keytrustee/.ssl/ssl-cert-keytrustee.pem ssl_server_certificate_location false
Passive Key Trustee Server TLS/SSL Server Private Key File (PEM Format) The path to the TLS/SSL file containing the private key used for TLS/SSL. Used when Passive Key Trustee Server is acting as a TLS/SSL server. The certificate file must be in PEM format. ssl.privatekey.location /var/lib/keytrustee/.keytrustee/.ssl/ssl-cert-keytrustee-pk.pem ssl_server_privatekey_location false
Passive Key Trustee Server TLS/SSL Private Key Password The password for the private key in the Passive Key Trustee Server TLS/SSL Server Certificate and Private Key file. If left blank, the private key is not protected by a password. ssl.privatekey.password ssl_server_privatekey_password false

Suppressions

Display Name Description Related Name Default Value API Name Required
Suppress Configuration Validator: CDH Version Validator Whether to suppress configuration warnings produced by the CDH Version Validator configuration validator. false role_config_suppression_cdh_version_validator true
Suppress Parameter Validation: Passive Key Trustee Server Environment Advanced Configuration Snippet (Safety Valve) Whether to suppress configuration warnings produced by the built-in parameter validation for the Passive Key Trustee Server Environment Advanced Configuration Snippet (Safety Valve) parameter. false role_config_suppression_keytrustee_passive_server_role_env_safety_valve true
Suppress Parameter Validation: Passive Key Trustee Server XML Override Whether to suppress configuration warnings produced by the built-in parameter validation for the Passive Key Trustee Server XML Override parameter. false role_config_suppression_logback_safety_valve true
Suppress Parameter Validation: Passive Key Trustee Server Advanced Configuration Snippet (Safety Valve) for ssl.properties Whether to suppress configuration warnings produced by the built-in parameter validation for the Passive Key Trustee Server Advanced Configuration Snippet (Safety Valve) for ssl.properties parameter. false role_config_suppression_ssl.properties_role_safety_valve true
Suppress Parameter Validation: Passive Key Trustee Server TLS/SSL Server CA Certificate (PEM Format) Whether to suppress configuration warnings produced by the built-in parameter validation for the Passive Key Trustee Server TLS/SSL Server CA Certificate (PEM Format) parameter. false role_config_suppression_ssl_server_ca_certificate_location true
Suppress Parameter Validation: Passive Key Trustee Server TLS/SSL Server Certificate File (PEM Format) Whether to suppress configuration warnings produced by the built-in parameter validation for the Passive Key Trustee Server TLS/SSL Server Certificate File (PEM Format) parameter. false role_config_suppression_ssl_server_certificate_location true
Suppress Parameter Validation: Passive Key Trustee Server TLS/SSL Server Private Key File (PEM Format) Whether to suppress configuration warnings produced by the built-in parameter validation for the Passive Key Trustee Server TLS/SSL Server Private Key File (PEM Format) parameter. false role_config_suppression_ssl_server_privatekey_location true
Suppress Parameter Validation: Passive Key Trustee Server TLS/SSL Private Key Password Whether to suppress configuration warnings produced by the built-in parameter validation for the Passive Key Trustee Server TLS/SSL Private Key Password parameter. false role_config_suppression_ssl_server_privatekey_password true

service_wide

Advanced

Display Name Description Related Name Default Value API Name Required
Key Trustee Server Service Environment Advanced Configuration Snippet (Safety Valve) For advanced use only, key-value pairs (one on each line) to be inserted into a role's environment. Applies to configurations of all roles in this service except client configuration. KEYTRUSTEE_SERVER_service_env_safety_valve false
System Group The group that this service's processes should run as. keytrustee process_groupname true
System User The user that this service's processes should run as. keytrustee process_username true
Key Trustee Server Service Advanced Configuration Snippet (Safety Valve) for ssl.properties For advanced use only, a string to be inserted into ssl.properties. Applies to configurations of all roles in this service except client configuration. ssl.properties_service_safety_valve false

Monitoring

Display Name Description Related Name Default Value API Name Required
Enable Configuration Change Alerts When set, Cloudera Manager will send alerts when this entity's configuration changes. false enable_config_alerts false

Suppressions

Display Name Description Related Name Default Value API Name Required
Suppress Configuration Validator: Active Database Count Validator Whether to suppress configuration warnings produced by the Active Database Count Validator configuration validator. false service_config_suppression_db_active_count_validator true
Suppress Configuration Validator: Passive Database Count Validator Whether to suppress configuration warnings produced by the Passive Database Count Validator configuration validator. false service_config_suppression_db_passive_count_validator true
Suppress Configuration Validator: Active Key Trustee Server Count Validator Whether to suppress configuration warnings produced by the Active Key Trustee Server Count Validator configuration validator. false service_config_suppression_keytrustee_active_server_count_validator true
Suppress Configuration Validator: Passive Key Trustee Server Count Validator Whether to suppress configuration warnings produced by the Passive Key Trustee Server Count Validator configuration validator. false service_config_suppression_keytrustee_passive_server_count_validator true
Suppress Parameter Validation: Key Trustee Server Service Environment Advanced Configuration Snippet (Safety Valve) Whether to suppress configuration warnings produced by the built-in parameter validation for the Key Trustee Server Service Environment Advanced Configuration Snippet (Safety Valve) parameter. false service_config_suppression_keytrustee_server_service_env_safety_valve true
Suppress Parameter Validation: System Group Whether to suppress configuration warnings produced by the built-in parameter validation for the System Group parameter. false service_config_suppression_process_groupname true
Suppress Parameter Validation: System User Whether to suppress configuration warnings produced by the built-in parameter validation for the System User parameter. false service_config_suppression_process_username true
Suppress Parameter Validation: Key Trustee Server Service Advanced Configuration Snippet (Safety Valve) for ssl.properties Whether to suppress configuration warnings produced by the built-in parameter validation for the Key Trustee Server Service Advanced Configuration Snippet (Safety Valve) for ssl.properties parameter. false service_config_suppression_ssl.properties_service_safety_valve true