Hue Properties in CDH 5.16.0

Hue Server

Advanced

Display Name Description Related Name Default Value API Name Required
Top Banner Custom HTML An optional, custom one-line HTML code to display as a banner on top of all Hue Server web pages. Useful in displaying cluster identity of the Hue Server. banner_top_html banner_html false
Hue Server Advanced Configuration Snippet (Safety Valve) for impalad_flags For advanced use only, key-value pairs (one on each line) to be added (verbatim) to impalad_flags for this role only. Key names should begin with a hyphen(-). For example: -log_filename=foo.log hue_impalad_flags_safety_valve false
Metrics Sample File Location The full path to a file with a sample of metrics exposed by the role. The sample is updated at the frequency configured by Metrics Sample File Logging Frequency. By default, the sample file is logged to a directory under the role log directory, e.g., /var/log/hue/metrics-hue_server/metrics.log. location hue_metrics_sample_file_location false
Metrics Sample File Logging Frequency The frequency at which the metrics are logged to the sample file. collection_interval 30 second(s) hue_metrics_sample_logging_frequency false
Hue Server Advanced Configuration Snippet (Safety Valve) for hive-site.xml For advanced use only. A string to be inserted into hive-site.xml for this role only. hue_server_hive_safety_valve false
Hue Server Advanced Configuration Snippet (Safety Valve) for hue_safety_valve_server.ini For advanced use only. A string to be inserted into hue_safety_valve_server.ini for this role only. hue_server_hue_safety_valve false
Hue Server Environment Advanced Configuration Snippet (Safety Valve) For advanced use only, key-value pairs (one on each line) to be inserted into a role's environment. Applies to configurations of this role except client configuration. HUE_SERVER_role_env_safety_valve false
Hue Server Advanced Configuration Snippet (Safety Valve) for sqoop.properties For advanced use only, key-value pairs (one on each line) to be added (verbatim) to sqoop.properties for this role only. Used in the Sqoop App for connecting to the Sqoop Service. hue_sqoop2_properties_safety_valve false
Automatically Restart Process When set, this role's process is automatically (and transparently) restarted in the event of an unexpected failure. false process_auto_restart true
Enable Metric Collection Cloudera Manager agent monitors each service and each of its role by publishing metrics to the Cloudera Manager Service Monitor. Setting it to false will stop Cloudera Manager agent from publishing any metric for corresponding service/roles. This is usually helpful for services that generate large amount of metrics which Service Monitor is not able to process. true process_should_monitor true

Logs

Display Name Description Related Name Default Value API Name Required
Hue Server Log Directory Directory where Hue Server will place its log files. /var/log/hue hue_server_log_dir false

Monitoring

Display Name Description Related Name Default Value API Name Required
Enable Health Alerts for this Role When set, Cloudera Manager will send alerts when the health of this role reaches the threshold specified by the EventServer setting eventserver_health_events_alert_threshold true enable_alerts false
Enable Configuration Change Alerts When set, Cloudera Manager will send alerts when this entity's configuration changes. false enable_config_alerts false
Heap Dump Directory Free Space Monitoring Absolute Thresholds The health test thresholds for monitoring of free space on the filesystem that contains this role's heap dump directory. Warning: 10 GiB, Critical: 5 GiB heap_dump_directory_free_space_absolute_thresholds false
Heap Dump Directory Free Space Monitoring Percentage Thresholds The health test thresholds for monitoring of free space on the filesystem that contains this role's heap dump directory. Specified as a percentage of the capacity on that filesystem. This setting is not used if a Heap Dump Directory Free Space Monitoring Absolute Thresholds setting is configured. Warning: Never, Critical: Never heap_dump_directory_free_space_percentage_thresholds false
File Descriptor Monitoring Thresholds The health test thresholds of the number of file descriptors used. Specified as a percentage of file descriptor limit. Warning: 50.0 %, Critical: 70.0 % hue_server_fd_thresholds false
Hue Server Host Health Test When computing the overall Hue Server health, consider the host's health. true hue_server_host_health_enabled false
Hue Server Process Health Test Enables the health test that the Hue Server's process state is consistent with the role configuration true hue_server_scm_health_enabled false
Web Metric Collection Enables the health test that the Cloudera Manager Agent can successfully contact and gather metrics from the web server. true hue_server_web_metric_collection_enabled false
Web Metric Collection Duration The health test thresholds on the duration of the metrics request to the web server. Warning: 10 second(s), Critical: Never hue_server_web_metric_collection_thresholds false
Log Directory Free Space Monitoring Absolute Thresholds The health test thresholds for monitoring of free space on the filesystem that contains this role's log directory. Warning: 10 GiB, Critical: 5 GiB log_directory_free_space_absolute_thresholds false
Log Directory Free Space Monitoring Percentage Thresholds The health test thresholds for monitoring of free space on the filesystem that contains this role's log directory. Specified as a percentage of the capacity on that filesystem. This setting is not used if a Log Directory Free Space Monitoring Absolute Thresholds setting is configured. Warning: Never, Critical: Never log_directory_free_space_percentage_thresholds false
Navigator Audit Failure Thresholds The health test thresholds for failures encountered when monitoring audits within a recent period specified by the mgmt_navigator_failure_window configuration for the role. The value that can be specified for this threshold is the number of bytes of audits data that is left to be sent to audit server. mgmt.navigator.failure.thresholds Warning: Never, Critical: Any mgmt_navigator_failure_thresholds false
Monitoring Period For Audit Failures The period to review when checking if audits are blocked and not getting processed. mgmt.navigator.failure.window 20 minute(s) mgmt_navigator_failure_window false
Navigator Audit Pipeline Health Check Enable test of audit events processing pipeline. This will test if audit events are not getting processed by Audit Server for a role that generates audit. mgmt.navigator.status.check.enabled true mgmt_navigator_status_check_enabled false
Process Swap Memory Thresholds The health test thresholds on the swap memory usage of the process. Warning: Any, Critical: Never process_swap_memory_thresholds false
Role Triggers The configured triggers for this role. This is a JSON-formatted list of triggers. These triggers are evaluated as part as the health system. Every trigger expression is parsed, and if the trigger condition is met, the list of actions provided in the trigger expression is executed. Each trigger has the following fields:
  • triggerName (mandatory) - The name of the trigger. This value must be unique for the specific role.
  • triggerExpression (mandatory) - A tsquery expression representing the trigger.
  • streamThreshold (optional) - The maximum number of streams that can satisfy a condition of a trigger before the condition fires. By default set to 0, and any stream returned causes the condition to fire.
  • enabled (optional) - By default set to 'true'. If set to 'false', the trigger is not evaluated.
  • expressionEditorConfig (optional) - Metadata for the trigger editor. If present, the trigger should only be edited from the Edit Trigger page; editing the trigger here can lead to inconsistencies.
For example, the following JSON formatted trigger configured for a DataNode fires if the DataNode has more than 1500 file descriptors opened:[{"triggerName": "sample-trigger", "triggerExpression": "IF (SELECT fd_open WHERE roleName=$ROLENAME and last(fd_open) > 1500) DO health:bad", "streamThreshold": 0, "enabled": "true"}]See the trigger rules documentation for more details on how to write triggers using tsquery.The JSON format is evolving and may change and, as a result, backward compatibility is not guaranteed between releases.
[] role_triggers true
Unexpected Exits Thresholds The health test thresholds for unexpected exits encountered within a recent period specified by the unexpected_exits_window configuration for the role. Warning: Never, Critical: Any unexpected_exits_thresholds false
Unexpected Exits Monitoring Period The period to review when computing unexpected exits. 5 minute(s) unexpected_exits_window false

Other

Display Name Description Related Name Default Value API Name Required
HiveServer2 and Impala Thrift Connection Timeout Timeout in seconds for Thrift calls to HiveServer2 and Impala. server_conn_timeout 2 minute(s) hs2_conn_timeout false
Jobsub Examples and Templates Directory Location on HDFS where the jobsub examples and templates are stored. remote_data_dir /user/hue/jobsub hue_server_remote_data_dir true
Secret Key Random string used for secure hashing in the session store. secret_key secret_key false

Performance

Display Name Description Related Name Default Value API Name Required
Maximum Process File Descriptors If configured, overrides the process soft and hard rlimits (also called ulimits) for file descriptors to the configured value. rlimit_fds false

Ports and Addresses

Display Name Description Related Name Default Value API Name Required
Hue HTTP Port Port to use to connect to the Hue server. http_port 8888 hue_http_port false
Bind Hue Server to Wildcard Address If enabled, the Hue server binds to the wildcard address ("0.0.0.0") for its ports. false hue_server_bind_wildcard false

Resource Management

Display Name Description Related Name Default Value API Name Required
Cgroup CPU Shares Number of CPU shares to assign to this role. The greater the number of shares, the larger the share of the host's CPUs that will be given to this role when the host experiences CPU contention. Must be between 2 and 262144. Defaults to 1024 for processes not managed by Cloudera Manager. cpu.shares 1024 rm_cpu_shares true
Cgroup I/O Weight Weight for the read I/O requests issued by this role. The greater the weight, the higher the priority of the requests when the host experiences I/O contention. Must be between 100 and 1000. Defaults to 1000 for processes not managed by Cloudera Manager. blkio.weight 500 rm_io_weight true
Cgroup Memory Hard Limit Hard memory limit to assign to this role, enforced by the Linux kernel. When the limit is reached, the kernel will reclaim pages charged to the process. If reclaiming fails, the kernel may kill the process. Both anonymous as well as page cache pages contribute to the limit. Use a value of -1 B to specify no limit. By default processes not managed by Cloudera Manager will have no limit. memory.limit_in_bytes -1 MiB rm_memory_hard_limit true
Cgroup Memory Soft Limit Soft memory limit to assign to this role, enforced by the Linux kernel. When the limit is reached, the kernel will reclaim pages charged to the process if and only if the host is facing memory pressure. If reclaiming fails, the kernel may kill the process. Both anonymous as well as page cache pages contribute to the limit. Use a value of -1 B to specify no limit. By default processes not managed by Cloudera Manager will have no limit. memory.soft_limit_in_bytes -1 MiB rm_memory_soft_limit true

Security

Display Name Description Related Name Default Value API Name Required
Hue TLS/SSL Server CA Certificate (PEM Format) The path to the TLS/SSL file containing the certificate of the certificate authority (CA) and any intermediate certificates used to sign the server certificate. Used when Hue is acting as a TLS/SSL server. The certificate file must be in PEM format, and is usually created by concatenating all of the appropriate root and intermediate certificates. ssl_cacerts ssl_cacerts false
Hue TLS/SSL Server Certificate File (PEM Format) The path to the TLS/SSL file containing the server certificate key used for TLS/SSL. Used when Hue is acting as a TLS/SSL server. The certificate file must be in PEM format. ssl_certificate ssl_certificate false
Enable TLS/SSL for Hue Encrypt communication between clients and Hue using Transport Layer Security (TLS) (formerly known as Secure Socket Layer (SSL)). false ssl_enable false
Hue TLS/SSL Server Private Key File (PEM Format) The path to the TLS/SSL file containing the private key used for TLS/SSL. Used when Hue is acting as a TLS/SSL server. The certificate file must be in PEM format. ssl_private_key ssl_private_key false
Hue TLS/SSL Private Key Password The password for the private key in the Hue TLS/SSL Server Certificate and Private Key file. If left blank, the private key is not protected by a password. ssl_password ssl_private_key_password false

Suppressions

Display Name Description Related Name Default Value API Name Required
Suppress Parameter Validation: Top Banner Custom HTML Whether to suppress configuration warnings produced by the built-in parameter validation for the Top Banner Custom HTML parameter. false role_config_suppression_banner_html true
Suppress Configuration Validator: CDH Version Validator Whether to suppress configuration warnings produced by the CDH Version Validator configuration validator. false role_config_suppression_cdh_version_validator true
Suppress Parameter Validation: Hue Server Advanced Configuration Snippet (Safety Valve) for impalad_flags Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Server Advanced Configuration Snippet (Safety Valve) for impalad_flags parameter. false role_config_suppression_hue_impalad_flags_safety_valve true
Suppress Parameter Validation: Metrics Sample File Location Whether to suppress configuration warnings produced by the built-in parameter validation for the Metrics Sample File Location parameter. false role_config_suppression_hue_metrics_sample_file_location true
Suppress Parameter Validation: Hue Server Advanced Configuration Snippet (Safety Valve) for hive-site.xml Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Server Advanced Configuration Snippet (Safety Valve) for hive-site.xml parameter. false role_config_suppression_hue_server_hive_safety_valve true
Suppress Parameter Validation: Hue Server Advanced Configuration Snippet (Safety Valve) for hue_safety_valve_server.ini Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Server Advanced Configuration Snippet (Safety Valve) for hue_safety_valve_server.ini parameter. false role_config_suppression_hue_server_hue_safety_valve true
Suppress Parameter Validation: Hue Server Log Directory Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Server Log Directory parameter. false role_config_suppression_hue_server_log_dir true
Suppress Parameter Validation: Jobsub Examples and Templates Directory Whether to suppress configuration warnings produced by the built-in parameter validation for the Jobsub Examples and Templates Directory parameter. false role_config_suppression_hue_server_remote_data_dir true
Suppress Parameter Validation: Hue Server Environment Advanced Configuration Snippet (Safety Valve) Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Server Environment Advanced Configuration Snippet (Safety Valve) parameter. false role_config_suppression_hue_server_role_env_safety_valve true
Suppress Parameter Validation: Hue Server Advanced Configuration Snippet (Safety Valve) for sqoop.properties Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Server Advanced Configuration Snippet (Safety Valve) for sqoop.properties parameter. false role_config_suppression_hue_sqoop2_properties_safety_valve true
Suppress Configuration Validator: Hue TLS/SSL Validator Whether to suppress configuration warnings produced by the Hue TLS/SSL Validator configuration validator. false role_config_suppression_hue_ssl_validator true
Suppress Parameter Validation: Role Triggers Whether to suppress configuration warnings produced by the built-in parameter validation for the Role Triggers parameter. false role_config_suppression_role_triggers true
Suppress Parameter Validation: Secret Key Whether to suppress configuration warnings produced by the built-in parameter validation for the Secret Key parameter. false role_config_suppression_secret_key true
Suppress Parameter Validation: Hue TLS/SSL Server CA Certificate (PEM Format) Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue TLS/SSL Server CA Certificate (PEM Format) parameter. false role_config_suppression_ssl_cacerts true
Suppress Parameter Validation: Hue TLS/SSL Server Certificate File (PEM Format) Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue TLS/SSL Server Certificate File (PEM Format) parameter. false role_config_suppression_ssl_certificate true
Suppress Parameter Validation: Hue TLS/SSL Server Private Key File (PEM Format) Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue TLS/SSL Server Private Key File (PEM Format) parameter. false role_config_suppression_ssl_private_key true
Suppress Parameter Validation: Hue TLS/SSL Private Key Password Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue TLS/SSL Private Key Password parameter. false role_config_suppression_ssl_private_key_password true
Suppress Health Test: Audit Pipeline Test Whether to suppress the results of the Audit Pipeline Test heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hue_server_audit_health true
Suppress Health Test: File Descriptors Whether to suppress the results of the File Descriptors heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hue_server_file_descriptor true
Suppress Health Test: Heap Dump Directory Free Space Whether to suppress the results of the Heap Dump Directory Free Space heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hue_server_heap_dump_directory_free_space true
Suppress Health Test: Host Health Whether to suppress the results of the Host Health heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hue_server_host_health true
Suppress Health Test: Log Directory Free Space Whether to suppress the results of the Log Directory Free Space heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hue_server_log_directory_free_space true
Suppress Health Test: Process Status Whether to suppress the results of the Process Status heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hue_server_scm_health true
Suppress Health Test: Swap Memory Usage Whether to suppress the results of the Swap Memory Usage heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hue_server_swap_memory_usage true
Suppress Health Test: Unexpected Exits Whether to suppress the results of the Unexpected Exits heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hue_server_unexpected_exits true
Suppress Health Test: Web Server Status Whether to suppress the results of the Web Server Status heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hue_server_web_metric_collection true

Kerberos Ticket Renewer

Advanced

Display Name Description Related Name Default Value API Name Required
Kerberos Ticket Renewer Environment Advanced Configuration Snippet (Safety Valve) For advanced use only, key-value pairs (one on each line) to be inserted into a role's environment. Applies to configurations of this role except client configuration. KT_RENEWER_role_env_safety_valve false
Automatically Restart Process When set, this role's process is automatically (and transparently) restarted in the event of an unexpected failure. false process_auto_restart true
Enable Metric Collection Cloudera Manager agent monitors each service and each of its role by publishing metrics to the Cloudera Manager Service Monitor. Setting it to false will stop Cloudera Manager agent from publishing any metric for corresponding service/roles. This is usually helpful for services that generate large amount of metrics which Service Monitor is not able to process. true process_should_monitor true

Logs

Display Name Description Related Name Default Value API Name Required
Kerberos Ticket Renewer Log Directory Directory where Kerberos Ticket Renewer will place its log files. /var/log/hue kt_renewer_log_dir false

Monitoring

Display Name Description Related Name Default Value API Name Required
Enable Health Alerts for this Role When set, Cloudera Manager will send alerts when the health of this role reaches the threshold specified by the EventServer setting eventserver_health_events_alert_threshold true enable_alerts false
Enable Configuration Change Alerts When set, Cloudera Manager will send alerts when this entity's configuration changes. false enable_config_alerts false
Heap Dump Directory Free Space Monitoring Absolute Thresholds The health test thresholds for monitoring of free space on the filesystem that contains this role's heap dump directory. Warning: 10 GiB, Critical: 5 GiB heap_dump_directory_free_space_absolute_thresholds false
Heap Dump Directory Free Space Monitoring Percentage Thresholds The health test thresholds for monitoring of free space on the filesystem that contains this role's heap dump directory. Specified as a percentage of the capacity on that filesystem. This setting is not used if a Heap Dump Directory Free Space Monitoring Absolute Thresholds setting is configured. Warning: Never, Critical: Never heap_dump_directory_free_space_percentage_thresholds false
File Descriptor Monitoring Thresholds The health test thresholds of the number of file descriptors used. Specified as a percentage of file descriptor limit. Warning: 50.0 %, Critical: 70.0 % kt_renewer_fd_thresholds false
Kerberos Ticket Renewer Host Health Test When computing the overall Kerberos Ticket Renewer health, consider the host's health. true kt_renewer_host_health_enabled false
Kerberos Ticket Renewer Process Health Test Enables the health test that the Kerberos Ticket Renewer's process state is consistent with the role configuration true kt_renewer_scm_health_enabled false
Log Directory Free Space Monitoring Absolute Thresholds The health test thresholds for monitoring of free space on the filesystem that contains this role's log directory. Warning: 10 GiB, Critical: 5 GiB log_directory_free_space_absolute_thresholds false
Log Directory Free Space Monitoring Percentage Thresholds The health test thresholds for monitoring of free space on the filesystem that contains this role's log directory. Specified as a percentage of the capacity on that filesystem. This setting is not used if a Log Directory Free Space Monitoring Absolute Thresholds setting is configured. Warning: Never, Critical: Never log_directory_free_space_percentage_thresholds false
Navigator Audit Failure Thresholds The health test thresholds for failures encountered when monitoring audits within a recent period specified by the mgmt_navigator_failure_window configuration for the role. The value that can be specified for this threshold is the number of bytes of audits data that is left to be sent to audit server. mgmt.navigator.failure.thresholds Warning: Never, Critical: Any mgmt_navigator_failure_thresholds false
Monitoring Period For Audit Failures The period to review when checking if audits are blocked and not getting processed. mgmt.navigator.failure.window 20 minute(s) mgmt_navigator_failure_window false
Navigator Audit Pipeline Health Check Enable test of audit events processing pipeline. This will test if audit events are not getting processed by Audit Server for a role that generates audit. mgmt.navigator.status.check.enabled true mgmt_navigator_status_check_enabled false
Process Swap Memory Thresholds The health test thresholds on the swap memory usage of the process. Warning: Any, Critical: Never process_swap_memory_thresholds false
Role Triggers The configured triggers for this role. This is a JSON-formatted list of triggers. These triggers are evaluated as part as the health system. Every trigger expression is parsed, and if the trigger condition is met, the list of actions provided in the trigger expression is executed. Each trigger has the following fields:
  • triggerName (mandatory) - The name of the trigger. This value must be unique for the specific role.
  • triggerExpression (mandatory) - A tsquery expression representing the trigger.
  • streamThreshold (optional) - The maximum number of streams that can satisfy a condition of a trigger before the condition fires. By default set to 0, and any stream returned causes the condition to fire.
  • enabled (optional) - By default set to 'true'. If set to 'false', the trigger is not evaluated.
  • expressionEditorConfig (optional) - Metadata for the trigger editor. If present, the trigger should only be edited from the Edit Trigger page; editing the trigger here can lead to inconsistencies.
For example, the following JSON formatted trigger configured for a DataNode fires if the DataNode has more than 1500 file descriptors opened:[{"triggerName": "sample-trigger", "triggerExpression": "IF (SELECT fd_open WHERE roleName=$ROLENAME and last(fd_open) > 1500) DO health:bad", "streamThreshold": 0, "enabled": "true"}]See the trigger rules documentation for more details on how to write triggers using tsquery.The JSON format is evolving and may change and, as a result, backward compatibility is not guaranteed between releases.
[] role_triggers true
Unexpected Exits Thresholds The health test thresholds for unexpected exits encountered within a recent period specified by the unexpected_exits_window configuration for the role. Warning: Never, Critical: Any unexpected_exits_thresholds false
Unexpected Exits Monitoring Period The period to review when computing unexpected exits. 5 minute(s) unexpected_exits_window false

Other

Display Name Description Related Name Default Value API Name Required
Hue Keytab Renewal Interval Interval in seconds with which Hue's Kerberos ticket will get renewed. reinit_frequency 1 hour(s) keytab_reinit_frequency false

Performance

Display Name Description Related Name Default Value API Name Required
Maximum Process File Descriptors If configured, overrides the process soft and hard rlimits (also called ulimits) for file descriptors to the configured value. rlimit_fds false

Resource Management

Display Name Description Related Name Default Value API Name Required
Cgroup CPU Shares Number of CPU shares to assign to this role. The greater the number of shares, the larger the share of the host's CPUs that will be given to this role when the host experiences CPU contention. Must be between 2 and 262144. Defaults to 1024 for processes not managed by Cloudera Manager. cpu.shares 1024 rm_cpu_shares true
Cgroup I/O Weight Weight for the read I/O requests issued by this role. The greater the weight, the higher the priority of the requests when the host experiences I/O contention. Must be between 100 and 1000. Defaults to 1000 for processes not managed by Cloudera Manager. blkio.weight 500 rm_io_weight true
Cgroup Memory Hard Limit Hard memory limit to assign to this role, enforced by the Linux kernel. When the limit is reached, the kernel will reclaim pages charged to the process. If reclaiming fails, the kernel may kill the process. Both anonymous as well as page cache pages contribute to the limit. Use a value of -1 B to specify no limit. By default processes not managed by Cloudera Manager will have no limit. memory.limit_in_bytes -1 MiB rm_memory_hard_limit true
Cgroup Memory Soft Limit Soft memory limit to assign to this role, enforced by the Linux kernel. When the limit is reached, the kernel will reclaim pages charged to the process if and only if the host is facing memory pressure. If reclaiming fails, the kernel may kill the process. Both anonymous as well as page cache pages contribute to the limit. Use a value of -1 B to specify no limit. By default processes not managed by Cloudera Manager will have no limit. memory.soft_limit_in_bytes -1 MiB rm_memory_soft_limit true

Suppressions

Display Name Description Related Name Default Value API Name Required
Suppress Configuration Validator: CDH Version Validator Whether to suppress configuration warnings produced by the CDH Version Validator configuration validator. false role_config_suppression_cdh_version_validator true
Suppress Parameter Validation: Kerberos Ticket Renewer Log Directory Whether to suppress configuration warnings produced by the built-in parameter validation for the Kerberos Ticket Renewer Log Directory parameter. false role_config_suppression_kt_renewer_log_dir true
Suppress Parameter Validation: Kerberos Ticket Renewer Environment Advanced Configuration Snippet (Safety Valve) Whether to suppress configuration warnings produced by the built-in parameter validation for the Kerberos Ticket Renewer Environment Advanced Configuration Snippet (Safety Valve) parameter. false role_config_suppression_kt_renewer_role_env_safety_valve true
Suppress Parameter Validation: Role Triggers Whether to suppress configuration warnings produced by the built-in parameter validation for the Role Triggers parameter. false role_config_suppression_role_triggers true
Suppress Health Test: Audit Pipeline Test Whether to suppress the results of the Audit Pipeline Test heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_kt_renewer_audit_health true
Suppress Health Test: File Descriptors Whether to suppress the results of the File Descriptors heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_kt_renewer_file_descriptor true
Suppress Health Test: Heap Dump Directory Free Space Whether to suppress the results of the Heap Dump Directory Free Space heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_kt_renewer_heap_dump_directory_free_space true
Suppress Health Test: Host Health Whether to suppress the results of the Host Health heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_kt_renewer_host_health true
Suppress Health Test: Log Directory Free Space Whether to suppress the results of the Log Directory Free Space heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_kt_renewer_log_directory_free_space true
Suppress Health Test: Process Status Whether to suppress the results of the Process Status heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_kt_renewer_scm_health true
Suppress Health Test: Swap Memory Usage Whether to suppress the results of the Swap Memory Usage heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_kt_renewer_swap_memory_usage true
Suppress Health Test: Unexpected Exits Whether to suppress the results of the Unexpected Exits heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_kt_renewer_unexpected_exits true

Load Balancer

Advanced

Display Name Description Related Name Default Value API Name Required
Load Balancer Environment Advanced Configuration Snippet (Safety Valve) For advanced use only, key-value pairs (one on each line) to be inserted into a role's environment. Applies to configurations of this role except client configuration. HUE_LOAD_BALANCER_role_env_safety_valve false
Load Balancer Advanced Configuration Snippet (Safety Valve) for httpd.conf For advanced use only, a string to be inserted into httpd.conf for this role only. This can only add options to the configuration, and cannot override previously defined options. hue_load_balancer_safety_valve false
Automatically Restart Process When set, this role's process is automatically (and transparently) restarted in the event of an unexpected failure. false process_auto_restart true
Enable Metric Collection Cloudera Manager agent monitors each service and each of its role by publishing metrics to the Cloudera Manager Service Monitor. Setting it to false will stop Cloudera Manager agent from publishing any metric for corresponding service/roles. This is usually helpful for services that generate large amount of metrics which Service Monitor is not able to process. true process_should_monitor true
SSLCipherSuite This directive uses a colon-separated cipher-spec string consisting of OpenSSL cipher specifications to configure the Cipher Suite the client is permitted to negotiate in the SSL handshake phase. SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS ssl_cipher_suite false
SSLProtocol This directive can be used to control which versions of the SSL/TLS protocol will be accepted in new connections by Hue Load Balancer. SSLProtocol all -SSLv2 -SSLv3 ssl_protocol false

Logs

Display Name Description Related Name Default Value API Name Required
Hue Load Balancer Log Directory Directory where Hue Load Balancer will place its log files. /var/log/hue-httpd hue_load_balancer_log_dir false

Monitoring

Display Name Description Related Name Default Value API Name Required
Enable Health Alerts for this Role When set, Cloudera Manager will send alerts when the health of this role reaches the threshold specified by the EventServer setting eventserver_health_events_alert_threshold true enable_alerts false
Enable Configuration Change Alerts When set, Cloudera Manager will send alerts when this entity's configuration changes. false enable_config_alerts false
Heap Dump Directory Free Space Monitoring Absolute Thresholds The health test thresholds for monitoring of free space on the filesystem that contains this role's heap dump directory. Warning: 10 GiB, Critical: 5 GiB heap_dump_directory_free_space_absolute_thresholds false
Heap Dump Directory Free Space Monitoring Percentage Thresholds The health test thresholds for monitoring of free space on the filesystem that contains this role's heap dump directory. Specified as a percentage of the capacity on that filesystem. This setting is not used if a Heap Dump Directory Free Space Monitoring Absolute Thresholds setting is configured. Warning: Never, Critical: Never heap_dump_directory_free_space_percentage_thresholds false
File Descriptor Monitoring Thresholds The health test thresholds of the number of file descriptors used. Specified as a percentage of file descriptor limit. Warning: 50.0 %, Critical: 70.0 % hue_load_balancer_fd_thresholds false
Load Balancer Host Health Test When computing the overall Load Balancer health, consider the host's health. true hue_load_balancer_host_health_enabled false
Load Balancer Process Health Test Enables the health test that the Load Balancer's process state is consistent with the role configuration true hue_load_balancer_scm_health_enabled false
Log Directory Free Space Monitoring Absolute Thresholds The health test thresholds for monitoring of free space on the filesystem that contains this role's log directory. Warning: 10 GiB, Critical: 5 GiB log_directory_free_space_absolute_thresholds false
Log Directory Free Space Monitoring Percentage Thresholds The health test thresholds for monitoring of free space on the filesystem that contains this role's log directory. Specified as a percentage of the capacity on that filesystem. This setting is not used if a Log Directory Free Space Monitoring Absolute Thresholds setting is configured. Warning: Never, Critical: Never log_directory_free_space_percentage_thresholds false
Navigator Audit Failure Thresholds The health test thresholds for failures encountered when monitoring audits within a recent period specified by the mgmt_navigator_failure_window configuration for the role. The value that can be specified for this threshold is the number of bytes of audits data that is left to be sent to audit server. mgmt.navigator.failure.thresholds Warning: Never, Critical: Any mgmt_navigator_failure_thresholds false
Monitoring Period For Audit Failures The period to review when checking if audits are blocked and not getting processed. mgmt.navigator.failure.window 20 minute(s) mgmt_navigator_failure_window false
Navigator Audit Pipeline Health Check Enable test of audit events processing pipeline. This will test if audit events are not getting processed by Audit Server for a role that generates audit. mgmt.navigator.status.check.enabled true mgmt_navigator_status_check_enabled false
Process Swap Memory Thresholds The health test thresholds on the swap memory usage of the process. Warning: Any, Critical: Never process_swap_memory_thresholds false
Role Triggers The configured triggers for this role. This is a JSON-formatted list of triggers. These triggers are evaluated as part as the health system. Every trigger expression is parsed, and if the trigger condition is met, the list of actions provided in the trigger expression is executed. Each trigger has the following fields:
  • triggerName (mandatory) - The name of the trigger. This value must be unique for the specific role.
  • triggerExpression (mandatory) - A tsquery expression representing the trigger.
  • streamThreshold (optional) - The maximum number of streams that can satisfy a condition of a trigger before the condition fires. By default set to 0, and any stream returned causes the condition to fire.
  • enabled (optional) - By default set to 'true'. If set to 'false', the trigger is not evaluated.
  • expressionEditorConfig (optional) - Metadata for the trigger editor. If present, the trigger should only be edited from the Edit Trigger page; editing the trigger here can lead to inconsistencies.
For example, the following JSON formatted trigger configured for a DataNode fires if the DataNode has more than 1500 file descriptors opened:[{"triggerName": "sample-trigger", "triggerExpression": "IF (SELECT fd_open WHERE roleName=$ROLENAME and last(fd_open) > 1500) DO health:bad", "streamThreshold": 0, "enabled": "true"}]See the trigger rules documentation for more details on how to write triggers using tsquery.The JSON format is evolving and may change and, as a result, backward compatibility is not guaranteed between releases.
[] role_triggers true
Unexpected Exits Thresholds The health test thresholds for unexpected exits encountered within a recent period specified by the unexpected_exits_window configuration for the role. Warning: Never, Critical: Any unexpected_exits_thresholds false
Unexpected Exits Monitoring Period The period to review when computing unexpected exits. 5 minute(s) unexpected_exits_window false

Performance

Display Name Description Related Name Default Value API Name Required
Maximum Process File Descriptors If configured, overrides the process soft and hard rlimits (also called ulimits) for file descriptors to the configured value. rlimit_fds false

Ports and Addresses

Display Name Description Related Name Default Value API Name Required
Hue Load Balancer Port Port to use to connect to the Hue through the Load Balancer. Listen 8889 listen true

Resource Management

Display Name Description Related Name Default Value API Name Required
Cgroup CPU Shares Number of CPU shares to assign to this role. The greater the number of shares, the larger the share of the host's CPUs that will be given to this role when the host experiences CPU contention. Must be between 2 and 262144. Defaults to 1024 for processes not managed by Cloudera Manager. cpu.shares 1024 rm_cpu_shares true
Cgroup I/O Weight Weight for the read I/O requests issued by this role. The greater the weight, the higher the priority of the requests when the host experiences I/O contention. Must be between 100 and 1000. Defaults to 1000 for processes not managed by Cloudera Manager. blkio.weight 500 rm_io_weight true
Cgroup Memory Hard Limit Hard memory limit to assign to this role, enforced by the Linux kernel. When the limit is reached, the kernel will reclaim pages charged to the process. If reclaiming fails, the kernel may kill the process. Both anonymous as well as page cache pages contribute to the limit. Use a value of -1 B to specify no limit. By default processes not managed by Cloudera Manager will have no limit. memory.limit_in_bytes -1 MiB rm_memory_hard_limit true
Cgroup Memory Soft Limit Soft memory limit to assign to this role, enforced by the Linux kernel. When the limit is reached, the kernel will reclaim pages charged to the process if and only if the host is facing memory pressure. If reclaiming fails, the kernel may kill the process. Both anonymous as well as page cache pages contribute to the limit. Use a value of -1 B to specify no limit. By default processes not managed by Cloudera Manager will have no limit. memory.soft_limit_in_bytes -1 MiB rm_memory_soft_limit true

Security

Display Name Description Related Name Default Value API Name Required
Hue Load Balancer TLS/SSL Server SSLPassPhraseDialog The path to the file containing the passphrase used to encrypt the private key of the Hue Load Balancer server. The passphrase file is optional. SSLPassPhraseDialog passphrasefile_location false
Hue Load Balancer TLS/SSL Server Certificate File (PEM Format) The path to the TLS/SSL file containing the server certificate key used for TLS/SSL. Used when Hue Load Balancer is acting as a TLS/SSL server. The certificate file must be in PEM format. SSLCertificateFile ssl_certificate false
Hue Load Balancer TLS/SSL Server Private Key File (PEM Format) The path to the TLS/SSL file containing the private key used for TLS/SSL. Used when Hue Load Balancer is acting as a TLS/SSL server. The certificate file must be in PEM format. SSLCertificateKeyFile ssl_certificate_key false

Suppressions

Display Name Description Related Name Default Value API Name Required
Suppress Configuration Validator: CDH Version Validator Whether to suppress configuration warnings produced by the CDH Version Validator configuration validator. false role_config_suppression_cdh_version_validator true
Suppress Parameter Validation: Hue Load Balancer Log Directory Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Load Balancer Log Directory parameter. false role_config_suppression_hue_load_balancer_log_dir true
Suppress Parameter Validation: Load Balancer Environment Advanced Configuration Snippet (Safety Valve) Whether to suppress configuration warnings produced by the built-in parameter validation for the Load Balancer Environment Advanced Configuration Snippet (Safety Valve) parameter. false role_config_suppression_hue_load_balancer_role_env_safety_valve true
Suppress Parameter Validation: Load Balancer Advanced Configuration Snippet (Safety Valve) for httpd.conf Whether to suppress configuration warnings produced by the built-in parameter validation for the Load Balancer Advanced Configuration Snippet (Safety Valve) for httpd.conf parameter. false role_config_suppression_hue_load_balancer_safety_valve true
Suppress Parameter Validation: Hue Load Balancer TLS/SSL Server SSLPassPhraseDialog Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Load Balancer TLS/SSL Server SSLPassPhraseDialog parameter. false role_config_suppression_passphrasefile_location true
Suppress Parameter Validation: Role Triggers Whether to suppress configuration warnings produced by the built-in parameter validation for the Role Triggers parameter. false role_config_suppression_role_triggers true
Suppress Parameter Validation: Hue Load Balancer TLS/SSL Server Certificate File (PEM Format) Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Load Balancer TLS/SSL Server Certificate File (PEM Format) parameter. false role_config_suppression_ssl_certificate true
Suppress Parameter Validation: Hue Load Balancer TLS/SSL Server Private Key File (PEM Format) Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Load Balancer TLS/SSL Server Private Key File (PEM Format) parameter. false role_config_suppression_ssl_certificate_key true
Suppress Parameter Validation: SSLCipherSuite Whether to suppress configuration warnings produced by the built-in parameter validation for the SSLCipherSuite parameter. false role_config_suppression_ssl_cipher_suite true
Suppress Parameter Validation: SSLProtocol Whether to suppress configuration warnings produced by the built-in parameter validation for the SSLProtocol parameter. false role_config_suppression_ssl_protocol true
Suppress Health Test: Audit Pipeline Test Whether to suppress the results of the Audit Pipeline Test heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hue_load_balancer_audit_health true
Suppress Health Test: File Descriptors Whether to suppress the results of the File Descriptors heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hue_load_balancer_file_descriptor true
Suppress Health Test: Heap Dump Directory Free Space Whether to suppress the results of the Heap Dump Directory Free Space heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hue_load_balancer_heap_dump_directory_free_space true
Suppress Health Test: Host Health Whether to suppress the results of the Host Health heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hue_load_balancer_host_health true
Suppress Health Test: Log Directory Free Space Whether to suppress the results of the Log Directory Free Space heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hue_load_balancer_log_directory_free_space true
Suppress Health Test: Process Status Whether to suppress the results of the Process Status heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hue_load_balancer_scm_health true
Suppress Health Test: Swap Memory Usage Whether to suppress the results of the Swap Memory Usage heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hue_load_balancer_swap_memory_usage true
Suppress Health Test: Unexpected Exits Whether to suppress the results of the Unexpected Exits heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false role_health_suppression_hue_load_balancer_unexpected_exits true

Service-Wide

Advanced

Display Name Description Related Name Default Value API Name Required
Enable Django Debug Mode In debug mode, Django displays a detailed traceback when an exception occurs. Debugging information may contain sensitive data. Django remembers every SQL query it executes in debug mode, which will rapidly consume memory. django_debug_mode false django_debug_enable false
Enable Debugging of Internal Server Error Responses Enable debug output in HTTP Internal Server Error (status 500) responses. Debugging information may contain sensitive data. If Enable Django Debug Mode is set, this is automatically enabled. http_500_debug_mode false http_500_debug_enable false
Hue Service Advanced Configuration Snippet (Safety Valve) for sentry-site.xml For advanced use only, a string to be inserted into sentry-site.xml. Applies to configurations of all roles in this service except client configuration. hue_sentry_safety_valve false
Hue Service Environment Advanced Configuration Snippet (Safety Valve) For advanced use only, key-value pairs (one on each line) to be inserted into a role's environment. Applies to configurations of all roles in this service except client configuration. hue_service_env_safety_valve false
Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini For advanced use only, a string to be inserted into hue_safety_valve.ini. Applies to configurations of all roles in this service except client configuration. hue_service_safety_valve false
HUE Client Advanced Configuration Snippet (Safety Valve) for navigator.client.properties For advanced use only, a string to be inserted into the client configuration for navigator.client.properties. navigator_client_config_safety_valve false
HUE Client Advanced Configuration Snippet (Safety Valve) for navigator.lineage.client.properties For advanced use only, a string to be inserted into the client configuration for navigator.lineage.client.properties. navigator_lineage_client_config_safety_valve false
System Group The group that this service's processes should run as. hue process_groupname true
System User The user that this service's processes should run as. hue process_username true
Enable Usage Data Collection When you enable anonymous usage data collection Hue tracks anonymised pages and application versions in order to gather information about each application's usage levels. The data collected does not include any hostnames or IDs. Data collection option is available on CDH 4.4 and later deployments. collect_usage true usage_data_collection_enable false

Cloudera Navigator

Display Name Description Related Name Default Value API Name Required
Enable Navigator Metadata Server Integration When enabled, Hue can talk to the Navigator Metadata Server to provide tagging of tables, columns, and other type of objects and metadata. You must enable Navigator Metadata Server Integration, enable Navigator Audit Collection, and make sure there is a Navigator Metadata Server in the Management Service. true enable_navmetadataserver false
Enable Audit Collection Enable collection of audit events from the service's roles. true navigator_audit_enabled false
Audit Event Tracker Configures the rules for event tracking and coalescing. This feature is used to define equivalency between different audit events. When events match, according to a set of configurable parameters, only one entry in the audit list is generated for all the matching events. Tracking works by keeping a reference to events when they first appear, and comparing other incoming events against the "tracked" events according to the rules defined here. Event trackers are defined in a JSON object like the following: { "timeToLive" : [integer], "fields" : [ { "type" : [string], "name" : [string] } ] } Where:
  • timeToLive: maximum amount of time an event will be tracked, in milliseconds. Must be provided. This defines how long, since it's first seen, an event will be tracked. A value of 0 disables tracking.
  • fields: list of fields to compare when matching events against tracked events.
Each field has an evaluator type associated with it. The evaluator defines how the field data is to be compared. The following evaluators are available:
  • value: uses the field value for comparison.
  • userName: treats the field value as a userName, and ignores any host-specific data. This is useful for environment using Kerberos, so that only the principal name and realm are compared.
The following is the list of fields that can be used to compare Hue events:
  • operation: the Hue operation being performed.
  • username: the user performing the action.
  • ipAddress: the IP from where the request originated.
  • allowed: whether the operation was allowed or denied.
navigator_event_tracker navigator_event_tracker false
Navigator Metadata Server Auth The selection of external Navigator Metadata Server Authentication backend. Hue server will forward the authentication credentials to the Navigator Metadata Server. This User must have 'Navigator Administrator' privilege. navmetadataserver_auth_type CMDB navmetadataserver_auth_type true
Navigator Metadata Server LDAP Password The LDAP password used to log in to the Navigator Metadata Server. Only used when the Navigator Metadata Service Auth uses LDAP. navmetadataserver_ldap_password navmetadataserver_ldap_password false
Navigator Metadata Server LDAP User The LDAP username used to log in to the Navigator Metadata Server. Only used when the Navigator Metadata Service Auth uses LDAP. navmetadataserver_ldap_user navmetadataserver_ldap_user false
Navigator Metadata Server SAML Password The SAML password used to log in to the Navigator Metadata Server. Only used when the Navigator Metadata Service Auth uses SAML. navmetadataserver_saml_password navmetadataserver_saml_password false
Navigator Metadata Server SAML User The SAML username used to log in to the Navigator Metadata Server. Only used when the Navigator Metadata Service Auth uses SAML. navmetadataserver_saml_user navmetadataserver_saml_user false

Cloudera Navigator Optimizer

Display Name Description Related Name Default Value API Name Required
Auto Upload Queries to Cloudera Navigator Optimizer Automatically upload queries after their execution in order to improve recommendations. auto_upload_queries true auto_upload_queries false
Enable Cloudera Navigator Optimizer integration with Hue Enable Cloudera Navigator Optimizer integration with Hue. enable_navopt false enable_navopt false
Cloudera Altus Access Key Credentials for accessing Cloudera cloud services. navopt_altus_account false
Query History Upload Limit Allow admins to upload the last N executed queries in the quick start wizard. Use 0 to disable. query_history_upload_limit 10000 query_history_upload_limit false

Database

Display Name Description Related Name Default Value API Name Required
Hue Database Directory If the database is SQLite3, this is the filename of the database to use, and the directory of this file must be writable by the 'hue' user. dir /var/lib/hue/desktop.db database_dir false
Database Dump File File where the database gets dumped to or loaded from. /tmp/hue_database_dump.json database_dump_file true
Hue Database Hostname Name of host where the Hue database is running. Not necessary for SQLite3. host localhost database_host false
Hue Database Name Name of Hue database. name hue database_name false
Hue Database Password Password for Hue database. Not necessary for SQLite3. password database_password false
Hue Database Port Port on host where the Hue database is running. Not necessary for SQLite3. port 3306 database_port false
Hue Database Type Type of database used for Hue engine sqlite3 database_type false
Hue Database Username The username to use to log into the Hue database. Not necessary for SQLite3. user hue database_user false

Logs

Display Name Description Related Name Default Value API Name Required
Audit Log Directory Path to the directory where audit logs will be written. The directory will be created if it doesn't exist. audit_event_log_dir /var/log/hue/audit audit_event_log_dir false
Maximum Audit Log File Size Maximum size of audit log file in MB before it is rolled over. navigator.audit_log_max_file_size 100 MiB navigator_audit_log_max_file_size false

Monitoring

Display Name Description Related Name Default Value API Name Required
Enable Service Level Health Alerts When set, Cloudera Manager will send alerts when the health of this service reaches the threshold specified by the EventServer setting eventserver_health_events_alert_threshold true enable_alerts false
Enable Configuration Change Alerts When set, Cloudera Manager will send alerts when this entity's configuration changes. false enable_config_alerts false
Healthy Hue Server Monitoring Thresholds The health test thresholds of the overall Hue Server health. The check returns "Concerning" health if the percentage of "Healthy" Hue Servers falls below the warning threshold. The check is unhealthy if the total percentage of "Healthy" and "Concerning" Hue Servers falls below the critical threshold. Warning: 99.0 %, Critical: 51.0 % hue_hue_servers_healthy_thresholds false
Healthy Kerberos Ticket Renewer Monitoring Thresholds The health test thresholds of the overall Kerberos Ticket Renewer health. The check returns "Concerning" health if the percentage of "Healthy" Kerberos Ticket Renewers falls below the warning threshold. The check is unhealthy if the total percentage of "Healthy" and "Concerning" Kerberos Ticket Renewers falls below the critical threshold. Warning: 99.0 %, Critical: 51.0 % hue_kt_renewers_healthy_thresholds false
Healthy Load Balancer Monitoring Thresholds The health test thresholds of the overall Load Balancer health. The check returns "Concerning" health if the percentage of "Healthy" Load Balancers falls below the warning threshold. The check is unhealthy if the total percentage of "Healthy" and "Concerning" Load Balancers falls below the critical threshold. Warning: 99.0 %, Critical: 51.0 % hue_load_balancer_healthy_thresholds false
Service Triggers The configured triggers for this service. This is a JSON-formatted list of triggers. These triggers are evaluated as part as the health system. Every trigger expression is parsed, and if the trigger condition is met, the list of actions provided in the trigger expression is executed. Each trigger has the following fields:
  • triggerName (mandatory) - The name of the trigger. This value must be unique for the specific service.
  • triggerExpression (mandatory) - A tsquery expression representing the trigger.
  • streamThreshold (optional) - The maximum number of streams that can satisfy a condition of a trigger before the condition fires. By default set to 0, and any stream returned causes the condition to fire.
  • enabled (optional) - By default set to 'true'. If set to 'false', the trigger is not evaluated.
  • expressionEditorConfig (optional) - Metadata for the trigger editor. If present, the trigger should only be edited from the Edit Trigger page; editing the trigger here can lead to inconsistencies.
For example, the followig JSON formatted trigger fires if there are more than 10 DataNodes with more than 500 file descriptors opened:[{"triggerName": "sample-trigger", "triggerExpression": "IF (SELECT fd_open WHERE roleType = DataNode and last(fd_open) > 500) DO health:bad", "streamThreshold": 10, "enabled": "true"}]See the trigger rules documentation for more details on how to write triggers using tsquery.The JSON format is evolving and may change and, as a result, backward compatibility is not guaranteed between releases.
[] service_triggers true
Service Monitor Derived Configs Advanced Configuration Snippet (Safety Valve) For advanced use only, a list of derived configuration properties that will be used by the Service Monitor instead of the default ones. smon_derived_configs_safety_valve false

Other

Display Name Description Related Name Default Value API Name Required
Blacklist Comma-separated list of regular expressions, which match any prefix of 'host:port/path' of requested proxy target. This does not support matching GET parameters. blacklist () blacklist false
Hue Web Server Threads Number of threads used by the Hue web server. cherrypy_server_threads 50 cherrypy_server_threads false
Default Site Encoding Default encoding for site data. default_site_encoding utf default_site_encoding false
Default User Group The name of a default group that users will be added to at creation time. default_user_group default_user_group false
HBase Service Name of the HBase service that this Hue service instance depends on hbase_service false
HDFS Temporary Directory HDFS directory used for storing temporary files. temp_dir /tmp hdfs_tmp_dir false
Hive Service Name of the Hive service that this Hue service instance depends on hive_service true
Hue Kerberos Credentials Cache Directory Directory where Hue stores cached Kerberos credentials ccache_path /var/run/hue hue_ccache_path false
HBase Thrift Server Thrift server to use for HBase app. hue_hbase_thrift false
HDFS Web Interface Role HTTPFS role or Namenode (if webhdfs is enabled) that hue can use to communicate with HDFS. webhdfs_url hue_webhdfs true
Impala Service Name of the Impala service that this Hue service instance depends on impala_service false
Oozie Service Name of the Oozie service that this Hue service instance depends on oozie_service true
Sentry Service Name of the Sentry service that this Hue service instance depends on sentry_service false
Solr Service Name of the Solr service that this Hue service instance depends on solr_service false
Sqoop Service Name of the Sqoop service that this Hue service instance depends on sqoop_service false
Time Zone Time zone name. time_zone America/Los_Angeles time_zone false
User Augmentor Class that defines extra accessor methods for user objects. user_augmentor desktop.auth.backend.DefaultUserAugmentor user_augmentor false
Whitelist Comma-separated list of regular expressions, which match 'host:port' of requested proxy target. whitelist (localhost|127\.0\.0\.1):(50030|50070|50060|50075) whitelist false
ZooKeeper Service Name of the ZooKeeper service that this Hue service instance depends on zookeeper_service false

Security

Display Name Description Related Name Default Value API Name Required
Authentication Backend Mode of authenticating login credentials. Select desktop.auth.backend.LdapBackend to use LDAP to authenticate login credentials. LDAP requires you to also set the LDAP URL, Active Directory Domain, and optionally LDAP certificate if you are using secure LDAP. Select desktop.auth.backend.PamBackend to use PAM to authenticate login credentials. backend desktop.auth.backend.AllowFirstUserDjangoBackend auth_backend false
LDAP Search Base The distinguished name to use as a search base for finding users and groups. This should be similar to 'dc=hadoop,dc=mycompany,dc=com'. base_dn base_dn false
LDAP Bind User Distinguished Name Distinguished name of the user to bind as. This is used to connect to LDAP/AD for searching user and group information. This may be left blank if the LDAP server supports anonymous binds. bind_dn bind_dn false
LDAP Bind Password The password of the bind user. bind_password bind_password false
Create LDAP users on login Create users in Hue when they try to login with their LDAP credentials. For use when using LdapBackend for Hue authentication. create_users_on_login true create_users_on_login false
LDAP Group Filter Base filter for searching for groups. For Active Directory, this is typically '(objectClass=group)'. group_filter group_filter false
LDAP Group Membership Attribute The attribute of the group object that identifies the members of the group. For Active Directory, this is typically 'member'. group_member_attr group_member_attr false
LDAP Group Name Attribute The group name attribute in the LDAP schema. For Active Directory, this is typically 'cn'. group_name_attr group_name_attr false
Auto Logout Timeout Auto logout/idle session timeout in seconds, -1 second is equivalent to no automatic logout. idle_session_timeout -1 second(s) idle_session_timeout false
Kerberos Principal Kerberos principal short name used by all roles of this service. hue kerberos_princ_name true
LDAP Server CA Certificate The location on disk of the certificate, in .pem format, used to confirm the authenticity of the LDAP server certificate. This is the Certificate Authority (CA) certificate, and it was used to sign the LDAP server certificate. If not set, all certificates are trusted, which means that an attacker could potentially intercept otherwise encrypted usernames and passwords. ldap_cert ldap_cert false
LDAP URL The URL of the LDAP server. The URL must be prefixed with ldap:// or ldaps://. The URL can optionally specify a custom port, for example: ldaps://ldap_server.example.com:1636. Note that usernames and passwords will be transmitted in the clear unless either an ldaps:// URL is used, or "Enable LDAP TLS" is turned on (where available). Also note that encryption must be in use between the client and this service for the same reason.For more detail on the LDAP URL format, see RFC 2255 . A space-separated list of URLs can be entered; in this case the URLs will each be tried in turn until one replies. ldap_url ldap_url false
LDAP Username Pattern LDAP Username Pattern for use with non-Active Directory LDAP implementations. Must contain the special 'username' string for replacement during authentication. ldap_username_pattern ldap_username_pattern false
Active Directory Domain This parameter is useful when authenticating against an Active Directory server. This value is appended to all usernames before authenticating against AD. For example, if this parameter is set to "my.domain.com", and the user authenticating is "mike", then "mike@my.domain.com" is passed to AD. If this field is unset, the username remains unaltered before being passed to AD. nt_domain nt_domain false
PAM Backend Service Name The PAM service name to use when authenticating over desktop.auth.backend.PamBackend. This is typically the name of a file under /etc/pam.d/ on the Hue host. pam_service login pam_auth_service false
Use Search Bind Authentication Search Bind Authentication connects to the LDAP server using credentials provided in the 'bind_dn' and 'bind_password' configurations. If these configurations are not set, then an anonymous search is performed. search_bind_authentication false search_bind_authentication false
LDAP Group Name for Test LDAP Configuration An optional group name for validating LDAP group configurations. If a test group name is provided, Hue's LDAP library uses it as a search parameter when running the command, Test Hue LDAP Configuration (under Hue > Actions). For example, (&(objectClass=*)(sAMAccountName=test_ldap_group)). If test group name is not provided then Hue LDAP Configuration action will check only LDAP server connectivity. test_ldap_group test_ldap_group false
LDAP Username for Test LDAP Configuration An optional user name for validating LDAP user configurations. If a test user name is provided, Hue's LDAP library uses it as a search parameter when running the command, Test Hue LDAP Configuration (under Hue > Actions). For example, (&(objectClass=*)(sAMAccountName=test_ldap_user)). If "*" is provided, then all user attributes are returned. If test user name is not provided then Test Hue LDAP Configuration action will check only LDAP server connectivity. test_ldap_user test_ldap_user false
Enable LDAP TLS If true, attempts to establish a TLS (Transport Layer Security) connection with an LDAP server that was specified with ldap://. Not required when using an LDAP URL with prefix ldaps://, because that already specifies TLS. This option is also known as "Use StartTLS". use_start_tls true use_start_tls false
LDAP User Filter The base filter for searching for users. For Active Directory, this is typically '(objectClass=user)'. user_filter user_filter false
LDAP Username Attribute The username attribute in the LDAP schema. For Active Directory, this is typically 'sAMAccountName'. user_name_attr user_name_attr false

Suppressions

Display Name Description Related Name Default Value API Name Required
Suppress Parameter Validation: Audit Log Directory Whether to suppress configuration warnings produced by the built-in parameter validation for the Audit Log Directory parameter. false service_config_suppression_audit_event_log_dir true
Suppress Parameter Validation: LDAP Search Base Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Search Base parameter. false service_config_suppression_base_dn true
Suppress Parameter Validation: LDAP Bind User Distinguished Name Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Bind User Distinguished Name parameter. false service_config_suppression_bind_dn true
Suppress Parameter Validation: LDAP Bind Password Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Bind Password parameter. false service_config_suppression_bind_password true
Suppress Parameter Validation: Blacklist Whether to suppress configuration warnings produced by the built-in parameter validation for the Blacklist parameter. false service_config_suppression_blacklist true
Suppress Parameter Validation: Hue Database Directory Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Database Directory parameter. false service_config_suppression_database_dir true
Suppress Parameter Validation: Database Dump File Whether to suppress configuration warnings produced by the built-in parameter validation for the Database Dump File parameter. false service_config_suppression_database_dump_file true
Suppress Parameter Validation: Hue Database Hostname Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Database Hostname parameter. false service_config_suppression_database_host true
Suppress Parameter Validation: Hue Database Name Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Database Name parameter. false service_config_suppression_database_name true
Suppress Parameter Validation: Hue Database Password Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Database Password parameter. false service_config_suppression_database_password true
Suppress Parameter Validation: Hue Database Username Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Database Username parameter. false service_config_suppression_database_user true
Suppress Parameter Validation: Default Site Encoding Whether to suppress configuration warnings produced by the built-in parameter validation for the Default Site Encoding parameter. false service_config_suppression_default_site_encoding true
Suppress Parameter Validation: Default User Group Whether to suppress configuration warnings produced by the built-in parameter validation for the Default User Group parameter. false service_config_suppression_default_user_group true
Suppress Parameter Validation: LDAP Group Filter Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Group Filter parameter. false service_config_suppression_group_filter true
Suppress Parameter Validation: LDAP Group Membership Attribute Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Group Membership Attribute parameter. false service_config_suppression_group_member_attr true
Suppress Parameter Validation: LDAP Group Name Attribute Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Group Name Attribute parameter. false service_config_suppression_group_name_attr true
Suppress Configuration Validator: HDFS HTTPFS Usage Validator Whether to suppress configuration warnings produced by the HDFS HTTPFS Usage Validator configuration validator. false service_config_suppression_hdfs_httpfs_present_validator true
Suppress Parameter Validation: HDFS Temporary Directory Whether to suppress configuration warnings produced by the built-in parameter validation for the HDFS Temporary Directory parameter. false service_config_suppression_hdfs_tmp_dir true
Suppress Parameter Validation: Hue Kerberos Credentials Cache Directory Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Kerberos Credentials Cache Directory parameter. false service_config_suppression_hue_ccache_path true
Suppress Configuration Validator: HBase Thrift Usage Validator Whether to suppress configuration warnings produced by the HBase Thrift Usage Validator configuration validator. false service_config_suppression_hue_hbase_thrift_server_validator true
Suppress Configuration Validator: Load Balancer Count Validator Whether to suppress configuration warnings produced by the Load Balancer Count Validator configuration validator. false service_config_suppression_hue_load_balancer_count_validator true
Suppress Parameter Validation: Hue Service Advanced Configuration Snippet (Safety Valve) for sentry-site.xml Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Service Advanced Configuration Snippet (Safety Valve) for sentry-site.xml parameter. false service_config_suppression_hue_sentry_safety_valve true
Suppress Configuration Validator: Hue Server Count Validator Whether to suppress configuration warnings produced by the Hue Server Count Validator configuration validator. false service_config_suppression_hue_server_count_validator true
Suppress Parameter Validation: Hue Service Environment Advanced Configuration Snippet (Safety Valve) Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Service Environment Advanced Configuration Snippet (Safety Valve) parameter. false service_config_suppression_hue_service_env_safety_valve true
Suppress Parameter Validation: Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini Whether to suppress configuration warnings produced by the built-in parameter validation for the Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini parameter. false service_config_suppression_hue_service_safety_valve true
Suppress Parameter Validation: HDFS Web Interface Role Whether to suppress configuration warnings produced by the built-in parameter validation for the HDFS Web Interface Role parameter. false service_config_suppression_hue_webhdfs true
Suppress Parameter Validation: Kerberos Principal Whether to suppress configuration warnings produced by the built-in parameter validation for the Kerberos Principal parameter. false service_config_suppression_kerberos_princ_name true
Suppress Configuration Validator: Kerberos Ticket Renewer Count Validator Whether to suppress configuration warnings produced by the Kerberos Ticket Renewer Count Validator configuration validator. false service_config_suppression_kt_renewer_count_validator true
Suppress Parameter Validation: LDAP Server CA Certificate Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Server CA Certificate parameter. false service_config_suppression_ldap_cert true
Suppress Parameter Validation: LDAP URL Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP URL parameter. false service_config_suppression_ldap_url true
Suppress Parameter Validation: LDAP Username Pattern Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Username Pattern parameter. false service_config_suppression_ldap_username_pattern true
Suppress Parameter Validation: HUE Client Advanced Configuration Snippet (Safety Valve) for navigator.client.properties Whether to suppress configuration warnings produced by the built-in parameter validation for the HUE Client Advanced Configuration Snippet (Safety Valve) for navigator.client.properties parameter. false service_config_suppression_navigator_client_config_safety_valve true
Suppress Parameter Validation: Audit Event Tracker Whether to suppress configuration warnings produced by the built-in parameter validation for the Audit Event Tracker parameter. false service_config_suppression_navigator_event_tracker true
Suppress Parameter Validation: HUE Client Advanced Configuration Snippet (Safety Valve) for navigator.lineage.client.properties Whether to suppress configuration warnings produced by the built-in parameter validation for the HUE Client Advanced Configuration Snippet (Safety Valve) for navigator.lineage.client.properties parameter. false service_config_suppression_navigator_lineage_client_config_safety_valve true
Suppress Parameter Validation: Navigator Metadata Server LDAP Password Whether to suppress configuration warnings produced by the built-in parameter validation for the Navigator Metadata Server LDAP Password parameter. false service_config_suppression_navmetadataserver_ldap_password true
Suppress Parameter Validation: Navigator Metadata Server LDAP User Whether to suppress configuration warnings produced by the built-in parameter validation for the Navigator Metadata Server LDAP User parameter. false service_config_suppression_navmetadataserver_ldap_user true
Suppress Parameter Validation: Navigator Metadata Server SAML Password Whether to suppress configuration warnings produced by the built-in parameter validation for the Navigator Metadata Server SAML Password parameter. false service_config_suppression_navmetadataserver_saml_password true
Suppress Parameter Validation: Navigator Metadata Server SAML User Whether to suppress configuration warnings produced by the built-in parameter validation for the Navigator Metadata Server SAML User parameter. false service_config_suppression_navmetadataserver_saml_user true
Suppress Parameter Validation: Active Directory Domain Whether to suppress configuration warnings produced by the built-in parameter validation for the Active Directory Domain parameter. false service_config_suppression_nt_domain true
Suppress Parameter Validation: PAM Backend Service Name Whether to suppress configuration warnings produced by the built-in parameter validation for the PAM Backend Service Name parameter. false service_config_suppression_pam_auth_service true
Suppress Parameter Validation: System Group Whether to suppress configuration warnings produced by the built-in parameter validation for the System Group parameter. false service_config_suppression_process_groupname true
Suppress Parameter Validation: System User Whether to suppress configuration warnings produced by the built-in parameter validation for the System User parameter. false service_config_suppression_process_username true
Suppress Parameter Validation: Service Triggers Whether to suppress configuration warnings produced by the built-in parameter validation for the Service Triggers parameter. false service_config_suppression_service_triggers true
Suppress Parameter Validation: Service Monitor Derived Configs Advanced Configuration Snippet (Safety Valve) Whether to suppress configuration warnings produced by the built-in parameter validation for the Service Monitor Derived Configs Advanced Configuration Snippet (Safety Valve) parameter. false service_config_suppression_smon_derived_configs_safety_valve true
Suppress Parameter Validation: LDAP Group Name for Test LDAP Configuration Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Group Name for Test LDAP Configuration parameter. false service_config_suppression_test_ldap_group true
Suppress Parameter Validation: LDAP Username for Test LDAP Configuration Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Username for Test LDAP Configuration parameter. false service_config_suppression_test_ldap_user true
Suppress Parameter Validation: Time Zone Whether to suppress configuration warnings produced by the built-in parameter validation for the Time Zone parameter. false service_config_suppression_time_zone true
Suppress Parameter Validation: User Augmentor Whether to suppress configuration warnings produced by the built-in parameter validation for the User Augmentor parameter. false service_config_suppression_user_augmentor true
Suppress Parameter Validation: LDAP User Filter Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP User Filter parameter. false service_config_suppression_user_filter true
Suppress Parameter Validation: LDAP Username Attribute Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Username Attribute parameter. false service_config_suppression_user_name_attr true
Suppress Parameter Validation: Whitelist Whether to suppress configuration warnings produced by the built-in parameter validation for the Whitelist parameter. false service_config_suppression_whitelist true
Suppress Health Test: Hue Server Health Whether to suppress the results of the Hue Server Health heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false service_health_suppression_hue_hue_servers_healthy true
Suppress Health Test: Kerberos Ticket Renewer Health Whether to suppress the results of the Kerberos Ticket Renewer Health heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false service_health_suppression_hue_kt_renewers_healthy true
Suppress Health Test: Load Balancer Health Whether to suppress the results of the Load Balancer Health heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts. false service_health_suppression_hue_load_balancer_healthy true