Creating an environment with a custom FreeIPA image

If necessary, you can customize a pre-warmed FreeIPA image for compliance or security reasons, or to deploy certain software on a machine image.

Cloudera maintains a default image catalog of pre-warmed FreeIPA images that are used when you create an environment. This image catalog is hosted here: https://cloudbreak-imagecatalog.s3.amazonaws.com/v3-prod-freeipa-image-catalog.json. Under certain circumstances you may need to customize a pre-warmed FreeIPA image for compliance or security reasons, or for deploying monitoring tools or software. If you need to customize a FreeIPA image, begin with an official pre-warmed Cloudera FreeIPA image. When you have prepared your customized image, you must also create and host a custom image catalog JSON file in an HTTP/HTTPS location accessible to CDP. This image catalog can be hosted, for example, on GitHub, and may look something like the following:
{
  "images": {
    "freeipa-images": [
      {
        "created": 1615566254,
        "date": "2021-03-12",
        "description": "Official Cloudbreak image",
        "images": {
          "aws": {
            "af-south-1": "ami-0d0920e329afdf157",
            "ap-northeast-1": "ami-0bf7c9a9705d517c0",
            "ap-northeast-2": "ami-06036d32d14da75d7",
            "ap-south-1": "ami-0d93039a0d28cc4a5",
            "ap-southeast-1": "ami-03cc81e7abfba1f47",
            "ap-southeast-2": "ami-0f8b3c72cdd79ec80",
            "ca-central-1": "ami-0a59964dec8dad8fc",
            "eu-central-1": "ami-0b80604a5961b8a05",
            "eu-north-1": "ami-04c552a2de96be80e",
            "eu-south-1": "ami-0e70ad73124a609e6",
            "eu-west-1": "ami-064b593d494ad1d86",
            "eu-west-2": "ami-0330b6284bd9ddeef",
            "eu-west-3": "ami-0b5f97100cb13cdaf",
            "sa-east-1": "ami-0577866f5c4181d8c",
            "us-east-1": "ami-003be8e1d9b083fc5",
            "us-east-2": "ami-0cb47e5297166b570",
            "us-west-1": "ami-072b0720360d7e024",
            "us-west-2": "ami-026e5bbad7145afb0"
          }
        },
        "os": "centos7",
        "os_type": "redhat7",
        "uuid": "customized_freeipa_image_for_testing",
        "package-versions": {
          "salt": "3000.8",
          "salt-bootstrap": "0.13.4-2020-09-30T15:03:43"
        }
      }
    ]
  },
  "versions": {
    "freeipa": [
      {
        "images": [
          "customized_freeipa_image_for_testing"
        ],
        "defaults": [],
        "versions": [
          "2.41.0-b118"
        ]
      }
    ]
  }
}
  1. Prepare your customized pre-warmed image and image catalog. Take note of the URL to the image catalog.
  2. Run the CDP CLI command to create an environment for a given cloud provider, and include these additional parameters in the JSON-formatted command input:
    "image id=<image-UUID>,catalog=\"<URL-to-image-catalog-JSON>"

    The create environment JSON input would look similar to the following example for AWS (line breaks added for readability):

    $ cdp environments create-aws-environment --cli-input-json 
      '{
          "environmentName":"finance-reporting-set4",
          "credentialName":"acme-finance",
          "region":"us-west-2",
          "securityAccess":{"cidr":"0.0.0.0/0"},
          "authentication":{"publicKeyId":"acme-finance-key"},
          "logStorage":
             {
               "storageLocationBase":"s3a://acme-finance-datalake/finance-reporting-set4/logs",
               "instanceProfile":"arn:aws:iam::308455126366:instance-profile/acme-admin-finance"
             },
           "vpcId":"vpc-0207f88d49b2b8118",
           "subnetIds":
                ["subnet-004570df81d2faaaa",
                 "subnet-0918053720e75ffff",
                 "subnet-020ae15bc71542222"],
           "s3GuardTableName":"acme-finance-reporting-set4",
           "description":"",
           "freeIpa":{"instanceCountByGroup":1}
           "image id=customized_freeipa_image_for_testing,catalog=\"https://raw.githubusercontent.com/user/cb-image-catalog/master/custom-freeipa-image-catalog.json\"
        }'
  3. Once the environment has been created, you can check the FreeIPA instance ID against the image catalog to verify that the custom image is being used:
    1. Click Environments > <Environment Name> > Summary. Scroll to FreeIPA.
    2. From the Summary page, copy the FreeIPA instance ID.
    3. Navigate to your cloud provider's console and get the details for the FreeIPA instance in the cloud provider's console. Note the AMI, VHD, or image ID for the FreeIPA instance and verify that this image is one that you specified in your custom image catalog.
After successfully registering the environment, continue to create the Data Lake as described in the cloud-provider specific instructions.