Configure a cluster
|
IMPORTANT
There is usually no need to change cluster configuration parameters. You can leave all parameters at the default values.
|
After creation a new cluster, you can configure it by performing the following steps:
-
Select a cluster on the Clusters page. To do this, click a cluster name in the Name column.
Select a cluster -
Open the Configuration tab on the cluster page and switch on the Show advanced toggle.
-
Fill in all necessary parameters and click Save.
The cluster Configuration page includes the following settings:
-
The Reliability control section. It is displayed if the Show advanced checkbox is enabled. It contains the following parameters:
-
retries — the number of retries for cluster operations (20 by default);
-
delay — the delay between retries in seconds (10 by default);
-
timeout — timeout for checks of network ports in seconds (60 by default).
-
-
Paths to the repositories for CentOS, Red Hat, and ALT Linux 8 that are used in the process of installing — depending on the cluster operation system:
-
monitoring — monitoring components repository;
-
zookeeper_repo — Arenadata Zookeeper YUM repository;
-
arenadata — Arenadata YUM repository;
-
arenadata_postgres — Arenadata PostgreSQL YUM repository;
-
ranger — Ranger client repository.
-
-
The Docker registry parameter that specifies a Docker Registry address. The default value is hub.adsw.io — Docker Registry from the Arenadata repository.
-
The Kerberos section that includes settings listed in the table below. Some options are visible only with the Show advanced option enabled.
Parameter Description Default value Enable Kerberos
Enables the Kerberos authentication
False
Authentication on WEB UIs
Enables the Kerberos authentication on WEB UIs
False
SPNEGO Signature Value
A secret key that is used to generate and verify the signature in the HTTP authentication protocol SPNEGO (in the Base64 format)
—
Kerberos KDC type
A KDC type. For more information, see Kerberos
MIT
KDC hosts
One or more KDC hosts with running FreeIPA server(s)
—
Realm
A Kerberos realm to connect to the FreeIPA server
—
Domains
One or more domains associated with FreeIPA
—
Kadmin server
A host where
kadminis running—
Kadmin principal
A principal name used to connect via
kadmin, for exampleadmin@RU-CENTRAL1.INTERNAL—
Kadmin password
An IPA Admin password
—
Keytabs directory
A directory with keytab files
/etc/security/keytabs
Additional realms
Additional Kerberos realms
—
Delay between kinit invocation attempts
Delay between kinit invocation attempts
5
Number of retries for kinit invocation attempts
Number of retries for kinit invocation attempts
10
Trusted Active Directory server
An Active Directory server for one-way cross-realm trust from the MIT Kerberos KDC
—
Trusted Active Directory realm
An Active Directory realm for one-way cross-realm trust from the MIT Kerberos KDC
—
Custom krb5.conf
Enables adding custom parameters to the krb5.conf file
False
krb5.conf
Additional parameters to write to the krb5.conf file
—
Admin DN
A full DistinguishedName of the admin user with rights to
create/modify/delete/pwdchangeuser accounts in the target Organizational Unit—
LDAP URL
LDAP URL that consists of the
ldap://orldaps://protocol prefix, hostname or IP address and port of an AD server. For example,ldaps://192.168.4.2:636—
Container DN
A container distinguished name
—
TLS CA certificate Path
A CA certificate path on the host filesystem that is pre-located or should be written from the TLS CA certificate field
—
TLS CA certificate (optional)
A CA certificate that is written on a host by the path from TLS CA certificate Path during the execution of the Manage Kerberos action. The certificate is not saved in ADCM
—
Custom ldap.conf
Enables adding custom parameters to the ldap.conf file
False
ldap.conf
Additional parameters that are written to the ldap.conf file
—
IpaClient No NTP Autoconf
Disables the NTP configuration during the IPA client installation
False
IpaClient No DNS Lookup
Disables the DNS lookup for the FreeIPA server during the IPA client installation
True
Number of retries for kinit invocation attempts
Number of retries for kinit invocation attempts
5
Set up Kerberos utils
Enables installation or removal of Kerberos clients and utils. Affects the Expand and Install actions
True
Configure Kerberos on hosts
Enables cluster configuration, including krb5.conf, ldap.conf
True
Set up principals and keytabs
Enables creation, recreation, or removal of principals and keytabs. Passwords for principals are generated randomly before keytab creation. Affects the Expand and Install actions. ADCM bundle will set up owner and permissions for keytabs only if this checkbox is selected in the cluster configuration. In case of absence of admin permissions, a customer should provide the prepared keytabs with correctly set owner and permissions (see Custom keytab recommendations)
True
Configure services and clients
Enables updating of services and clients configuration
True
Run service checks
Enables service check runs
True
-
The ssl_default_config section with the settings listed in the table below.
Parameter Description Default value Keystore path
A path to the keystore file
/tmp/keystore.jks
Keystore password
A password for the keystore file
—
Truststore path
A path to the truststore file
/tmp/truststore.jks
Truststore password
A password for the truststore file
—
TLS Version
Version of the TLS protocol. See Set TLS version for an ADH cluster
TLSv1.2
-
The java.io.tmpdir parameter that specifies an environment variable to control
java.io.tmpdirfor YARN, HBase, Hive, Spark.
-
