Configure a cluster
|
IMPORTANT
There is usually no need to change cluster configuration parameters. You can leave all parameters at the default values.
|
After creation a new cluster, you can configure it by performing the following steps:
-
Select a cluster on the Clusters page. To do this, click a cluster name in the Name column.
Select a cluster -
Open the Configuration tab on the cluster page and switch on the Show advanced toggle.
-
Fill in all necessary parameters and click Save.
The cluster Configuration page includes the following settings:
-
Paths to the repositories for CentOS, Red Hat, and ALT Linux 8 that are used in the process of installing — depending on the cluster operation system:
-
monitoring — monitoring components repository;
-
zookeeper_repo — Arenadata Zookeeper YUM repository;
-
arenadata — Arenadata YUM repository;
-
arenadata_postgres — Arenadata PostgreSQL YUM repository;
-
ranger — Ranger client repository.
-
-
The Kerberos section that includes settings listed in the table below.
Parameter Description Default value Enable Kerberos
Enables the Kerberos authentication
False
Authentication on WEB UIs
Enables the Kerberos authentication on WEB UIs
False
SPNEGO Signature Value
A secret key that is used to generate and verify the signature in the HTTP authentication protocol SPNEGO (in the Base64 format)
—
Kerberos KDC type
A KDC type. For more information, see Kerberos
MIT
KDC hosts
One or more KDC hosts with running FreeIPA server(s)
—
Realm
A Kerberos realm to connect to the FreeIPA server
—
Domains
One or more domains associated with FreeIPA
—
Kadmin server
A host where
kadminis running—
Kadmin principal
A principal name used to connect via
kadmin, for exampleadmin@RU-CENTRAL1.INTERNAL—
Kadmin password
An IPA Admin password
—
Keytabs directory
A directory with keytab files
/etc/security/keytabs
Additional realms
Additional Kerberos realms
—
Trusted Active Directory server
An Active Directory server for one-way cross-realm trust from the MIT Kerberos KDC
—
Trusted Active Directory realm
An Active Directory realm for one-way cross-realm trust from the MIT Kerberos KDC
—
Custom krb5.conf
Enables adding custom parameters to the krb5.conf file
False
krb5.conf
Additional parameters to write to the krb5.conf file
—
Admin DN
A full DistinguishedName of the admin user with rights to
create/modify/delete/pwdchangeuser accounts in the target Organizational Unit—
LDAP URL
LDAP URL that consists of the
ldap://orldaps://protocol prefix, hostname or IP address and port of an AD server. For example,ldaps://192.168.4.2:636—
Container DN
A container distinguished name
—
TLS CA certificate Path
A CA certificate path on the host filesystem that is pre-located or should be written from the TLS CA certificate field
—
TLS CA certificate (optional)
A CA certificate that is written on a host by the path from TLS CA certificate Path during the execution of the Enable Kerberos action. The certificate is not saved in ADCM
—
Custom ldap.conf
Enables adding custom parameters to the ldap.conf file
False
ldap.conf
Additional parameters that are written to the ldap.conf file
—
IpaClient No NTP Autoconf
Disables the NTP configuration during the IPA client installation
False
IpaClient No DNS Lookup
Disables the DNS lookup for the FreeIPA server during the IPA client installation
True
Number of retries for kinit invocation attempts
Number of retries for kinit invocation attempts
5
-
The ssl_default_config section with the settings listed in the table below.
Parameter Description Default value Keystore path
A path to the keystore file
/tmp/keystore.jks
Keystore password
A password for the keystore file
—
Truststore path
A path to the truststore file
/tmp/truststore.jks
Truststore password
A password for the truststore file
—
TLS Version
Version of the TLS protocol
TLSv1.2
-
