[ { "desc": "Password for Sentry Server database.", "display_name": "Sentry Server Database Password", "name": "sentry_server_database_password", "value": "" }, { "desc": "

\nConfigures the rules for event tracking and coalescing. This feature is\nused to define equivalency between different audit events. When\nevents match, according to a set of configurable parameters, only one\nentry in the audit list is generated for all the matching events.\n

\n\n

\nTracking works by keeping a reference to events when they first appear,\nand comparing other incoming events against the \"tracked\" events according\nto the rules defined here.\n

\n\n

Event trackers are defined in a JSON object like the following:

\n\n
\n{\n  \"timeToLive\" : [integer],\n  \"fields\" : [\n    {\n      \"type\" : [string],\n      \"name\" : [string]\n    }\n  ]\n}\n
\n\n

\nWhere:\n

\n\n\n\n

\nEach field has an evaluator type associated with it. The evaluator defines\nhow the field data is to be compared. The following evaluators are\navailable:\n

\n\n\n\n

\nThe following is the list of fields that can be used to compare Sentry events:\n

\n\n\n", "display_name": "Event Tracker", "name": "navigator_event_tracker", "value": null }, { "desc": "The user that this service's processes should run as.", "display_name": "System User", "name": "process_username", "value": "sentry" }, { "desc": "User for Sentry Server database.", "display_name": "Sentry Server Database User", "name": "sentry_server_database_user", "value": "sentry" }, { "desc": "Name of the HDFS service that this Sentry service instance depends on", "display_name": "HDFS Service", "name": "hdfs_service", "value": null }, { "desc": "Type of Sentry Server database.", "display_name": "Sentry Server Database Type", "name": "sentry_server_database_type", "value": "mysql" }, { "desc": "Maximum size of audit log file in MB before it is rolled over.", "display_name": "Maximum Audit Log File Size", "name": "navigator_audit_log_max_file_size", "value": "100" }, { "desc": "Host name of Sentry Server database.", "display_name": "Sentry Server Database Host", "name": "sentry_server_database_host", "value": "localhost" }, { "desc": "Name of Sentry Server database.", "display_name": "Sentry Server Database Name", "name": "sentry_server_database_name", "value": "sentry" }, { "desc": "List of users allowed to connect to the Sentry Server. These are usually service users such as hive and impala, and the list does not usually need to include end-users.", "display_name": "Allowed Connecting Users", "name": "sentry_service_allow_connect", "value": "hive,impala,hue,hdfs" }, { "desc": "The group that this service's processes should run as.", "display_name": "System Group", "name": "process_groupname", "value": "sentry" }, { "desc": "For advanced use only, a string to be inserted into sentry-site.xml. Applies to configurations of all roles in this service except client configuration.", "display_name": "Sentry Service Advanced Configuration Snippet (Safety Valve) for sentry-site.xml", "name": "sentry_server_config_safety_valve", "value": null }, { "desc": "When set, Cloudera Manager will send alerts when the health of this service reaches the threshold specified by the EventServer setting eventserver_health_events_alert_threshold", "display_name": "Enable Service Level Health Alerts", "name": "enable_alerts", "value": "true" }, { "desc": "Path to the directory where audit logs will be written. The directory will be created if it doesn't exist.", "display_name": "Audit Log Directory", "name": "audit_event_log_dir", "value": "/var/log/sentry/audit" }, { "desc": "Action to take when the audit event queue is full. Drop the event or shutdown the affected process.", "display_name": "Queue Policy", "name": "navigator_audit_queue_policy", "value": "DROP" }, { "desc": "

The configured triggers for this service. This is a JSON formatted list of triggers. These triggers are evaluated as part as the health system. Every trigger expression is parsed, and if the trigger condition is met, the list of actions provided in the trigger expression is executed.

Each trigger has all of the following fields:

For example, here is a JSON formatted trigger that fires if there are more than 10 DataNodes with more than 500 file-descriptors opened:

[{\"triggerName\": \"sample-trigger\",\n  \"triggerExpression\": \"IF (SELECT fd_open WHERE roleType = DataNode and last(fd_open) > 500) DO health:bad\",\n  \"streamThreshold\": 10, \"enabled\": \"true\"}]

Consult the trigger rules documentation for more details on how to write triggers using tsquery.

The JSON format is evolving and may change in the future and as a result backward compatibility is not guaranteed between releases at this time.

", "display_name": "Service Triggers", "name": "service_triggers", "value": "[]" }, { "desc": "When computing the overall SENTRY health, consider Sentry Server's health", "display_name": "Sentry Server Role Health Test", "name": "sentry_sentry_server_health_enabled", "value": "true" }, { "desc": "When set, Cloudera Manager will send alerts when this entity's configuration changes.", "display_name": "Enable Configuration Change Alerts", "name": "enable_config_alerts", "value": "false" }, { "desc": "Port number of Sentry Server database.", "display_name": "Sentry Server Database Port", "name": "sentry_server_database_port", "value": "3306" }, { "desc": "If an end user is in one of these admin groups, that user has administrative privileges on the Sentry Server.", "display_name": "Admin Groups", "name": "sentry_service_admin_group", "value": "hive,impala,hue" }, { "desc": "For advanced use only, a string to be inserted into the client configuration for navigator.client.properties.", "display_name": "Sentry Client Advanced Configuration Snippet (Safety Valve) for navigator.client.properties", "name": "navigator_client_config_safety_valve", "value": null }, { "desc": "Enable collection of audit events from the service's roles.", "display_name": "Enable Collection", "name": "navigator_audit_enabled", "value": "true" }, { "desc": "For advanced use only, a list of derived configuration properties that will be used by the Service Monitor instead of the default ones.", "display_name": "Service Monitor Derived Configs Advanced Configuration Snippet (Safety Valve)", "name": "smon_derived_configs_safety_valve", "value": null } ]