openstack/deb-sahara
Code Issues Proposed changes
23e9aacad4
deb-sahara/sahara/plugins/cdh/v5/resources/hdfs-service.json
Ken Chen 2a56aa003d Separate the codes of CDH5 and CDH5.3.0 
We use v5 and v5.3.0 to put different python files for CDH5 and
CDH5.3.0. CDH5 is CDH5.0.0, we use the name "CDH5" instead of
"CDH5.0.0" for backward support. Currently since CDH5.0.0 does
not support cm_api>6, we cannot use first_run API in CDH5.0.0, so
we only implemented parts of the services that we implemented in
CDH5.3.0.

implements bp: cdh-version-management
Change-Id: I3b3058f25912ddf6206d64db88ac40138a45a53f
2015-02-06 11:04:24 +08:00

608 lines
38 KiB
JSON
Raw Blame History

[
{
"desc": "Timeout in milliseconds for the parallel RPCs made in DistributedFileSystem#getFileBlockStorageLocations(). This value is only emitted for Impala.",
"display_name": "HDFS File Block Storage Location Timeout",
"name": "dfs_client_file_block_storage_locations_timeout",
"value": "10000"
},
{
"desc": "The domain to use for the HTTP cookie that stores the authentication token. In order for authentiation to work correctly across all Hadoop nodes' web-consoles the domain must be correctly set. <b>Important:</b> when using IP addresses, browsers ignore cookies with domain settings. For this setting to work properly all nodes in the cluster must be configured to generate URLs with hostname.domain names on it.",
"display_name": "Hadoop HTTP Authentication Cookie Domain",
"name": "hadoop_http_auth_cookie_domain",
"value": ""
},
{
"desc": "The user that this service's processes should run as (except the HttpFS server, which has its own user)",
"display_name": "System User",
"name": "process_username",
"value": "hdfs"
},
{
"desc": "<p>Event filters are defined in a JSON object like the following:</p>\n\n<pre>\n{\n \"defaultAction\" : (\"accept\", \"discard\"),\n \"rules\" : [\n {\n \"action\" : (\"accept\", \"discard\"),\n \"fields\" : [\n {\n \"name\" : \"fieldName\",\n \"match\" : \"regex\"\n }\n ]\n }\n ]\n}\n</pre>\n\n<p>\nA filter has a default action and a list of rules, in order of precedence.\nEach rule defines an action, and a list of fields to match against the\naudit event.\n</p>\n\n<p>\nA rule is \"accepted\" if all the listed field entries match the audit\nevent. At that point, the action declared by the rule is taken.\n</p>\n\n<p>\nIf no rules match the event, the default action is taken. Actions\ndefault to \"accept\" if not defined in the JSON object.\n</p>\n\n<p>\nThe following is the list of fields that can be filtered for HDFS events:\n</p>\n\n<ul>\n <li>username: the user performing the action.</li>\n <li>ipAddress: the IP from where the request originated.</li>\n <li>command: the HDFS operation being performed.</li>\n <li>src: the source path for the operation.</li>\n <li>dest: the destination path for the operation.</li>\n <li>permissions: the permissions associated with the operation.</li>\n</ul>\n",
"display_name": "Event Filter",
"name": "navigator_audit_event_filter",
"value": "{\n \"comment\" : [\n \"Default filter for HDFS services.\",\n \"Discards events generated by the internal Cloudera and/or HDFS users\",\n \"(hdfs, hbase, mapred and dr.who), and events that affect files in \",\n \"/tmp directory.\"\n ],\n \"defaultAction\" : \"accept\",\n \"rules\" : [\n {\n \"action\" : \"discard\",\n \"fields\" : [\n { \"name\" : \"username\", \"match\" : \"(?:cloudera-scm|hbase|hdfs|mapred|hive|dr.who)(?:/.+)?\" }\n ]\n },\n {\n \"action\" : \"discard\",\n \"fields\" : [\n { \"name\" : \"src\", \"match\" : \"/tmp(?:/.*)?\" }\n ]\n }\n ]\n}\n"
},
{
"desc": "The password for the SSL keystore.",
"display_name": "Hadoop User Group Mapping LDAP SSL Keystore Password",
"name": "hadoop_group_mapping_ldap_keystore_passwd",
"value": ""
},
{
"desc": "Comma-delimited list of hosts where you want to allow the Hue user to impersonate other users. The default '*' allows all hosts. To disable entirely, use a string that doesn't correspond to a host name, such as '_no_host'.",
"display_name": "Hue Proxy User Hosts",
"name": "hue_proxy_user_hosts_list",
"value": "*"
},
{
"desc": "The service monitor will use this directory to create files to test if the hdfs service is healthy. The directory and files are created with permissions specified by 'HDFS Health Canary Directory Permissions'",
"display_name": "HDFS Health Canary Directory",
"name": "firehose_hdfs_canary_directory",
"value": "/tmp/.cloudera_health_monitoring_canary_files"
},
{
"desc": "Path to the directory where audit logs will be written. The directory will be created if it doesn't exist.",
"display_name": "Audit Log Directory",
"name": "audit_event_log_dir",
"value": "/var/log/hadoop-hdfs/audit"
},
{
"desc": "Class for user to group mapping (get groups for a given user).",
"display_name": "Hadoop User Group Mapping Implementation",
"name": "hadoop_security_group_mapping",
"value": "org.apache.hadoop.security.ShellBasedUnixGroupsMapping"
},
{
"desc": "Allows the oozie superuser to impersonate any members of a comma-delimited list of groups. The default '*' allows all groups. To disable entirely, use a string that doesn't correspond to a group name, such as '_no_group_'.",
"display_name": "Oozie Proxy User Groups",
"name": "oozie_proxy_user_groups_list",
"value": "*"
},
{
"desc": "Comma-separated list of compression codecs that can be used in job or map compression.",
"display_name": "Compression Codecs",
"name": "io_compression_codecs",
"value": "org.apache.hadoop.io.compress.DefaultCodec,org.apache.hadoop.io.compress.GzipCodec,org.apache.hadoop.io.compress.BZip2Codec,org.apache.hadoop.io.compress.DeflateCodec,org.apache.hadoop.io.compress.SnappyCodec,org.apache.hadoop.io.compress.Lz4Codec"
},
{
"desc": "Comma-separated list of users authorized to used Hadoop. This is emitted only if authorization is enabled.",
"display_name": "Authorized Users",
"name": "hadoop_authorized_users",
"value": "*"
},
{
"desc": "Enable HDFS short circuit read. This allows a client co-located with the DataNode to read HDFS file blocks directly. This gives a performance boost to distributed clients that are aware of locality.",
"display_name": "Enable HDFS Short Circuit Read",
"name": "dfs_datanode_read_shortcircuit",
"value": "true"
},
{
"desc": "The distinguished name of the user to bind as when connecting to the LDAP server. This may be left blank if the LDAP server supports anonymous binds.",
"display_name": "Hadoop User Group Mapping LDAP Bind User",
"name": "hadoop_group_mapping_ldap_bind_user",
"value": ""
},
{
"desc": "When set, Cloudera Manager will send alerts when the health of this service reaches the threshold specified by the EventServer setting eventserver_health_events_alert_threshold",
"display_name": "Enable Service Level Health Alerts",
"name": "enable_alerts",
"value": "true"
},
{
"desc": "The password of the bind user.",
"display_name": "Hadoop User Group Mapping LDAP Bind User Password",
"name": "hadoop_group_mapping_ldap_bind_passwd",
"value": ""
},
{
"desc": "Action to take when the audit event queue is full. Drop the event or shutdown the affected process.",
"display_name": "Queue Policy",
"name": "navigator_audit_queue_policy",
"value": "DROP"
},
{
"desc": "When set, each role will identify important log events and forward them to Cloudera Manager.",
"display_name": "Enable Log Event Capture",
"name": "catch_events",
"value": "true"
},
{
"desc": "For advanced use only, a string to be inserted into <strong>core-site.xml</strong>. Applies to all roles and client configurations in this HDFS service as well as all its dependent services. Any configs added here will be overridden by their default values in HDFS (which can be found in hdfs-default.xml).",
"display_name": "Cluster-wide Advanced Configuration Snippet (Safety Valve) for core-site.xml",
"name": "core_site_safety_valve",
"value": null
},
{
"desc": "The default block size in bytes for new HDFS files. Note that this value is also used as the HBase Region Server HLog block size.",
"display_name": "HDFS Block Size",
"name": "dfs_block_size",
"value": "134217728"
},
{
"desc": "Enable WebHDFS interface",
"display_name": "Enable WebHDFS",
"name": "dfs_webhdfs_enabled",
"value": "true"
},
{
"desc": "The name of the group of superusers.",
"display_name": "Superuser Group",
"name": "dfs_permissions_supergroup",
"value": "supergroup"
},
{
"desc": "Typically, HDFS clients and servers communicate by opening sockets via an IP address. In certain networking configurations, it is preferable to open sockets after doing a DNS lookup on the hostname. Enable this property to open sockets after doing a DNS lookup on the hostname. This property is supported in CDH3u4 or later deployments.",
"display_name": "Use DataNode Hostname",
"name": "dfs_client_use_datanode_hostname",
"value": "false"
},
{
"desc": "Enter a FailoverProxyProvider implementation to configure two URIs to connect to during fail-over. The first configured address is tried first, and on a fail-over event the other address is tried.",
"display_name": "FailoverProxyProvider Class",
"name": "dfs_ha_proxy_provider",
"value": "org.apache.hadoop.hdfs.server.namenode.ha.ConfiguredFailoverProxyProvider"
},
{
"desc": "The search base for the LDAP connection. This is a distinguished name, and will typically be the root of the LDAP directory.",
"display_name": "Hadoop User Group Mapping Search Base",
"name": "hadoop_group_mapping_ldap_base",
"value": ""
},
{
"desc": "If false, permission checking is turned off for files in HDFS.",
"display_name": "Check HDFS Permissions",
"name": "dfs_permissions",
"value": "true"
},
{
"desc": "Comma-delimited list of groups that you want to allow the Hue user to impersonate. The default '*' allows all groups. To disable entirely, use a string that doesn't correspond to a group name, such as '_no_group_'.",
"display_name": "Hue Proxy User Groups",
"name": "hue_proxy_user_groups_list",
"value": "*"
},
{
"desc": "Comma-separated list of groups authorized to used Hadoop. This is emitted only if authorization is enabled.",
"display_name": "Authorized Groups",
"name": "hadoop_authorized_groups",
"value": ""
},
{
"desc": "Comma-delimited list of hosts where you want to allow the oozie user to impersonate other users. The default '*' allows all hosts. To disable entirely, use a string that doesn't correspond to a host name, such as '_no_host'.",
"display_name": "Oozie Proxy User Hosts",
"name": "oozie_proxy_user_hosts_list",
"value": "*"
},
{
"desc": "When set, Cloudera Manager will send alerts when this entity's configuration changes.",
"display_name": "Enable Configuration Change Alerts",
"name": "enable_config_alerts",
"value": "false"
},
{
"desc": "Comma-delimited list of groups that you want to allow the mapred user to impersonate. The default '*' allows all groups. To disable entirely, use a string that doesn't correspond to a group name, such as '_no_group_'.",
"display_name": "Mapred Proxy User Groups",
"name": "mapred_proxy_user_groups_list",
"value": "*"
},
{
"desc": "For advanced use only, key-value pairs (one on each line) to be inserted into a role's environment. Applies to configurations of all roles in this service except client configuration.",
"display_name": "HDFS Service Environment Advanced Configuration Snippet (Safety Valve)",
"name": "hdfs_service_env_safety_valve",
"value": null
},
{
"desc": "Additional mapping rules that will be inserted before rules generated from the list of trusted realms and before the default rule. After changing this value and restarting the service, any services depending on this one must be restarted as well. The hadoop.security.auth_to_local property is configured using this information.",
"display_name": "Additional Rules to Map Kerberos Principals to Short Names",
"name": "extra_auth_to_local_rules",
"value": null
},
{
"desc": "Maximum size of audit log file in MB before it is rolled over.",
"display_name": "Maximum Audit Log File Size",
"name": "navigator_audit_log_max_file_size",
"value": "100"
},
{
"desc": "Enables authentication for hadoop HTTP web-consoles for all roles of this service. <b>Note:</b> This is effective only if security is enabled for the HDFS service.",
"display_name": "Enable Authentication for HTTP Web-Consoles",
"name": "hadoop_secure_web_ui",
"value": "false"
},
{
"desc": "Quality of protection for secured RPC connections between NameNode and HDFS clients. For effective RPC protection, enable Kerberos authentication.",
"display_name": "Hadoop RPC Protection",
"name": "hadoop_rpc_protection",
"value": "authentication"
},
{
"desc": "Comma-delimited list of groups that you want to allow the Hive user to impersonate. The default '*' allows all groups. To disable entirely, use a string that doesn't correspond to a group name, such as '_no_group_'.",
"display_name": "Hive Proxy User Groups",
"name": "hive_proxy_user_groups_list",
"value": "*"
},
{
"desc": "Comma-separated list of users authorized to perform admin operations on Hadoop. This is emitted only if authorization is enabled.",
"display_name": "Authorized Admin Users",
"name": "hadoop_authorized_admin_users",
"value": "*"
},
{
"desc": "The health check thresholds of the number of missing blocks. Specified as a percentage of the total number of blocks.",
"display_name": "Missing Block Monitoring Thresholds",
"name": "hdfs_missing_blocks_thresholds",
"value": "{\"critical\":\"any\",\"warning\":\"never\"}"
},
{
"desc": "The amount of time after NameNode(s) start that the lack of an active NameNode will be tolerated. This is intended to allow either the auto-failover daemon to make a NameNode active, or a specifically issued failover command to take effect. This is an advanced option that does not often need to be changed.",
"display_name": "NameNode Activation Startup Tolerance",
"name": "hdfs_namenode_activation_startup_tolerance",
"value": "180"
},
{
"desc": "Comma-delimited list of groups that you want to allow the HttpFS user to impersonate. The default '*' allows all groups. To disable entirely, use a string that doesn't correspond to a group name, such as '_no_group_'.",
"display_name": "HttpFS Proxy User Groups",
"name": "httpfs_proxy_user_groups_list",
"value": "*"
},
{
"desc": "Allows the flume user to impersonate any members of a comma-delimited list of groups. The default '*' allows all groups. To disable entirely, use a string that doesn't correspond to a group name, such as '_no_group_'.",
"display_name": "Flume Proxy User Groups",
"name": "flume_proxy_user_groups_list",
"value": "*"
},
{
"desc": "Comma-delimited list of hosts where you want to allow the mapred user to impersonate other users. The default '*' allows all hosts. To disable entirely, use a string that doesn't correspond to a host name, such as '_no_host'.",
"display_name": "Mapred Proxy User Hosts",
"name": "mapred_proxy_user_hosts_list",
"value": "*"
},
{
"desc": "For advanced use only, a list of configuration properties that will be used by the Service Monitor instead of the current client configuration for the service.",
"display_name": "Service Monitor Client Config Overrides",
"name": "smon_client_config_overrides",
"value": "<property><name>dfs.socket.timeout</name><value>3000</value></property><property><name>dfs.datanode.socket.write.timeout</name><value>3000</value></property><property><name>ipc.client.connect.max.retries</name><value>1</value></property><property><name>fs.permissions.umask-mode</name><value>000</value></property>"
},
{
"desc": "<p>The configured triggers for this service. This is a JSON formatted list of triggers. These triggers are evaluated as part as the health system. Every trigger expression is parsed, and if the trigger condition is met, the list of actions provided in the trigger expression is executed.</p><p>Each trigger has all of the following fields:</p><ul><li><span class='code'>triggerName</span> <strong>(mandatory)</strong> - the name of the trigger. This value must be unique for the specific service. </li><li><span class='code'>triggerExpression</span> <strong>(mandatory)</strong> - a tsquery expression representing the trigger. <li><span class='code'>streamThreshold</span> <strong>(optional)</strong> - the maximum number of streams that can satisfy a condition of a trigger before the condition fires. By default set to 0, and any stream returned will cause the condition to fire. <li><span class='code'>enabled</span> <strong> (optional)</strong> - by default set to 'true'. If set to 'false' the trigger will not be evaluated.</p><p>For example, here is a JSON formatted trigger that fires if there are more than 10 DataNodes with more than 500 file-descriptors opened:</p><p><pre>[{\"triggerName\": \"sample-trigger\",\n \"triggerExpression\": \"IF (SELECT fd_open WHERE roleType = DataNode and last(fd_open) > 500) DO health:red\",\n \"streamThreshold\": 10, \"enabled\": \"true\"}]</pre></p><p>Consult the trigger rules documentation for more details on how to write triggers using tsquery.</p><p>The JSON format is evolving and may change in the future and as a result backward compatibility is not guaranteed between releases at this time.</p>",
"display_name": "Service Triggers",
"name": "service_triggers",
"value": "[]"
},
{
"desc": "Comma-separated list of Kerberos realms that Hadoop services should trust. If empty, defaults to the configured default_realm in the krb5.conf file. After changing this value and restarting the service, any services depending on this one must be restarted as well. The hadoop.security.auth_to_local property is configured using this information.",
"display_name": "Trusted Kerberos Realms",
"name": "trusted_realms",
"value": ""
},
{
"desc": "For advanced use only, a list of derived configuration properties that will be used by the Service Monitor instead of the default ones.",
"display_name": "Service Monitor Derived Configs Advanced Configuration Snippet (Safety Valve)",
"name": "smon_derived_configs_safety_valve",
"value": null
},
{
"desc": "Enables the health check that verifies that the failover controllers associated with this service are healthy and running.",
"display_name": "Failover Controllers Healthy",
"name": "failover_controllers_healthy_enabled",
"value": "true"
},
{
"desc": "The attribute of the group object that identifies the users that are members of the group. The default will usually be appropriate for any LDAP installation.",
"display_name": "Hadoop User Group Mapping LDAP Group Membership Attribute",
"name": "hadoop_group_mapping_ldap_member_attr",
"value": "member"
},
{
"desc": "Comma separated list of users allowed to do short circuit read. A short circuit read allows a client co-located with the data to read HDFS file blocks directly from HDFS. If empty, will default to the DataNode process' user.",
"display_name": "DataNode Local Path Access Users",
"name": "dfs_block_local_path_access_user",
"value": null
},
{
"desc": "The timeout, in milliseconds, to use with the Cloudera Manager agent-based fencer.",
"display_name": "Timeout for Cloudera Manager Fencing Strategy",
"name": "dfs_ha_fencing_cloudera_manager_timeout_millis",
"value": "10000"
},
{
"desc": "Enable collection of audit events from the service's roles.",
"display_name": "Enable Collection",
"name": "navigator_audit_enabled",
"value": "true"
},
{
"desc": "Maximum bandwidth used for image transfer in bytes per second. This can help keep normal namenode operations responsive during checkpointing. A default value of 0 indicates that throttling is disabled.",
"display_name": "FsImage Transfer Bandwidth",
"name": "dfs_image_transfer_bandwidthPerSec",
"value": "0"
},
{
"desc": "The user the management services will impersonate as when connecting to HDFS. Defaults to 'hdfs', a superuser.",
"display_name": "HDFS User to Impersonate",
"name": "hdfs_user_to_impersonate",
"value": "hdfs"
},
{
"desc": "File path to the SSL keystore containing the SSL certificate required by the LDAP server.",
"display_name": "Hadoop User Group Mapping LDAP SSL Keystore",
"name": "hadoop_group_mapping_ldap_keystore",
"value": ""
},
{
"desc": "The short name of Hue's Kerberos principal",
"display_name": "Hue's Kerberos Principal Short Name",
"name": "hue_kerberos_principal_shortname",
"value": "hue"
},
{
"desc": "The minimal block replication.",
"display_name": "Minimal Block Replication",
"name": "dfs_replication_min",
"value": "1"
},
{
"desc": "The maximal block replication.",
"display_name": "Maximal Block Replication",
"name": "dfs_replication_max",
"value": "512"
},
{
"desc": "The service monitor will use these permissions to create the directory and files to test if the hdfs service is healthy. Permissions are specified using the 10-character unix-symbolic format e.g. '-rwxr-xr-x'.",
"display_name": "HDFS Health Canary Directory Permissions",
"name": "firehose_hdfs_canary_directory_permissions",
"value": "-rwxrwxrwx"
},
{
"desc": "Enable authorization",
"display_name": "Hadoop Secure Authorization",
"name": "hadoop_security_authorization",
"value": "false"
},
{
"desc": "The attribute of the group object that identifies the group name. The default will usually be appropriate for all LDAP systems.",
"display_name": "Hadoop User Group Mapping LDAP Group Name Attribute",
"name": "hadoop_group_mapping_ldap_group_name_attr",
"value": "cn"
},
{
"desc": "Enables DataNode support for the experimental DistributedFileSystem.getFileVBlockStorageLocations API. Applicable to CDH 4.1 and onwards.",
"display_name": "Enable HDFS Block Metadata API",
"name": "dfs_datanode_hdfs_blocks_metadata_enabled",
"value": "true"
},
{
"desc": "The tolerance window that will be used in HDFS service tests that depend on detection of the active NameNode.",
"display_name": "Active NameNode Detection Window",
"name": "hdfs_active_namenode_detecton_window",
"value": "3"
},
{
"desc": "Default block replication. The number of replications to make when the file is created. The default value is used if a replication number is not specified.",
"display_name": "Replication Factor",
"name": "dfs_replication",
"value": "3"
},
{
"desc": "Comma-delimited list of groups that you want to allow the HTTP user to impersonate. The default '*' allows all groups. To disable entirely, use a string that doesn't correspond to a group name, such as '_no_group_'. This is used by WebHCat.",
"display_name": "HTTP Proxy User Groups",
"name": "HTTP_proxy_user_groups_list",
"value": "*"
},
{
"desc": "The name of the system group shared by all the core Hadoop services.",
"display_name": "Shared Hadoop Group Name",
"name": "hdfs_hadoop_group_name",
"value": "hadoop"
},
{
"desc": "The amount of time to wait for HDFS filesystem image transfer from NameNode to complete.",
"display_name": "FsImage Transfer Timeout",
"name": "dfs_image_transfer_timeout",
"value": "60000"
},
{
"desc": "Comma-delimited list of hosts where you want to allow the Hive user to impersonate other users. The default '*' allows all hosts. To disable entirely, use a string that doesn't correspond to a host name, such as '_no_host'.",
"display_name": "Hive Proxy User Hosts",
"name": "hive_proxy_user_hosts_list",
"value": "*"
},
{
"desc": "An additional filter to use when searching for LDAP users. The default will usually be appropriate for Active Directory installations. If connecting to a generic LDAP server, ''sAMAccountName'' will likely be replaced with ''uid''. {0} is a special string used to denote where the username fits into the filter.",
"display_name": "Hadoop User Group Mapping LDAP User Search Filter",
"name": "hadoop_group_mapping_ldap_user_filter",
"value": "(&(objectClass=user)(sAMAccountName={0}))"
},
{
"desc": "List of fencing methods to use for service fencing. <tt>shell(./cloudera_manager_agent_fencer.py)</tt> is a fencing mechanism designed to take advantage of the CM agent. The <tt>sshfence</tt> method uses SSH. If using custom fencers (that may talk to shared store, power units, or network switches), use the shell mechanism to invoke them.",
"display_name": "HDFS High Availability Fencing Methods",
"name": "dfs_ha_fencing_methods",
"value": "shell(./cloudera_manager_agent_fencer.py)"
},
{
"desc": "For advanced use only, key-value pairs (one on each line) to be inserted into the environment of HDFS replication jobs.",
"display_name": "HDFS Replication Advanced Configuration Snippet (Safety Valve)",
"name": "hdfs_replication_env_safety_valve",
"value": null
},
{
"desc": "Enables the health check that a client can create, read, write, and delete files",
"display_name": "HDFS Canary Health Check",
"name": "hdfs_canary_health_enabled",
"value": "true"
},
{
"desc": "Path on the DataNode's local file system to a UNIX domain socket used for communication between the DataNode and local HDFS clients. This socket is used for Short Circuit Reads. Only the HDFS System User and \"root\" should have write access to the parent directory and all of its ancestors. This property is supported in CDH 4.2 or later deployments.",
"display_name": "UNIX Domain Socket path",
"name": "dfs_domain_socket_path",
"value": "/var/run/hdfs-sockets/dn"
},
{
"desc": "Algorithm to encrypt data transfer between DataNodes and clients, and among DataNodes. 3des is more cryptographically secure, but rc4 is substantially faster.",
"display_name": "Data Transfer Encryption Algorithm",
"name": "dfs_encrypt_data_transfer_algorithm",
"value": "rc4"
},
{
"desc": "The health check thresholds of the number of under-replicated blocks. Specified as a percentage of the total number of blocks.",
"display_name": "Under-replicated Block Monitoring Thresholds",
"name": "hdfs_under_replicated_blocks_thresholds",
"value": "{\"critical\":\"40.0\",\"warning\":\"10.0\"}"
},
{
"desc": "For advanced use only, a string to be inserted into <strong>hdfs-site.xml</strong>. Applies to configurations of all roles in this service except client configuration.",
"display_name": "HDFS Service Advanced Configuration Snippet (Safety Valve) for hdfs-site.xml",
"name": "hdfs_service_config_safety_valve",
"value": null
},
{
"desc": "Comma-delimited list of hosts where you want to allow the HTTP user to impersonate other users. The default '*' allows all hosts. To disable entirely, use a string that doesn't correspond to a host name, such as '_no_host'. This is used by WebHCat.",
"display_name": "HTTP Proxy User Hosts",
"name": "HTTP_proxy_user_hosts_list",
"value": "*"
},
{
"desc": "<p>\nConfigures the rules for event tracking and coalescing. This feature is\nused to define equivalency between different audit events. When\nevents match, according to a set of configurable parameters, only one\nentry in the audit list is generated for all the matching events.\n</p>\n\n<p>\nTracking works by keeping a reference to events when they first appear,\nand comparing other incoming events against the \"tracked\" events according\nto the rules defined here.\n</p>\n\n<p>Event trackers are defined in a JSON object like the following:</p>\n\n<pre>\n{\n \"timeToLive\" : [integer],\n \"fields\" : [\n {\n \"type\" : [string],\n \"name\" : [string]\n }\n ]\n}\n</pre>\n\n<p>\nWhere:\n</p>\n\n<ul>\n <li>timeToLive: maximum amount of time an event will be tracked, in\n milliseconds. Must be provided. This defines how long, since it's\n first seen, an event will be tracked. A value of 0 disables tracking.</li>\n\n <li>fields: list of fields to compare when matching events against\n tracked events.</li>\n</ul>\n\n<p>\nEach field has an evaluator type associated with it. The evaluator defines\nhow the field data is to be compared. The following evaluators are\navailable:\n</p>\n\n<ul>\n <li>value: uses the field value for comparison.</li>\n\n <li>username: treats the field value as a user name, and ignores any\n host-specific data. This is useful for environment using Kerberos,\n so that only the principal name and realm are compared.</li>\n</ul>\n\n<p>\nThe following is the list of fields that can be used to compare HDFS events:\n</p>\n\n<ul>\n <li>username: the user performing the action.</li>\n <li>ipAddress: the IP from where the request originated.</li>\n <li>command: the HDFS operation being performed.</li>\n <li>src: the source path for the operation.</li>\n <li>dest: the destination path for the operation.</li>\n <li>permissions: the permissions associated with the operation.</li>\n</ul>\n",
"display_name": "Event Tracker",
"name": "navigator_event_tracker",
"value": "{\n \"comment\" : [\n \"Default event tracker for HDFS services.\",\n \"Defines equality by comparing username, operation and source path \",\n \"of the events.\"\n ],\n \"timeToLive\" : 60000,\n \"fields\" : [\n { \"type\": \"value\", \"name\" : \"src\" },\n { \"type\": \"value\", \"name\" : \"operation\" },\n { \"type\": \"username\", \"name\" : \"username\" }\n ]\n}\n"
},
{
"desc": "Choose the authentication mechanism used by Hadoop",
"display_name": "Hadoop Secure Authentication",
"name": "hadoop_security_authentication",
"value": "simple"
},
{
"desc": "For advanced use only, a string to be inserted into <strong>hadoop-policy.xml</strong>. Applies to configurations of all roles in this service except client configuration.",
"display_name": "HDFS Service Advanced Configuration Snippet (Safety Valve) for hadoop-policy.xml",
"name": "hadoop_policy_config_safety_valve",
"value": null
},
{
"desc": "Enable encryption of data transfer between DataNodes and clients, and among DataNodes. For effective data transfer protection, enable Kerberos authentication and choose Privacy Quality of RPC Protection.",
"display_name": "Enable Data Transfer Encryption",
"name": "dfs_encrypt_data_transfer",
"value": "false"
},
{
"desc": "When computing the overall HDFS cluster health, consider the active NameNode's health",
"display_name": "Active NameNode Role Health Check",
"name": "hdfs_namenode_health_enabled",
"value": "true"
},
{
"desc": "The home directory of the system user on the local filesystem. This setting must reflect the system's configured value - only changing it here will not change the actual home directory.",
"display_name": "System User's Home Directory",
"name": "hdfs_user_home_dir",
"value": "/var/lib/hadoop-hdfs"
},
{
"desc": "When computing the overall HDFS cluster health, consider the health of the standby NameNode.",
"display_name": "Standby NameNode Health Check",
"name": "hdfs_standby_namenodes_health_enabled",
"value": "true"
},
{
"desc": "Comma-delimited list of hosts where you want to allow the flume user to impersonate other users. The default '*' allows all hosts. To disable entirely, use a string that doesn't correspond to a host name, such as '_no_host'.",
"display_name": "Flume Proxy User Hosts",
"name": "flume_proxy_user_hosts_list",
"value": "*"
},
{
"desc": "The URL for the LDAP server to use for resolving user groups when using LdapGroupsMapping.",
"display_name": "Hadoop User Group Mapping LDAP URL",
"name": "hadoop_group_mapping_ldap_url",
"value": ""
},
{
"desc": "SSH connection timeout, in milliseconds, to use with the built-in sshfence fencer.",
"display_name": "Timeout for SSH Fencing Strategy",
"name": "dfs_ha_fencing_ssh_connect_timeout",
"value": "30000"
},
{
"desc": "Maximum number of rolled over audit logs to retain. The logs will not be deleted if they contain audit events that have not yet been propagated to Audit Server.",
"display_name": "Number of Audit Logs to Retain",
"name": "navigator_audit_log_max_backup_index",
"value": "10"
},
{
"desc": "Comma-delimited list of hosts where you want to allow the HttpFS user to impersonate other users. The default '*' allows all hosts. To disable entirely, use a string that doesn't correspond to a host name, such as '_no_host'.",
"display_name": "HttpFS Proxy User Hosts",
"name": "httpfs_proxy_user_hosts_list",
"value": "*"
},
{
"desc": "Name of the ZooKeeper service that this HDFS service instance depends on",
"display_name": "ZooKeeper Service",
"name": "zookeeper_service",
"value": null
},
{
"desc": "The group that this service's processes should run as (except the HttpFS server, which has its own group)",
"display_name": "System Group",
"name": "process_groupname",
"value": "hdfs"
},
{
"desc": "The frequency in which the log4j event publication appender will retry sending undelivered log events to the Event server, in seconds",
"display_name": "Log Event Retry Frequency",
"name": "log_event_retry_frequency",
"value": "30"
},
{
"desc": "Default umask for file and directory creation, specified in an octal value (with a leading 0)",
"display_name": "Default Umask",
"name": "dfs_umaskmode",
"value": "022"
},
{
"desc": "The health check thresholds of free space in HDFS. Specified as a percentage of total HDFS capacity.",
"display_name": "HDFS Free Space Monitoring Thresholds",
"name": "hdfs_free_space_thresholds",
"value": "{\"critical\":\"10.0\",\"warning\":\"20.0\"}"
},
{
"desc": "The health check thresholds of the number of blocks that have at least one corrupt replica. Specified as a percentage of the total number of blocks.",
"display_name": "Blocks With Corrupt Replicas Monitoring Thresholds",
"name": "hdfs_blocks_with_corrupt_replicas_thresholds",
"value": "{\"critical\":\"1.0\",\"warning\":\"0.5\"}"
},
{
"desc": "Comma-separated list of groups authorized to perform admin operations on Hadoop. This is emitted only if authorization is enabled.",
"display_name": "Authorized Admin Groups",
"name": "hadoop_authorized_admin_groups",
"value": ""
},
{
"desc": "An additional filter to use when searching for groups.",
"display_name": "Hadoop User Group Mapping LDAP Group Search Filter",
"name": "hadoop_group_mapping_ldap_group_filter",
"value": "(objectClass=group)"
},
{
"desc": "For advanced use only, a string to be inserted into the client configuration for <strong>navigator.client.properties</strong>.",
"display_name": "HDFS Client Advanced Configuration Snippet (Safety Valve) for navigator.client.properties",
"name": "navigator_client_config_safety_valve",
"value": null
},
{
"desc": "The health test thresholds of the overall DataNode health. The check returns \"Concerning\" health if the percentage of \"Healthy\" DataNodes falls below the warning threshold. The check is unhealthy if the total percentage of \"Healthy\" and \"Concerning\" DataNodes falls below the critical threshold.",
"display_name": "Healthy DataNode Monitoring Thresholds",
"name": "hdfs_datanodes_healthy_thresholds",
"value": "{\"critical\":\"90.0\",\"warning\":\"95.0\"}"
},
{
"desc": "The SSH private key files to use with the built-in sshfence fencer. These are to be accessible to the <tt>hdfs</tt> user on the machines running the NameNodes.",
"display_name": "Private Keys for SSH Fencing Strategy",
"name": "dfs_ha_fencing_ssh_private_key_files",
"value": null
},
{
"desc": "Whether or not to use SSL when connecting to the LDAP server.",
"display_name": "Hadoop User Group Mapping LDAP SSL Enabled",
"name": "hadoop_group_mapping_ldap_use_ssl",
"value": "false"
}
]
View Git Blame Copy Permalink