2a56aa003d
We use v5 and v5.3.0 to put different python files for CDH5 and CDH5.3.0. CDH5 is CDH5.0.0, we use the name "CDH5" instead of "CDH5.0.0" for backward support. Currently since CDH5.0.0 does not support cm_api>6, we cannot use first_run API in CDH5.0.0, so we only implemented parts of the services that we implemented in CDH5.3.0. implements bp: cdh-version-management Change-Id: I3b3058f25912ddf6206d64db88ac40138a45a53f
140 lines
8.8 KiB
JSON
140 lines
8.8 KiB
JSON
[
|
|
{
|
|
"desc": "Password for Sentry Server database.",
|
|
"display_name": "Sentry Server Database Password",
|
|
"name": "sentry_server_database_password",
|
|
"value": ""
|
|
},
|
|
{
|
|
"desc": "<p>\nConfigures the rules for event tracking and coalescing. This feature is\nused to define equivalency between different audit events. When\nevents match, according to a set of configurable parameters, only one\nentry in the audit list is generated for all the matching events.\n</p>\n\n<p>\nTracking works by keeping a reference to events when they first appear,\nand comparing other incoming events against the \"tracked\" events according\nto the rules defined here.\n</p>\n\n<p>Event trackers are defined in a JSON object like the following:</p>\n\n<pre>\n{\n \"timeToLive\" : [integer],\n \"fields\" : [\n {\n \"type\" : [string],\n \"name\" : [string]\n }\n ]\n}\n</pre>\n\n<p>\nWhere:\n</p>\n\n<ul>\n <li>timeToLive: maximum amount of time an event will be tracked, in\n milliseconds. Must be provided. This defines how long, since it's\n first seen, an event will be tracked. A value of 0 disables tracking.</li>\n\n <li>fields: list of fields to compare when matching events against\n tracked events.</li>\n</ul>\n\n<p>\nEach field has an evaluator type associated with it. The evaluator defines\nhow the field data is to be compared. The following evaluators are\navailable:\n</p>\n\n<ul>\n <li>value: uses the field value for comparison.</li>\n\n <li>userName: treats the field value as a userName, and ignores any\n host-specific data. This is useful for environment using Kerberos,\n so that only the principal name and realm are compared.</li>\n</ul>\n\n<p>\nThe following is the list of fields that can be used to compare Sentry events:\n</p>\n\n<ul>\n <li>username: the user performing the action.</li>\n <li>ipAddress: the IP from where the request originated.</li>\n <li>operation: the Sentry operation being performed.</li>\n <li>databaseName: the database affected by the operation.</li>\n <li>tableName: the table affected by the operation.</li>\n</ul>\n",
|
|
"display_name": "Event Tracker",
|
|
"name": "navigator_event_tracker",
|
|
"value": null
|
|
},
|
|
{
|
|
"desc": "The user that this service's processes should run as.",
|
|
"display_name": "System User",
|
|
"name": "process_username",
|
|
"value": "sentry"
|
|
},
|
|
{
|
|
"desc": "User for Sentry Server database.",
|
|
"display_name": "Sentry Server Database User",
|
|
"name": "sentry_server_database_user",
|
|
"value": "sentry"
|
|
},
|
|
{
|
|
"desc": "Name of the HDFS service that this Sentry service instance depends on",
|
|
"display_name": "HDFS Service",
|
|
"name": "hdfs_service",
|
|
"value": null
|
|
},
|
|
{
|
|
"desc": "Type of Sentry Server database.",
|
|
"display_name": "Sentry Server Database Type",
|
|
"name": "sentry_server_database_type",
|
|
"value": "mysql"
|
|
},
|
|
{
|
|
"desc": "Maximum size of audit log file in MB before it is rolled over.",
|
|
"display_name": "Maximum Audit Log File Size",
|
|
"name": "navigator_audit_log_max_file_size",
|
|
"value": "100"
|
|
},
|
|
{
|
|
"desc": "Host name of Sentry Server database.",
|
|
"display_name": "Sentry Server Database Host",
|
|
"name": "sentry_server_database_host",
|
|
"value": "localhost"
|
|
},
|
|
{
|
|
"desc": "Name of Sentry Server database.",
|
|
"display_name": "Sentry Server Database Name",
|
|
"name": "sentry_server_database_name",
|
|
"value": "sentry"
|
|
},
|
|
{
|
|
"desc": "List of users allowed to connect to the Sentry Server. These are usually service users such as hive and impala, and the list does not usually need to include end-users.",
|
|
"display_name": "Allowed Connecting Users",
|
|
"name": "sentry_service_allow_connect",
|
|
"value": "hive,impala,hue,hdfs"
|
|
},
|
|
{
|
|
"desc": "The group that this service's processes should run as.",
|
|
"display_name": "System Group",
|
|
"name": "process_groupname",
|
|
"value": "sentry"
|
|
},
|
|
{
|
|
"desc": "For advanced use only, a string to be inserted into <strong>sentry-site.xml</strong>. Applies to configurations of all roles in this service except client configuration.",
|
|
"display_name": "Sentry Service Advanced Configuration Snippet (Safety Valve) for sentry-site.xml",
|
|
"name": "sentry_server_config_safety_valve",
|
|
"value": null
|
|
},
|
|
{
|
|
"desc": "When set, Cloudera Manager will send alerts when the health of this service reaches the threshold specified by the EventServer setting eventserver_health_events_alert_threshold",
|
|
"display_name": "Enable Service Level Health Alerts",
|
|
"name": "enable_alerts",
|
|
"value": "true"
|
|
},
|
|
{
|
|
"desc": "Path to the directory where audit logs will be written. The directory will be created if it doesn't exist.",
|
|
"display_name": "Audit Log Directory",
|
|
"name": "audit_event_log_dir",
|
|
"value": "/var/log/sentry/audit"
|
|
},
|
|
{
|
|
"desc": "Action to take when the audit event queue is full. Drop the event or shutdown the affected process.",
|
|
"display_name": "Queue Policy",
|
|
"name": "navigator_audit_queue_policy",
|
|
"value": "DROP"
|
|
},
|
|
{
|
|
"desc": "<p>The configured triggers for this service. This is a JSON formatted list of triggers. These triggers are evaluated as part as the health system. Every trigger expression is parsed, and if the trigger condition is met, the list of actions provided in the trigger expression is executed.</p><p>Each trigger has all of the following fields:</p><ul><li><code>triggerName</code> <strong>(mandatory)</strong> - the name of the trigger. This value must be unique for the specific service. </li><li><code>triggerExpression</code> <strong>(mandatory)</strong> - a tsquery expression representing the trigger. </li><li><code>streamThreshold</code> <strong>(optional)</strong> - the maximum number of streams that can satisfy a condition of a trigger before the condition fires. By default set to 0, and any stream returned causes the condition to fire. </li><li><code>enabled</code> <strong> (optional)</strong> - by default set to 'true'. If set to 'false' the trigger will not be evaluated.</li></ul></p><p>For example, here is a JSON formatted trigger that fires if there are more than 10 DataNodes with more than 500 file-descriptors opened:</p><p><pre>[{\"triggerName\": \"sample-trigger\",\n \"triggerExpression\": \"IF (SELECT fd_open WHERE roleType = DataNode and last(fd_open) > 500) DO health:bad\",\n \"streamThreshold\": 10, \"enabled\": \"true\"}]</pre></p><p>Consult the trigger rules documentation for more details on how to write triggers using tsquery.</p><p>The JSON format is evolving and may change in the future and as a result backward compatibility is not guaranteed between releases at this time.</p>",
|
|
"display_name": "Service Triggers",
|
|
"name": "service_triggers",
|
|
"value": "[]"
|
|
},
|
|
{
|
|
"desc": "When computing the overall SENTRY health, consider Sentry Server's health",
|
|
"display_name": "Sentry Server Role Health Test",
|
|
"name": "sentry_sentry_server_health_enabled",
|
|
"value": "true"
|
|
},
|
|
{
|
|
"desc": "When set, Cloudera Manager will send alerts when this entity's configuration changes.",
|
|
"display_name": "Enable Configuration Change Alerts",
|
|
"name": "enable_config_alerts",
|
|
"value": "false"
|
|
},
|
|
{
|
|
"desc": "Port number of Sentry Server database.",
|
|
"display_name": "Sentry Server Database Port",
|
|
"name": "sentry_server_database_port",
|
|
"value": "3306"
|
|
},
|
|
{
|
|
"desc": "If an end user is in one of these admin groups, that user has administrative privileges on the Sentry Server.",
|
|
"display_name": "Admin Groups",
|
|
"name": "sentry_service_admin_group",
|
|
"value": "hive,impala,hue"
|
|
},
|
|
{
|
|
"desc": "For advanced use only, a string to be inserted into the client configuration for <strong>navigator.client.properties</strong>.",
|
|
"display_name": "Sentry Client Advanced Configuration Snippet (Safety Valve) for navigator.client.properties",
|
|
"name": "navigator_client_config_safety_valve",
|
|
"value": null
|
|
},
|
|
{
|
|
"desc": "Enable collection of audit events from the service's roles.",
|
|
"display_name": "Enable Collection",
|
|
"name": "navigator_audit_enabled",
|
|
"value": "true"
|
|
},
|
|
{
|
|
"desc": "For advanced use only, a list of derived configuration properties that will be used by the Service Monitor instead of the default ones.",
|
|
"display_name": "Service Monitor Derived Configs Advanced Configuration Snippet (Safety Valve)",
|
|
"name": "smon_derived_configs_safety_valve",
|
|
"value": null
|
|
}
|
|
] |