openstack/deb-sahara
Code Issues Proposed changes
61f82e70fa
deb-sahara/sahara/plugins/cdh/v5_4_0/resources/sentry-service.json
Ken Chen 68999ce9cb Add CDH5.4 support in sahara 
We add a directory v_5_4_0 in cdh plugin, so that we have a
choice 5.4.0 when cdh plugin is chosen.

Implements: blueprint cdh-5-4-support
Change-Id: I05d2082b589eb031b0ce1b5a253dc62a75912e1b
2015-06-20 16:07:47 +08:00

158 lines
10 KiB
JSON
Raw Blame History

[
{
"desc": "Password for Sentry Server database.",
"display_name": "Sentry Server Database Password",
"name": "sentry_server_database_password",
"value": ""
},
{
"desc": "<p>\nConfigures the rules for event tracking and coalescing. This feature is\nused to define equivalency between different audit events. When\nevents match, according to a set of configurable parameters, only one\nentry in the audit list is generated for all the matching events.\n</p>\n\n<p>\nTracking works by keeping a reference to events when they first appear,\nand comparing other incoming events against the \"tracked\" events according\nto the rules defined here.\n</p>\n\n<p>Event trackers are defined in a JSON object like the following:</p>\n\n<pre>\n{\n \"timeToLive\" : [integer],\n \"fields\" : [\n {\n \"type\" : [string],\n \"name\" : [string]\n }\n ]\n}\n</pre>\n\n<p>\nWhere:\n</p>\n\n<ul>\n <li>timeToLive: maximum amount of time an event will be tracked, in\n milliseconds. Must be provided. This defines how long, since it's\n first seen, an event will be tracked. A value of 0 disables tracking.</li>\n\n <li>fields: list of fields to compare when matching events against\n tracked events.</li>\n</ul>\n\n<p>\nEach field has an evaluator type associated with it. The evaluator defines\nhow the field data is to be compared. The following evaluators are\navailable:\n</p>\n\n<ul>\n <li>value: uses the field value for comparison.</li>\n\n <li>userName: treats the field value as a userName, and ignores any\n host-specific data. This is useful for environment using Kerberos,\n so that only the principal name and realm are compared.</li>\n</ul>\n\n<p>\nThe following is the list of fields that can be used to compare Sentry events:\n</p>\n\n<ul>\n <li>username: the user performing the action.</li>\n <li>ipAddress: the IP from where the request originated.</li>\n <li>operation: the Sentry operation being performed.</li>\n <li>databaseName: the database affected by the operation.</li>\n <li>tableName: the table affected by the operation.</li>\n</ul>\n",
"display_name": "Audit Event Tracker",
"name": "navigator_event_tracker",
"value": null
},
{
"desc": "The user that this service's processes should run as.",
"display_name": "System User",
"name": "process_username",
"value": "sentry"
},
{
"desc": "User for Sentry Server database.",
"display_name": "Sentry Server Database User",
"name": "sentry_server_database_user",
"value": "sentry"
},
{
"desc": "Name of the HDFS service that this Sentry service instance depends on",
"display_name": "HDFS Service",
"name": "hdfs_service",
"value": null
},
{
"desc": "Type of Sentry Server database.",
"display_name": "Sentry Server Database Type",
"name": "sentry_server_database_type",
"value": "mysql"
},
{
"desc": "For advanced use only, key-value pairs (one on each line) to be inserted into a role's environment. Applies to configurations of all roles in this service except client configuration.",
"display_name": "Sentry Service Environment Advanced Configuration Snippet (Safety Valve)",
"name": "SENTRY_service_env_safety_valve",
"value": null
},
{
"desc": "Name of the ZooKeeper service that this Sentry service instance depends on",
"display_name": "ZooKeeper Service",
"name": "zookeeper_service",
"value": null
},
{
"desc": "Maximum size of audit log file in MB before it is rolled over.",
"display_name": "Maximum Audit Log File Size",
"name": "navigator_audit_log_max_file_size",
"value": "100"
},
{
"desc": "Host name of Sentry Server database.",
"display_name": "Sentry Server Database Host",
"name": "sentry_server_database_host",
"value": "localhost"
},
{
"desc": "The health test thresholds of the overall Sentry Server health. The check returns \"Concerning\" health if the percentage of \"Healthy\" Sentry Servers falls below the warning threshold. The check is unhealthy if the total percentage of \"Healthy\" and \"Concerning\" Sentry Servers falls below the critical threshold.",
"display_name": "Healthy Sentry Server Monitoring Thresholds",
"name": "sentry_sentry_server_healthy_thresholds",
"value": "{\"critical\":\"51.0\",\"warning\":\"99.0\"}"
},
{
"desc": "Name of Sentry Server database.",
"display_name": "Sentry Server Database Name",
"name": "sentry_server_database_name",
"value": "sentry"
},
{
"desc": "Kerberos principal used by all roles of this service.",
"display_name": "Kerberos Principal",
"name": "kerberos_princ_name",
"value": "sentry"
},
{
"desc": "List of users allowed to connect to the Sentry Server. These are usually service users such as hive and impala, and the list does not usually need to include end users.",
"display_name": "Allowed Connecting Users",
"name": "sentry_service_allow_connect",
"value": "hive,impala,hue,hdfs"
},
{
"desc": "The group that this service's processes should run as.",
"display_name": "System Group",
"name": "process_groupname",
"value": "sentry"
},
{
"desc": "For advanced use only, a string to be inserted into <strong>sentry-site.xml</strong>. Applies to configurations of all roles in this service except client configuration.",
"display_name": "Sentry Service Advanced Configuration Snippet (Safety Valve) for sentry-site.xml",
"name": "sentry_server_config_safety_valve",
"value": null
},
{
"desc": "When set, Cloudera Manager will send alerts when this entity's configuration changes.",
"display_name": "Enable Configuration Change Alerts",
"name": "enable_config_alerts",
"value": "false"
},
{
"desc": "Path to the directory where audit logs will be written. The directory will be created if it doesn't exist.",
"display_name": "Audit Log Directory",
"name": "audit_event_log_dir",
"value": "/var/log/sentry/audit"
},
{
"desc": "Action to take when the audit event queue is full. Drop the event or shutdown the affected process.",
"display_name": "Audit Queue Policy",
"name": "navigator_audit_queue_policy",
"value": "DROP"
},
{
"desc": "<p>The configured triggers for this service. This is a JSON formatted list of triggers. These triggers are evaluated as part as the health system. Every trigger expression is parsed, and if the trigger condition is met, the list of actions provided in the trigger expression is executed.</p><p>Each trigger has all of the following fields:</p><ul><li><code>triggerName</code> <strong>(mandatory)</strong> - The name of the trigger. This value must be unique for the specific service. </li><li><code>triggerExpression</code> <strong>(mandatory)</strong> - A tsquery expression representing the trigger. </li><li><code>streamThreshold</code> <strong>(optional)</strong> - The maximum number of streams that can satisfy a condition of a trigger before the condition fires. By default set to 0, and any stream returned causes the condition to fire. </li><li><code>enabled</code> <strong> (optional)</strong> - By default set to 'true'. If set to 'false', the trigger will not be evaluated.</li><li><code>expressionEditorConfig</code> <strong> (optional)</strong> - Metadata for the trigger editor. If present, the trigger should only be edited from the Edit Trigger page; editing the trigger here may lead to inconsistencies.</li></ul></p><p>For example, the followig JSON formatted trigger fires if there are more than 10 DataNodes with more than 500 file-descriptors opened:</p><p><pre>[{\"triggerName\": \"sample-trigger\",\n \"triggerExpression\": \"IF (SELECT fd_open WHERE roleType = DataNode and last(fd_open) > 500) DO health:bad\",\n \"streamThreshold\": 10, \"enabled\": \"true\"}]</pre></p><p>See the trigger rules documentation for more details on how to write triggers using tsquery.</p><p>The JSON format is evolving and may change in the future and, as a result, backward compatibility is not guaranteed between releases at this time.</p>",
"display_name": "Service Triggers",
"name": "service_triggers",
"value": "[]"
},
{
"desc": "When set, Cloudera Manager will send alerts when the health of this service reaches the threshold specified by the EventServer setting eventserver_health_events_alert_threshold",
"display_name": "Enable Service Level Health Alerts",
"name": "enable_alerts",
"value": "true"
},
{
"desc": "Port number of Sentry Server database.",
"display_name": "Sentry Server Database Port",
"name": "sentry_server_database_port",
"value": "3306"
},
{
"desc": "If an end user is in one of these admin groups, that user has administrative privileges on the Sentry Server.",
"display_name": "Admin Groups",
"name": "sentry_service_admin_group",
"value": "hive,impala,hue"
},
{
"desc": "For advanced use only, a string to be inserted into the client configuration for <strong>navigator.client.properties</strong>.",
"display_name": "Sentry Client Advanced Configuration Snippet (Safety Valve) for navigator.client.properties",
"name": "navigator_client_config_safety_valve",
"value": null
},
{
"desc": "Enable collection of audit events from the service's roles.",
"display_name": "Enable Audit Collection",
"name": "navigator_audit_enabled",
"value": "true"
},
{
"desc": "For advanced use only, a list of derived configuration properties that will be used by the Service Monitor instead of the default ones.",
"display_name": "Service Monitor Derived Configs Advanced Configuration Snippet (Safety Valve)",
"name": "smon_derived_configs_safety_valve",
"value": null
}
]
View Git Blame Copy Permalink