Cloudera Manager 5 Requirements and Supported Versions

Cloudera Manager 5 Requirements and Supported Versions

时间:2015-07-13 16:39来源:网络整理 作者:KKWL 点击:
The hosts in a Cloudera Manager deployment must satisfy the following networkingand security requirements: Cluster hosts must have a working network name resolution system and correctly formatted /etc/hosts file. All cluster hosts must have

The hosts in a Cloudera Manager deployment must satisfy the following networking and security requirements:

  • Cluster hosts must have a working network name resolution system and correctly formatted /etc/hosts file. All cluster hosts must have properly configured forward and reverse host resolution through DNS. The /etc/hosts files must

    Also, do not use aliases, either in /etc/hosts or in configuring DNS. A properly formatted /etc/hosts file should be similar to the following example:

    127.0.0.1 localhost.localdomain localhost 192.168.1.1 cluster-01.example.com cluster-01 192.168.1.2 cluster-02.example.com cluster-02 192.168.1.3 cluster-03.example.com cluster-03
  • In most cases, the Cloudera Manager Server must have SSH access to the cluster hosts when you run the installation or upgrade wizard. You must log in using a root account or an account that has password-less permission. For authentication during the installation and upgrade procedures, you must either enter the password or upload a public and private key pair for the root or sudo user account. If you want to use a public and private key pair, the public key must be installed on the cluster hosts before you use Cloudera Manager.

    Cloudera Manager uses SSH only during the initial install or upgrade. Once the cluster is set up, you can disable root SSH access or change the root password. Cloudera Manager does not save SSH credentials, and all credential information is discarded when the installation is complete. For more information, see .

  • If single user mode is not enabled, the Cloudera Manager Agent runs as root so that it can make sure the required directories are created and that processes and files are owned by the appropriate user (for example, the hdfs and mapred users).
  • No blocking is done by Security-Enhanced Linux (SELinux).
  • IPv6 must be disabled.
  • No blocking by iptables or firewalls; port 7180 must be open because it is used to access Cloudera Manager after installation. Cloudera Manager communicates using specific , which must be open.
  • For RedHat and CentOS, the /etc/sysconfig/network file on each host must contain the hostname you have just set (or verified) for that host.
  • Cloudera Manager and CDH use several user accounts and groups to complete their tasks. The set of user accounts and groups varies according to the components you choose to install. Do not delete these accounts or groups and do not modify their permissions and rights. Ensure that no existing systems prevent these accounts and groups from functioning. For example, if you have scripts that delete user accounts not in a whitelist, add these accounts to the list of permitted accounts. Cloudera Manager, CDH, and managed services create and use the following accounts and groups:
  • Table 1. Users and Groups

    Component (Version)

    Unix User ID Groups Notes

    Cloudera Manager (all versions) cloudera-scm cloudera-scm Cloudera Manager processes such as the Cloudera Manager Server and the monitoring roles run as this user.

    The Cloudera Manager keytab file must be named cmf.keytab since that name is hard-coded in Cloudera Manager.

      Note: Applicable to clusters managed by Cloudera Manager only.

    Apache Accumulo (Accumulo 1.4.3 and higher) accumulo accumulo Accumulo processes run as this user.

    Apache Avro   No special users.

    Apache Flume (CDH 4, CDH 5) flume flume The sink that writes to HDFS as this user must have write privileges.

    Apache HBase (CDH 4, CDH 5) hbase hbase The Master and the RegionServer processes run as this user.

    HDFS (CDH 4, CDH 5) hdfs hdfs, hadoop The NameNode and DataNodes run as this user, and the HDFS root directory as well as the directories used for edit logs should be owned by it.

    Apache Hive (CDH 4, CDH 5) hive hive

    The HiveServer2 process and the Hive Metastore processes run as this user.

    A user must be defined for Hive access to its Metastore DB (e.g. MySQL or Postgres) but it can be any identifier and does not correspond to a Unix uid. This is javax.jdo.option.ConnectionUserName in hive-site.xml.

    Apache HCatalog (CDH 4.2 and higher, CDH 5) hive hive

    The WebHCat service (for REST access to Hive functionality) runs as the hive user.

    HttpFS (CDH 4, CDH 5) httpfs httpfs

    The HttpFS service runs as this user. See HttpFS Security Configuration for instructions on how to generate the merged httpfs-http.keytab file.

    Hue (CDH 4, CDH 5) hue hue

    Hue services run as this user.

    Cloudera Impala (CDH 4.1 and higher, CDH 5) impala impala, hadoop, hdfs, hive Impala services run as this user.

    Apache Kafka (Cloudera Distribution of Kafka 1.2.0) kafka kafka Kafka services run as this user.

    Java KeyStore KMS (CDH 5.2.1 and higher) kms kms The Java KeyStore KMS service runs as this user.

    Key Trustee KMS (CDH 5.3 and higher) kms kms The Key Trustee KMS service runs as this user.

    Key Trustee Server (CDH 5.4 and higher) keytrustee keytrustee The Key Trustee Server service runs as this user.

    Llama (CDH 5) llama llama Llama runs as this user.

    Apache Mahout   No special users.

    MapReduce (CDH 4, CDH 5) mapred mapred, hadoop Without Kerberos, the JobTracker and tasks run as this user. The LinuxTaskController binary is owned by this user for Kerberos.

    Apache Oozie (CDH 4, CDH 5) oozie oozie The Oozie service runs as this user.

    Parquet   No special users.

    Apache Pig   No special users.

    Cloudera Search (CDH 4.3 and higher, CDH 5) solr solr The Solr processes run as this user.

    Apache Spark (CDH 5) spark spark The Spark History Server process runs as this user.

    Apache Sentry (incubating) (CDH 5.1 and higher) sentry sentry The Sentry service runs as this user.

    Apache Sqoop (CDH 4, CDH 5) sqoop sqoop This user is only for the Sqoop1 Metastore, a configuration option that is not recommended.

    Apache Sqoop2 (CDH 4.2 and higher, CDH 5) sqoop2 sqoop, sqoop2 The Sqoop2 service runs as this user.

    Apache Whirr   No special users.

    YARN (CDH 4, CDH 5) yarn yarn, hadoop Without Kerberos, all YARN services and applications run as this user. The LinuxContainerExecutor binary is owned by this user for Kerberos.

    Apache ZooKeeper (CDH 4, CDH 5) zookeeper zookeeper The ZooKeeper processes run as this user. It is not configurable.

    ------分隔线----------------------------