CCDP Guide
CDP Private CloudCloudera Manager Deployment

Cloudera Manager Deployment

This article explains the necessary steps to install Cloudera Manager (CM) on CentOS7.9. CentOS7.9 is one of the supported operating systems in CDP Private Cloud solution. Please ensure that all prerequisites have already been prepared prior to running this procedure.

  • TOC

Sanity Check

  1. Ensure that JDK has already been installed in the host.

    # rpm -qa | grep jdk
copy-jdk-configs-3.3-10.el7_5.noarch
java-11-openjdk-11.0.14.1.1-1.el7_9.x86_64
java-11-openjdk-headless-11.0.14.1.1-1.el7_9.x86_64
java-11-openjdk-devel-11.0.14.1.1-1.el7_9.x86_64

  2. The external DNS server must contain the forward and reverse zones of the company domain name. The external DNS server must be able to resolve the hostname of CM host and the 3rd party components (includes Kerberos, LDAP server, external database, NFS server) and perform reverse DNS lookup.

    # nslookup idm
Server:	10.15.4.150
Address:	10.15.4.150#53
 
Name:	idm.cdpkvm.cldr
Address: 10.15.4.150
 
# nslookup 10.15.4.150
150.4.15.10.in-addr.arpa	name = idm.cdpkvm.cldr.

  3. NTP client of the CM host is synchronizing time with the external NTP server.

  4. Join the CM host to the Kerberos domain. In this demo, the CM host joins the Red Hat IDM as the Kerberos server by running the ipa-client-install script. As a result, the /etc/krb5.conf file in the CM host should be similar to the following example. Host idm.cdpkvm.cldr is the Red Hat IDM server.

    [libdefaults]
default_realm = CDPKVM.CLDR
dns_lookup_kdc = false
dns_lookup_realm = false
ticket_lifetime = 86400
renew_lifetime = 604800
forwardable = true
default_tgs_enctypes = aes256-cts
default_tkt_enctypes = aes256-cts
permitted_enctypes = aes256-cts
udp_preference_limit = 1
kdc_timeout = 3000
[realms]
CDPKVM.CLDR = {
kdc = idm.cdpkvm.cldr
admin_server = idm.cdpkvm.cldr
}

    Test the above Kerberos settings by running kinit and klist commands with the provisioned user in the CM host as shown in the following example.

    # kinit ldapuser1
Password for ldapuser1@CDPKVM.CLDR: <password>

    Ensure that the output of the klist command must include renew until. This is a prerequisite to ensure successful CDW provisioning on the ECS platform. The /etc/krb5.conf file in the CM host will be used in the Hive-associated pods on the ECS system.

    # klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: ldapuser1@CDPKVM.CLDR
 
Valid starting     Expires            Service principal
06/02/22 16:49:03  06/03/22 16:49:01  krbtgt/CDPKVM.CLDR@CDPKVM.CLDR
renew until 06/09/22 16:49:01

CM Installation

  1. Download the Cloudera repo with the user credentials.

    # cd /etc/yum.repos.d/
# wget https://<username>:<password>@archive.cloudera.com/p/cm7/7.5.5/redhat7/yum/cloudera-manager.repo

  2. Edit the Cloudera repo. Insert the username and password parameters.

    [cloudera-manager]
name=Cloudera Manager 7.5.5
baseurl=https://archive.cloudera.com/p/cm7/7.5.5/redhat7/yum/
gpgkey=https://archive.cloudera.com/p/cm7/7.5.5/redhat7/yum/RPM-GPG-KEY-cloudera
username=<userid>
password=<password>
gpgcheck=1
enabled=1
autorefresh=0
type=rpm-md

  3. Import the RPM-GPG-KEY.

    # rpm --import  https://<userid>:<password>@archive.cloudera.com/p/cm7/7.5.5/redhat7/yum/RPM-GPG-KEY-cloudera

  4. Install the CM packages.

    # yum install -y cloudera-manager-daemons cloudera-manager-agent cloudera-manager-server

  5. Run the scm_prepare_database.sh script. In this demo, cm.cdpkvm.cldr is the CM hostname. db.cdpkvm.cldr is the external PostgreSQL hostname.

    # /opt/cloudera/cm/schema/scm_prepare_database.sh postgresql -h db.cdpkvm.cldr--scm-host cm.cdpkvm.cldr scm scm

  6. Enable and start the cloudera-scm-server service.

    # systemctl enable cloudera-scm-server
# systemctl start cloudera-scm-server

  7. Monitor the cloudera-scm-server service log.

    # tail -f /var/log/cloudera-scm-server/cloudera-scm-server.log

  8. Enable AutoTLS. This command creates self signed certificate as an example. User may also sign the CSR with the preferred CA certificate.

    # export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-11.0.14.1.1-1.el7_9.x86_64
# /opt/cloudera/cm-agent/bin/certmanager --location /var/lib/cloudera-scm-server/certmanager setup --configure-services

  9. After successful installation, log in to the CM website. https://cm.cdpkvm.cldr:7183

    Cm login

  10. Select the Cloudera license txt file as requested.

    License

  11. Click here to setup a KDC link and click Continue.

    Kdc1

  12. In this demo, Red Hat IPA is the KDC server. Apply the instructions based on the OS of the CM. Select I have completed all the above steps. and click Continue.

    Kdc2

  13. Fill in the fields and click Continue.

    Kdc3

  14. Select Manage krb5.conf through Cloudera Manager option and click Continue.

    Kdc4

  15. Enter account credentials and click Continue.

    Kdc5

  16. The following output shows you have successfully setup the KDC. Click Finish.

    Kdc6

  17. Both AutoTLS and KDC have successfully been set up in CM.

    Kdc7

CM Integration with External LDAP

  1. Navigate to Administration > Settings. Search for backend and select the following options so that CM will also look up the user in the external LDAP server.

    Cmsetting1

  2. Configure CM with the necessary external LDAP server settings as shown in the following example. Note that this demo is connected to the Red Hat IPA.

    ParameterValue
    External Authentication TypeLDAP
    LDAP URLldap://idm.cdpkvm.cldr
    LDAP Bind User Distinguished Nameuid=admin,cn=users,cn=accounts,dc=cdpkvm,dc=cldr
    LDAP Bind Passwordpassword
    LDAP User Search Filter(uid=0)
    LDAP User Search Basecn=users,cn=accounts,dc=cdpkvm,dc=cldr
    LDAP Group Search Filter(member=0)
    LDAP Group Search Basecn=groups,cn=accounts,dc=cdpkvm,dc=cldr

  3. Restart the cloudera-scm-server service.

    # systemctl restart cloudera-scm-server

  4. Configure a new user in the external LDAP server. Log in CM with this newly created user. Log implies that CM manages to contact LDAP server and allow successful login. However, this new user has no role configured in CM.

    Cmsetting2

    # tail -f /var/log/cloudera-scm-server/cloudera-scm-server.log
2022-05-20 18:55:43,353 INFO scm-web-155:com.cloudera.server.web.cmf.CmfLdapUserDetailsContextMapper: External user ldapuser1 logged in without any roles.
2022-05-20 18:55:43,414 INFO scm-web-155:com.cloudera.server.web.cmf.AuthenticationSuccessEventListener: Authentication success for user: 'ldapuser1' from 10.96.83.175

  5. Log out and log in with the database admin account. Navigate to Administration > Users & Roles.

    Cmsetting3

  6. Assign Full Administrator role for this ldap user.

    Cmsetting4

    Cmsetting5

  7. Log out and log in with the ldap user again. This time this ldap user has full access of the CM dashboard.

Next Step

  • Proceed to create the CDP Base cluster in the next topic.
CCDP Guide
All trademarks, logos, service marks and company names appeared here are the property of their respective owners.