Cloudera Manager Server Properties

Advanced

Display Name Description Related Name Default Value API Name Required
Command Eviction Age Length of time after which inactive commands are evicted from the database. Default is two years. 730 day(s) command_eviction_age_hours true
Cloudera Manager Server Local Data Storage Directory Local path used by Cloudera Manager for storing data, including command result files. Note that changes to this configuration will only apply to commands started after the change. It is highly recommended that existing data be migrated over to the new location for the data to be accessible via and managed by Cloudera Manager. /var/lib/cloudera-scm-server command_storage_path false
DSSD Mode Enable support for DSSD D5. false dssd_enabled true
Enable Debugging of API When enabled, the server log will contain traces of all API calls. false enable_api_debug true
Agent Heartbeat Logging Directory Specifies the location where Agent heartbeat requests and responses should be logged, for debugging purposes. If empty, logging is disabled. heartbeat_logging_dir false
Single User Mode Configure all clusters to run in single user mode where the Cloudera Manager agent and all service processes run as the same system user. Only supported for CDH 5.2 and higher. false single_user_enabled true
Single User Mode Group System group to use for agent and service processes in single user mode. cloudera-scm single_user_group true
Single User Mode User System user to use for agent and service processes in single user mode. cloudera-scm single_user_name true
Maximum Number of Time-Series Streams Returned Per Heatmap The maximum number of time-series streams returned by a single time-series heatmap query. The default is 10,000 streams. This value can be set higher, but increasing it may negatively impact chart performance and may require more resources be given to the Cloudera Manager Server, Host Monitor, and Service Monitor. 10000 tsquery_heatmap_streams_limit true
Maximum Number of Time-Series Streams Returned Per Scatter Plot The maximum number of time-series streams returned by a single time-series scatter plot. The default is 1000 streams. This value can be set higher, but increasing it may negatively impact chart performance and may require more resources be given to the Cloudera Manager Server, Host Monitor, and Service Monitor. 1000 tsquery_scatter_streams_limit true
Maximum Number Of Time-Series Streams Returned Per Line-Based Chart The maximum number of time-series streams that will be returned by a single time-series query. The default is 250 streams. This value can be set higher, but increasing it may negatively impact chart performance and may require more resources be given to the Cloudera Manager Server, Host Monitor, and Service Monitor. 250 tsquery_streams_limit true
Maximum Number of Time-Series Streams Returned Per Table The maximum number of time-series streams returned in a single time-series table. The default is 2000 streams. This value can be set higher, but increasing it may negatively impact chart performance and may require more resources be given to the Cloudera Manager Server, Host Monitor, and Service Monitor. 2000 tsquery_table_streams_limit true

Custom Service Descriptors

Display Name Description Related Name Default Value API Name Required
Enable Local Descriptor Repository When enabled, the server will read custom service descriptors from the local filesystem. true csd_repo_enabled true
Local Descriptor Repository Path Path to the local repository where custom service descriptors are located. /opt/cloudera/csd csd_repo_path true

External Authentication

Display Name Description Related Name Default Value API Name Required
Authentication Backend Order The order in which authentication backends are used for authenticating a user. Emergency Administrator Access allows Full and User Administrators in the local database to authenticate if external authentication is not functioning. DB_ONLY auth_backend_order true
External Authentication Program Path An external script (or binary) to use to authenticate users. Username is passed as the first command line argument. The password is passed over stdin. Program exit code should be 0 for successful authentication of a Read-Only user, 1 for successful authentication of a Full Administrator user, 2 for successful authentication of a Limited Operator user, 3 for successful authentication of an Operator user, 4 for successful authentication of a Configurator user, 5 for successful authentication of a Cluster Administrator user, 6 for successful authentication of a BDR Administrator user, 7 for successful authentication of a Navigator Administrator user, 8 for successful authentication of a User Administrator user, 9 for successful authentication of an Auditor user, 10 for successful authentication of a Key Administrator user, and a negative value for failure. A failure description can be printed to stderr. auth_script false
LDAP Full Administrator Groups A list of LDAP group names. If a user is a member of one of the configured groups, that user is granted Full admin access on login. ldap_admin_groups false
LDAP Auditor Groups A list of LDAP group names. If a user is a member of one of the configured groups, that user is granted Auditor access on login. ldap_auditor_groups false
LDAP BDR Administrator Groups A list of LDAP group names. If a user is a member of one of the configured groups, that user is granted BDR admin access on login. ldap_bdr_admin_groups false
LDAP Bind User Distinguished Name Distinguished name of the user to bind as. This is used to connect to LDAP/AD for searching user and group information. This may be left blank if the LDAP server supports anonymous binds. ldap_bind_dn false
LDAP Bind Password The password of the bind user. ldap_bind_pw false
LDAP Cluster Administrator Groups A list of LDAP group names. If a user is a member of one of the configured groups, that user is granted Cluster admin access on login. ldap_cluster_admin_groups false
LDAP Configurator Groups A list of LDAP group names. If a user is a member of one of the configured groups, that user is granted configurator access on login. ldap_configurator_groups false
LDAP Distinguished Name Pattern For use with non-Active Directory LDAP systems. This is a pattern that will be used to search for the distinguished name of a user during authentication. Use "{0}" to specify where the username should go, e.g. "uid={0},ou=People". ldap_dn_pattern false
LDAP Group Search Base A base distinguished name for searching for groups. ldap_group_search_base false
LDAP Group Search Filter A search filter for finding groups. Typically, this will be (member={0}), where {0} will be replaced by the DN of a successfully authenticated user. ldap_group_search_filter false
LDAP Key Administrator Groups A list of LDAP group names. If a user is a member of one of the configured groups, that user is granted Key Administrator access on login. ldap_key_admin_groups false
LDAP Limited Operator Groups A list of LDAP group names. If a user is a member of one of the configured groups, that user is granted limited operator access on login. ldap_limited_groups false
LDAP Navigator Administrator Groups A list of LDAP group names. If a user is a member of one of the configured groups, that user is granted Navigator admin access on login. ldap_navigator_admin_groups false
LDAP Operator Groups A list of LDAP group names. If a user is a member of one of the configured groups, that user is granted operator access on login. ldap_operator_groups false
External Authentication Type The type of external authentication to use. ACTIVE_DIRECTORY ldap_type true
LDAP URL The URL of the LDAP server. The URL must be prefixed with ldap:// or ldaps://. The URL can optionally specify a custom port, for example: ldaps://ldap_server.example.com:1636. Note that usernames and passwords will be transmitted in the clear unless either an ldaps:// URL is used, or "Enable LDAP TLS" is turned on (where available). Also note that encryption must be in use between the client and this service for the same reason.For more detail on the LDAP URL format, see RFC 2255 . A space-separated list of URLs can be entered; in this case the URLs will each be tried in turn until one replies. ldap_url false
LDAP User Administrator Groups A list of LDAP group names. If a user is a member of one of the configured groups, that user is granted User admin access on login. ldap_user_admin_groups false
LDAP User Groups A list of LDAP group names. If a user is not a member of one of the configured groups, that user is prevented from logging into Cloudera Manager. If this is left empty, all LDAP users can log in. ldap_user_groups false
LDAP User Search Base A base distinguished name for searching for users. This may be used as a fallback mechanism if the DN pattern does not match any user. ldap_user_search_base false
LDAP User Search Filter A search filter for finding users. Typically, this will be (uid={0}), where {0} will be replaced by the username that was used at the login screen. ldap_user_search_filter false
Active Directory Domain This parameter is useful when authenticating against an Active Directory server. This value is appended to all usernames before authenticating against AD. For example, if this parameter is set to "my.domain.com", and the user authenticating is "mike", then "mike@my.domain.com" is passed to AD. If this field is unset, the username remains unaltered before being passed to AD. nt_domain false
SAML Entity Base URL The Base URL used to construct redirect URLs reported in this server's SP metadata. Leave this blank to let the server calculate the base URL itself. saml_entity_base_url false
SAML Entity ID The ID that Cloudera Manager will use to identify itself to the IDP. This value should be unique to this Cloudera Manager installation. clouderaManager saml_entity_id true
Alias of SAML Sign/Encrypt Private Key The alias used to identify the sign/encrypt private key in the SAML keystore. saml_key_alias false
SAML Sign/Encrypt Private Key Password The password for the sign/encrypt private key in the SAML keystore. saml_key_password false
SAML Keystore Password The password for the SAML keystore. saml_keystore_password false
Path to SAML Keystore File The filesystem path to the keystore file containing the SP private key and any necessary public certificates to validate the IDP. saml_keystore_path false
SAML Login URL If your IDP does not support SP-initiated SSO (very uncommon), you use a separate login URL, outside of Cloudera Manager. Provide that URL here so that Cloudera Manager can use it when a user needs to log in. saml_login_url false
Path to SAML IDP Metadata File The filesystem path to the IDP metadata XML file. saml_metadata_path false
SAML Attribute Identifier for User Role The URN OID that will identify the user's role in the SAML attributes. Only has an effect when 'Attribute' based role assignment is used. urn:oid:2.5.4.11 saml_oid_role true
SAML Attribute Identifier for User ID The URN OID that will identify the user's ID in the SAML attributes. urn:oid:0.9.2342.19200300.100.1.1 saml_oid_user true
SAML Response Binding The SAML Binding format that the IDP is asked to use when sending authentication responses. ARTIFACT saml_response_binding true
SAML Attribute Values for Roles The values that will appear in the SAML role attribute for each Cloudera Manager role. The first value corresponds to the Full Administrator role. The second value corresponds to the Read-Only role. The third value corresponds to the Limited Operator role. The fourth value corresponds to the Operator role. The fifth value corresponds to the Configurator role. The sixth value corresponds to the Cluster Administrator. The seventh value corresponds to the BDR Administrator. The eighth value corresponds to the Navigator Administrator. The ninth value corresponds to the User Administrator. The tenth value corresponds to the Auditor. The eleventh value corresponds to the Key Administrator. admin, user, limited, operator, configurator, clusterAdmin, bdrAdmin, navAdmin, userAdmin, auditor, keyAdmin saml_role_map true
SAML Role Assignment Mechanism The mechanism to use for assigning roles to users. 'Attribute' assigns roles based on a SAML attribute. 'Script' assigns roles based on the result of an external script. ATTRIBUTE saml_role_mapper true
Path to SAML Role Assignment Script An external script (or binary) to use to assign roles to SAML users. The username is passed as the first command-line argument. Program exit code should be: 0 for Full Administrator, 1 for Read-Only, 2 for Limited Operator, 3 for Operator, 4 for Configurator, 5 for Cluster Administrator, 6 for BDR Administrator, 7 for Navigator Administrator, 8 for User Administrator, 9 for Auditor, 10 for Key Administrator, and a negative value for failure. saml_role_script false
Source of User ID in SAML Response Whether the user ID should be obtained from the SAML response's NameID field or from an attribute ATTRIBUTE saml_user_source true

Kerberos

Display Name Description Related Name Default Value API Name Required
Active Directory Account Prefix Prefix used in names while creating accounts in Active Directory. The prefix can be up to 10 characters long and can be set to identify accounts used for authentication by CDH processes. Used only if Active Directory KDC is used for authentication. ad_account_prefix true
Active Directory Suffix Active Directory suffix where all the accounts used by CDH daemons will be created. Used only if Active Directory KDC is being used for authentication. ou=hadoop, DC=hadoop, DC=com ad_kdc_domain true
Active Directory LDAPS Port Port to use for LDAP over TLS/SSL when using Active Directory for authentication. 636 ad_ldaps_port true
Custom Kerberos Keytab Retrieval Script Specify the path to a custom script (or executable) to retrieve a Kerberos keytab. The script should take two arguments: a destination file to write the keytab to, and the full principal name to retrieve the key for. If this property is specified, Cloudera Manager ignores all other properties specified for Kerberos setup. gen_keytab_script false
Active Directory Domain Controller Override If multiple Active Directory Domain Controllers are behind a load-balancer, Cloudera Manager should be provided with the address of one of them. Cloudera Manager then sends commands to create accounts to that Domain Controller only. Note: This setting is used only while creating accounts. CDH services use the value entered in the KDC Server Host field only while authenticating. kdc_account_creation_host_override false
KDC Server Host Host where the KDC server is located. kdc kdc_host false
KDC Type Type of KDC used for authentication in CDH clusters MIT KDC kdc_type true
DNS Lookup KDC Indicate whether DNS SRV records should be used to locate the KDCs and other servers for a realm, if they are not listed in the krb5.conf information for the realm. dns_lookup_kdc false krb_dns_lookup_kdc true
Kerberos Encryption Types Encryption types supported by KDC. Note: To use AES encryption, make sure you have deployed JCE Unlimited Strength Policy File by following the instructions here> rc4-hmac krb_enc_types false
Forwardable Tickets If this flag is true, initial tickets will be forwardable by default, if allowed by the KDC. forwardable true krb_forwardable true
KDC Timeout The maximum time to wait for a reply from the KDC. A time of 0 seconds means "use the client's default". kdc_timeout 3 second(s) krb_kdc_timeout false
Advanced Configuration Snippet (Safety Valve) for [libdefaults] section of krb5.conf For advanced use only. Any text here will be emitted verbatim in the [libdefaults] section of krb5.conf. krb_libdefaults_safety_valve false
Manage krb5.conf through Cloudera Manager Whether Cloudera Manager should configure and deploy krb5.conf on secure clusters. If this property is not checked, then you must ensure that krb5.conf is deployed on hosts in a secure cluster as well as on Cloudera Manager Server's host. false krb_manage_krb5_conf false
Advanced Configuration Snippet (Safety Valve) for remaining krb5.conf For advanced use only. Cloudera Manager configures only the [libdefaults] and [realms] section of krb5.conf. Any text here will be emitted verbatim after them in krb5.conf. krb_other_safety_valve false
Advanced Configuration Snippet (Safety Valve) for the Default Realm in krb5.conf For advanced use only. Any text here will be emitted verbatim in the [realms] section of krb5.conf for the specified security realm. If you want to add realms besides the default one, configure them using Advanced Configuration Snippet (Safety Valve) for remaining krb5.conf. krb_realms_safety_valve false
Kerberos Renewable Lifetime Default renewable lifetime for initial ticket requests. renew_lifetime 7 day(s) krb_renew_lifetime true
Kerberos Ticket Lifetime Default lifetime for initial ticket requests. ticket_lifetime 1 day(s) krb_ticket_lifetime true
Maximum Renewable Life for Principals Maximum renewable lifetime for Kerberos principals generated by Cloudera Manager. This property is used only if MIT KDC is used. Set this property to zero if the KDC should provide the maximum renewable lifetime. Note: Principals with non-renewable tickets are not recommended because they can prevent Hadoop services from functioning. 5 day(s) max_renew_life true
Kerberos Security Realm The realm to use for Kerberos security. Note: Changing this setting would clear up all existing credentials and keytabs from Cloudera Manager. default_realm HADOOP.COM security_realm true

Monitoring

Display Name Description Related Name Default Value API Name Required
Cross Entity Aggregate Generation Filters Specifies two filters, a blacklist and a whitelist that impact what cross-entity aggregates are generated by the Cloudera Manager monitoring system. By default, cross-entity aggregates are generated for all types. The blacklist entries can be used to disable generation of cross-entity aggregates while whitelist entries can be used to force their creation.The JSON structure of this field is as follows:
  • blacklist - A filter that when matched will prevent cross-entity aggregate creation. The structure of the filter is outlined below.
  • whitelist - A filter that when matched will force cross-entity aggregate creation. The structure of the filter is outlined below. This filter takes precedence over the blacklist filter, so if both are matched, an aggregate will be generated.
The JSON structure of either filter is as follows:
  • types - A list of entries in the following format sourceType::targetType::aggregateMetricType, e.g. DATANODE::RACK::STATISTICAL.
  • streams - A list of entries in the following format sourceType::targetType::metricName::aggregateMetricType, e.g. HOST::CLUSTER::fd_open::TOTAL.
In the above filters the source and target types are entity type strings used within the metric system. ROLE, SERVICE and ALL are wildcards that match all role types, service types and all types respectively. Metrics are referred to by their user facing names, so counter-based metrics will be in _rate form. The two types of aggregate metrics are TOTAL and STATISTICAL.After making changes to this field, both the Cloudera Manager Server and the Service and Host Monitors should be restarted.For advanced use only. It is possible to break Cloudera Manager charting and health functionality by editing this field.
blacklist: streams : [ ], types : [ KUDU_REPLICA::KUDU_TABLET::STATISTICAL ] , whitelist: streams : [ ], types : [ ] cross_entity_aggregate_filters false
Set health status to Bad if the Agent heartbeats fail If an Agent fails to send this number of expected consecutive heartbeats to the Server, a "Bad" health status is assigned to that Agent. 10 time(s) missed_hb_bad true
Set health status to Concerning if the Agent heartbeats fail If an Agent fails to send this number of expected consecutive heartbeats to the Server, a "Concerning" health status is assigned to that Agent. 5 time(s) missed_hb_concerning true

Multi Cloudera Manager Dashboard

Display Name Description Related Name Default Value API Name Required
Multi Cloudera Manager Dashboard Metrics Specifies the set of metrics fetched periodically from each Cloudera Manager by the backend. Metrics defined here are available for inclusion in Multi Cloudera Manager Dashboard profiles, which are used to configure which information is available on the dashboard.Each metric has the following fields:
  • name (mandatory) - The name of the metric. This value must be unique across all metrics configured.
  • query (mandatory) - A tsquery expression representing the metric. The tsquery expression is issued against a remote Cloudera Manager. Queries defined in this section are expected to return a scalar value. Using a fucntion like 'last', 'min', or 'max' is recommended. See the tsquery documentation for more details on how to construct queries.
For example, the following metric could be defined to get CPU usage for all clusters from all Cloudera Manager intances. Cloudera supports fetching cluster level metrics by using 'clusterName = $CLUSTERNAME'. At runtime, the $CLUSTERNAME variable is substituted with the name of each cluster."name": "CPU Usage", "query": "select last(cpu_percent_across_hosts) where category = CLUSTER and clusterName = $CLUSTERNAME"
[ name: CPU Usage, query: select last(moving_avg(cpu_percent_across_hosts, 300)) where category = CLUSTER and clusterName = $CLUSTERNAME , name: Disk Utilization, query: select last(moving_avg(utilization_across_disks, 300)) where category = CLUSTER and clusterName = $CLUSTERNAME , name: Memory Utilization, query: select last(moving_avg(total_physical_memory_used_across_hosts / total_physical_memory_total_across_hosts * 100, 300)) where category = CLUSTER and clusterName = $CLUSTERNAME , name: Disk Read IO, query: select last(moving_avg(total_read_bytes_rate_across_disks, 300)) where category = CLUSTER and clusterName = $CLUSTERNAME , name: Disk Write IO, query: select last(moving_avg(total_write_bytes_rate_across_disks, 300)) where category = CLUSTER and clusterName = $CLUSTERNAME , name: Network Bytes Transmit, query: select last(moving_avg(total_bytes_transmit_rate_across_network_interfaces, 300)) where category = CLUSTER and clusterName = $CLUSTERNAME , name: Network Bytes Received, query: select last(moving_avg(total_bytes_receive_rate_across_network_interfaces, 300)) where category = CLUSTER and clusterName = $CLUSTERNAME , name: Capacity Total, query: select last(total_dfs_capacity_across_hdfss) where category = CLUSTER and clusterName = $CLUSTERNAME , name: Capacity Used (Absolute), query: select last(total_dfs_capacity_used_across_hdfss + total_dfs_capacity_used_non_hdfs_across_hdfss) where category = CLUSTER and clusterName = $CLUSTERNAME , name: Capacity Used (Percentage), query: select last((total_dfs_capacity_used_across_hdfss + total_dfs_capacity_used_non_hdfs_across_hdfss) / total_dfs_capacity_across_hdfss) * 100 where category = CLUSTER and clusterName = $CLUSTERNAME , name: Transceivers, query: select last(moving_avg(total_xceivers_across_datanodes, 300)) where category = CLUSTER and clusterName = $CLUSTERNAME , name: Read IO, query: select last(moving_avg(total_bytes_read_rate_across_datanodes, 300)) where category = CLUSTER and clusterName = $CLUSTERNAME , name: Write IO, query: select last(moving_avg(total_bytes_written_rate_across_datanodes, 300)) where category = CLUSTER and clusterName = $CLUSTERNAME , name: Regions, query: select last(total_regions_across_regionservers) where category = CLUSTER and clusterName = $CLUSTERNAME , name: Regions in Transition, query: select last(total_regions_in_transition_across_masters) where category = CLUSTER and clusterName = $CLUSTERNAME , name: Longest Region in Transition, query: select last(stats(regions_in_transition_longest_time_across_masters, max)) where category = CLUSTER and clusterName = $CLUSTERNAME , name: Read Request Rate, query: select last(moving_avg(total_read_requests_rate_across_regionservers, 300)) where category = CLUSTER and clusterName = $CLUSTERNAME , name: Write Request Rate, query: select last(moving_avg(total_write_requests_rate_across_regionservers, 300)) where category = CLUSTER and clusterName = $CLUSTERNAME , name: Compaction Queue, query: select last(moving_avg(total_compaction_queue_size_across_regionservers, 300)) where category = CLUSTER and clusterName = $CLUSTERNAME , name: Flush Queue, query: select last(moving_avg(total_flush_queue_size_across_regionservers, 300)) where category = CLUSTER and clusterName = $CLUSTERNAME , name: Completed Queries, query: select sum(total_num_queries_rate_across_impalads) where category=CLUSTER and clusterName = $CLUSTERNAME , name: Sessions, query: select last(moving_avg(total_thrift_server_beeswax_frontend_connections_in_use_across_impalads + total_thrift_server_hiveserver2_frontend_connections_in_use_across_impalads, 300)) where category = CLUSTER and clusterName = $CLUSTERNAME , name: Completed Applications, query: select sum(total_apps_completed_rate_across_yarn_pools) where category=CLUSTER and clusterName = $CLUSTERNAME , name: Failed Applications, query: select sum(total_apps_failed_rate_across_yarn_pools) where category=CLUSTER and clusterName = $CLUSTERNAME , name: Pending Containers, query: select last(moving_avg(total_pending_containers_across_yarn_pools, 300)) where category = CLUSTER and clusterName = $CLUSTERNAME ] aggregator_metrics true
Enable Multi Cloudera Manager Dashboard Allows this Cloudera Manager to periodically collect and aggregate health and status data from other Cloudera Manager instances. Go to Multi Cloudera Manager Dashboard. false enable_aggregator true

Network

Display Name Description Related Name Default Value API Name Required
Proxy Password The basic authentication password for the proxy. parcel_proxy_password false
Proxy Port The port for the proxy server to be used when the Cloudera Manager Server accesses the Internet, such as when downloading parcels and uploading diagnostic data. parcel_proxy_port false
Proxy Protocol The protocol to use for the proxy server when the Cloudera Manager Server accesses the Internet, such as when downloading parcels and uploading diagnostic data. HTTP parcel_proxy_protocol true
Proxy Server The proxy server to be used when the Cloudera Manager Server accesses the Internet, such as when downloading parcels and uploading diagnostic data. parcel_proxy_server false
Proxy User The basic authentication user name for the proxy. parcel_proxy_user false

Other

Display Name Description Related Name Default Value API Name Required
Allow Usage Data Collection Allows Cloudera to collect usage data, including the use of Google Analytics. true allow_usage_data true
Custom Banner Text The custom banner is used to display a customer specific text in the header area. custom_banner_html false
Custom Header Color The custom header color is used to distinguish different instances of Cloudera Manager. BLACK custom_header_color true
Custom Information Assurance Policy Text An information assurance policy statement that must be agreed to in order for a user to login. custom_ia_policy false
Enable Events Widget Auto-Search When enabled, the Events widget at the bottom of many pages will auto-fire its default search on page load. true events_widget_search_on_load true
Maximum Cluster Count Shown In Full When the number of clusters exceeds this number, only the cluster summary information will be shown on the home page. 2 home_page_full_limit true
System Identifier An identifier for this system, to be included with diagnostic data bundles. default system_identifier true

Parcels

Display Name Description Related Name Default Value API Name Required
Automatically Distribute Available Parcels Whether available parcels should be automatically distributed to any cluster that already has parcels of the same product. false distribute_parcels_automatically true
Automatically Download New Parcels Whether new parcels discovered on the remote parcel repository should be automatically downloaded. false download_parcels_automatically true
Cloudera Manager Manages Parcels Whether Cloudera Manager should manage which parcels should be present on all managed hosts. true manages_parcels true
Automatically Downloaded Products If automatic parcel downloading is enabled, the list of products that will be downloaded. CDH parcel_autodownload_products false
Automatically Remove Old Parcels Whether parcels for old versions of an activated product should be removed from a cluster when they are no longer in use. false parcel_cleanup_automatically true
Number of Old Parcel Versions to Retain If automatic removal of old parcels is enabled, the number of old parcels to keep. Any old parcels beyond this value will any be removed. If this is set to zero, no old parcels will be retained. 3 parcel_cleanup_threshold true
Parcel Distribution Rate Limit Per-second rate limit for parcel distribution. The default of 50MiB/second allows for parcel distribution to saturate about half of a Gigabit link. 50 MiB parcel_distribute_rate_limit_kbs_per_second true
Maximum Parcel Uploads Maximum number of concurrent uploads allowed to distribute parcels to individual hosts. The maximum allowed number of concurrent uploads is 50. 10 parcel_max_upload true
Validate Parcel Relations Enforce that parcel dependencies are satisfied and conflicts are prevented when activating parcels. Parcel relations (Depends, Conflicts, and Replaces) can be defined the manifests of parcel repositories. Cloudera Manager can also enforce some default relations if none are defined in the manifest. true parcel_relation_validation true
Local Parcel Repository Path Path to the local package parcel repository from which binaries are served to the Agents. /opt/cloudera/parcel-repo parcel_repo_path true
Create System-Wide Symlinks for Active Parcels Whether system-wide symlinks should be created for the active parcels (for example, /usr/bin/hadoop). true parcel_symlinks true
Parcel Update Frequency How often to check local and remote parcel repositories for new parcels and if any old parcels should be cleaned up. 1 hour(s) parcel_update_freq true
Create Users and Groups, and Apply File Permissions for Parcels Whether a parcel's specified users, groups and file permissions should be applied. This may not be desired if custom users and groups are being used, or if they have to be created externally (eg: in LDAP) true parcel_users_groups_permissions true
Remote Parcel Repository URLs URLs of the remote parcel repositories where Cloudera Manager checks for new parcels. When checking for new parcels, Cloudera Manager sends the ID of the server and the server version to the repository host. The special variable {latest_supported} is replaced with the latest version of CDH that Cloudera Manager supports when checks are made. https://archive.cloudera.com/cdh5/parcels/latest_supported/, https://archive.cloudera.com/cdh4/parcels/latest/, https://archive.cloudera.com/impala/parcels/latest/, https://archive.cloudera.com/search/parcels/latest/ remote_parcel_repo_urls true
Retain Downloaded Parcel Files Whether downloaded parcel files be kept by Agents after they have been unpacked. Keeping the parcel files consumes additional disk space but allows downloads to be avoided if the parcel ever needs to be unpacked again. true retain_parcels_in_cache true

Performance

Display Name Description Related Name Default Value API Name Required
Send Agent heartbeat every The interval between each heartbeat that is sent from Agents to the server 15 second(s) heartbeat_interval true

Ports and Addresses

Display Name Description Related Name Default Value API Name Required
Agent Port to connect to Server Specify the port for Agents to use to connect to the Server. Must be 1024 or higher. 7182 agent_port true
Cloudera Manager Hostname Override Override to use for Cloudera Manager's hostname. Normally this is determined automatically, but this can be used if InetAddress.getLocalhost() is returning the loopback address. cm_host_name false
HTTP Port for Admin Console Specify the HTTP port to use to access the Server via the Admin Console. Must be 1024 or higher. 7180 http_port true
HTTPS Port for Admin Console Specify the HTTPS port to use to access the Server via the Admin Console. Must be 1024 or higher. 7183 https_port true

Reports

Display Name Description Related Name Default Value API Name Required
Report Configurations List of configurations for the Cluster Utilization Report. [ name: Default, tenantType: POOL, daysOfWeek: [], isAllDay: true, startHourOfDay: 0, endHourOfDay: 0 , name: Weekdays, tenantType: POOL, daysOfWeek: [1, 2, 3, 4, 5], isAllDay: true, startHourOfDay: 0, endHourOfDay: 0 ] report_configurations true

Security

Display Name Description Related Name Default Value API Name Required
Use TLS Encryption for Agents Select this option to enable TLS encryption between the Server and Agents. false agent_tls false
Require Authentication to Download Client Configurations When enabled, downloading client configurations through the API or through the URLs displayed in the UI requires normal authentication. When disabled, no authentication is required. false client_config_auth true
Cloudera Manager TLS/SSL Server JKS Keystore File Password The password for the Cloudera Manager JKS keystore file. keystore_password false
Cloudera Manager TLS/SSL Server JKS Keystore File Location The path to the TLS/SSL keystore file containing the server certificate and private key used for TLS/SSL. Used when Cloudera Manager is acting as a TLS/SSL server. The keystore must be in JKS format. keystore_path false
Use TLS Authentication of Agents to Server Select this option to enable TLS Authentication of Agents to the Server. false need_agent_validation true
HTTP Referer Check Whether to verify "Referer" in HTTP header for state changing requests. This protects against cross-site request forgery, but may need to be turned off if browsers or proxies in your environment do not specify the header. true referer_check true
Maximum Number of Active User Sessions Restrict users to a certain number of active sessions at a time. If set, a user is limited to the specified number of sessions, and the oldest session is terminiated if the user logs in somewhere else. If not set, users can be logged in from as many places as they choose. If the user has 'Remember Me' turned on, or SAML is used for authentication, the user is automatically logged back in each time the session is ended. '0' means no limit is applied. 0 session_limit_concurrency true
Allow 'Remember Me' Option Whether to allow a user to select 'Remember Me' when logging in. If this is set, the user will not need to log in again for two weeks (unless the server is restarted during that time). If the user chooses 'Remember Me', then the session timeout is ignored. true session_remember_me true
Session Timeout The length of time a user's session can be idle for before the user must log in again. Note that currently logged in users will continue with their old timeout values. 30 minute(s) session_timeout true
Show Stacktraces On Error Pages Control whether stacktraces are shown on error pages. While stacktraces help with debugging, they can sometimes expose sensitive information to a potentially malicious user. true show_stacktraces true
Cloudera Manager TLS/SSL Certificate Trust Store Password The password for the Cloudera Manager TLS/SSL Certificate Trust Store File. This password is not required to access the trust store; this field can be left blank. This password provides optional integrity checking of the file. The contents of trust stores are certificates, and certificates are public information. truststore_password false
Cloudera Manager TLS/SSL Certificate Trust Store File The location on disk of the trust store, in .jks format, used to confirm the authenticity of TLS/SSL servers that Cloudera Manager might connect to. This is used when Cloudera Manager is the client in a TLS/SSL connection. This trust store must contain the certificate(s) used to sign the service(s) connected to. If this parameter is not provided, the default list of well-known certificate authorities is used instead. truststore_path false
Use TLS Encryption for Admin Console Enable TLS encryption (HTTPS) between the user and the Cloudera Manager Admin Console. When checked, the HTTPS port will be used. false web_tls false

Support

Display Name Description Related Name Default Value API Name Required
Number of Command Results to Keep The maximum number of command results to keep before deleting them from local storage. This property is used for the commands that generate large result files. A value of -1 indicates no limit. 10 cluster_stats_count false
Scheduled Diagnostic Data Size (MB) Approximate size in MB of scheduled diagnostic data bundle 100 cluster_stats_default_size_mb false
Use HTTPS to Upload Diagnostic Data Whether to use HTTPS to upload diagnostic data bundles instead of the now-deprecated SFTP. Uses proxy settings from the network setting. true cluster_stats_http true
Diagnostic Data Bundle Directory Local directory to store diagnostic data bundles. Leave blank to store bundles for 24 hours. This directory must be writable by the cloudera-scm user. cluster_stats_path false
Scheduled Diagnostic Data Collection Frequency Frequency of automatically collecting diagnostic data and sending to Cloudera support. WEEKLY cluster_stats_schedule true
Scheduled Diagnostic Data Collection Time Time of day to collect and send diagnostic data to Cloudera cluster_stats_start false
Diagnostic Data Temp Directory Local path to assemble diagnostic data bundles. Leave blank to assemble these bundles in your JVM temp directory. Set this value if you run out of disk space while collecting diagnostic data. cluster_stats_tmp_path false
Send Diagnostic Data to Cloudera Automatically Allows the Server to automatically send diagnostic data when a collection is triggered. true phone_home true
Open latest Help files from the Cloudera website If this option is selected, the Help link opens the latest Help files from the Cloudera web site (requires Internet access from the browser). If not selected, the locally installed Help files, which are not updated after installation, are opened (no Internet access from the browser is required). true using_help_from_ccp true

Suppressions

Display Name Description Related Name Default Value API Name Required
Suppress Parameter Validation: Active Directory Account Prefix Whether to suppress configuration warnings produced by the built-in parameter validation for the Active Directory Account Prefix parameter. false scm_config_suppression_ad_account_prefix true
Suppress Parameter Validation: Active Directory Suffix Whether to suppress configuration warnings produced by the built-in parameter validation for the Active Directory Suffix parameter. false scm_config_suppression_ad_kdc_domain true
Suppress Parameter Validation: Multi Cloudera Manager Dashboard Metrics Whether to suppress configuration warnings produced by the built-in parameter validation for the Multi Cloudera Manager Dashboard Metrics parameter. false scm_config_suppression_aggregator_metrics true
Suppress Parameter Validation: External Authentication Program Path Whether to suppress configuration warnings produced by the built-in parameter validation for the External Authentication Program Path parameter. false scm_config_suppression_auth_script true
Suppress Parameter Validation: Diagnostic Data Bundle Directory Whether to suppress configuration warnings produced by the built-in parameter validation for the Diagnostic Data Bundle Directory parameter. false scm_config_suppression_cluster_stats_path true
Suppress Parameter Validation: Diagnostic Data Temp Directory Whether to suppress configuration warnings produced by the built-in parameter validation for the Diagnostic Data Temp Directory parameter. false scm_config_suppression_cluster_stats_tmp_path true
Suppress Parameter Validation: Cloudera Manager Hostname Override Whether to suppress configuration warnings produced by the built-in parameter validation for the Cloudera Manager Hostname Override parameter. false scm_config_suppression_cm_host_name true
Suppress Parameter Validation: Cloudera Manager Server Local Data Storage Directory Whether to suppress configuration warnings produced by the built-in parameter validation for the Cloudera Manager Server Local Data Storage Directory parameter. false scm_config_suppression_command_storage_path true
Suppress Parameter Validation: Cross Entity Aggregate Generation Filters Whether to suppress configuration warnings produced by the built-in parameter validation for the Cross Entity Aggregate Generation Filters parameter. false scm_config_suppression_cross_entity_aggregate_filters true
Suppress Parameter Validation: Local Descriptor Repository Path Whether to suppress configuration warnings produced by the built-in parameter validation for the Local Descriptor Repository Path parameter. false scm_config_suppression_csd_repo_path true
Suppress Parameter Validation: Custom Banner Text Whether to suppress configuration warnings produced by the built-in parameter validation for the Custom Banner Text parameter. false scm_config_suppression_custom_banner_html true
Suppress Parameter Validation: Custom Information Assurance Policy Text Whether to suppress configuration warnings produced by the built-in parameter validation for the Custom Information Assurance Policy Text parameter. false scm_config_suppression_custom_ia_policy true
Suppress Parameter Validation: Custom Kerberos Keytab Retrieval Script Whether to suppress configuration warnings produced by the built-in parameter validation for the Custom Kerberos Keytab Retrieval Script parameter. false scm_config_suppression_gen_keytab_script true
Suppress Parameter Validation: Agent Heartbeat Logging Directory Whether to suppress configuration warnings produced by the built-in parameter validation for the Agent Heartbeat Logging Directory parameter. false scm_config_suppression_heartbeat_logging_dir true
Suppress Parameter Validation: Active Directory Domain Controller Override Whether to suppress configuration warnings produced by the built-in parameter validation for the Active Directory Domain Controller Override parameter. false scm_config_suppression_kdc_account_creation_host_override true
Suppress Parameter Validation: KDC Server Host Whether to suppress configuration warnings produced by the built-in parameter validation for the KDC Server Host parameter. false scm_config_suppression_kdc_host true
Suppress Parameter Validation: Cloudera Manager TLS/SSL Server JKS Keystore File Password Whether to suppress configuration warnings produced by the built-in parameter validation for the Cloudera Manager TLS/SSL Server JKS Keystore File Password parameter. false scm_config_suppression_keystore_password true
Suppress Parameter Validation: Cloudera Manager TLS/SSL Server JKS Keystore File Location Whether to suppress configuration warnings produced by the built-in parameter validation for the Cloudera Manager TLS/SSL Server JKS Keystore File Location parameter. false scm_config_suppression_keystore_path true
Suppress Parameter Validation: Kerberos Encryption Types Whether to suppress configuration warnings produced by the built-in parameter validation for the Kerberos Encryption Types parameter. false scm_config_suppression_krb_enc_types true
Suppress Parameter Validation: KDC Timeout Whether to suppress configuration warnings produced by the built-in parameter validation for the KDC Timeout parameter. false scm_config_suppression_krb_kdc_timeout true
Suppress Parameter Validation: Advanced Configuration Snippet (Safety Valve) for [libdefaults] section of krb5.conf Whether to suppress configuration warnings produced by the built-in parameter validation for the Advanced Configuration Snippet (Safety Valve) for [libdefaults] section of krb5.conf parameter. false scm_config_suppression_krb_libdefaults_safety_valve true
Suppress Parameter Validation: Advanced Configuration Snippet (Safety Valve) for remaining krb5.conf Whether to suppress configuration warnings produced by the built-in parameter validation for the Advanced Configuration Snippet (Safety Valve) for remaining krb5.conf parameter. false scm_config_suppression_krb_other_safety_valve true
Suppress Parameter Validation: Advanced Configuration Snippet (Safety Valve) for the Default Realm in krb5.conf Whether to suppress configuration warnings produced by the built-in parameter validation for the Advanced Configuration Snippet (Safety Valve) for the Default Realm in krb5.conf parameter. false scm_config_suppression_krb_realms_safety_valve true
Suppress Parameter Validation: Kerberos Renewable Lifetime Whether to suppress configuration warnings produced by the built-in parameter validation for the Kerberos Renewable Lifetime parameter. false scm_config_suppression_krb_renew_lifetime true
Suppress Parameter Validation: Kerberos Ticket Lifetime Whether to suppress configuration warnings produced by the built-in parameter validation for the Kerberos Ticket Lifetime parameter. false scm_config_suppression_krb_ticket_lifetime true
Suppress Parameter Validation: LDAP Full Administrator Groups Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Full Administrator Groups parameter. false scm_config_suppression_ldap_admin_groups true
Suppress Parameter Validation: LDAP Auditor Groups Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Auditor Groups parameter. false scm_config_suppression_ldap_auditor_groups true
Suppress Parameter Validation: LDAP BDR Administrator Groups Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP BDR Administrator Groups parameter. false scm_config_suppression_ldap_bdr_admin_groups true
Suppress Parameter Validation: LDAP Bind User Distinguished Name Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Bind User Distinguished Name parameter. false scm_config_suppression_ldap_bind_dn true
Suppress Parameter Validation: LDAP Bind Password Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Bind Password parameter. false scm_config_suppression_ldap_bind_pw true
Suppress Parameter Validation: LDAP Cluster Administrator Groups Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Cluster Administrator Groups parameter. false scm_config_suppression_ldap_cluster_admin_groups true
Suppress Parameter Validation: LDAP Configurator Groups Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Configurator Groups parameter. false scm_config_suppression_ldap_configurator_groups true
Suppress Parameter Validation: LDAP Distinguished Name Pattern Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Distinguished Name Pattern parameter. false scm_config_suppression_ldap_dn_pattern true
Suppress Parameter Validation: LDAP Group Search Base Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Group Search Base parameter. false scm_config_suppression_ldap_group_search_base true
Suppress Parameter Validation: LDAP Group Search Filter Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Group Search Filter parameter. false scm_config_suppression_ldap_group_search_filter true
Suppress Parameter Validation: LDAP Key Administrator Groups Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Key Administrator Groups parameter. false scm_config_suppression_ldap_key_admin_groups true
Suppress Parameter Validation: LDAP Limited Operator Groups Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Limited Operator Groups parameter. false scm_config_suppression_ldap_limited_groups true
Suppress Parameter Validation: LDAP Navigator Administrator Groups Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Navigator Administrator Groups parameter. false scm_config_suppression_ldap_navigator_admin_groups true
Suppress Parameter Validation: LDAP Operator Groups Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP Operator Groups parameter. false scm_config_suppression_ldap_operator_groups true
Suppress Parameter Validation: LDAP URL Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP URL parameter. false scm_config_suppression_ldap_url true
Suppress Parameter Validation: LDAP User Administrator Groups Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP User Administrator Groups parameter. false scm_config_suppression_ldap_user_admin_groups true
Suppress Parameter Validation: LDAP User Groups Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP User Groups parameter. false scm_config_suppression_ldap_user_groups true
Suppress Parameter Validation: LDAP User Search Base Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP User Search Base parameter. false scm_config_suppression_ldap_user_search_base true
Suppress Parameter Validation: LDAP User Search Filter Whether to suppress configuration warnings produced by the built-in parameter validation for the LDAP User Search Filter parameter. false scm_config_suppression_ldap_user_search_filter true
Suppress Configuration Validator: Mixed Packages And Parcels Whether to suppress configuration warnings produced by the Mixed Packages And Parcels configuration validator. false scm_config_suppression_mixed_packages_and_parcels true
Suppress Parameter Validation: Active Directory Domain Whether to suppress configuration warnings produced by the built-in parameter validation for the Active Directory Domain parameter. false scm_config_suppression_nt_domain true
Suppress Parameter Validation: Automatically Downloaded Products Whether to suppress configuration warnings produced by the built-in parameter validation for the Automatically Downloaded Products parameter. false scm_config_suppression_parcel_autodownload_products true
Suppress Parameter Validation: Proxy Password Whether to suppress configuration warnings produced by the built-in parameter validation for the Proxy Password parameter. false scm_config_suppression_parcel_proxy_password true
Suppress Parameter Validation: Proxy Server Whether to suppress configuration warnings produced by the built-in parameter validation for the Proxy Server parameter. false scm_config_suppression_parcel_proxy_server true
Suppress Parameter Validation: Proxy User Whether to suppress configuration warnings produced by the built-in parameter validation for the Proxy User parameter. false scm_config_suppression_parcel_proxy_user true
Suppress Parameter Validation: Local Parcel Repository Path Whether to suppress configuration warnings produced by the built-in parameter validation for the Local Parcel Repository Path parameter. false scm_config_suppression_parcel_repo_path true
Suppress Parameter Validation: Remote Parcel Repository URLs Whether to suppress configuration warnings produced by the built-in parameter validation for the Remote Parcel Repository URLs parameter. false scm_config_suppression_remote_parcel_repo_urls true
Suppress Parameter Validation: Report Configurations Whether to suppress configuration warnings produced by the built-in parameter validation for the Report Configurations parameter. false scm_config_suppression_report_configurations true
Suppress Parameter Validation: SAML Entity Base URL Whether to suppress configuration warnings produced by the built-in parameter validation for the SAML Entity Base URL parameter. false scm_config_suppression_saml_entity_base_url true
Suppress Parameter Validation: SAML Entity ID Whether to suppress configuration warnings produced by the built-in parameter validation for the SAML Entity ID parameter. false scm_config_suppression_saml_entity_id true
Suppress Parameter Validation: Alias of SAML Sign/Encrypt Private Key Whether to suppress configuration warnings produced by the built-in parameter validation for the Alias of SAML Sign/Encrypt Private Key parameter. false scm_config_suppression_saml_key_alias true
Suppress Parameter Validation: SAML Sign/Encrypt Private Key Password Whether to suppress configuration warnings produced by the built-in parameter validation for the SAML Sign/Encrypt Private Key Password parameter. false scm_config_suppression_saml_key_password true
Suppress Parameter Validation: SAML Keystore Password Whether to suppress configuration warnings produced by the built-in parameter validation for the SAML Keystore Password parameter. false scm_config_suppression_saml_keystore_password true
Suppress Parameter Validation: Path to SAML Keystore File Whether to suppress configuration warnings produced by the built-in parameter validation for the Path to SAML Keystore File parameter. false scm_config_suppression_saml_keystore_path true
Suppress Parameter Validation: SAML Login URL Whether to suppress configuration warnings produced by the built-in parameter validation for the SAML Login URL parameter. false scm_config_suppression_saml_login_url true
Suppress Parameter Validation: Path to SAML IDP Metadata File Whether to suppress configuration warnings produced by the built-in parameter validation for the Path to SAML IDP Metadata File parameter. false scm_config_suppression_saml_metadata_path true
Suppress Parameter Validation: SAML Attribute Identifier for User Role Whether to suppress configuration warnings produced by the built-in parameter validation for the SAML Attribute Identifier for User Role parameter. false scm_config_suppression_saml_oid_role true
Suppress Parameter Validation: SAML Attribute Identifier for User ID Whether to suppress configuration warnings produced by the built-in parameter validation for the SAML Attribute Identifier for User ID parameter. false scm_config_suppression_saml_oid_user true
Suppress Parameter Validation: SAML Attribute Values for Roles Whether to suppress configuration warnings produced by the built-in parameter validation for the SAML Attribute Values for Roles parameter. false scm_config_suppression_saml_role_map true
Suppress Parameter Validation: Path to SAML Role Assignment Script Whether to suppress configuration warnings produced by the built-in parameter validation for the Path to SAML Role Assignment Script parameter. false scm_config_suppression_saml_role_script true
Suppress Configuration Validator: Cloudera Manager Server Restart Whether to suppress configuration warnings produced by the Cloudera Manager Server Restart configuration validator. false scm_config_suppression_scm_server_restart true
Suppress Parameter Validation: Kerberos Security Realm Whether to suppress configuration warnings produced by the built-in parameter validation for the Kerberos Security Realm parameter. false scm_config_suppression_security_realm true
Suppress Parameter Validation: Single User Mode Group Whether to suppress configuration warnings produced by the built-in parameter validation for the Single User Mode Group parameter. false scm_config_suppression_single_user_group true
Suppress Parameter Validation: Single User Mode User Whether to suppress configuration warnings produced by the built-in parameter validation for the Single User Mode User parameter. false scm_config_suppression_single_user_name true
Suppress Parameter Validation: System Identifier Whether to suppress configuration warnings produced by the built-in parameter validation for the System Identifier parameter. false scm_config_suppression_system_identifier true
Suppress Configuration Validator: TLS With Kerberos Validator Whether to suppress configuration warnings produced by the TLS With Kerberos Validator configuration validator. false scm_config_suppression_tls_with_kerberos_validator true
Suppress Parameter Validation: Cloudera Manager TLS/SSL Certificate Trust Store Password Whether to suppress configuration warnings produced by the built-in parameter validation for the Cloudera Manager TLS/SSL Certificate Trust Store Password parameter. false scm_config_suppression_truststore_password true
Suppress Parameter Validation: Cloudera Manager TLS/SSL Certificate Trust Store File Whether to suppress configuration warnings produced by the built-in parameter validation for the Cloudera Manager TLS/SSL Certificate Trust Store File parameter. false scm_config_suppression_truststore_path true