openstack
/
sahara
Code Issues Proposed changes
sahara/sahara/plugins/cdh/v5_4_0/resources/impala-service.json

356 lines
27 KiB
JSON
Raw Blame History

[
{
"desc": "The health test thresholds for the assignment locality health test. Specified as a percentage of total assignments.",
"display_name": "Assignment Locality Ratio Thresholds",
"name": "impala_assignment_locality_thresholds",
"value": "{\"critical\":\"5.0\",\"warning\":\"80.0\"}"
},
{
"desc": "Name of the HBase service that this Impala service instance depends on",
"display_name": "HBase Service",
"name": "hbase_service",
"value": null
},
{
"desc": "When set, this parameter is used to convert the username into the LDAP Distinguished Name (DN), so that the resulting DN looks like uid=username,X. For example, if this parameter is set to \"ou=People,dc=cloudera,dc=com\", and the username passed in is \"mike\", the resulting authentication passed to the LDAP server looks like \"uid=mike,ou=People,dc=cloudera,dc=com\". This parameter is frequently useful when authenticating against an OpenLDAP server. This parameter is mutually exclusive with LDAP Domain and LDAP Pattern.",
"display_name": "LDAP BaseDN",
"name": "ldap_baseDN",
"value": null
},
{
"desc": "The user that this Impala's processes should run as (except Llama, which has its own user).",
"display_name": "Impala System User (except Llama)",
"name": "process_username",
"value": "impala"
},
{
"desc": "JSON representation of all the configurations that the Fair Scheduler can take on across all schedules. Typically edited using the Pools configuration UI. This configuration only has effect on Impala versions 1.3 or greater.",
"display_name": "Fair Scheduler Allocations",
"name": "impala_scheduled_allocations",
"value": "{\"defaultMinSharePreemptionTimeout\":null,\"defaultQueueSchedulingPolicy\":null,\"fairSharePreemptionTimeout\":null,\"queueMaxAMShareDefault\":null,\"queueMaxAppsDefault\":null,\"queuePlacementRules\":null,\"queues\":[{\"aclAdministerApps\":null,\"aclSubmitApps\":null,\"minSharePreemptionTimeout\":null,\"name\":\"root\",\"queues\":[{\"aclAdministerApps\":null,\"aclSubmitApps\":null,\"minSharePreemptionTimeout\":null,\"name\":\"default\",\"queues\":[],\"schedulablePropertiesList\":[{\"impalaMaxMemory\":null,\"impalaMaxQueuedQueries\":null,\"impalaMaxRunningQueries\":null,\"maxAMShare\":null,\"maxResources\":null,\"maxRunningApps\":null,\"minResources\":null,\"scheduleName\":\"default\",\"weight\":null}],\"schedulingPolicy\":null}],\"schedulablePropertiesList\":[{\"impalaMaxMemory\":null,\"impalaMaxQueuedQueries\":null,\"impalaMaxRunningQueries\":null,\"maxAMShare\":null,\"maxResources\":null,\"maxRunningApps\":null,\"minResources\":null,\"scheduleName\":\"default\",\"weight\":null}],\"schedulingPolicy\":null}],\"userMaxAppsDefault\":null,\"users\":[]}"
},
{
"desc": "<p>Event filters are defined in a JSON object like the following:</p>\n\n<pre>\n{\n \"defaultAction\" : (\"accept\", \"discard\"),\n \"rules\" : [\n {\n \"action\" : (\"accept\", \"discard\"),\n \"fields\" : [\n {\n \"name\" : \"fieldName\",\n \"match\" : \"regex\"\n }\n ]\n }\n ]\n}\n</pre>\n\n<p>\nA filter has a default action and a list of rules, in order of precedence.\nEach rule defines an action, and a list of fields to match against the\naudit event.\n</p>\n\n<p>\nA rule is \"accepted\" if all the listed field entries match the audit\nevent. At that point, the action declared by the rule is taken.\n</p>\n\n<p>\nIf no rules match the event, the default action is taken. Actions\ndefault to \"accept\" if not defined in the JSON object.\n</p>\n\n<p>\nThe following is the list of fields that can be filtered for Impala events:\n</p>\n\n<ul>\n <li>userName: the user performing the action.</li>\n <li>ipAddress: the IP from where the request originated.</li>\n <li>operation: the Impala operation being performed.</li> \n <li>databaseName: the databaseName for the operation.</li>\n <li>tableName: the tableName for the operation.</li>\n</ul>\n",
"display_name": "Audit Event Filter",
"name": "navigator_audit_event_filter",
"value": null
},
{
"desc": "<p>\nConfigures the rules for event tracking and coalescing. This feature is\nused to define equivalency between different audit events. When\nevents match, according to a set of configurable parameters, only one\nentry in the audit list is generated for all the matching events.\n</p>\n\n<p>\nTracking works by keeping a reference to events when they first appear,\nand comparing other incoming events against the \"tracked\" events according\nto the rules defined here.\n</p>\n\n<p>Event trackers are defined in a JSON object like the following:</p>\n\n<pre>\n{\n \"timeToLive\" : [integer],\n \"fields\" : [\n {\n \"type\" : [string],\n \"name\" : [string]\n }\n ]\n}\n</pre>\n\n<p>\nWhere:\n</p>\n\n<ul>\n <li>timeToLive: maximum amount of time an event will be tracked, in\n milliseconds. Must be provided. This defines how long, since it's\n first seen, an event will be tracked. A value of 0 disables tracking.</li>\n\n <li>fields: list of fields to compare when matching events against\n tracked events.</li>\n</ul>\n\n<p>\nEach field has an evaluator type associated with it. The evaluator defines\nhow the field data is to be compared. The following evaluators are\navailable:\n</p>\n\n<ul>\n <li>value: uses the field value for comparison.</li>\n\n <li>userName: treats the field value as a userName, and ignores any\n host-specific data. This is useful for environment using Kerberos,\n so that only the principal name and realm are compared.</li>\n</ul>\n\n<p>\nThe following is the list of fields that can be used to compare Impala events:\n</p>\n\n<ul>\n <li>username: the user performing the action.</li>\n <li>ipAddress: the IP from where the request originated.</li>\n <li>operation: the Impala operation being performed.</li> \n <li>databaseName: the database affected by the operation.</li>\n <li>tableName: the table affected by the operation.</li> \n</ul>\n\n",
"display_name": "Audit Event Tracker",
"name": "navigator_event_tracker",
"value": null
},
{
"desc": "For advanced use only, a string to be inserted into <strong>sentry-site.xml</strong>. Applies to configurations of all roles in this service except client configuration.",
"display_name": "Impala Service Advanced Configuration Snippet (Safety Valve) for sentry-site.xml",
"name": "impalad_sentry_safety_valve",
"value": null
},
{
"desc": "Use Impala Admission Control to throttle Impala requests. Unless 'Enable Dynamic Resource Pools' is enabled, Impala uses a single, default pool that is configured using the Single Pool configurations below. These features are only supported in Impala 1.3 or higher deployments.",
"display_name": "Enable Impala Admission Control",
"name": "all_admission_control_enabled",
"value": "false"
},
{
"desc": "For advanced use only, a string to be inserted into the client configuration for <strong>navigator.client.properties</strong>.",
"display_name": "Impala Client Advanced Configuration Snippet (Safety Valve) for navigator.client.properties",
"name": "navigator_client_config_safety_valve",
"value": null
},
{
"desc": "Configures the maximum number of queued queries for admission control when using a single pool. -1 or 0 disables queuing, i.e. incoming requests are rejected if they can not be executed immediately. Ignored when Dynamic Resource Pools for Admission Control is enabled.",
"display_name": "Single Pool Max Queued Queries",
"name": "admission_control_single_pool_max_queued",
"value": "200"
},
{
"desc": "Name of the Sentry service that this Impala service instance depends on. If selected, Impala uses this Sentry service to look up authorization privileges. Before enabling Sentry, read the requirements and configuration steps in <a class=\"bold\" href=\"http://tiny.cloudera.com/sentry-service-cm5\" target=\"_blank\">Setting Up The Sentry Service<i class=\"externalLink\"></i></a>.",
"display_name": "Sentry Service",
"name": "sentry_service",
"value": null
},
{
"desc": "When set, this value is appended to all usernames before authenticating with the LDAP server. For example, if this parameter is set to \"my.domain.com\", and the user authenticating to the Impala daemon is \"mike\", then \"mike@my.domain.com\" is passed to the LDAP server. If this field is unset, the username remains unaltered before being passed to the LDAP server. This parameter is mutually exclusive with LDAP BaseDN and LDAP Pattern.",
"display_name": "LDAP Domain",
"name": "ldap_domain",
"value": null
},
{
"desc": "The health test thresholds of the overall Impala Daemon health. The check returns \"Concerning\" health if the percentage of \"Healthy\" Impala Daemons falls below the warning threshold. The check is unhealthy if the total percentage of \"Healthy\" and \"Concerning\" Impala Daemons falls below the critical threshold.",
"display_name": "Healthy Impala Daemon Monitoring Thresholds",
"name": "impala_impalads_healthy_thresholds",
"value": "{\"critical\":\"90.0\",\"warning\":\"95.0\"}"
},
{
"desc": "Name of the HDFS service that this Impala service instance depends on",
"display_name": "HDFS Service",
"name": "hdfs_service",
"value": null
},
{
"desc": "When computing the overall IMPALA health, consider Impala StateStore's health",
"display_name": "Impala StateStore Role Health Test",
"name": "impala_statestore_health_enabled",
"value": "true"
},
{
"desc": "For advanced use only, key-value pairs (one on each line) to be inserted into a role's environment. Applies to configurations of all roles in this service except client configuration.",
"display_name": "Impala Service Environment Advanced Configuration Snippet (Safety Valve)",
"name": "impala_service_env_safety_valve",
"value": null
},
{
"desc": "The health test thresholds of the overall Impala Llama ApplicationMaster health. The check returns \"Concerning\" health if the percentage of \"Healthy\" Impala Llama ApplicationMasters falls below the warning threshold. The check is unhealthy if the total percentage of \"Healthy\" and \"Concerning\" Impala Llama ApplicationMasters falls below the critical threshold.",
"display_name": "Healthy Impala Llama ApplicationMaster Monitoring Thresholds",
"name": "impala_llamas_healthy_thresholds",
"value": "{\"critical\":\"51.0\",\"warning\":\"99.0\"}"
},
{
"desc": "Maximum amount of time (in milliseconds) that a request waits to be admitted before timing out. Must be a positive integer.",
"display_name": "Admission Control Queue Timeout",
"name": "admission_control_queue_timeout",
"value": "60000"
},
{
"desc": "When set, Cloudera Manager will send alerts when this entity's configuration changes.",
"display_name": "Enable Configuration Change Alerts",
"name": "enable_config_alerts",
"value": "false"
},
{
"desc": "Use Dynamic Resource Pools to configure Impala admission control or RM for this Impala service. These features are only supported in Impala 1.3 or higher deployments.",
"display_name": "Enable Dynamic Resource Pools",
"name": "admission_control_enabled",
"value": "false"
},
{
"desc": "Name of the Zookeeper service to use for leader election and fencing when Llama is configured for High Availability. This service dependency is required when more than one Llama role is present.",
"display_name": "Zookeeper Service for Llama HA",
"name": "zookeeper_service",
"value": null
},
{
"desc": "Number of minutes between reestablishing our ticket with the Kerberos server.",
"display_name": "Kerberos Re-init Interval",
"name": "kerberos_reinit_interval",
"value": "60"
},
{
"desc": "Time in seconds before Impala Daemon or Catalog Server times out with the StateStore.",
"display_name": "StateStoreSubscriber Timeout",
"name": "statestore_subscriber_timeout",
"value": "30"
},
{
"desc": "The time period over which to compute the assignment locality ratio. Specified in minutes.",
"display_name": "Assignment Locality Monitoring Period",
"name": "impala_assignment_locality_window",
"value": "15"
},
{
"desc": "Kerberos principal used by all roles of this service.",
"display_name": "Kerberos Principal",
"name": "kerberos_princ_name",
"value": "impala"
},
{
"desc": "Configures the max memory of running queries for admission control when using a single pool. -1 or 0 indicates no limit. Ignored when Dynamic Resource Pools for Admission Control is enabled.",
"display_name": "Single Pool Mem Limit",
"name": "admission_control_single_pool_mem_limit",
"value": "-1"
},
{
"desc": "Use Sentry to enable role-based, fine-grained authorization. This configuration enables Sentry using policy files. To enable Sentry using Sentry service instead, add Sentry service as a dependency to Impala service. <strong>Sentry service provides concurrent and secure access to authorization policy metadata and is the recommended option for enabling Sentry. </strong> Sentry is supported only on Impala 1.1 or later deployments.",
"display_name": "Enable Sentry Authorization using Policy Files",
"name": "sentry_enabled",
"value": "false"
},
{
"desc": "When set, this parameter allows arbitrary mapping from usernames into a Distinguished Name (DN). The string specified must have a placeholder named \"#UID\" inside it, and that #UID is replaced with the username. For example, you could mimic the behavior of LDAP BaseDN by specifying \"uid=#UID,ou=People,dc=cloudera,dc=com\". When the username of \"mike\" comes in, it replaces the #UID and the result is \"uid=mike,ou=People,dc=cloudera,dc=com\". This option should be used when more control over the DN is needed. This parameter is mutually exclusive with LDAP Domain and LDAP BaseDN.",
"display_name": "LDAP Pattern",
"name": "ldap_bind_pattern",
"value": null
},
{
"desc": "The URI of the LDAP server to use if LDAP is enabled. The URI must be prefixed with ldap:// or ldaps://. The URI can optionally specify the port, for example: ldap://ldap_server.example.com:389. ldaps:// is only supported in Impala 1.4 or CDH 5.1 or higher, and usually requires that you specify a port.",
"display_name": "LDAP URI",
"name": "impala_ldap_uri",
"value": null
},
{
"desc": "Maximum number of HBase client retries for Impala. Used as a maximum for all operations such as fetching of the root region from the root RegionServer, getting a cell's value, and starting a row update. Overrides configuration in the HBase service.",
"display_name": "Maximum HBase Client Retries",
"name": "hbase_client_retries_number",
"value": "3"
},
{
"desc": "Controls which queries a non-admin user can see in the queries list view",
"display_name": "Non-Admin Users Query List Visibility Settings",
"name": "user_query_list_settings",
"value": "ALL"
},
{
"desc": "The group that this Impala's processes should run as (except Llama, which has its own group).",
"display_name": "Impala System Group (except Llama)",
"name": "process_groupname",
"value": "impala"
},
{
"desc": "Specifies the set of authorized proxy users (users who can impersonate other users during authorization) and whom they are allowed to impersonate. Input is a semicolon-separated list of key=value pairs of authorized proxy users to the user(s) they can impersonate. These users are specified as a comma separated list of short usernames, or '*' to indicate all users. For example: joe=alice,bob;hue=*;admin=*. Only valid when Sentry is enabled.",
"display_name": "Proxy User Configuration",
"name": "impala_authorized_proxy_user_config",
"value": "hue=*"
},
{
"desc": "Controls the aggregate metrics generated for Impala queries. The structure is a JSON list of the attributes to aggregate and the entities to aggregate to. For example, if the attributeName is 'hdfs_bytes_read' and the aggregationTargets is ['USER'] then the Service Monitor will create the metric 'impala_query_hdfs_bytes_read_rate' and, every ten minutes, will record the total hdfs bytes read for each user across all their Impala queries. By default it will also record the number of queries issues ('num_impala_queries_rate') for both users and pool. For a full list of the supported attributes see the Impala search page. Note that the valid aggregation targets are USER, YARN_POOL, and IMPALA (the service), and that these aggregate metrics can be viewed on both the reports and charts search pages.",
"display_name": "Impala Query Aggregates",
"name": "impala_query_aggregates",
"value": "[\n {\n \"attributeName\": \"hdfs_bytes_read\",\n \"aggregationTargets\": [\"USER\", \"YARN_POOL\", \"IMPALA\"]\n },\n {\n \"attributeName\": \"hdfs_bytes_written\",\n \"aggregationTargets\": [\"USER\", \"YARN_POOL\", \"IMPALA\"]\n },\n {\n \"attributeName\": \"thread_cpu_time\",\n \"aggregationTargets\": [\"USER\", \"YARN_POOL\", \"IMPALA\"]\n },\n {\n \"attributeName\": \"bytes_streamed\",\n \"aggregationTargets\": [\"USER\", \"YARN_POOL\", \"IMPALA\"]\n },\n {\n \"attributeName\": \"cm_cpu_milliseconds\",\n \"aggregationTargets\": [\"USER\"]\n }\n]\n"
},
{
"desc": "When set, Cloudera Manager will send alerts when the health of this service reaches the threshold specified by the EventServer setting eventserver_health_events_alert_threshold",
"display_name": "Enable Service Level Health Alerts",
"name": "enable_alerts",
"value": "true"
},
{
"desc": "For advanced use only, key-value pairs (one on each line) to be added (verbatim) to Impala Daemon command-line flags. Applies to all roles in this service. Key names should begin with a hyphen(-). <strong>For example</strong>: -log_filename=foo.log",
"display_name": "Impala Command Line Argument Advanced Configuration Snippet (Safety Valve)",
"name": "impala_cmd_args_safety_valve",
"value": null
},
{
"desc": "Used to generate a core dump to get more information about an Impala crash. Unless otherwise configured systemwide using /proc/sys/kernel/core_pattern, the dump is generated in the 'current directory' of the Impala process (usually a subdirectory of the /var/run/cloudera-scm-agent/process directory). The core file can be very large.",
"display_name": "Enable Core Dump",
"name": "enable_core_dump",
"value": "false"
},
{
"desc": "Use debug build of Impala binaries when starting roles. Useful when performing diagnostic activities to get more information in the stacktrace or core dump.",
"display_name": "Use Debug Build",
"name": "use_debug_build",
"value": "false"
},
{
"desc": "Enable HDFS short circuit read. This allows a client co-located with the DataNode to read HDFS file blocks directly. This gives a performance boost to distributed clients that are aware of locality.",
"display_name": "Enable HDFS Short Circuit Read",
"name": "dfs_client_read_shortcircuit",
"value": "true"
},
{
"desc": "Action to take when the audit event queue is full. Drop the event or shutdown the affected process.",
"display_name": "Audit Queue Policy",
"name": "navigator_audit_queue_policy",
"value": "DROP"
},
{
"desc": "Local path to the private key that matches the certificate specified in the Certificate for Clients. This file must be in PEM format, and is required if the SSL/TLS Certificate for Clients is supplied.",
"display_name": "SSL/TLS Private Key for Clients",
"name": "ssl_private_key",
"value": null
},
{
"desc": "<p>The configured triggers for this service. This is a JSON formatted list of triggers. These triggers are evaluated as part as the health system. Every trigger expression is parsed, and if the trigger condition is met, the list of actions provided in the trigger expression is executed.</p><p>Each trigger has all of the following fields:</p><ul><li><code>triggerName</code> <strong>(mandatory)</strong> - The name of the trigger. This value must be unique for the specific service. </li><li><code>triggerExpression</code> <strong>(mandatory)</strong> - A tsquery expression representing the trigger. </li><li><code>streamThreshold</code> <strong>(optional)</strong> - The maximum number of streams that can satisfy a condition of a trigger before the condition fires. By default set to 0, and any stream returned causes the condition to fire. </li><li><code>enabled</code> <strong> (optional)</strong> - By default set to 'true'. If set to 'false', the trigger will not be evaluated.</li><li><code>expressionEditorConfig</code> <strong> (optional)</strong> - Metadata for the trigger editor. If present, the trigger should only be edited from the Edit Trigger page; editing the trigger here may lead to inconsistencies.</li></ul></p><p>For example, the followig JSON formatted trigger fires if there are more than 10 DataNodes with more than 500 file-descriptors opened:</p><p><pre>[{\"triggerName\": \"sample-trigger\",\n \"triggerExpression\": \"IF (SELECT fd_open WHERE roleType = DataNode and last(fd_open) > 500) DO health:bad\",\n \"streamThreshold\": 10, \"enabled\": \"true\"}]</pre></p><p>See the trigger rules documentation for more details on how to write triggers using tsquery.</p><p>The JSON format is evolving and may change in the future and, as a result, backward compatibility is not guaranteed between releases at this time.</p>",
"display_name": "Service Triggers",
"name": "service_triggers",
"value": "[]"
},
{
"desc": "If true, attempts to establish a TLS (Transport Layer Security) connection with the LDAP server. Only supported in Impala 1.4 or CDH 5.1 or higher. Not required when using an LDAP URI with prefix ldaps://, because that already specifies TLS.",
"display_name": "Enable LDAP TLS",
"name": "enable_ldap_tls",
"value": "false"
},
{
"desc": "Controls which queries admin users can see in the queries list view",
"display_name": "Admin Users Query List Visibility Settings",
"name": "admin_query_list_settings",
"value": "ALL"
},
{
"desc": "Encrypt communication between clients (like ODBC, JDBC, and the Impala shell) and the Impala daemon using Transport Layer Security (TLS) (formerly known as Secure Socket Layer (SSL)).",
"display_name": "Enable TLS/SSL for Impala Client Services",
"name": "client_services_ssl_enabled",
"value": "false"
},
{
"desc": "The minimum number of assignments that must occur during the test time period before the threshold values will be checked. Until this number of assignments have been observed in the test time period the health test will be disabled.",
"display_name": "Assignment Locality Minimum Assignments",
"name": "impala_assignment_locality_minimum",
"value": "10"
},
{
"desc": "Enable collection of lineage from the service's roles.",
"display_name": "Enable Lineage Collection",
"name": "navigator_lineage_enabled",
"value": "true"
},
{
"desc": "Name of YARN service to use for resource management integration between Impala and YARN. This service dependency and the existence of a Llama role is required for using said integration.",
"display_name": "YARN Service for Resource Management",
"name": "yarn_service",
"value": null
},
{
"desc": "For advanced use only, a string to be inserted into the client configuration for <strong>navigator.lineage.client.properties</strong>.",
"display_name": "Impala Client Advanced Configuration Snippet (Safety Valve) for navigator.lineage.client.properties",
"name": "navigator_lineage_client_config_safety_valve",
"value": null
},
{
"desc": "Local path to the X509 certificate that will identify the Impala daemon to clients during SSL/TLS connections. This file must be in PEM format.",
"display_name": "SSL/TLS Certificate for Clients",
"name": "ssl_server_certificate",
"value": null
},
{
"desc": "Timeout in milliseconds for all HBase RPCs made by Impala. Overrides configuration in HBase service.",
"display_name": "HBase RPC Timeout",
"name": "hbase_rpc_timeout",
"value": "3000"
},
{
"desc": "Name of the Hive service that this Impala service instance depends on",
"display_name": "Hive Service",
"name": "hive_service",
"value": null
},
{
"desc": "Enable collection of audit events from the service's roles.",
"display_name": "Enable Audit Collection",
"name": "navigator_audit_enabled",
"value": "true"
},
{
"desc": "A list specifying the rules to run to determine which Fair Scheduler configuration to use. Typically edited using the Rules configuration UI. This configuration only has effect on Impala versions 1.3 or greater.",
"display_name": "Fair Scheduler Configuration Rules",
"name": "impala_schedule_rules",
"value": "[]"
},
{
"desc": "When checked, LDAP-based authentication for users is enabled. Usernames and passwords are transmitted in the clear unless encryption is turned on. To encrypt the network traffic from the Impala daemon to the LDAP server, use either an ldaps:// URI or select 'Enable LDAP TLS'. To encrypt network traffic from clients to the Impala daemon, specify 'Enable TLS/SSL for Impala Client Services'.",
"display_name": "Enable LDAP Authentication",
"name": "enable_ldap_auth",
"value": "false"
},
{
"desc": "When computing the overall IMPALA health, consider Impala Catalog Server's health",
"display_name": "Impala Catalog Server Role Health Test",
"name": "impala_catalogserver_health_enabled",
"value": "true"
},
{
"desc": "For advanced use only, a list of derived configuration properties that will be used by the Service Monitor instead of the default ones.",
"display_name": "Service Monitor Derived Configs Advanced Configuration Snippet (Safety Valve)",
"name": "smon_derived_configs_safety_valve",
"value": null
},
{
"desc": "Configures the maximum number of concurrently running queries for admission control when using a single pool. -1 indicates no limit and 0 indicates all incoming requests will be rejected. Ignored when Dynamic Resource Pools for Admission Control is enabled.",
"display_name": "Single Pool Max Running Queries",
"name": "admission_control_single_pool_max_requests",
"value": "200"
}
]
View Git Blame Copy Permalink