278 lines
18 KiB
JSON
278 lines
18 KiB
JSON
[
|
|
{
|
|
"desc": "Whether to suppress configuration warnings produced by the Sentry Server Count Validator configuration validator.",
|
|
"display_name": "Suppress Configuration Validator: Sentry Server Count Validator",
|
|
"name": "service_config_suppression_sentry_server_count_validator",
|
|
"value": "false"
|
|
},
|
|
{
|
|
"desc": "Whether to suppress configuration warnings produced by the built-in parameter validation for the Sentry Server Database Password parameter.",
|
|
"display_name": "Suppress Parameter Validation: Sentry Server Database Password",
|
|
"name": "service_config_suppression_sentry_server_database_password",
|
|
"value": "false"
|
|
},
|
|
{
|
|
"desc": "Whether to suppress the results of the Sentry Server Health heath test. The results of suppressed health tests are ignored when computing the overall health of the associated host, role or service, so suppressed health tests will not generate alerts.",
|
|
"display_name": "Suppress Health Test: Sentry Server Health",
|
|
"name": "service_health_suppression_sentry_sentry_servers_healthy",
|
|
"value": "false"
|
|
},
|
|
{
|
|
"desc": "Whether to suppress configuration warnings produced by the built-in parameter validation for the Sentry Client Advanced Configuration Snippet (Safety Valve) for navigator.client.properties parameter.",
|
|
"display_name": "Suppress Parameter Validation: Sentry Client Advanced Configuration Snippet (Safety Valve) for navigator.client.properties",
|
|
"name": "service_config_suppression_navigator_client_config_safety_valve",
|
|
"value": "false"
|
|
},
|
|
{
|
|
"desc": "Password for Sentry Server database.",
|
|
"display_name": "Sentry Server Database Password",
|
|
"name": "sentry_server_database_password",
|
|
"value": ""
|
|
},
|
|
{
|
|
"desc": "Whether to suppress configuration warnings produced by the built-in parameter validation for the Audit Event Filter parameter.",
|
|
"display_name": "Suppress Parameter Validation: Audit Event Filter",
|
|
"name": "service_config_suppression_navigator_audit_event_filter",
|
|
"value": "false"
|
|
},
|
|
{
|
|
"desc": "<p>\nConfigures the rules for event tracking and coalescing. This feature is\nused to define equivalency between different audit events. When\nevents match, according to a set of configurable parameters, only one\nentry in the audit list is generated for all the matching events.\n</p>\n\n<p>\nTracking works by keeping a reference to events when they first appear,\nand comparing other incoming events against the \"tracked\" events according\nto the rules defined here.\n</p>\n\n<p>Event trackers are defined in a JSON object like the following:</p>\n\n<pre>\n{\n \"timeToLive\" : [integer],\n \"fields\" : [\n {\n \"type\" : [string],\n \"name\" : [string]\n }\n ]\n}\n</pre>\n\n<p>\nWhere:\n</p>\n\n<ul>\n <li>timeToLive: maximum amount of time an event will be tracked, in\n milliseconds. Must be provided. This defines how long, since it's\n first seen, an event will be tracked. A value of 0 disables tracking.</li>\n\n <li>fields: list of fields to compare when matching events against\n tracked events.</li>\n</ul>\n\n<p>\nEach field has an evaluator type associated with it. The evaluator defines\nhow the field data is to be compared. The following evaluators are\navailable:\n</p>\n\n<ul>\n <li>value: uses the field value for comparison.</li>\n\n <li>userName: treats the field value as a userName, and ignores any\n host-specific data. This is useful for environment using Kerberos,\n so that only the principal name and realm are compared.</li>\n</ul>\n\n<p>\nThe following is the list of fields that can be used to compare Sentry events:\n</p>\n\n<ul>\n <li>operation: the Sentry operation being performed.</li>\n <li>username: the user performing the action.</li>\n <li>ipAddress: the IP from where the request originated.</li>\n <li>allowed: whether the operation was allowed or denied.</li>\n</ul>\n",
|
|
"display_name": "Audit Event Tracker",
|
|
"name": "navigator_event_tracker",
|
|
"value": null
|
|
},
|
|
{
|
|
"desc": "List of users allowed to connect to the Sentry Server. These are usually service users such as hive and impala, and the list does not usually need to include end users.",
|
|
"display_name": "Allowed Connecting Users",
|
|
"name": "sentry_service_allow_connect",
|
|
"value": "hive,impala,hue,hdfs"
|
|
},
|
|
{
|
|
"desc": "The user that this service's processes should run as.",
|
|
"display_name": "System User",
|
|
"name": "process_username",
|
|
"value": "sentry"
|
|
},
|
|
{
|
|
"desc": "<p>\nEvent filters are defined in a JSON object like the following:\n</p>\n\n<pre>\n{\n \"defaultAction\" : (\"accept\", \"discard\"),\n \"rules\" : [\n {\n \"action\" : (\"accept\", \"discard\"),\n \"fields\" : [\n {\n \"name\" : \"fieldName\",\n \"match\" : \"regex\"\n }\n ]\n }\n ]\n}\n</pre>\n\n<p>\nA filter has a default action and a list of rules, in order of precedence.\nEach rule defines an action, and a list of fields to match against the\naudit event.\n</p>\n\n<p>\nA rule is \"accepted\" if all the listed field entries match the audit\nevent. At that point, the action declared by the rule is taken.\n</p>\n\n<p>\nIf no rules match the event, the default action is taken. Actions\ndefault to \"accept\" if not defined in the JSON object.\n</p>\n\n<p>\nThe following is the list of fields that can be filtered for Sentry events:\n</p>\n\n<ul>\n <li>operation: the Sentry operation being performed.</li>\n <li>username: the user performing the action.</li>\n <li>ipAddress: the IP from where the request originated.</li>\n <li>allowed: whether the operation was allowed or denied.</li>\n</ul>\n",
|
|
"display_name": "Audit Event Filter",
|
|
"name": "navigator_audit_event_filter",
|
|
"value": null
|
|
},
|
|
{
|
|
"desc": "User for Sentry Server database.",
|
|
"display_name": "Sentry Server Database User",
|
|
"name": "sentry_server_database_user",
|
|
"value": "sentry"
|
|
},
|
|
{
|
|
"desc": "Name of the HDFS service that this Sentry service instance depends on",
|
|
"display_name": "HDFS Service",
|
|
"name": "hdfs_service",
|
|
"value": null
|
|
},
|
|
{
|
|
"desc": "Type of Sentry Server database.",
|
|
"display_name": "Sentry Server Database Type",
|
|
"name": "sentry_server_database_type",
|
|
"value": "mysql"
|
|
},
|
|
{
|
|
"desc": "Whether to suppress configuration warnings produced by the built-in parameter validation for the Sentry Server Database Host parameter.",
|
|
"display_name": "Suppress Parameter Validation: Sentry Server Database Host",
|
|
"name": "service_config_suppression_sentry_server_database_host",
|
|
"value": "false"
|
|
},
|
|
{
|
|
"desc": "For advanced use only, key-value pairs (one on each line) to be inserted into a role's environment. Applies to configurations of all roles in this service except client configuration.",
|
|
"display_name": "Sentry Service Environment Advanced Configuration Snippet (Safety Valve)",
|
|
"name": "SENTRY_service_env_safety_valve",
|
|
"value": null
|
|
},
|
|
{
|
|
"desc": "Name of the ZooKeeper service that this Sentry service instance depends on",
|
|
"display_name": "ZooKeeper Service",
|
|
"name": "zookeeper_service",
|
|
"value": null
|
|
},
|
|
{
|
|
"desc": "Maximum size of audit log file in MB before it is rolled over.",
|
|
"display_name": "Maximum Audit Log File Size",
|
|
"name": "navigator_audit_log_max_file_size",
|
|
"value": "100"
|
|
},
|
|
{
|
|
"desc": "Whether to suppress configuration warnings produced by the built-in parameter validation for the Allowed Connecting Users parameter.",
|
|
"display_name": "Suppress Parameter Validation: Allowed Connecting Users",
|
|
"name": "service_config_suppression_sentry_service_allow_connect",
|
|
"value": "false"
|
|
},
|
|
{
|
|
"desc": "Host name of Sentry Server database.",
|
|
"display_name": "Sentry Server Database Host",
|
|
"name": "sentry_server_database_host",
|
|
"value": "localhost"
|
|
},
|
|
{
|
|
"desc": "The health test thresholds of the overall Sentry Server health. The check returns \"Concerning\" health if the percentage of \"Healthy\" Sentry Servers falls below the warning threshold. The check is unhealthy if the total percentage of \"Healthy\" and \"Concerning\" Sentry Servers falls below the critical threshold.",
|
|
"display_name": "Healthy Sentry Server Monitoring Thresholds",
|
|
"name": "sentry_sentry_server_healthy_thresholds",
|
|
"value": "{\"critical\":\"51.0\",\"warning\":\"99.0\"}"
|
|
},
|
|
{
|
|
"desc": "Path to the directory where audit logs will be written. The directory will be created if it doesn't exist.",
|
|
"display_name": "Audit Log Directory",
|
|
"name": "audit_event_log_dir",
|
|
"value": "/var/log/sentry/audit"
|
|
},
|
|
{
|
|
"desc": "Kerberos principal short name used by all roles of this service.",
|
|
"display_name": "Kerberos Principal",
|
|
"name": "kerberos_princ_name",
|
|
"value": "sentry"
|
|
},
|
|
{
|
|
"desc": "Whether to suppress configuration warnings produced by the built-in parameter validation for the Sentry Service Environment Advanced Configuration Snippet (Safety Valve) parameter.",
|
|
"display_name": "Suppress Parameter Validation: Sentry Service Environment Advanced Configuration Snippet (Safety Valve)",
|
|
"name": "service_config_suppression_sentry_service_env_safety_valve",
|
|
"value": "false"
|
|
},
|
|
{
|
|
"desc": "Whether to suppress configuration warnings produced by the built-in parameter validation for the Sentry Server Database Name parameter.",
|
|
"display_name": "Suppress Parameter Validation: Sentry Server Database Name",
|
|
"name": "service_config_suppression_sentry_server_database_name",
|
|
"value": "false"
|
|
},
|
|
{
|
|
"desc": "The group that this service's processes should run as.",
|
|
"display_name": "System Group",
|
|
"name": "process_groupname",
|
|
"value": "sentry"
|
|
},
|
|
{
|
|
"desc": "For advanced use only, a string to be inserted into <strong>sentry-site.xml</strong>. Applies to configurations of all roles in this service except client configuration.",
|
|
"display_name": "Sentry Service Advanced Configuration Snippet (Safety Valve) for sentry-site.xml",
|
|
"name": "sentry_server_config_safety_valve",
|
|
"value": null
|
|
},
|
|
{
|
|
"desc": "Whether to suppress configuration warnings produced by the built-in parameter validation for the Sentry Service Advanced Configuration Snippet (Safety Valve) for sentry-site.xml parameter.",
|
|
"display_name": "Suppress Parameter Validation: Sentry Service Advanced Configuration Snippet (Safety Valve) for sentry-site.xml",
|
|
"name": "service_config_suppression_sentry_server_config_safety_valve",
|
|
"value": "false"
|
|
},
|
|
{
|
|
"desc": "When set, Cloudera Manager will send alerts when the health of this service reaches the threshold specified by the EventServer setting eventserver_health_events_alert_threshold",
|
|
"display_name": "Enable Service Level Health Alerts",
|
|
"name": "enable_alerts",
|
|
"value": "true"
|
|
},
|
|
{
|
|
"desc": "Name of Sentry Server database.",
|
|
"display_name": "Sentry Server Database Name",
|
|
"name": "sentry_server_database_name",
|
|
"value": "sentry"
|
|
},
|
|
{
|
|
"desc": "Whether to suppress configuration warnings produced by the built-in parameter validation for the Service Triggers parameter.",
|
|
"display_name": "Suppress Parameter Validation: Service Triggers",
|
|
"name": "service_config_suppression_service_triggers",
|
|
"value": "false"
|
|
},
|
|
{
|
|
"desc": "Action to take when the audit event queue is full. Drop the event or shutdown the affected process.",
|
|
"display_name": "Audit Queue Policy",
|
|
"name": "navigator_audit_queue_policy",
|
|
"value": "DROP"
|
|
},
|
|
{
|
|
"desc": "<p>The configured triggers for this service. This is a JSON formatted list of triggers. These triggers are evaluated as part as the health system. Every trigger expression is parsed, and if the trigger condition is met, the list of actions provided in the trigger expression is executed.</p><p>Each trigger has the following fields:</p><ul><li><code>triggerName</code> <strong>(mandatory)</strong> - The name of the trigger. This value must be unique for the specific service. </li><li><code>triggerExpression</code> <strong>(mandatory)</strong> - A tsquery expression representing the trigger. </li><li><code>streamThreshold</code> <strong>(optional)</strong> - The maximum number of streams that can satisfy a condition of a trigger before the condition fires. By default set to 0, and any stream returned causes the condition to fire. </li><li><code>enabled</code> <strong> (optional)</strong> - By default set to 'true'. If set to 'false', the trigger is not evaluated.</li><li><code>expressionEditorConfig</code> <strong> (optional)</strong> - Metadata for the trigger editor. If present, the trigger should only be edited from the Edit Trigger page; editing the trigger here can lead to inconsistencies.</li></ul></p><p>For example, the followig JSON formatted trigger fires if there are more than 10 DataNodes with more than 500 file descriptors opened:</p><p><pre>[{\"triggerName\": \"sample-trigger\",\n \"triggerExpression\": \"IF (SELECT fd_open WHERE roleType = DataNode and last(fd_open) > 500) DO health:bad\",\n \"streamThreshold\": 10, \"enabled\": \"true\"}]</pre></p><p>See the trigger rules documentation for more details on how to write triggers using tsquery.</p><p>The JSON format is evolving and may change and, as a result, backward compatibility is not guaranteed between releases.</p>",
|
|
"display_name": "Service Triggers",
|
|
"name": "service_triggers",
|
|
"value": "[]"
|
|
},
|
|
{
|
|
"desc": "Whether to suppress configuration warnings produced by the built-in parameter validation for the Admin Groups parameter.",
|
|
"display_name": "Suppress Parameter Validation: Admin Groups",
|
|
"name": "service_config_suppression_sentry_service_admin_group",
|
|
"value": "false"
|
|
},
|
|
{
|
|
"desc": "Whether to suppress configuration warnings produced by the built-in parameter validation for the Audit Log Directory parameter.",
|
|
"display_name": "Suppress Parameter Validation: Audit Log Directory",
|
|
"name": "service_config_suppression_audit_event_log_dir",
|
|
"value": "false"
|
|
},
|
|
{
|
|
"desc": "Whether to suppress configuration warnings produced by the built-in parameter validation for the System User parameter.",
|
|
"display_name": "Suppress Parameter Validation: System User",
|
|
"name": "service_config_suppression_process_username",
|
|
"value": "false"
|
|
},
|
|
{
|
|
"desc": "When set, Cloudera Manager will send alerts when this entity's configuration changes.",
|
|
"display_name": "Enable Configuration Change Alerts",
|
|
"name": "enable_config_alerts",
|
|
"value": "false"
|
|
},
|
|
{
|
|
"desc": "Whether to suppress configuration warnings produced by the built-in parameter validation for the Audit Event Tracker parameter.",
|
|
"display_name": "Suppress Parameter Validation: Audit Event Tracker",
|
|
"name": "service_config_suppression_navigator_event_tracker",
|
|
"value": "false"
|
|
},
|
|
{
|
|
"desc": "Whether to suppress configuration warnings produced by the built-in parameter validation for the Kerberos Principal parameter.",
|
|
"display_name": "Suppress Parameter Validation: Kerberos Principal",
|
|
"name": "service_config_suppression_kerberos_princ_name",
|
|
"value": "false"
|
|
},
|
|
{
|
|
"desc": "Port number of Sentry Server database.",
|
|
"display_name": "Sentry Server Database Port",
|
|
"name": "sentry_server_database_port",
|
|
"value": "3306"
|
|
},
|
|
{
|
|
"desc": "If an end user is in one of these admin groups, that user has administrative privileges on the Sentry Server.",
|
|
"display_name": "Admin Groups",
|
|
"name": "sentry_service_admin_group",
|
|
"value": "hive,impala,hue"
|
|
},
|
|
{
|
|
"desc": "Whether to suppress configuration warnings produced by the built-in parameter validation for the System Group parameter.",
|
|
"display_name": "Suppress Parameter Validation: System Group",
|
|
"name": "service_config_suppression_process_groupname",
|
|
"value": "false"
|
|
},
|
|
{
|
|
"desc": "For advanced use only, a string to be inserted into the client configuration for <strong>navigator.client.properties</strong>.",
|
|
"display_name": "Sentry Client Advanced Configuration Snippet (Safety Valve) for navigator.client.properties",
|
|
"name": "navigator_client_config_safety_valve",
|
|
"value": null
|
|
},
|
|
{
|
|
"desc": "Whether to suppress configuration warnings produced by the built-in parameter validation for the Service Monitor Derived Configs Advanced Configuration Snippet (Safety Valve) parameter.",
|
|
"display_name": "Suppress Parameter Validation: Service Monitor Derived Configs Advanced Configuration Snippet (Safety Valve)",
|
|
"name": "service_config_suppression_smon_derived_configs_safety_valve",
|
|
"value": "false"
|
|
},
|
|
{
|
|
"desc": "Enable collection of audit events from the service's roles.",
|
|
"display_name": "Enable Audit Collection",
|
|
"name": "navigator_audit_enabled",
|
|
"value": "true"
|
|
},
|
|
{
|
|
"desc": "For advanced use only, a list of derived configuration properties that will be used by the Service Monitor instead of the default ones.",
|
|
"display_name": "Service Monitor Derived Configs Advanced Configuration Snippet (Safety Valve)",
|
|
"name": "smon_derived_configs_safety_valve",
|
|
"value": null
|
|
},
|
|
{
|
|
"desc": "Whether to suppress configuration warnings produced by the built-in parameter validation for the Sentry Server Database User parameter.",
|
|
"display_name": "Suppress Parameter Validation: Sentry Server Database User",
|
|
"name": "service_config_suppression_sentry_server_database_user",
|
|
"value": "false"
|
|
}
|
|
] |