├── roles
├── deployment
│ ├── cluster
│ │ ├── defaults
│ │ │ └── main.yml
│ │ ├── templates
│ │ │ ├── services
│ │ │ │ ├── serviceConfig.j2
│ │ │ │ └── roleConfigGroupConfig.j2
│ │ │ ├── cluster_template
│ │ │ │ ├── common
│ │ │ │ │ ├── clusterSpec.j2
│ │ │ │ │ └── variables.j2
│ │ │ │ ├── ecs
│ │ │ │ │ ├── hosts.j2
│ │ │ │ │ └── clusters.j2
│ │ │ │ └── kts
│ │ │ │ │ ├── instantiator.j2
│ │ │ │ │ └── hostTemplates.j2
│ │ │ └── sdx
│ │ │ │ └── data_context.j2
│ │ └── README.md
│ ├── repometa
│ │ ├── templates
│ │ │ └── role_mappings
│ │ │ │ ├── keytrustee.j2
│ │ │ │ ├── schemaregistry.j2
│ │ │ │ ├── kafka.j2
│ │ │ │ ├── spark2.j2
│ │ │ │ ├── ecs.j2
│ │ │ │ ├── cdsw.j2
│ │ │ │ ├── streams_messaging_manager.j2
│ │ │ │ ├── keytrustee_server.j2
│ │ │ │ ├── spark3.j2
│ │ │ │ ├── streams_replication_manager.j2
│ │ │ │ ├── cfm.j2
│ │ │ │ ├── flink.j2
│ │ │ │ ├── accumulo.j2
│ │ │ │ ├── wxm.j2
│ │ │ │ └── main.j2
│ │ ├── README.md
│ │ ├── meta
│ │ │ └── main.yml
│ │ └── defaults
│ │ │ └── main.yml
│ ├── services
│ │ ├── wxm
│ │ │ ├── defaults
│ │ │ │ └── main.yml
│ │ │ ├── templates
│ │ │ │ ├── altus_key_config.json
│ │ │ │ ├── wxm_config.json
│ │ │ │ ├── add_telemetry.json
│ │ │ │ └── add_altus_key.json
│ │ │ ├── README.md
│ │ │ └── meta
│ │ │ │ └── main.yml
│ │ ├── kms_ha
│ │ │ └── README.md
│ │ ├── kms
│ │ │ └── README.md
│ │ ├── mgmt
│ │ │ ├── README.md
│ │ │ └── meta
│ │ │ │ └── main.yml
│ │ └── kts_high_availability
│ │ │ └── README.md
│ ├── definition
│ │ ├── meta
│ │ │ └── main.yml
│ │ ├── templates
│ │ │ └── template_cluster_map.j2
│ │ └── README.md
│ ├── groupby
│ │ └── README.md
│ ├── credential
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ └── databases
│ │ ├── README.md
│ │ └── meta
│ │ └── main.yml
├── infrastructure
│ ├── krb5_server
│ │ ├── templates
│ │ │ ├── kadm5.acl.j2
│ │ │ ├── RedHat
│ │ │ │ └── kdc.conf.j2
│ │ │ └── Debian
│ │ │ │ └── kdc.conf.j2
│ │ ├── vars
│ │ │ ├── RedHat-8.yml
│ │ │ ├── Ubuntu.yml
│ │ │ ├── RedHat-7.yml
│ │ │ ├── default.yml
│ │ │ └── Suse.yml
│ │ ├── README.md
│ │ ├── defaults
│ │ │ └── main.yml
│ │ └── meta
│ │ │ └── main.yml
│ ├── krb5_client
│ │ ├── files
│ │ │ └── dbus_session.conf
│ │ ├── defaults
│ │ │ └── main.yml
│ │ ├── vars
│ │ │ ├── Debian.yml
│ │ │ ├── Suse.yml
│ │ │ └── RedHat.yml
│ │ ├── README.md
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ └── freeipa_dbus_patch.yml
│ │ └── meta
│ │ │ └── main.yml
│ ├── ca_server
│ │ ├── templates
│ │ │ ├── root_dn.j2
│ │ │ └── intermediate_dn.j2
│ │ ├── README.md
│ │ ├── vars
│ │ │ ├── Debian.yml
│ │ │ └── RedHat.yml
│ │ ├── meta
│ │ │ └── main.yml
│ │ └── molecule
│ │ │ └── default
│ │ │ └── converge.yml
│ ├── haproxy
│ │ └── README.md
│ ├── custom_repo
│ │ ├── README.md
│ │ └── vars
│ │ │ ├── Debian.yml
│ │ │ └── RedHat.yml
│ ├── rdbms
│ │ ├── vars
│ │ │ ├── mariadb-RedHat.yml
│ │ │ ├── mysql-RedHat.yml
│ │ │ └── mariadb-Debian.yml
│ │ ├── README.md
│ │ ├── handlers
│ │ │ └── main.yml
│ │ └── meta
│ │ │ └── main.yml
│ ├── ca_common
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ ├── krb5_conf
│ │ ├── README.md
│ │ ├── templates
│ │ │ └── krb5.conf.j2
│ │ └── meta
│ │ │ └── main.yml
│ └── krb5_common
│ │ └── templates
│ │ └── krb5.conf.j2
├── prereqs
│ ├── pvc_ecs
│ │ ├── files
│ │ │ └── networkmanager.conf
│ │ └── README.md
│ ├── os
│ │ ├── templates
│ │ │ └── rngd.service.j2
│ │ ├── README.md
│ │ └── vars
│ │ │ └── Suse.yml
│ ├── jdk
│ │ ├── README.md
│ │ └── vars
│ │ │ ├── Debian.yml
│ │ │ ├── RedHat.yml
│ │ │ └── Suse.yml
│ ├── license
│ │ ├── README.md
│ │ └── defaults
│ │ │ └── main.yml
│ ├── kerberos
│ │ ├── README.md
│ │ ├── vars
│ │ │ ├── Debian.yml
│ │ │ ├── Suse.yml
│ │ │ └── RedHat.yml
│ │ └── meta
│ │ │ └── main.yml
│ ├── user_accounts
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ ├── mysql_connector
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ ├── oracle_connector
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ ├── user_accounts_ecs
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ └── postgresql_connector
│ │ ├── README.md
│ │ └── meta
│ │ └── main.yml
├── cloudera_manager
│ ├── cms_tls
│ │ ├── meta
│ │ │ └── main.yml
│ │ ├── files
│ │ │ ├── cms_truststore_tls.json
│ │ │ ├── cms_keystore_tls.json
│ │ │ ├── cms_navigator_metaserver_keystore_tls.json
│ │ │ └── cms_navigator_keystore_tls.json
│ │ └── README.md
│ ├── config
│ │ ├── templates
│ │ │ └── config.j2
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ ├── session_timeout
│ │ ├── templates
│ │ │ └── unlog.json
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── README.md
│ │ ├── defaults
│ │ │ └── main.yml
│ │ └── meta
│ │ │ └── main.yml
│ ├── external_auth
│ │ ├── templates
│ │ │ ├── external_auth_mapping.j2
│ │ │ └── external_auth_mappings.j2
│ │ ├── defaults
│ │ │ └── main.yml
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ ├── autotls
│ │ ├── templates
│ │ │ ├── auto-tls.json.j2
│ │ │ └── auto-tls-key.json.j2
│ │ ├── files
│ │ │ └── cert.py_patch
│ │ ├── tasks
│ │ │ └── patch_old_cm.yml
│ │ ├── README.md
│ │ ├── meta
│ │ │ └── main.yml
│ │ └── defaults
│ │ │ └── main.yml
│ ├── services_info
│ │ ├── defaults
│ │ │ └── main.yml
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ ├── server_tls
│ │ ├── templates
│ │ │ └── tls_configs.j2
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ ├── repo
│ │ ├── vars
│ │ │ └── Suse.yml
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ ├── hosts_config
│ │ └── README.md
│ ├── preload_parcels
│ │ ├── README.md
│ │ └── defaults
│ │ │ └── main.yml
│ ├── external_account
│ │ ├── defaults
│ │ │ └── main.yml
│ │ ├── vars
│ │ │ └── main.yml
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ ├── csds
│ │ ├── README.md
│ │ ├── defaults
│ │ │ └── main.yml
│ │ └── meta
│ │ │ └── main.yml
│ ├── agent
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ ├── common
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ ├── daemons
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ ├── license
│ │ ├── README.md
│ │ ├── defaults
│ │ │ └── main.yml
│ │ └── meta
│ │ │ └── main.yml
│ ├── server
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ ├── api_hosts
│ │ ├── README.md
│ │ ├── meta
│ │ │ └── main.yml
│ │ └── templates
│ │ │ └── host_list.j2
│ ├── database
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ ├── kerberos
│ │ ├── README.md
│ │ ├── templates
│ │ │ └── kerberos_configs.j2
│ │ └── meta
│ │ │ └── main.yml
│ ├── agent_config
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ ├── api_client
│ │ ├── README.md
│ │ ├── defaults
│ │ │ └── main.yml
│ │ └── meta
│ │ │ └── main.yml
│ ├── admin_password
│ │ ├── set
│ │ │ ├── README.md
│ │ │ └── meta
│ │ │ │ └── main.yml
│ │ └── check
│ │ │ ├── README.md
│ │ │ └── meta
│ │ │ └── main.yml
│ └── wait_for_heartbeat
│ │ ├── README.md
│ │ └── meta
│ │ └── main.yml
├── config
│ ├── cluster
│ │ ├── base
│ │ │ ├── templates
│ │ │ │ ├── configs
│ │ │ │ │ ├── kerberos-7.x.j2
│ │ │ │ │ ├── phoenix.j2
│ │ │ │ │ ├── sentry.j2
│ │ │ │ │ ├── logdirs-6.x.j2
│ │ │ │ │ ├── schemaregistry.j2
│ │ │ │ │ ├── tls-6.x.j2
│ │ │ │ │ ├── oom-6.3.0.j2
│ │ │ │ │ ├── tls-7.1.4.j2
│ │ │ │ │ └── trusted-realms.j2
│ │ │ │ └── workarounds
│ │ │ │ │ ├── OPSAPS-56076.j2
│ │ │ │ │ └── OPSAPS-55800.j2
│ │ │ └── README.md
│ │ ├── ecs
│ │ │ ├── templates
│ │ │ │ └── configs
│ │ │ │ │ └── ecs.j2
│ │ │ ├── README.md
│ │ │ └── vars
│ │ │ │ └── main.yml
│ │ └── kts
│ │ │ ├── templates
│ │ │ └── configs
│ │ │ │ └── tls.j2
│ │ │ └── README.md
│ └── services
│ │ ├── mgmt
│ │ ├── templates
│ │ │ └── configs
│ │ │ │ ├── tls-6.x.j2
│ │ │ │ ├── defaults.j2
│ │ │ │ └── varlib-7.1.0.j2
│ │ └── README.md
│ │ ├── solr_knox
│ │ ├── templates
│ │ │ ├── solr_knox_url.json
│ │ │ └── solr_knox_url_api.json
│ │ ├── README.md
│ │ ├── tasks
│ │ │ └── main.yml
│ │ └── meta
│ │ │ └── main.yml
│ │ ├── kms_tls
│ │ ├── files
│ │ │ ├── kms_tls_cdh_kms.json
│ │ │ ├── kms_tls_cdh.json
│ │ │ └── kms_tls.json
│ │ └── README.md
│ │ ├── kms
│ │ ├── templates
│ │ │ └── configs
│ │ │ │ └── tls.j2
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ │ ├── oozie_ui
│ │ └── README.md
│ │ ├── hue_ticket_lifetime
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ │ ├── solr_ranger_plugin
│ │ ├── README.md
│ │ ├── templates
│ │ │ └── solr_plugin.json
│ │ └── meta
│ │ │ └── main.yml
│ │ └── ranger_pvc_default_policies
│ │ ├── README.md
│ │ └── meta
│ │ └── main.yml
├── operations
│ ├── restart_mgmt_services
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ ├── restart_cluster_services
│ │ ├── tasks
│ │ │ ├── main.yml
│ │ │ └── service_restart.yml
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ ├── restart_cluster
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ ├── delete_cms
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ ├── restart_stale
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ ├── stop_cluster
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ ├── delete_cluster
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ └── refresh_ranger_kms_repo
│ │ ├── README.md
│ │ └── meta
│ │ └── main.yml
├── security
│ ├── tls_generate_csr
│ │ ├── templates
│ │ │ ├── certificate_dn.j2
│ │ │ └── csr.cnf.j2
│ │ ├── README.md
│ │ ├── defaults
│ │ │ └── main.yml
│ │ ├── meta
│ │ │ └── main.yml
│ │ └── molecule
│ │ │ └── default
│ │ │ └── converge.yml
│ ├── tls_clean
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ ├── tls_nifi
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ ├── tls_signing
│ │ ├── README.md
│ │ ├── defaults
│ │ │ └── main.yml
│ │ └── meta
│ │ │ └── main.yml
│ └── tls_install_certs
│ │ ├── README.md
│ │ └── meta
│ │ └── main.yml
├── teardown
│ ├── README.md
│ └── tasks
│ │ └── teardown_kms.yml
├── verify
│ ├── inventory
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ ├── definition
│ │ ├── README.md
│ │ └── meta
│ │ │ └── main.yml
│ └── parcels_and_roles
│ │ ├── README.md
│ │ └── meta
│ │ └── main.yml
└── assemble_template
│ ├── README.md
│ └── defaults
│ └── main.yml
├── docsbuild
├── .gitignore
├── requirements.txt
├── templates
│ └── layout.html
└── cloudera.css
├── docs
├── docsite
│ ├── extra-docs.yml
│ ├── links.yml
│ └── config.yml
├── roles
│ └── verify
│ │ ├── inventory.md
│ │ ├── definition.md
│ │ └── parcels_and_roles.md
└── getting-started.md
├── icla
├── Cloudera_CCLA_25APR2018.pdf
└── Cloudera_ICLA_25APR2018.pdf
├── requirements.yml
├── bindep.txt
├── .ansible-lint
├── requirements.txt
└── tests
└── unit
├── plugins
└── modules
│ └── assemble_cluster_template
│ └── fragments
│ ├── base.json
│ └── service-3.json
└── requirements.txt
/roles/deployment/cluster/defaults/main.yml:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/roles/infrastructure/krb5_server/templates/kadm5.acl.j2:
--------------------------------------------------------------------------------
1 | */admin@{{ krb5_realm|upper }} *
2 |
--------------------------------------------------------------------------------
/roles/deployment/repometa/templates/role_mappings/keytrustee.j2:
--------------------------------------------------------------------------------
1 | KEYTRUSTEE:
2 | - KMS_KEYTRUSTEE
3 |
--------------------------------------------------------------------------------
/roles/deployment/services/wxm/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | altus_key_id: ""
3 | altus_private_key: ""
4 |
--------------------------------------------------------------------------------
/roles/infrastructure/krb5_server/vars/RedHat-8.yml:
--------------------------------------------------------------------------------
1 | ---
2 | ipaserver_packages: ["@idm:DL1/server"]
3 |
--------------------------------------------------------------------------------
/roles/infrastructure/krb5_server/vars/Ubuntu.yml:
--------------------------------------------------------------------------------
1 | ---
2 | ipaserver_packages: ["freeipa-server"]
3 |
--------------------------------------------------------------------------------
/docsbuild/.gitignore:
--------------------------------------------------------------------------------
1 |
2 | # Created with antsibull-docs 2.3.1.post0
3 |
4 | /temp-rst
5 | /build
6 | /rst
7 |
--------------------------------------------------------------------------------
/roles/deployment/repometa/templates/role_mappings/schemaregistry.j2:
--------------------------------------------------------------------------------
1 | SCHEMAREGISTRY:
2 | - SCHEMA_REGISTRY_SERVER
3 |
--------------------------------------------------------------------------------
/roles/infrastructure/krb5_server/vars/RedHat-7.yml:
--------------------------------------------------------------------------------
1 | ---
2 | ipaserver_packages: ["ipa-server", "libselinux-python"]
3 |
--------------------------------------------------------------------------------
/roles/infrastructure/krb5_server/vars/default.yml:
--------------------------------------------------------------------------------
1 | ---
2 | ipaserver_packages: ["ipa-server", "python3-libselinux"]
3 |
--------------------------------------------------------------------------------
/docs/docsite/extra-docs.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | sections:
4 | # - title: Guides
5 | # toctree:
6 | # - api-design
7 |
--------------------------------------------------------------------------------
/roles/deployment/definition/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | dependencies:
3 | - cloudera.cluster.infrastructure.krb5_common
4 |
--------------------------------------------------------------------------------
/roles/prereqs/pvc_ecs/files/networkmanager.conf:
--------------------------------------------------------------------------------
1 | [keyfile]
2 | unmanaged-devices=interface-name:cali*;interface-name:flannel*
3 |
--------------------------------------------------------------------------------
/icla/Cloudera_CCLA_25APR2018.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudera-labs/cloudera.cluster/HEAD/icla/Cloudera_CCLA_25APR2018.pdf
--------------------------------------------------------------------------------
/icla/Cloudera_ICLA_25APR2018.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/cloudera-labs/cloudera.cluster/HEAD/icla/Cloudera_ICLA_25APR2018.pdf
--------------------------------------------------------------------------------
/roles/cloudera_manager/cms_tls/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | dependencies:
3 | - role: cloudera.cluster.cloudera_manager.api_client
4 |
--------------------------------------------------------------------------------
/roles/config/cluster/base/templates/configs/kerberos-7.x.j2:
--------------------------------------------------------------------------------
1 | ---
2 | HBASE:
3 | SERVICEWIDE:
4 | hadoop_secure_web_ui: true
5 |
--------------------------------------------------------------------------------
/roles/deployment/repometa/templates/role_mappings/kafka.j2:
--------------------------------------------------------------------------------
1 | KAFKA:
2 | - GATEWAY
3 | - KAFKA_BROKER
4 | - KAFKA_MIRROR_MAKER
5 |
--------------------------------------------------------------------------------
/roles/deployment/repometa/templates/role_mappings/spark2.j2:
--------------------------------------------------------------------------------
1 | SPARK2_ON_YARN:
2 | - GATEWAY
3 | - SPARK2_YARN_HISTORY_SERVER
4 |
--------------------------------------------------------------------------------
/docsbuild/requirements.txt:
--------------------------------------------------------------------------------
1 |
2 | antsibull-docs >= 2.0.0, < 3.0.0
3 | ansible-pygments
4 | sphinx
5 | sphinx-ansible-theme >= 0.9.0
6 |
--------------------------------------------------------------------------------
/roles/deployment/repometa/templates/role_mappings/ecs.j2:
--------------------------------------------------------------------------------
1 | DOCKER:
2 | - DOCKER_SERVER
3 | ECS:
4 | - ECS_AGENT
5 | - ECS_SERVER
6 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/config/templates/config.j2:
--------------------------------------------------------------------------------
1 | {% import 'cm_api.j2' as cm_api with context %}
2 | {{ cm_api.ApiConfigList(filtered_configs) }}
3 |
--------------------------------------------------------------------------------
/roles/deployment/repometa/templates/role_mappings/cdsw.j2:
--------------------------------------------------------------------------------
1 | CDSW:
2 | - CDSW_APPLICATION
3 | - CDSW_DOCKER
4 | - CDSW_MASTER
5 | - CDSW_WORKER
6 |
--------------------------------------------------------------------------------
/roles/deployment/cluster/templates/services/serviceConfig.j2:
--------------------------------------------------------------------------------
1 | {% import 'cm_api.j2' as cm_api with context %}
2 | {{ cm_api.ApiConfigList(merged_configs[service]['SERVICEWIDE']) }}
3 |
--------------------------------------------------------------------------------
/roles/config/cluster/base/templates/configs/phoenix.j2:
--------------------------------------------------------------------------------
1 | HBASE:
2 | REGIONSERVER:
3 | hbase_regionserver_wal_codec: org.apache.hadoop.hbase.regionserver.wal.IndexedWALEditCodec
4 |
--------------------------------------------------------------------------------
/roles/deployment/cluster/templates/services/roleConfigGroupConfig.j2:
--------------------------------------------------------------------------------
1 | {% import 'cm_api.j2' as cm_api with context %}
2 | {{ cm_api.ApiConfigList(merged_configs[service][role_type]) }}
3 |
--------------------------------------------------------------------------------
/roles/deployment/repometa/templates/role_mappings/streams_messaging_manager.j2:
--------------------------------------------------------------------------------
1 | STREAMS_MESSAGING_MANAGER:
2 | - STREAMS_MESSAGING_MANAGER_UI
3 | - STREAMS_MESSAGING_MANAGER_SERVER
4 |
--------------------------------------------------------------------------------
/roles/config/services/mgmt/templates/configs/tls-6.x.j2:
--------------------------------------------------------------------------------
1 | ---
2 | ACTIVITYMONITOR:
3 | ssl_enabled: true
4 | HOSTMONITOR:
5 | ssl_enabled: true
6 | SERVICEMONITOR:
7 | ssl_enabled: true
8 |
--------------------------------------------------------------------------------
/roles/deployment/repometa/templates/role_mappings/keytrustee_server.j2:
--------------------------------------------------------------------------------
1 | KEYTRUSTEE_SERVER:
2 | - DB_ACTIVE
3 | - DB_PASSIVE
4 | - KEYTRUSTEE_ACTIVE_SERVER
5 | - KEYTRUSTEE_PASSIVE_SERVER
6 |
--------------------------------------------------------------------------------
/roles/deployment/repometa/templates/role_mappings/spark3.j2:
--------------------------------------------------------------------------------
1 | SPARK3_ON_YARN:
2 | - GATEWAY
3 | - SPARK3_YARN_HISTORY_SERVER
4 | LIVY_FOR_SPARK3:
5 | - GATEWAY
6 | - LIVY_SERVER_FOR_SPARK3
7 |
--------------------------------------------------------------------------------
/roles/config/cluster/base/templates/configs/sentry.j2:
--------------------------------------------------------------------------------
1 | ---
2 | HIVE:
3 | HIVEMETASTORE:
4 | hive_enable_db_notification: true
5 | HIVESERVER2:
6 | hiveserver2_enable_impersonation: false
7 |
--------------------------------------------------------------------------------
/roles/deployment/repometa/templates/role_mappings/streams_replication_manager.j2:
--------------------------------------------------------------------------------
1 | STREAMS_REPLICATION_MANAGER:
2 | - STREAMS_REPLICATION_MANAGER_DRIVER
3 | - STREAMS_REPLICATION_MANAGER_SERVICE
4 |
--------------------------------------------------------------------------------
/roles/deployment/repometa/templates/role_mappings/cfm.j2:
--------------------------------------------------------------------------------
1 | NIFI:
2 | - NIFI_NODE
3 | - GATEWAY
4 | NIFIREGISTRY:
5 | - NIFI_REGISTRY_SERVER
6 | - GATEWAY
7 | NIFITOOLKITCA:
8 | - NIFI_TOOLKIT_SERVER
9 |
--------------------------------------------------------------------------------
/roles/deployment/services/wxm/templates/altus_key_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "items": [
3 | {
4 | "name": "telemetry_altus_account",
5 | "value": "altus-key-for-wxm"
6 | }
7 | ]
8 | }
9 |
--------------------------------------------------------------------------------
/roles/prereqs/os/templates/rngd.service.j2:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Hardware RNG Entropy Gatherer Daemon
3 |
4 | [Service]
5 | ExecStart=/sbin/rngd -f -r /dev/urandom
6 |
7 | [Install]
8 | WantedBy=multi-user.target
9 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/session_timeout/templates/unlog.json:
--------------------------------------------------------------------------------
1 | {
2 | "items": [
3 | {
4 | "name": "session_timeout",
5 | "value": "{{ cloudera_manager_session_timeout }}"
6 | }
7 | ]
8 | }
9 |
--------------------------------------------------------------------------------
/roles/deployment/repometa/templates/role_mappings/flink.j2:
--------------------------------------------------------------------------------
1 | FLINK:
2 | - FLINK_HISTORY_SERVER
3 | - GATEWAY
4 | SQL_STREAM_BUILDER:
5 | - STREAMING_SQL_ENGINE
6 | - MATERIALIZED_VIEW_ENGINE
7 | - STREAMING_SQL_CONSOLE
8 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/external_auth/templates/external_auth_mapping.j2:
--------------------------------------------------------------------------------
1 | {% import 'cm_api.j2' as cm_api with context %}
2 | {{ cm_api.ApiExternalUserMappingList(cloudera_manager_external_auth.type | default('LDAP'), [role_mapping]) }}
3 |
--------------------------------------------------------------------------------
/roles/config/services/solr_knox/templates/solr_knox_url.json:
--------------------------------------------------------------------------------
1 | {
2 | "items": [
3 | {
4 | "name": "gateway_descriptor_cdp_proxy",
5 | "value": "{{ new_gateway_descriptor_cdp_proxy }}"
6 | }
7 | ]
8 | }
9 |
--------------------------------------------------------------------------------
/roles/config/services/solr_knox/templates/solr_knox_url_api.json:
--------------------------------------------------------------------------------
1 | {
2 | "items": [
3 | {
4 | "name": "gateway_descriptor_cdp_proxy_api",
5 | "value": "{{ new_gateway_descriptor_cdp_proxy_api }}"
6 | }
7 | ]
8 | }
9 |
--------------------------------------------------------------------------------
/roles/config/services/kms_tls/files/kms_tls_cdh_kms.json:
--------------------------------------------------------------------------------
1 | {
2 | "items": [
3 |
4 | {
5 | "name": "hadoop_kms_authentication_signer_secret_provider_zookeeper_auth_type",
6 | "value": "sasl"
7 | }
8 |
9 | ]
10 | }
11 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/external_auth/templates/external_auth_mappings.j2:
--------------------------------------------------------------------------------
1 | {% import 'cm_api.j2' as cm_api with context %}
2 | {{ cm_api.ApiExternalUserMappingList(cloudera_manager_external_auth.type | default('LDAP'), cloudera_manager_external_auth.role_mappings) }}
3 |
--------------------------------------------------------------------------------
/roles/deployment/services/wxm/templates/wxm_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "items": [
3 | {
4 | "name": "telemetrypublisher_safety_valve",
5 | "value": "telemetry.upload.job.logs=true\ntelemetry.altus.url={{ wxm_dbus_api_server_url }}"
6 | }
7 | ]
8 | }
9 |
--------------------------------------------------------------------------------
/roles/deployment/cluster/templates/cluster_template/common/clusterSpec.j2:
--------------------------------------------------------------------------------
1 | {
2 | {%- if cluster.type | default('base') == 'compute' -%}
3 | "dataContextRefs": [{ "name": "{{ cluster.base_cluster.data_context | default('SDX') }}" }]
4 | {%- else -%}
5 | "dataContextRefs": []
6 | {%- endif -%}
7 | }
8 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/autotls/templates/auto-tls.json.j2:
--------------------------------------------------------------------------------
1 | {
2 | "customCA" : false,
3 | "configureAllServices" : "true",
4 | "sshPort" : 22,
5 | {% if freeipa_activated %}"trustedCaCerts" : "/etc/ipa/ca.crt",{% endif %}
6 | "userName" : "root",
7 | "password": "{{ node_password }}"
8 | }
9 |
--------------------------------------------------------------------------------
/roles/deployment/cluster/templates/cluster_template/ecs/hosts.j2:
--------------------------------------------------------------------------------
1 | {
2 | "items" : [
3 | {%- set host_joiner = joiner(",") -%}
4 | {%- for host in groups['ecs_nodes'] -%}
5 | {{ host_joiner() }}
6 | {
7 | "hostId" : "{{ cloudera_manager_api_hosts[host]['id'] }}"
8 | }
9 | {%- endfor -%}
10 | ]
11 | }
12 |
--------------------------------------------------------------------------------
/docs/roles/verify/inventory.md:
--------------------------------------------------------------------------------
1 | # Inventory Verification
2 |
3 | This role asserts basic expectations on the format of the inventory in isolation of the cluster definitions.
4 |
5 | Examples include:
6 | - Ensure that each group has at least 1 host
7 |
8 | This will allow us to make basic assumptions on the inventory's format.
9 |
--------------------------------------------------------------------------------
/roles/deployment/services/wxm/templates/add_telemetry.json:
--------------------------------------------------------------------------------
1 | {
2 | "items" : [
3 | {
4 | "name" : "mgmt-TELEMETRYPUBLISHER",
5 | "type" : "TELEMETRYPUBLISHER",
6 | "hostRef" : {
7 | "hostId" : "{{ tp_host_id }}",
8 | "hostname" : "{{ tp_host }}"
9 | }
10 | }
11 | ]
12 | }
13 |
--------------------------------------------------------------------------------
/roles/infrastructure/krb5_client/files/dbus_session.conf:
--------------------------------------------------------------------------------
1 |
3 |
4 | 360000
5 | 360000
6 |
7 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/cms_tls/files/cms_truststore_tls.json:
--------------------------------------------------------------------------------
1 | {
2 | "items": [
3 | {
4 | "name": "ssl_client_truststore_location",
5 | "value": "{{CM_AUTO_TLS}}"
6 | },
7 | {
8 | "name": "ssl_client_truststore_password",
9 | "value": "{{CM_AUTO_TLS}}"
10 | }
11 | ]
12 | }
13 |
--------------------------------------------------------------------------------
/roles/deployment/repometa/templates/role_mappings/accumulo.j2:
--------------------------------------------------------------------------------
1 | ACCUMULO16:
2 | - ACCUMULO16_GC
3 | - ACCUMULO16_MASTER
4 | - ACCUMULO16_MONITOR
5 | - ACCUMULO16_TRACER
6 | - ACCUMULO16_TSERVER
7 | ACCUMULO_C6:
8 | - ACCUMULO_GC
9 | - ACCUMULO_MASTER
10 | - ACCUMULO_MONITOR
11 | - ACCUMULO_TRACER
12 | - ACCUMULO_TSERVER
13 |
--------------------------------------------------------------------------------
/docs/getting-started.md:
--------------------------------------------------------------------------------
1 | # Getting Started
2 |
3 | cloudera.cluster is now an Ansible Galaxy collection and must therefore be used as part of a standalone playbook.
4 |
5 | For further details, please see https://github.com/cloudera-labs/cloudera-deploy
6 |
7 | Note: The docs in this section cover how to configure various aspects of this collection.
8 |
--------------------------------------------------------------------------------
/roles/deployment/repometa/templates/role_mappings/wxm.j2:
--------------------------------------------------------------------------------
1 | WXM:
2 | - DBUS_API_SERVICE
3 | - SIGMA_ADB_SERVICE
4 | - SIGMAADMIN_API_SERVICE
5 | - SIGMA_API_SERVICE
6 | - SIGMA_BASELINE_SERVICE
7 | - SIGMA_DBUS_SERVICE
8 | - SIGMA_ENTITIES_SERVICE
9 | - SIGMA_PIPELINES_SERVICE
10 | - SIGMA_SDX_SERVICE
11 | - THUNDERHEAD_SIGMA_CONSOLE
12 |
--------------------------------------------------------------------------------
/roles/config/cluster/base/templates/workarounds/OPSAPS-56076.j2:
--------------------------------------------------------------------------------
1 | NIFI:
2 | SERVICEWIDE:
3 | NIFI_service_env_safety_valve: "RANGER_SERVICE_NAME={{ cluster.name | lower | regex_replace(' ','_') }}_nifi"
4 | NIFIREGISTRY:
5 | SERVICEWIDE:
6 | NIFIREGISTRY_service_env_safety_valve: "RANGER_SERVICE_NAME={{ cluster.name | lower | regex_replace(' ','_') }}_nifiregistry"
7 |
--------------------------------------------------------------------------------
/roles/deployment/cluster/templates/cluster_template/ecs/clusters.j2:
--------------------------------------------------------------------------------
1 | {
2 | "items":
3 | [
4 | {
5 | "name" : "{{ cluster.name }}",
6 | "displayName": "{{ cluster.name }}",
7 | "version" : "DATA_SERVICES1",
8 | "fullVersion": "{{ products | cloudera.cluster.get_product_version('ECS') }}",
9 | "clusterType": "EXPERIENCE_CLUSTER"
10 | }
11 | ]
12 | }
13 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/services_info/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | cluster_name: Default
3 | ranger_user: "{{ ranger_rangeradmin_user | default('admin') }}"
4 | ranger_password: "{{ ranger_rangeradmin_user_password | default(cloudera_manager_admin_password) }}"
5 | solr_admin_password: "{{ solr_solradmin_user_password | default(cloudera_manager_admin_password) }}"
6 |
7 | wxm_api_port: 12022
8 |
--------------------------------------------------------------------------------
/roles/deployment/definition/templates/template_cluster_map.j2:
--------------------------------------------------------------------------------
1 | {% set q = "[?host_templates] | map(&{name: name, host_templates: host_templates | keys(@)}, @)" %}
2 | {% set cluster_host_templates = clusters | json_query(q) %}
3 | {% for cluster in cluster_host_templates %}
4 | {% for host_template in cluster.host_templates %}
5 | {{ host_template }}: {{ cluster.name }}
6 | {% endfor %}
7 | {% endfor %}
8 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/server_tls/templates/tls_configs.j2:
--------------------------------------------------------------------------------
1 | ---
2 | AGENT_TLS: true
3 | KEYSTORE_PATH: {{ tls_keystore_path_generic }}
4 | KEYSTORE_PASSWORD: {{ tls_keystore_password }}
5 | NEED_AGENT_HOSTNAME_VALIDATION: true
6 | NEED_AGENT_VALIDATION: true
7 | TRUSTSTORE_PATH: {{ tls_truststore_path | default('') }}
8 | TRUSTSTORE_PASSWORD: {{ tls_truststore_password | default('') }}
9 | WEB_TLS: true
10 |
--------------------------------------------------------------------------------
/docs/docsite/links.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | edit_on_github:
4 | repository: cloudera-labs/cloudera.cluster
5 | branch: main
6 | path_prefix: ""
7 |
8 | extra_links:
9 | - description: Submit a Bug Report
10 | url: https://github.com/cloudera-labs/cloudera.cluster/issues/new?labels=bug
11 | - description: Request a Feature
12 | url: https://github.com/cloudera-labs/cloudera.cluster/issues/new?labels=enhancement
13 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/cms_tls/files/cms_keystore_tls.json:
--------------------------------------------------------------------------------
1 | {
2 | "items": [
3 | {
4 | "name": "ssl_server_keystore_location",
5 | "value": "{{CM_AUTO_TLS}}"
6 | },
7 | {
8 | "name": "ssl_server_keystore_password",
9 | "value": "{{CM_AUTO_TLS}}"
10 | },
11 | {
12 | "name": "ssl_enabled",
13 | "value": "true"
14 | }
15 | ]
16 | }
17 |
--------------------------------------------------------------------------------
/roles/deployment/repometa/templates/role_mappings/main.j2:
--------------------------------------------------------------------------------
1 | ---
2 | {% for product in products %}
3 | {%- if product['product'] == "CDH" %}
4 | {%- set template_name = 'cdh' + product['version'][0] %}
5 | {%- else %}
6 | {%- set template_name = product['product'] | lower %}
7 | {%- endif %}
8 | {% include template_name + '.j2' %}
9 | {# the following empty line is very important! #}
10 |
11 | {% endfor %}
12 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/autotls/templates/auto-tls-key.json.j2:
--------------------------------------------------------------------------------
1 | {
2 | "customCA" : false,
3 | "configureAllServices" : "true",
4 | "sshPort" : 22,
5 | {% if freeipa_activated %}"trustedCaCerts" : "/etc/ipa/ca.crt",{% endif %}
6 | "userName" : "{{ sudoerUser|default("root") }}",
7 | "privateKey": "{{ node_key_one_line|default('~/node_key') }}"
8 | "passphrase": "{{ passphrase|default("") }}"
9 | }
10 |
--------------------------------------------------------------------------------
/roles/config/cluster/ecs/templates/configs/ecs.j2:
--------------------------------------------------------------------------------
1 | ---
2 | DOCKER:
3 | SERVICEWIDE:
4 | docker_images_destination_registry_user: registry-user
5 | ECS:
6 | SERVICEWIDE:
7 | k8s_webui_secret_admin_token: ecs-k8s_webui_secret_admin_token
8 | cp_prometheus_ingress_user: cloudera-manager
9 | infra_prometheus_ingress_user: cloudera-manager
10 | longhorn_replication: 1
11 | lsoDataPath: /ecs/storage
12 | app_domain: "{{ cluster.application_domain }}"
13 |
--------------------------------------------------------------------------------
/roles/operations/restart_mgmt_services/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: Deprecation warning
4 | run_once: true
5 | cloudera.cluster.deprecation:
6 | msg: "Role, {{ ansible_role_name }}, is no longer supported."
7 | version: 6.0.0
8 |
9 | - name: Restart Cloudera Manager Management Services
10 | cloudera.cluster.cm_api:
11 | endpoint: "/cm/service/roleCommands/restart"
12 | method: POST
13 | body:
14 | items: "{{ services_to_restart }}"
15 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/session_timeout/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: Deprecation warning
4 | run_once: true
5 | cloudera.cluster.deprecation:
6 | msg: "Role, {{ ansible_role_name }}, is no longer supported."
7 | version: 6.0.0
8 |
9 | - name: Set session timeout to 30 days
10 | cloudera.cluster.cm_api:
11 | endpoint: /cm/config
12 | method: PUT
13 | body: "{{ lookup('template', 'unlog.json') }}"
14 | notify:
15 | - restart cloudera-scm-server
16 |
--------------------------------------------------------------------------------
/roles/infrastructure/krb5_server/templates/RedHat/kdc.conf.j2:
--------------------------------------------------------------------------------
1 | [kdcdefaults]
2 | kdc_ports = 88
3 | kdc_tcp_ports = 88
4 |
5 | [realms]
6 | {{ krb5_realm|upper }} = {
7 | database_name = {{ krb5_kdc_database }}
8 | max_renewable_life = 7d
9 | master_key_type = aes256-cts
10 | acl_file = {{ krb5_kdc_state_directory }}/kadm5.acl
11 | dict_file = /usr/share/dict/words
12 | admin_keytab = {{ krb5_kdc_state_directory }}/kadm5.keytab
13 | supported_enctypes = {{ krb5_enc_types }}
14 | }
15 |
--------------------------------------------------------------------------------
/roles/config/cluster/base/templates/configs/logdirs-6.x.j2:
--------------------------------------------------------------------------------
1 | {%- set log_base = cluster.log_base | default('/var/log') | regex_replace('/$','') -%}
2 | ---
3 | HDFS:
4 | BALANCER:
5 | balancer_log_dir: "{{ log_base }}/hadoop-hdfs"
6 | HUE:
7 | SERVICEWIDE:
8 | audit_event_log_dir: "{{ log_base }}/hue/audit"
9 | SOLR:
10 | SERVICEWIDE:
11 | audit_event_log_dir: "{{ log_base }}/solr/audit"
12 | SPARK_ON_YARN:
13 | GATEWAY:
14 | lineage_event_log_dir: "{{ log_base }}/spark/lineage"
15 |
--------------------------------------------------------------------------------
/roles/config/cluster/base/templates/configs/schemaregistry.j2:
--------------------------------------------------------------------------------
1 | ---
2 | SCHEMAREGISTRY:
3 | SCHEMA_REGISTRY_SERVER:
4 | schema.registry.storage.connector.connectURI: "jdbc:{{ databases.SCHEMAREGISTRY.type | cloudera.cluster.format_database_type }}://{{ databases.SCHEMAREGISTRY.host }}:{{ databases.SCHEMAREGISTRY.port }}/{{ databases.SCHEMAREGISTRY.name }}"
5 | schema.registry.storage.connector.user: {{ databases.SCHEMAREGISTRY.user }}
6 | schema.registry.storage.connector.password: {{ databases.SCHEMAREGISTRY.password }}
7 |
--------------------------------------------------------------------------------
/roles/deployment/cluster/templates/sdx/data_context.j2:
--------------------------------------------------------------------------------
1 | {
2 | "name": "{{ data_context.name }}",
3 | "displayName": "{{ data_context.name }}",
4 | "services": [
5 | {%- set service_joiner = joiner(",") -%}
6 | {%- for service in data_context.services | default(cluster.services) | intersect(sdx_services) -%}
7 | {{ service_joiner() }}
8 | {
9 | "serviceName": "{{ service | lower }}",
10 | "serviceType": "{{ service }}",
11 | "clusterName": "{{ cluster.name }}"
12 | }
13 | {%- endfor -%}
14 | ]
15 | }
16 |
--------------------------------------------------------------------------------
/roles/config/services/mgmt/templates/configs/defaults.j2:
--------------------------------------------------------------------------------
1 | ---
2 | EVENTSERVER:
3 | eventserver_index_dir: /var/lib/cloudera-scm-eventserver
4 | HOSTMONITOR:
5 | firehose_storage_dir: /var/lib/cloudera-host-monitor
6 | NAVIGATORMETASERVER:
7 | data_dir: /var/lib/cloudera-scm-navigator
8 | REPORTSMANAGER:
9 | headlamp_scratch_dir: /var/lib/cloudera-scm-headlamp
10 | SERVICEMONITOR:
11 | firehose_storage_dir: /var/lib/cloudera-service-monitor
12 | TELEMETRYPUBLISHER:
13 | mgmt_data_dir: /var/lib/cloudera-scm-telemetrypublisher
14 |
--------------------------------------------------------------------------------
/roles/config/cluster/base/templates/workarounds/OPSAPS-55800.j2:
--------------------------------------------------------------------------------
1 | {% if cluster.security.kerberos | default(False) %}
2 | {% if cluster.security.tls | default(False) %}
3 | {% set protocol='SASL_SSL' %}
4 | {% else %}
5 | {% set protocol='SASL_PLAINTEXT' %}
6 | {% endif %}
7 | {% else %}
8 | {% if cluster.security.tls | default(False) %}
9 | {% set protocol='SSL' %}
10 | {% else %}
11 | {% set protocol='PLAINTEXT' %}
12 | {% endif %}
13 | {% endif %}
14 | ---
15 | CRUISE_CONTROL:
16 | CRUISE_CONTROL_SERVER:
17 | security.protocol: {{ protocol }}
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/cms_tls/files/cms_navigator_metaserver_keystore_tls.json:
--------------------------------------------------------------------------------
1 | {
2 | "items": [
3 | {
4 | "name": "ssl_server_keystore_location",
5 | "value": "{{CM_AUTO_TLS}}"
6 | },
7 | {
8 | "name": "ssl_server_keystore_password",
9 | "value": "{{CM_AUTO_TLS}}"
10 | },
11 | {
12 | "name": "ssl_server_keystore_keypassword",
13 | "value": "{{CM_AUTO_TLS}}"
14 | },
15 | {
16 | "name": "ssl_enabled",
17 | "value": "true"
18 | }
19 | ]
20 | }
21 |
--------------------------------------------------------------------------------
/roles/deployment/services/wxm/templates/add_altus_key.json:
--------------------------------------------------------------------------------
1 | {
2 | "typeName":"ALTUS_ACCESS_KEY_AUTH",
3 | "displayName":"altus-key-for-wxm",
4 | "name":"altus-key-for-wxm",
5 | "accountConfigs":
6 | {
7 | "items":
8 | [
9 | {
10 | "name":"access_key_id",
11 | "value":"{{ altus_key_id }}"
12 | },
13 | {
14 | "name":"private_key",
15 | "value":"{{ altus_private_key_one_line }}"
16 | }
17 | ]
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/roles/config/cluster/base/templates/configs/tls-6.x.j2:
--------------------------------------------------------------------------------
1 | ---
2 | FLUME:
3 | SERVICEWIDE:
4 | flume_keystore_file: {{ tls_keystore_path_generic }}
5 | flume_keystore_password: {{ tls_keystore_password }}
6 | HIVE:
7 | SERVICEWIDE:
8 | ssl_client_truststore_location: {{ tls_truststore_path }}
9 | ssl_client_truststore_password: {{ tls_truststore_password }}
10 | KEYTRUSTEE:
11 | KMS_KEYTRUSTEE:
12 | ssl_server_keystore_keypassword: {{ tls_keystore_password }}
13 | KMS:
14 | KMS:
15 | ssl_server_keystore_keypassword: {{ tls_keystore_password }}
16 |
--------------------------------------------------------------------------------
/docsbuild/templates/layout.html:
--------------------------------------------------------------------------------
1 | {# _templates/layout.html #}
2 | {% extends "!layout.html" %} {# Extends the theme's default layout.html #}
3 |
4 | {% block extrahead %}
5 | {{ super() }} {# This calls the original extrahead block content from the theme's layout.html #}
6 |
7 | {# Your Umami script #}
8 | {% if umami_script_src and umami_website_id %}
9 |
10 | {% endif %}
11 | {% endblock %}
12 |
13 | {# All other sections of the upstream layout.html are kept as is. #}
14 |
--------------------------------------------------------------------------------
/docs/roles/verify/definition.md:
--------------------------------------------------------------------------------
1 | # Definition Verification
2 |
3 | This role asserts expectations on the cluster definition.
4 |
5 | Here we focus on the clusters in aggregation.
6 |
7 | Examples include:
8 | - Ensure that TLS is configured in the inventory when specified in a cluster.
9 | - Each host template in the definition is matched to hosts in the inventory and vice versa.
10 | - All KTS/KMS configurations are set as expected.
11 | - Kerberos is enabled when Ranger or Sentry is present in the cluster.
12 |
13 | This will catch high-level errors when creating cluster definitions.
14 |
--------------------------------------------------------------------------------
/docs/docsite/config.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Whether the collection uses flatmapping to flatten subdirectories in
3 | # `plugins/*/`.
4 | flatmap: true
5 |
6 | # List of environment variables that are defined by `.. envvar::` directives
7 | # in the extra docsite RST files.
8 | envvar_directives: []
9 |
10 | # Changelog configuration (added in antsibull-docs 2.10.0)
11 | changelog:
12 | # Whether to write the changelog (taken from changelogs/changelog.yaml, see the
13 | # antsibull-changelog documentation for more information) and link to it from the
14 | # collection's index page.
15 | write_changelog: true
16 |
--------------------------------------------------------------------------------
/roles/infrastructure/krb5_server/templates/Debian/kdc.conf.j2:
--------------------------------------------------------------------------------
1 | [kdcdefaults]
2 | kdc_ports = 750,88
3 |
4 | [realms]
5 | {{ krb5_realm|upper }} = {
6 | database_name = {{ krb5_kdc_database }}
7 | admin_keytab = FILE:{{ krb5_kdc_state_directory }}/kadm5.keytab
8 | acl_file = {{ krb5_kdc_state_directory }}/kadm5.acl
9 | key_stash_file = {{ krb5_kdc_state_directory }}/stash
10 | kdc_ports = 750,88
11 | max_life = 10h 0m 0s
12 | max_renewable_life = 7d 0h 0m 0s
13 | master_key_type = aes256-cts
14 | supported_enctypes = {{ krb5_enc_types }}
15 | default_principal_flags = +preauth
16 | }
17 |
--------------------------------------------------------------------------------
/roles/operations/restart_cluster_services/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: Deprecation warning
4 | run_once: true
5 | cloudera.cluster.deprecation:
6 | msg: "Role, {{ ansible_role_name }}, is no longer supported."
7 | version: 6.0.0
8 |
9 | - name: Get All services from CM
10 | cloudera.cluster.cm_api:
11 | endpoint: "/clusters/{{ cluster_name | urlencode() }}/services"
12 | register: cloudera_manager_all_services
13 |
14 | - name: Handle Restarts
15 | include_tasks: service_restart.yml
16 | loop: "{{ services_to_restart }}"
17 | loop_control:
18 | loop_var: __service_restart_item
19 |
--------------------------------------------------------------------------------
/roles/operations/restart_cluster_services/tasks/service_restart.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Get Specific Service Name
3 | set_fact:
4 | restart_service_name: "{{ cloudera_manager_all_services | community.general.json_query(query) }}"
5 | vars:
6 | query: "items[?type == '{{ __service_restart_item }}'].name | [0]"
7 |
8 | - name: Restart Cluster Service
9 | cloudera.cluster.cm_api:
10 | endpoint: "/clusters/{{ cluster_base_name | urlencode() }}/services/{{ restart_service_name | lower }}/commands/restart"
11 | method: POST
12 |
13 | - name: Wait for restart to acknowledge
14 | wait_for:
15 | timeout: 15
16 |
--------------------------------------------------------------------------------
/roles/infrastructure/ca_server/templates/root_dn.j2:
--------------------------------------------------------------------------------
1 | {% set attr = ca_server_attrs_general | default({}) | combine(ca_server_attrs_root | default({})) %}
2 | - CN={{ attr.CN | default('Root CA') }}
3 | {% if attr.OU is defined %}
4 | {% if attr.OU is iterable and attr.OU is not string %}
5 | {% for ou in attr.OU %}
6 | - OU={{ ou }}
7 | {% endfor %}
8 | {% else %}
9 | - OU={{ attr.OU }}
10 | {% endif %}
11 | {% endif %}
12 | {% if attr.O is defined %}
13 | - O={{ attr.O }}
14 | {% endif %}
15 | {% if attr.ST is defined %}
16 | - ST={{ attr.ST }}
17 | {% endif %}
18 | {% if attr.C is defined %}
19 | - C={{ attr.C }}
20 | {% endif %}
21 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/autotls/files/cert.py_patch:
--------------------------------------------------------------------------------
1 | --- cert.py 2020-12-02 00:54:05.000000000 +0100
2 | +++ cert.py_2 2021-02-18 09:09:38.095192730 +0100
3 | @@ -1949,7 +1949,7 @@
4 | LOG.info("Could not find JKS truststore at location: %s. Converting "
5 | "PEM truststore to JKS." % cluster_ca_jks)
6 | generate_truststore(self.cfg.keytool, cluster_ca_jks, truststore_password,
7 | - cluster_ca_pem)
8 | + cluster_ca_pem, self.cfg.keystore_type)
9 |
10 | global_ca_pem = self.trust_files[GLOBAL_TLS_SET][PEM_TLS_TYPE]
11 | copied_cluster_to_global = False
12 |
--------------------------------------------------------------------------------
/roles/config/services/kms_tls/files/kms_tls_cdh.json:
--------------------------------------------------------------------------------
1 | {
2 | "items": [
3 | {
4 | "name": "ssl_enabled",
5 | "value": "true"
6 | },
7 | {
8 | "name": "ssl_server_keystore_location",
9 | "value": "{{CM_AUTO_TLS}}"
10 | },
11 | {
12 | "name": "ssl_server_keystore_password",
13 | "value": "{{CM_AUTO_TLS}}"
14 | },
15 | {
16 | "name": "ssl_client_truststore_location",
17 | "value": "{{CM_AUTO_TLS}}"
18 | },
19 | {
20 | "name": "ssl_client_truststore_password",
21 | "value": "{{CM_AUTO_TLS}}"
22 | }
23 | ]
24 | }
25 |
--------------------------------------------------------------------------------
/roles/infrastructure/ca_server/templates/intermediate_dn.j2:
--------------------------------------------------------------------------------
1 | {% set attr = ca_server_attrs_general | default({}) | combine(ca_server_attrs_intermediate | default({})) %}
2 | - CN={{ attr.CN | default('Intermediate CA') }}
3 | {% if attr.OU is defined %}
4 | {% if attr.OU is iterable and attr.OU is not string %}
5 | {% for ou in attr.OU %}
6 | - OU={{ ou }}
7 | {% endfor %}
8 | {% else %}
9 | - OU={{ attr.OU }}
10 | {% endif %}
11 | {% endif %}
12 | {% if attr.O is defined %}
13 | - O={{ attr.O }}
14 | {% endif %}
15 | {% if attr.ST is defined %}
16 | - ST={{ attr.ST }}
17 | {% endif %}
18 | {% if attr.C is defined %}
19 | - C={{ attr.C }}
20 | {% endif %}
21 |
--------------------------------------------------------------------------------
/roles/config/cluster/kts/templates/configs/tls.j2:
--------------------------------------------------------------------------------
1 | ---
2 | KEYTRUSTEE_SERVER:
3 | KEYTRUSTEE_ACTIVE_SERVER:
4 | ssl_server_ca_certificate_location: {{ tls_chain_path }}
5 | ssl_server_certificate_location: {{ tls_cert_path_generic }}
6 | ssl_server_privatekey_location: {{ tls_key_path_generic }}
7 | ssl_server_privatekey_password: {{ tls_key_password }}
8 | KEYTRUSTEE_PASSIVE_SERVER:
9 | ssl_server_ca_certificate_location: {{ tls_chain_path }}
10 | ssl_server_certificate_location: {{ tls_cert_path_generic }}
11 | ssl_server_privatekey_location: {{ tls_key_path_generic }}
12 | ssl_server_privatekey_password: {{ tls_key_password }}
13 |
--------------------------------------------------------------------------------
/roles/security/tls_generate_csr/templates/certificate_dn.j2:
--------------------------------------------------------------------------------
1 | {% set attr = ca_server_attrs_general | default({}) | combine(ca_server_attrs_host | default({})) %}
2 | - CN={{ cn_override | default(attr.CN | default(inventory_hostname)) }}
3 | {% if attr.OU is defined %}
4 | {% if attr.OU is iterable and attr.OU is not string %}
5 | {% for ou in attr.OU %}
6 | - OU={{ ou }}
7 | {% endfor %}
8 | {% else %}
9 | - OU={{ attr.OU }}
10 | {% endif %}
11 | {% endif %}
12 | {% if attr.O is defined %}
13 | - O={{ attr.O }}
14 | {% endif %}
15 | {% if attr.ST is defined %}
16 | - ST={{ attr.ST }}
17 | {% endif %}
18 | {% if attr.C is defined %}
19 | - C={{ attr.C }}
20 | {% endif %}
21 |
--------------------------------------------------------------------------------
/docsbuild/cloudera.css:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright 2025 Cloudera, Inc.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
--------------------------------------------------------------------------------
/requirements.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # Copyright 2025 Cloudera, Inc.
4 | #
5 | # Licensed under the Apache License, Version 2.0 (the "License");
6 | # you may not use this file except in compliance with the License.
7 | # You may obtain a copy of the License at
8 | #
9 | # http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 |
17 | # no-op
18 |
--------------------------------------------------------------------------------
/roles/config/services/kms/templates/configs/tls.j2:
--------------------------------------------------------------------------------
1 | KMS_KEYTRUSTEE:
2 | ssl_enabled: 'true'
3 | ssl_server_keystore_location: {{ tls_keystore_path_generic }}
4 | ssl_server_keystore_password: {{ tls_keystore_password }}
5 | ssl_client_truststore_location: {{ tls_truststore_path }}
6 | ssl_client_truststore_password: {{ tls_truststore_password }}
7 |
8 | RANGER_KMS_SERVER_KTS:
9 | ssl_enabled: 'true'
10 | ssl_server_keystore_location: {{ tls_keystore_path_generic }}
11 | ssl_server_keystore_password: {{ tls_keystore_password }}
12 | ssl_client_truststore_location: {{ tls_truststore_path }}
13 | ssl_client_truststore_password: {{ tls_truststore_password }}
14 |
--------------------------------------------------------------------------------
/roles/operations/restart_cluster/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: Deprecation warning
4 | run_once: true
5 | cloudera.cluster.deprecation:
6 | msg: "Role, {{ ansible_role_name }}, is no longer supported."
7 | version: 6.0.0
8 |
9 | - name: Restart cluster
10 | cm_api:
11 | endpoint: /clusters/{{ cluster_to_restart }}/commands/restart
12 | method: POST
13 | timeout: "{{ cluster_restart_timeout | default(3000) }}"
14 |
15 | - name: Re-deploy client configurations
16 | cm_api:
17 | endpoint: /clusters/{{ cluster_to_restart }}/commands/deployClientConfig
18 | method: POST
19 | timeout: "{{ cluster_restart_timeout | default(3000) }}"
20 |
--------------------------------------------------------------------------------
/roles/prereqs/jdk/README.md:
--------------------------------------------------------------------------------
1 |
16 |
--------------------------------------------------------------------------------
/roles/prereqs/os/README.md:
--------------------------------------------------------------------------------
1 |
16 |
--------------------------------------------------------------------------------
/roles/config/cluster/base/templates/configs/oom-6.3.0.j2:
--------------------------------------------------------------------------------
1 | {%- set oom_heap_dump_dir = cluster.oom.heap_dump_dir | default('/tmp') -%}
2 | {%- set oom_heap_dump_enabled = cluster.oom.heap_dump_enabled | default(True) -%}
3 | {%- set oom_sigkill_enabled = cluster.oom.sigkill_enabled | default(True) -%}
4 | ---
5 | FLUME:
6 | AGENT:
7 | oom_heap_dump_dir: {{ oom_heap_dump_dir }}
8 | oom_heap_dump_enabled: {{ oom_heap_dump_enabled }}
9 | oom_sigkill_enabled: {{ oom_sigkill_enabled }}
10 | SENTRY:
11 | SENTRY_SERVER:
12 | oom_heap_dump_dir: {{ oom_heap_dump_dir }}
13 | oom_heap_dump_enabled: {{ oom_heap_dump_enabled }}
14 | oom_sigkill_enabled: {{ oom_sigkill_enabled }}
15 |
--------------------------------------------------------------------------------
/roles/prereqs/license/README.md:
--------------------------------------------------------------------------------
1 |
16 |
--------------------------------------------------------------------------------
/roles/prereqs/pvc_ecs/README.md:
--------------------------------------------------------------------------------
1 |
16 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/autotls/tasks/patch_old_cm.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Copy patch to machines
3 | copy:
4 | src: "{{ role_path}}/files/cert.py_patch"
5 | dest: /opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/tools/cert.py_patch
6 | owner: cloudera-scm
7 | group: cloudera-scm
8 | mode: "0644"
9 |
10 | - name: Backup cert.py
11 | shell: cp /opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/tools/cert.py /opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/tools/cert.py.backup
12 |
13 | - name: Fix cert.py
14 | ansible.posix.patch:
15 | src: "{{ role_path}}/patch/cert.py_patch"
16 | dest: /opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/tools/cert.py
17 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/repo/vars/Suse.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
--------------------------------------------------------------------------------
/roles/deployment/groupby/README.md:
--------------------------------------------------------------------------------
1 |
16 |
--------------------------------------------------------------------------------
/roles/infrastructure/haproxy/README.md:
--------------------------------------------------------------------------------
1 |
16 |
--------------------------------------------------------------------------------
/roles/config/services/kms_tls/README.md:
--------------------------------------------------------------------------------
1 |
16 |
--------------------------------------------------------------------------------
/roles/config/services/oozie_ui/README.md:
--------------------------------------------------------------------------------
1 |
16 |
--------------------------------------------------------------------------------
/roles/deployment/services/kms_ha/README.md:
--------------------------------------------------------------------------------
1 |
16 |
--------------------------------------------------------------------------------
/roles/infrastructure/custom_repo/README.md:
--------------------------------------------------------------------------------
1 |
16 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/hosts_config/README.md:
--------------------------------------------------------------------------------
1 |
16 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/preload_parcels/README.md:
--------------------------------------------------------------------------------
1 |
16 |
--------------------------------------------------------------------------------
/roles/config/services/mgmt/templates/configs/varlib-7.1.0.j2:
--------------------------------------------------------------------------------
1 | {%- set varlib_base = definition.mgmt.varlib_base | default('/var/lib') | regex_replace('/$','') -%}
2 | ---
3 | EVENTSERVER:
4 | eventserver_index_dir: "{{ varlib_base }}/cloudera-scm-eventserver"
5 | HOSTMONITOR:
6 | firehose_storage_dir: "{{ varlib_base }}/cloudera-host-monitor"
7 | NAVIGATORMETASERVER:
8 | data_dir: "{{ varlib_base }}/cloudera-scm-navigator"
9 | REPORTSMANAGER:
10 | headlamp_scratch_dir: "{{ varlib_base }}/cloudera-scm-headlamp"
11 | SERVICEMONITOR:
12 | firehose_storage_dir: "{{ varlib_base }}/cloudera-service-monitor"
13 | TELEMETRYPUBLISHER:
14 | mgmt_data_dir: "{{ varlib_base }}/cloudera-scm-telemetrypublisher"
15 |
--------------------------------------------------------------------------------
/roles/infrastructure/rdbms/vars/mariadb-RedHat.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
--------------------------------------------------------------------------------
/roles/teardown/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # teardown
18 |
--------------------------------------------------------------------------------
/bindep.txt:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | # ansible.posix.patch
16 | patch [platform:rpm]
17 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/external_account/defaults/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/external_account/vars/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
--------------------------------------------------------------------------------
/roles/prereqs/kerberos/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # prereqs.kerberos
18 |
--------------------------------------------------------------------------------
/roles/verify/inventory/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # verify.inventory
18 |
--------------------------------------------------------------------------------
/roles/assemble_template/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # assemble_template
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/external_auth/defaults/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | freeipa_activated: false
18 |
--------------------------------------------------------------------------------
/roles/config/cluster/base/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # config.cluster.base
18 |
--------------------------------------------------------------------------------
/roles/config/cluster/ecs/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # config.cluster.ecs
18 |
--------------------------------------------------------------------------------
/roles/config/cluster/kts/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # config.cluster.kts
18 |
--------------------------------------------------------------------------------
/roles/config/services/kms/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # config.services.kms
18 |
--------------------------------------------------------------------------------
/roles/deployment/cluster/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # deployment.cluster
18 |
--------------------------------------------------------------------------------
/roles/deployment/repometa/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # deployment.repometa
18 |
--------------------------------------------------------------------------------
/roles/security/tls_clean/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # security.tls_clean
18 |
--------------------------------------------------------------------------------
/roles/security/tls_generate_csr/templates/csr.cnf.j2:
--------------------------------------------------------------------------------
1 | [ CA_default ]
2 | # Directory and file locations.
3 | default_md = sha256
4 |
5 | [ req ]
6 | # Options for the `req` tool (`man req`).
7 | default_bits = 2048
8 | req_extensions = cloudera_req
9 | distinguished_name = req_distinguished_name
10 |
11 | [req_distinguished_name]
12 |
13 | [ cloudera_req ]
14 | basicConstraints = CA:FALSE
15 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment
16 | extendedKeyUsage = serverAuth, clientAuth
17 | subjectAltName = @alt_names
18 |
19 | [alt_names]
20 | DNS.1 = {{ inventory_hostname }}
21 | {% for san in subject_alternative_names | default([]) %}
22 | DNS.{{ loop.index + 1 }} = {{ san }}
23 | {% endfor %}
24 |
--------------------------------------------------------------------------------
/roles/security/tls_nifi/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # security.tls_nifi
18 |
--------------------------------------------------------------------------------
/roles/verify/definition/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # verify.definition
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/csds/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # cloudera_manager.csds
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/repo/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # cloudera_manager.repo
18 |
--------------------------------------------------------------------------------
/roles/config/cluster/base/templates/configs/tls-7.1.4.j2:
--------------------------------------------------------------------------------
1 | ---
2 | OOZIE:
3 | OOZIE_SERVER:
4 | oozie_zookeeper_https_keystore_file: {{ tls_keystore_path_generic }}
5 | oozie_zookeeper_https_keystore_password: {{ tls_keystore_password }}
6 | oozie_zookeeper_https_truststore_file: {{ tls_truststore_path }}
7 | oozie_zookeeper_https_truststore_password: {{ tls_truststore_password }}
8 | RANGER_RMS:
9 | RANGER_RMS_SERVER:
10 | ssl_client_truststore_location: {{ tls_truststore_path }}
11 | ssl_client_truststore_password: {{ tls_truststore_password }}
12 | ssl_enabled: true
13 | ssl_server_keystore_location: {{ tls_keystore_path_generic }}
14 | ssl_server_keystore_password: {{ tls_keystore_password }}
15 |
--------------------------------------------------------------------------------
/roles/config/services/mgmt/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # config.services.mgmt
18 |
--------------------------------------------------------------------------------
/roles/deployment/credential/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # deployment.credential
18 |
--------------------------------------------------------------------------------
/roles/deployment/databases/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # deployment.databases
18 |
--------------------------------------------------------------------------------
/roles/deployment/definition/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # deployment.definition
18 |
--------------------------------------------------------------------------------
/roles/infrastructure/rdbms/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # infrastructure.rdbms
18 |
--------------------------------------------------------------------------------
/roles/operations/delete_cms/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # operations.delete_cms
18 |
--------------------------------------------------------------------------------
/roles/prereqs/user_accounts/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # prereqs.user_accounts
18 |
--------------------------------------------------------------------------------
/roles/security/tls_signing/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # security.tls_signing
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/agent/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # cloudera_manager.agent
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/autotls/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # cloudera_manager.autotls
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/cms_tls/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # cloudera_manager.cms_tls
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/common/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # cloudera_manager.common
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/config/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # cloudera_manager.config
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/daemons/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # cloudera_manager.daemons
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/license/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # cloudera_manager.license
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/server/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # cloudera_manager.server
18 |
--------------------------------------------------------------------------------
/roles/deployment/services/kms/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # deployment.services.kms
18 |
--------------------------------------------------------------------------------
/roles/deployment/services/mgmt/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # deployment.services.mgmt
18 |
--------------------------------------------------------------------------------
/roles/deployment/services/wxm/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # deployment.services.wxm
18 |
--------------------------------------------------------------------------------
/roles/infrastructure/ca_common/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # infrastructure.ca_common
18 |
--------------------------------------------------------------------------------
/roles/infrastructure/ca_server/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # infrastructure.ca_server
18 |
--------------------------------------------------------------------------------
/roles/infrastructure/krb5_client/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
4 | #
5 | # Licensed under the Apache License, Version 2.0 (the "License");
6 | # you may not use this file except in compliance with the License.
7 | # You may obtain a copy of the License at
8 | #
9 | # http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 |
17 | freeipa_enroll: true
18 |
--------------------------------------------------------------------------------
/roles/infrastructure/krb5_client/vars/Debian.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | krb5_packages: krb5-user
17 |
--------------------------------------------------------------------------------
/roles/infrastructure/krb5_client/vars/Suse.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | krb5_packages: krb5-client
17 |
--------------------------------------------------------------------------------
/roles/infrastructure/krb5_conf/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # infrastructure.krb5_conf
18 |
--------------------------------------------------------------------------------
/roles/operations/restart_stale/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # operations.restart_stale
18 |
--------------------------------------------------------------------------------
/roles/operations/stop_cluster/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # operations.stop_cluster
18 |
--------------------------------------------------------------------------------
/roles/prereqs/mysql_connector/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # prereqs.mysql_connector
18 |
--------------------------------------------------------------------------------
/roles/prereqs/oracle_connector/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # prereqs.oracle_connector
18 |
--------------------------------------------------------------------------------
/roles/security/tls_signing/defaults/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | keytool_path: /usr/bin/keytool
17 |
--------------------------------------------------------------------------------
/roles/verify/parcels_and_roles/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # verify.parcels_and_roles
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/api_hosts/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # cloudera_manager.api_hosts
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/database/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # cloudera_manager.database
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/kerberos/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # cloudera_manager.kerberos
18 |
--------------------------------------------------------------------------------
/roles/config/services/solr_knox/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # config.services.solr_knox
18 |
--------------------------------------------------------------------------------
/roles/infrastructure/ca_server/vars/Debian.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | ca_server_root_key_cipher: auto
17 |
--------------------------------------------------------------------------------
/roles/infrastructure/krb5_client/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # infrastructure.krb5_client
18 |
--------------------------------------------------------------------------------
/roles/infrastructure/krb5_server/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # infrastructure.krb5_server
18 |
--------------------------------------------------------------------------------
/roles/operations/delete_cluster/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # operations.delete_cluster
18 |
--------------------------------------------------------------------------------
/roles/operations/restart_cluster/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # operations.restart_cluster
18 |
--------------------------------------------------------------------------------
/roles/prereqs/user_accounts_ecs/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # prereqs.user_accounts_ecs
18 |
--------------------------------------------------------------------------------
/roles/security/tls_generate_csr/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # security.tls_generate_csr
18 |
--------------------------------------------------------------------------------
/roles/security/tls_install_certs/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # security.tls_install_certs
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/agent_config/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # cloudera_manager.agent_config
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/api_client/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # cloudera_manager.api_client
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/license/defaults/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | cloudera_manager_license_type: trial
17 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/server_tls/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # cloudera_manager.server_tls
18 |
--------------------------------------------------------------------------------
/roles/config/services/hue_ticket_lifetime/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: Deprecation warning
4 | run_once: true
5 | cloudera.cluster.deprecation:
6 | msg: "Role, {{ ansible_role_name }}, is no longer supported."
7 | version: 6.0.0
8 |
9 | - name: Fix Hue ticket lifetime for Free IPA
10 | shell: |
11 | kadmin -p "{{ ipa_admin_user }}" -w "{{ ipaadmin_password }}" -q "modprinc -maxrenewlife 90day +allow_renewable hue/{{ __hue_ticket_item }}@{{ krb5_realm }}" ;
12 | kadmin -p "{{ ipa_admin_user }}" -w "{{ ipaadmin_password }}" -q "modprinc -maxrenewlife 90day krbtgt/{{ krb5_realm }}@{{ krb5_realm }}" ;
13 | loop: "{{ groups['all'] }}"
14 | loop_control:
15 | loop_var: __hue_ticket_item
16 | ignore_errors: true
17 |
--------------------------------------------------------------------------------
/roles/infrastructure/ca_server/vars/RedHat.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | ca_server_root_key_cipher: auto
18 |
--------------------------------------------------------------------------------
/roles/infrastructure/rdbms/vars/mysql-RedHat.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | mysql_packages:
18 | - mysql
19 | - mysql-server
20 |
--------------------------------------------------------------------------------
/roles/prereqs/postgresql_connector/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # prereqs.postgresql_connector
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/external_auth/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # cloudera_manager.external_auth
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/services_info/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # cloudera_manager.services_info
18 |
--------------------------------------------------------------------------------
/.ansible-lint:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | profile: production
16 | quiet: true
17 | strict: true
18 | verbosity: 1
19 | offline: true
20 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/agent/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera_manager/repo
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/external_account/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # cloudera_manager.external_account
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/session_timeout/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # cloudera_manager.session_timeout
18 |
--------------------------------------------------------------------------------
/roles/config/cluster/base/templates/configs/trusted-realms.j2:
--------------------------------------------------------------------------------
1 | ---
2 | {% set additional_realms = auth_providers | default({}) | dict2items | json_query('[?value.type == `KERBEROS`].value.krb5_realm') %}
3 | CORE_SETTINGS:
4 | SERVICEWIDE:
5 | trusted_realms: "{{ ','.join([krb5_realm] + additional_realms) }}"
6 | HDFS:
7 | SERVICEWIDE:
8 | trusted_realms: "{{ ','.join([krb5_realm] + additional_realms) }}"
9 | KAFKA:
10 | KAFKA_BROKER:
11 | kafka.properties_role_safety_valve: |
12 | sasl.kerberos.principal.to.local.rules={% for trusted_realm in additional_realms %}RULE:[1:$1@$0](.*@{{ trusted_realm|upper }})s/@{{ trusted_realm|upper }}// , RULE:[2:$1@$0](.*@{{ trusted_realm|upper }})s/@{{ trusted_realm|upper }}// , {% endfor %}DEFAULT
13 |
--------------------------------------------------------------------------------
/roles/config/services/solr_ranger_plugin/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # config.services.solr_ranger_plugin
18 |
--------------------------------------------------------------------------------
/roles/operations/refresh_ranger_kms_repo/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # operations.refresh_ranger_kms_repo
18 |
--------------------------------------------------------------------------------
/roles/operations/restart_mgmt_services/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # operations.restart_mgmt_services
18 |
--------------------------------------------------------------------------------
/roles/prereqs/kerberos/vars/Debian.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | krb5_packages: krb5-user
17 | ldap_packages: ldap-utils
18 |
--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | # For cm_service lookup
16 | cm-client
17 |
18 | # For cm_license lookup
19 | python-gnupg
20 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/admin_password/set/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # cloudera_manager.admin_password.set
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/database/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera_manager/common
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/session_timeout/defaults/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | cloudera_manager_session_timeout: 2592000
17 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/wait_for_heartbeat/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # cloudera_manager.wait_for_heartbeat
18 |
--------------------------------------------------------------------------------
/roles/config/services/hue_ticket_lifetime/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # config.services.hue_ticket_lifetime
18 |
--------------------------------------------------------------------------------
/roles/infrastructure/custom_repo/vars/Debian.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | httpd_package: apache2
17 | httpd_service: apache2
18 |
--------------------------------------------------------------------------------
/roles/infrastructure/custom_repo/vars/RedHat.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | httpd_package: httpd
18 | httpd_service: httpd
19 |
--------------------------------------------------------------------------------
/roles/infrastructure/krb5_common/templates/krb5.conf.j2:
--------------------------------------------------------------------------------
1 | [libdefaults]
2 | default_realm = {{ krb5_realm|upper }}
3 | dns_lookup_kdc = false
4 | dns_lookup_realm = false
5 | ticket_lifetime = 1d
6 | renew_lifetime = 7d
7 | forwardable = true
8 | default_tgs_enctypes = {{ krb5_enc_types }}
9 | default_tkt_enctypes = {{ krb5_enc_types }}
10 | permitted_enctypes = {{ krb5_enc_types }}
11 | udp_preference_limit = 1
12 | kdc_timeout = 3000
13 |
14 | [realms]
15 | {{ krb5_realm|upper }} = {
16 | kdc = {{ krb5_kdc_host | default(groups['krb5_server'][0]) }}
17 | admin_server = {{ krb5_kdc_host | default(groups['krb5_server'][0]) }}
18 | }
19 |
20 | [domain_realm]
21 | .{{ ansible_domain }} = {{ krb5_realm|upper }}
22 | {{ ansible_domain }} = {{ krb5_realm|upper }}
23 |
--------------------------------------------------------------------------------
/roles/infrastructure/krb5_conf/templates/krb5.conf.j2:
--------------------------------------------------------------------------------
1 | [libdefaults]
2 | default_realm = {{ krb5_realm|upper }}
3 | dns_lookup_kdc = false
4 | dns_lookup_realm = false
5 | ticket_lifetime = 1d
6 | renew_lifetime = 7d
7 | forwardable = true
8 | default_tgs_enctypes = {{ krb5_enc_types }}
9 | default_tkt_enctypes = {{ krb5_enc_types }}
10 | permitted_enctypes = {{ krb5_enc_types }}
11 | udp_preference_limit = 1
12 | kdc_timeout = 3000
13 |
14 | [realms]
15 | {{ krb5_realm|upper }} = {
16 | kdc = {{ krb5_kdc_host | default(groups['krb5_server'][0]) }}
17 | admin_server = {{ krb5_kdc_host | default(groups['krb5_server'][0]) }}
18 | }
19 |
20 | [domain_realm]
21 | .{{ ansible_domain }} = {{ krb5_realm|upper }}
22 | {{ ansible_domain }} = {{ krb5_realm|upper }}
23 |
--------------------------------------------------------------------------------
/roles/operations/restart_cluster_services/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # operations.restart_cluster_services
18 |
--------------------------------------------------------------------------------
/roles/prereqs/kerberos/vars/Suse.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | krb5_packages: krb5-client
17 | ldap_packages: openldap2-clients
18 |
--------------------------------------------------------------------------------
/docs/roles/verify/parcels_and_roles.md:
--------------------------------------------------------------------------------
1 | # Parcels and Roles Verification
2 |
3 | The role ensures the service and roles configured in each cluster pass a number of basic assertions.
4 |
5 | For each cluster, this role downloads the manifest of each repository and, combining this with a service-role mapping, verifies that the services and roles configured in each cluster matches the parcels included.
6 |
7 | Here we focus on individual clusters.
8 |
9 | Examples include:
10 | - Ensure that all services configured match the parcels services.
11 | - Ensure that all roles configured have the correct parent service
12 | - Ensure that all roles in `configs` are included in the templates.
13 |
14 | This will catch many systematic errors when creating cluster definitions.
15 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/admin_password/check/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # cloudera_manager.admin_password.check
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/api_hosts/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera_manager/api_client
18 |
--------------------------------------------------------------------------------
/roles/deployment/credential/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.prereqs.license
18 |
--------------------------------------------------------------------------------
/roles/deployment/repometa/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.deployment.credential
18 |
--------------------------------------------------------------------------------
/roles/infrastructure/krb5_server/vars/Suse.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | krb5_packages:
17 | - krb5-server
18 | - krb5-client
19 |
--------------------------------------------------------------------------------
/roles/operations/stop_cluster/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | dependencies:
18 | - role: cloudera_manager/api_client
19 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/common/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.deployment.definition
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/server/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.cloudera_manager.repo
18 |
--------------------------------------------------------------------------------
/roles/deployment/databases/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.deployment.definition
18 |
--------------------------------------------------------------------------------
/roles/deployment/services/kts_high_availability/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # deployment.services.kts_high_availability
18 |
--------------------------------------------------------------------------------
/roles/infrastructure/ca_common/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.deployment.definition
18 |
--------------------------------------------------------------------------------
/roles/infrastructure/krb5_client/vars/RedHat.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | krb5_packages:
17 | - krb5-libs
18 | - krb5-workstation
19 |
--------------------------------------------------------------------------------
/roles/operations/delete_cluster/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | dependencies:
18 | - role: cloudera_manager/api_client
19 |
--------------------------------------------------------------------------------
/roles/prereqs/jdk/vars/Debian.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | __jdk_package_name_8: openjdk-8-jdk
17 | __jdk_package_name_11: openjdk-11-jdk
18 |
--------------------------------------------------------------------------------
/roles/prereqs/kerberos/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.infrastructure.krb5_client
18 |
--------------------------------------------------------------------------------
/roles/prereqs/mysql_connector/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.deployment.definition
18 |
--------------------------------------------------------------------------------
/roles/prereqs/oracle_connector/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.deployment.definition
18 |
--------------------------------------------------------------------------------
/roles/security/tls_clean/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.infrastructure.ca_common
18 |
--------------------------------------------------------------------------------
/roles/security/tls_signing/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.infrastructure.ca_common
18 |
--------------------------------------------------------------------------------
/roles/verify/inventory/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.infrastructure.krb5_common
18 |
--------------------------------------------------------------------------------
/roles/verify/parcels_and_roles/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.deployment.definition
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/config/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.cloudera_manager.api_client
18 |
--------------------------------------------------------------------------------
/roles/config/services/ranger_pvc_default_policies/README.md:
--------------------------------------------------------------------------------
1 |
16 |
17 | # config.services.ranger_pvc_default_policies
18 |
--------------------------------------------------------------------------------
/roles/infrastructure/ca_server/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.infrastructure.ca_common
18 |
--------------------------------------------------------------------------------
/roles/infrastructure/krb5_conf/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.infrastructure.krb5_common
18 |
--------------------------------------------------------------------------------
/roles/infrastructure/krb5_server/defaults/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | krb5_kdc_master_password: "{{ cloudera_manager_admin_password }}"
17 |
--------------------------------------------------------------------------------
/roles/prereqs/postgresql_connector/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.deployment.definition
18 |
--------------------------------------------------------------------------------
/roles/prereqs/user_accounts_ecs/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.deployment.definition
18 |
--------------------------------------------------------------------------------
/roles/security/tls_install_certs/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.infrastructure.ca_common
18 |
--------------------------------------------------------------------------------
/roles/security/tls_nifi/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | dependencies:
18 | - role: cloudera.cluster.infrastructure.ca_common
19 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/cms_tls/files/cms_navigator_keystore_tls.json:
--------------------------------------------------------------------------------
1 | {
2 | "items": [
3 | {
4 | "name": "navigator_truststore_file",
5 | "value": "{{CM_AUTO_TLS}}"
6 | },
7 | {
8 | "name": "navigator_truststore_password",
9 | "value": "{{CM_AUTO_TLS}}"
10 | },
11 | {
12 | "name": "ssl_server_keystore_location",
13 | "value": "{{CM_AUTO_TLS}}"
14 | },
15 | {
16 | "name": "ssl_server_keystore_password",
17 | "value": "{{CM_AUTO_TLS}}"
18 | },
19 | {
20 | "name": "ssl_server_keystore_keypassword",
21 | "value": "{{CM_AUTO_TLS}}"
22 | },
23 | {
24 | "name": "ssl_enabled",
25 | "value": "true"
26 | }
27 | ]
28 | }
29 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/daemons/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | dependencies:
18 | - role: cloudera.cluster.cloudera_manager.repo
19 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/preload_parcels/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 |
16 | preload_parcels: "{{ definition.preload_parcels | default([]) }}"
17 |
--------------------------------------------------------------------------------
/roles/config/services/solr_knox/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: Deprecation warning
4 | run_once: true
5 | cloudera.cluster.deprecation:
6 | msg: "Role, {{ ansible_role_name }}, is no longer supported."
7 | version: 6.0.0
8 |
9 | # Add Solr host to Knox
10 | - name: add solr host in config
11 | include_tasks: add_solr_knox_host.yml
12 | loop: "{{ solr_all_hosts }}"
13 | loop_control:
14 | loop_var: solr_host
15 | when: solr_all_hosts | length > 0
16 |
17 | # Restart Knox
18 | - name: Restart Knox
19 | cloudera.cluster.cm_api:
20 | method: POST
21 | endpoint: "/clusters/{{ cluster_name | urlencode() }}/services/{{ knox_service_name | lower }}/commands/restart"
22 | when:
23 | - __add_solr_knox is defined
24 | - __add_solr_knox.changed
25 |
--------------------------------------------------------------------------------
/roles/config/services/solr_ranger_plugin/templates/solr_plugin.json:
--------------------------------------------------------------------------------
1 | {
2 | "isEnabled": true,
3 | "createdBy": "Admin",
4 | "updatedBy": "Admin",
5 | "type": "solr",
6 | "name": "cm_solr",
7 | "displayName": "cm_solr",
8 | "description": "",
9 | "tagService": "cm_tag",
10 | "configs": {
11 | "username": "admin",
12 | "password": "{{ solr_admin_password }}",
13 | "solr.url": "{{ solr_url }}/solr",
14 | "commonNameForCertificate": "",
15 | "tag.download.auth.users": "solr",
16 | "policy.download.auth.users": "solr",
17 | "ranger.plugin.audit.filters": "[{'accessResult':'DENIED','isAudited':true},{'users':['hive','hdfs','kafka','hbase','solr','rangerraz','knox','atlas'],'isAudited':false}]"
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/roles/infrastructure/rdbms/handlers/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | - name: yum clean metadata
17 | ansible.builtin.command: yum clean metadata
18 |
--------------------------------------------------------------------------------
/roles/operations/delete_cms/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | dependencies:
18 | - role: cloudera.cluster.cloudera_manager.api_client
19 |
--------------------------------------------------------------------------------
/roles/operations/restart_cluster/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.cloudera_manager.api_client
18 |
--------------------------------------------------------------------------------
/roles/operations/restart_stale/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.cloudera_manager.api_client
18 |
--------------------------------------------------------------------------------
/roles/security/tls_generate_csr/defaults/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | keytool_path: /usr/bin/keytool
18 | openssl_path: /usr/bin/openssl
19 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/autotls/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | dependencies:
18 | - role: cloudera.cluster.cloudera_manager.api_client
19 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/csds/defaults/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | cloudera_manager_csd_directory: /opt/cloudera/csd
17 | cloudera_manager_csds: []
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/external_account/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.cloudera_manager.api_client
18 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/kerberos/templates/kerberos_configs.j2:
--------------------------------------------------------------------------------
1 | KDC_HOST: {{ krb5_kdc_host | default(groups['krb5_server'][0]) }}
2 | KDC_TYPE: {{ krb5_kdc_type }}
3 | KRB_ENC_TYPES: {{ krb5_enc_types }}
4 | SECURITY_REALM: {{ krb5_realm }}
5 | AD_ACCOUNT_PREFIX: {{ krb5_kdc_active_directory_prefix | default(None) }}
6 | AD_KDC_DOMAIN: {{ krb5_kdc_active_directory_suffix | default(None) }}
7 | AD_DELETE_ON_REGENERATE: {{ krb5_kdc_active_directory_delete_on_regenerate | default('true') }}
8 | KDC_ACCOUNT_CREATION_HOST_OVERRIDE: {{ krb5_kdc_account_creation_host_override | default(None) }}
9 | AD_SET_ENCRYPTION_TYPES: {{ krb5_kdc_active_directory_set_encryption_types | default('false') }}
10 | GEN_KEYTAB_SCRIPT: {{ krb5_keytab_retrieval_script | default(None) }}
11 |
--------------------------------------------------------------------------------
/roles/deployment/services/mgmt/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | dependencies:
18 | - role: cloudera.cluster.cloudera_manager.api_hosts
19 |
--------------------------------------------------------------------------------
/roles/deployment/services/wxm/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | dependencies:
18 | - role: cloudera.cluster.cloudera_manager.services_info
19 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/services_info/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | dependencies:
18 | - role: cloudera.cluster.cloudera_manager.api_client
19 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/session_timeout/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | dependencies:
18 | - role: cloudera.cluster.cloudera_manager.api_client
19 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/wait_for_heartbeat/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.cloudera_manager.api_client
18 |
--------------------------------------------------------------------------------
/roles/config/services/hue_ticket_lifetime/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.infrastructure.krb5_common
18 |
--------------------------------------------------------------------------------
/roles/config/services/solr_knox/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | dependencies:
18 | - role: cloudera.cluster.cloudera_manager.services_info
19 |
--------------------------------------------------------------------------------
/roles/prereqs/jdk/vars/RedHat.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | __jdk_package_name_8: java-1.8.0-openjdk-devel
17 | __jdk_package_name_11: java-11-openjdk-devel
18 |
--------------------------------------------------------------------------------
/roles/prereqs/jdk/vars/Suse.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | __jdk_package_name_8: java-1_8_0-openjdk-devel
17 | __jdk_package_name_11: java-11-openjdk-devel
18 |
--------------------------------------------------------------------------------
/roles/prereqs/os/vars/Suse.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | nscd_package: nscd
18 | nscd_service: nscd
19 | rngd_package: rng-tools
20 | rngd_service: rngd
21 |
--------------------------------------------------------------------------------
/tests/unit/plugins/modules/assemble_cluster_template/fragments/base.json:
--------------------------------------------------------------------------------
1 | {
2 | "cdhVersion": "1.2.3",
3 | "cmVersion": "4.5.6",
4 | "displayName": "ExampleClusterTemplate",
5 | "hostTemplates": [
6 | {
7 | "cardinality": 1,
8 | "refName": "ExampleHostTemplate",
9 | "roleConfigGroupsRefNames": []
10 | }
11 | ],
12 | "instantiator": {
13 | "clusterName": "ExampleCluster",
14 | "hosts": [
15 | {
16 | "hostName": "host.example.com",
17 | "hostTemplateRefName": "ExampleHostTemplate"
18 | }
19 | ]
20 | },
21 | "products": [
22 | {
23 | "product": "CDH",
24 | "version": "1.2.3"
25 | }
26 | ],
27 | "repositories": [
28 | "https://archive.cloudera.com/"
29 | ],
30 | "services": []
31 | }
32 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/admin_password/check/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | dependencies:
18 | - role: cloudera.cluster.cloudera_manager.common
19 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/admin_password/set/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | dependencies:
18 | - role: cloudera.cluster.cloudera_manager.api_client
19 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/api_hosts/templates/host_list.j2:
--------------------------------------------------------------------------------
1 | {%- set cloudera_manager_hosts = {} -%}
2 | {%- for k, v in hostvars.items() -%}
3 | {%- for host in api_hosts_response['json']['items'] -%}
4 | {%- set found_host = False -%}
5 | {%- if host.hostname == v.inventory_hostname or host.ipAddress == v.inventory_hostname -%}
6 | {%- set found_host = True -%}
7 | {%- elif alternative_ip|default('private_ip') in v and host.ipAddress == v[alternative_ip|default('private_ip')] -%}
8 | {%- set found_host = True -%}
9 | {%- endif -%}
10 | {%- if found_host -%}
11 | {%- set x = cloudera_manager_hosts.__setitem__(k, { "id": host.hostId, "hostname": host.hostname }) -%}
12 | {%- endif -%}
13 | {%- endfor -%}
14 | {%- endfor -%}
15 | {{ cloudera_manager_hosts }}
16 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/autotls/defaults/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | host_ssh_username: root
18 | host_ssh_password: cloudera
19 | sudoerUser: centos
20 |
--------------------------------------------------------------------------------
/roles/config/services/solr_ranger_plugin/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | dependencies:
18 | - role: cloudera.cluster.cloudera_manager.services_info
19 |
--------------------------------------------------------------------------------
/roles/deployment/cluster/templates/cluster_template/kts/instantiator.j2:
--------------------------------------------------------------------------------
1 | {%- set host_joiner = joiner(",") -%}
2 | {
3 | "clusterName": "{{ cluster.name }}",
4 | "hosts": [
5 | {%- if 'kts_active' in groups -%}
6 | {{ host_joiner() }}
7 | {
8 | "hostName": "{{ cloudera_manager_api_hosts[groups.kts_active[0]]['hostname'] }}",
9 | "hostTemplateRefName": "HostTemplate-KTS-Active"
10 | }
11 | {%- endif -%}
12 | {%- if 'kts_passive' in groups -%}
13 | {{ host_joiner() }}
14 | {
15 | "hostName": "{{ cloudera_manager_api_hosts[groups.kts_passive[0]]['hostname'] }}",
16 | "hostTemplateRefName": "HostTemplate-KTS-Passive"
17 | }
18 | {%- endif -%}
19 | ],
20 | "variables" : {%- include 'cluster_template/common/variables.j2' -%}
21 | }
22 |
--------------------------------------------------------------------------------
/roles/infrastructure/krb5_client/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 |
16 | - name: restart sssd
17 | service:
18 | name: sssd
19 | state: restarted
20 |
--------------------------------------------------------------------------------
/roles/operations/restart_cluster_services/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | dependencies:
18 | - role: cloudera.cluster.cloudera_manager.api_client
19 |
--------------------------------------------------------------------------------
/roles/operations/restart_mgmt_services/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | dependencies:
18 | - role: cloudera.cluster.cloudera_manager.services_info
19 |
--------------------------------------------------------------------------------
/roles/prereqs/kerberos/vars/RedHat.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | krb5_packages:
17 | - krb5-libs
18 | - krb5-workstation
19 | ldap_packages: openldap-clients
20 |
--------------------------------------------------------------------------------
/roles/config/cluster/ecs/vars/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | custom_config_templates:
18 | # Custom configurations for ECS
19 | - template: configs/ecs.j2
20 |
--------------------------------------------------------------------------------
/roles/deployment/cluster/templates/cluster_template/common/variables.j2:
--------------------------------------------------------------------------------
1 | {% import 'cm_api.j2' as cm_api with context %}
2 | [
3 | {%- set config_joiner = joiner(",") -%}
4 | {%- for service in cluster.services | difference(kms_services) -%}
5 | {%- if merged_configs[service] is mapping -%}
6 | {%- for (role_name, configs) in merged_configs[service].items() -%}
7 | {%- if configs is mapping -%}
8 | {%- for (key, val) in configs.items() -%}
9 | {{ config_joiner() }}
10 | {%- set var_name = [service, role_name, key] | join("_") | replace('.','_') | replace('/','_') -%}
11 | {{ cm_api.ApiConfig(var_name, val, force_uppercase_keys=True) }}
12 | {%- endfor -%}
13 | {%- endif -%}
14 | {%- endfor -%}
15 | {%- endif -%}
16 | {%- endfor -%}
17 | ]
18 |
--------------------------------------------------------------------------------
/roles/deployment/cluster/templates/cluster_template/kts/hostTemplates.j2:
--------------------------------------------------------------------------------
1 | {%- set host_template_joiner = joiner(",") -%}
2 | [
3 | {%- if 'kts_active' in groups -%}
4 | {{ host_template_joiner() }}
5 | {
6 | "refName": "HostTemplate-KTS-Active",
7 | "cardinality": 1,
8 | "roleConfigGroupsRefNames": [
9 | "keytrustee_server-KEYTRUSTEE_ACTIVE_SERVER-BASE",
10 | "keytrustee_server-DB_ACTIVE-BASE"
11 | ]
12 | }
13 | {%- endif -%}
14 | {%- if 'kts_passive' in groups -%}
15 | {{ host_template_joiner() }}
16 | {
17 | "refName": "HostTemplate-KTS-Passive",
18 | "cardinality": 1,
19 | "roleConfigGroupsRefNames": [
20 | "keytrustee_server-KEYTRUSTEE_PASSIVE_SERVER-BASE",
21 | "keytrustee_server-DB_PASSIVE-BASE"
22 | ]
23 | }
24 | {%- endif -%}
25 | ]
26 |
--------------------------------------------------------------------------------
/roles/infrastructure/rdbms/vars/mariadb-Debian.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | mysql_packages:
17 | - mariadb-client
18 | - mariadb-server
19 | - python-mysqldb
20 |
--------------------------------------------------------------------------------
/roles/config/services/kms_tls/files/kms_tls.json:
--------------------------------------------------------------------------------
1 | {
2 | "items": [
3 | {
4 | "name": "ssl_enabled",
5 | "value": "true"
6 | },
7 | {
8 | "name": "ssl_server_keystore_location",
9 | "value": "{{CM_AUTO_TLS}}"
10 | },
11 | {
12 | "name": "ssl_server_keystore_password",
13 | "value": "{{CM_AUTO_TLS}}"
14 | },
15 | {
16 | "name": "ssl_client_truststore_location",
17 | "value": "{{CM_AUTO_TLS}}"
18 | },
19 | {
20 | "name": "ssl_client_truststore_password",
21 | "value": "{{CM_AUTO_TLS}}"
22 | },
23 | {
24 | "name": "hadoop_kms_authentication_signer_secret_provider_zookeeper_auth_type",
25 | "value": "kerberos"
26 | }
27 |
28 | ]
29 | }
30 |
--------------------------------------------------------------------------------
/roles/config/services/ranger_pvc_default_policies/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | dependencies:
18 | - role: cloudera.cluster.cloudera_manager.services_info
19 |
--------------------------------------------------------------------------------
/roles/teardown/tasks/teardown_kms.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | - name: Remove the KMS directory
17 | file:
18 | path: /var/lib/kms-keytrustee
19 | state: absent
20 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/csds/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.cloudera_manager.common
18 | - role: cloudera.cluster.deployment.credential
19 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/license/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.cloudera_manager.api_client
18 | - role: cloudera.cluster.prereqs.license
19 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/repo/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.cloudera_manager.common
18 | - role: cloudera.cluster.deployment.credential
19 |
--------------------------------------------------------------------------------
/roles/infrastructure/krb5_client/tasks/freeipa_dbus_patch.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Copy DBUS config file
3 | copy:
4 | src: dbus_session.conf
5 | dest: /etc/dbus-1/session-local.conf
6 | ignore_errors: true
7 | register: dbus_config_update
8 |
9 | - name: restart services when DBUS is reconfigured
10 | when: dbus_config_update.changed
11 | block:
12 | - name: Ensure dbus is enabled and unmasked
13 | systemd:
14 | name: dbus
15 | enabled: true
16 | masked: false
17 | ignore_errors: true
18 |
19 | - name: Restart DBUS
20 | service:
21 | name: dbus
22 | state: restarted
23 | ignore_errors: true
24 |
25 | - name: Restart logind
26 | service:
27 | name: systemd-logind
28 | state: restarted
29 | ignore_errors: true
30 |
--------------------------------------------------------------------------------
/roles/infrastructure/rdbms/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.deployment.definition
18 | - role: cloudera.cluster.infrastructure.ca_common
19 |
--------------------------------------------------------------------------------
/roles/config/services/kms/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | dependencies:
18 | - role: cloudera.cluster.deployment.definition
19 | - role: cloudera.cluster.infrastructure.ca_common
20 |
--------------------------------------------------------------------------------
/roles/prereqs/user_accounts/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.prereqs.local_accounts_common
18 | - role: cloudera.cluster.deployment.definition
19 |
--------------------------------------------------------------------------------
/roles/verify/definition/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | dependencies:
18 | - role: cloudera.cluster.deployment.definition
19 | - role: cloudera.cluster.infrastructure.ca_common
20 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/api_client/defaults/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | cloudera_manager_api_user: admin
17 | cloudera_manager_api_password: admin
18 | cloudera_manager_tls_validate_certs: false
19 |
--------------------------------------------------------------------------------
/roles/infrastructure/krb5_client/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.infrastructure.krb5_common
18 | - role: cloudera.cluster.infrastructure.krb5_conf
19 |
--------------------------------------------------------------------------------
/roles/infrastructure/krb5_server/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.infrastructure.krb5_common
18 | - role: cloudera.cluster.infrastructure.krb5_conf
19 |
--------------------------------------------------------------------------------
/roles/prereqs/license/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 |
16 | # Path to the license file on the Ansible controller
17 | cloudera_manager_license_file: ""
18 | license_local_tmp_path: /tmp/license.txt
19 |
--------------------------------------------------------------------------------
/roles/assemble_template/defaults/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | # cluster_template_fragments_regex: '.*\.json$'
18 | cluster_template_fragments_directory: "{{ mandatory }}"
19 | cluster_template_file: "{{ mandatory }}"
20 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/agent_config/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | dependencies:
18 | - role: cloudera.cluster.cloudera_manager.common
19 | - role: cloudera.cluster.infrastructure.ca_common
20 |
--------------------------------------------------------------------------------
/roles/security/tls_generate_csr/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.infrastructure.ca_common
18 | - role: cloudera.cluster.prereqs.local_accounts_common
19 |
--------------------------------------------------------------------------------
/tests/unit/requirements.txt:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | pre-commit
16 | pytest
17 | pytest-mock
18 | ansible-core<2.17 # For RHEL 8 support
19 | molecule
20 | molecule-plugins
21 | molecule-plugins[ec2]
22 | tox-ansible
23 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/api_client/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | dependencies:
17 | - role: cloudera.cluster.cloudera_manager.common
18 | - role: cloudera.cluster.cloudera_manager.admin_password.check
19 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/kerberos/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | dependencies:
18 | - role: cloudera.cluster.cloudera_manager.api_client
19 | - role: cloudera.cluster.infrastructure.krb5_common
20 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/server_tls/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | dependencies:
18 | - role: cloudera.cluster.cloudera_manager.api_client
19 | - role: cloudera.cluster.infrastructure.ca_common
20 |
--------------------------------------------------------------------------------
/tests/unit/plugins/modules/assemble_cluster_template/fragments/service-3.json:
--------------------------------------------------------------------------------
1 | {
2 | "hostTemplates": [
3 | {
4 | "refName": "ExampleHostTemplate",
5 | "roleConfigGroupsRefNames": [
6 | "livy-GATEWAY-BASE",
7 | "livy-LIVY_SERVER-BASE"
8 | ]
9 | }
10 | ],
11 | "services": [
12 | {
13 | "refName": "livy",
14 | "serviceType": "LIVY",
15 | "displayName": "Livy",
16 | "roleConfigGroups": [
17 | {
18 | "refName": "livy-GATEWAY-BASE",
19 | "roleType": "GATEWAY",
20 | "base": true,
21 | "configs": []
22 | },
23 | {
24 | "refName": "livy-LIVY_SERVER-BASE",
25 | "roleType": "LIVY_SERVER",
26 | "base": true,
27 | "configs": []
28 | }
29 | ]
30 | }
31 | ]
32 | }
33 |
--------------------------------------------------------------------------------
/roles/cloudera_manager/external_auth/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | dependencies:
18 | - role: cloudera.cluster.cloudera_manager.api_client
19 | - role: cloudera.cluster.infrastructure.krb5_common
20 |
--------------------------------------------------------------------------------
/roles/operations/refresh_ranger_kms_repo/meta/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 |
17 | dependencies:
18 | - role: cloudera.cluster.cloudera_manager.api_client
19 | - role: cloudera.cluster.deployment.definition
20 |
--------------------------------------------------------------------------------
/roles/deployment/repometa/defaults/main.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | parcel_repo_username: "{{ cloudera_manager_repo_username | default(omit) }}"
17 | parcel_repo_password: "{{ cloudera_manager_repo_password | default(omit) }}"
18 |
--------------------------------------------------------------------------------
/roles/security/tls_generate_csr/molecule/default/converge.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | - name: Converge
17 | hosts: all
18 | tasks:
19 | - name: Include security/tls role
20 | include_role:
21 | name: tls
22 |
--------------------------------------------------------------------------------
/roles/infrastructure/ca_server/molecule/default/converge.yml:
--------------------------------------------------------------------------------
1 | # Copyright 2025 Cloudera, Inc. All Rights Reserved.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | ---
16 | - name: Converge
17 | hosts: all
18 | tasks:
19 | - name: Include ca_server role
20 | include_role:
21 | name: ca_server
22 |
--------------------------------------------------------------------------------