Updating the Configuration Parameters
The Big Data Protector provides the following files that contain different parameters to control the protector behavior:
config.ini- provides parameters to control the protector behavior.rpagent.cfg- provides parameters to control the RPAgent behavior.
Updating the configuration parameters for the Log Forwarder:
Using a browser, log in to the Cloudera Manager.
Click BDP PEP. The BDP PEP page appears.
Click the Configuration tab. The Configuration tab appears.
In the Filters pane, under Scope, click PTY Log Forwarder. The options related to the Log Forwarder appear.
Update the parameters, as per the descriptions, listed in the following table:
| Option | Description |
|---|---|
| Audit Store Type | Specifies the type of Audit Store(s) where PTY LogForwarder sends logs to. |
| Protegrity Audit Store List of Hostnames/IP Addresses and/or Ports | Is the comma-delimited List of Protegrity Audit Store appliances’ Hostnames/IP addresses and/or Ports where LogForwarder sends logs. Allowed Syntax: hostname[:port][,hostname[:port],hostname[:port]…] (By default 9200 is set for empty ports) Examples: auditstore-a:9200,auditstore-b:9201,auditstore-c:9202 hostname-a hostname-a,hostname-b,hostname-c hostname-a:9201,hostname-b,hostname-c,hostname-d When using only External Audit Store, set this to NA. |
| LogForwarder Log Level | Specifies the LogForwarder logging verbosity level. |
| Enable Generation of a Log File for Application Logs | Enables the logforwarder/data/config.d/out_applog_file.conf file to create an Application Log file locally on the Nodes. |
| Application Log File Directory Path | Specifies the directory Path on the Nodes to store Application Log File. This is set as value of ‘Path’ in out_applog_file.conf when ’enable_applog_file’ is true. |
| Application Log File Name | Specifies the name of the Application Log File. This is set as value of ‘File’ in out_applog_file.conf when ’enable_applog_file’ is true. |
Updating the configuration parameters for the RPAgent:
Using a browser, navigate to the Cloudera Manager screen. The Cloudera Manager Home page appears.
Click BDP PEP. The BDP PEP page appears.
Click the Configuration tab. The Configuration tab appears.
In the Filters pane, under Scope, click PTY RPAgent. The options related to the RPAgent appear.
Update the parameters, as per the descriptions, listed in the following table:
| Option | Description |
|---|---|
| RPA Sync Interval (Seconds) | Specifies the frequency at which the RPAgent will fetch the policy from ESA. The minimum value is 1 second and the maximum value is 86400 seconds. |
| RPA Sync Hostname/IP Address | Specifies the hostname/IP Address to the service that provides the resilient packages. |
| RPA Sync Port | Specifies the port to the service that provides the resilient packages. |
| RPA Sync CA Certificate Path | Specfies the path to the CA certificate to validate the server certificate. Note: Do not modify the value of this parameter. |
| RPA Sync Client Certificate Path | Specifies the path to the client certificate. Note: Do not modify the value of this parameter. |
| RPA Sync Client Certificate Key Path | Specifies the path to the client certificate key. Note: Do not modify the value of this parameter. |
| RPA Sync Client Certificate Key Secret File Path | Specifies the path to the secret file used to decrypt the client certificate key. Note: Do not modify the value of this parameter. |
| RPA Log Host | Specifies the LogForwarder Host/IP Address where logs will be forwarded from the RPA. |
| RPA Log Mode | In case that connection to LogForwarder is lost, set how logs are handled. drop = (Default) Protector throws logs away if connection to the logforwarder is lost error = Protector returns error without protecting/unprotecting data if connection to the logforwarder is lost. |
To update the configuration parameters in the config.ini file:
Using a browser, log in to the Cloudera Manager UI. The Cloudera Manager Home page appears.
Click BDP PEP. The BDP PEP page appears.
Click the Configuration tab. The Configuration tab appears.
In the Filters pane, under Scope, click Gateway. The options related to the
config.inifile appear.Update the parameters, as per the descriptions, listed in the following table:
| Parameter | Description |
|---|---|
| Protector Cadence | Determines how often the protector’s sync thread will execute (in seconds). The default is 60 seconds. By default, every 60 seconds the protector attempts to fetch the policy updates. If the cadence is set to ‘0’, then the protector will get the policy only once (per process). The interval is reset when the previous sync is finished. Minimum Value = 0 sec Maximum Value = 86400 sec (i.e. 24 hours) |
| Log Output | Defines the output type for protections logs. Accepted values are: - tcp = (Default) Logs are sent to LogForwarder using tcp - stdout = Logs are sent to stdout. |
| Log Host | Specifies the LogForwarder Host/IP Address where logs will be forwarded from the protector. |
| Log Mode | Determines the approach to handle logs when the connection to the LogForwarder is lost. This setting is only for the protector logs and not application logs. - drop = (Default) Protector throws logs away if connection to the logforwarder is lost. - error = Protector returns error without protecting/unprotecting data if connection to the logforwarder is lost. |
| Deploy Directory | Specifies the directory where the client configs will be deployed. Note: The Gateway Role requires this parameter to stage the temporary files (like the config.ini.properties). The default value is set to /etc/protegrity-bdp/. |
| BDP PEP Client Advanced Configuration Snippet (Safety Valve) for bdp-conf/config.ini.properties | For advanced use only, a string to be inserted into the client configuration for bdp-conf/config.ini.properties. |
| Log Port | Specifies the LogForwarder port where logs will be forwarded from the protector. |
Note: If you add or modify any parameter in the
config.inifile, then you must restart all the dependent services to reload the configuration changes.
To add a new configuration parameter in the config.ini file:
Using a browser, log in to the Cloudera Manager UI. The Cloudera Manager Home page appears.
Click BDP PEP. The BDP PEP page appears.
Click the Configuration tab. The Configuration tab appears.
In the Filters pane, under Scope, click Gateway. The options related to the
config.inifile appear.To add a new parameter for the
config.inifile, perform the following steps:- Under the BDP PEP Client Advanced Configuration Snippet (Safety Valve) for bdp-conf/config.ini.properties box, enter the required parameter and the corresponding value in the
group.key=valueformat. When you enter the parameter in thegroup.key=valueformat, Cloudera Manager appends the parameter in theconfig.inifile on all the nodes in the following format:[group] key = value - Click Save Changes (CTRL+S).
- Under the BDP PEP Client Advanced Configuration Snippet (Safety Valve) for bdp-conf/config.ini.properties box, enter the required parameter and the corresponding value in the
To verify whether the parameter is added to the config.ini file, perform the following steps:
- Log in to the Master Node.
- To navigate to the
/opt/cloudera/parcels/PTY_BDP/bdp/data/directory, run the following command:cd /opt/cloudera/parcels/PTY_BDP/bdp/data/ - Press ENTER.
The command changes the working directory to
/opt/cloudera/parcels/PTY_BDP/bdp/data/. - To view the contents of the
config.inifile, run the following command:vim config.ini - Press ENTER.
The command displays the contents of the
config.inifile.[log] host=localhost port=15780 output=tcp mode=drop [protector] cadence=60 [core] emptystring=empty
Using a browser, login to the Cloudera Manager home page.
Click BDP PEP. The BDP PEP page appears.
To generate the
config.inifile on the nodes where you have installed the Gateway Role, select Actions » Deploy Client Configuration. The prompt to confirm the action appears.Click Deploy Client Configuration.
Cloudera Manager generates the
config.inifile to all the nodes where the Gateway role is installed.
Note: If you add or modify any parameter in the
config.inifile, then you must restart all the dependent services to reload the configuration changes.
Feedback
Was this page helpful?