This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Preparing the Environment

1: Extracting the installation package
2: Running the configurator script
3: Setting up the parcels
4: Distributing the parcels
5: Activating the parcels

1 - Extracting the installation package

Extract the Big Data Protector package to access the Big Data Protector Configurator script. This script will generate the Big Data Protector parcels and CSDs to install the Big Data Protector on all the nodes in the cluster. The nodes in the cluster are managed by Cloudera Manager.

To extract the files from the installation package:

Log in to the CLI on the Master node that has connectivity to the ESA.
Copy the Big Data Protector package BigDataProtector_Linux-ALL-64_x86-64_CDP-PVC-Base-7.1-64_<BDP_version>.tgz to any directory.
For example, /opt/bigdata/.
To create a temporary directory under the specified directory, to extract the files, run the following command:
```
mkdir /opt/bigdata/extracted/
```
To navigate to the directory where you have downloaded the installation package, run the following command:
```
cd /opt/bigdata/
```
To extract the contents of the Big Data Protector installation package to a specific directory, run the following command:
```
tar –xvf BigDataProtector_Linux-ALL-64_x86-64_CDP-PVC-Base-7.1-64_<BDP_version>.tgz -C extracted/
```
To navigate to the directory where you have extracted the files, run the following command:
```
cd /opt/bigdata/extracted/
```
Press ENTER.
The command extracts the BigDataProtector_Linux-ALL-64_x86-64_CDP-PVC-Base-7.1-64_<BDP_version>.tgz package and the GPG signature files from the installation package.
```
BigDataProtector_Linux-ALL-64_x86-64_CDP-PVC-Base-7.1-64_<BDP_version>.tgz
signatures/
```
Note: Verify the authenticity of the build using the signatures folder. For more information, refer Verification of Signed Protector Build.

To extract the configurator script, run the following command:

tar –xvf BigDataProtector_Linux-ALL-64_x86-64_CDP-PVC-Base-7.1-64_<BDP_version>.tgz

Press ENTER.
The command extracts the configurator script.
```
BDPConfigurator_CDP-PVC-Base-7.1_<BDP_version>.sh
```

2 - Running the configurator script

Execute the Big Data Protector configurator script to:

Download certificates from the ESA.
Create the parcels and CSDs to install the Big Data Protector.

To run the configurator script and generate the Big Data Protector Parcels and CSDs:

Log in to the CLI on the Master node that has connectivity to ESA.
To execute the configurator script, run the following command:
```
./BDPConfigurator_CDP-PVC-Base-7.1_<BDP_version>.sh
```

Press ENTER.

The prompt to continue the configuration of Big Data Protector appears.


*****************************************************************************
        Welcome to the Big Data Protector Configurator Wizard
*****************************************************************************
This will setup the Big Data Protector Installation Files for CDP PVC Base

Do you want to continue? [yes or no]:

To start the configuration of Big Data Protector, type yes.

Press ENTER.

The prompt to select the type of installation files appears.


Big Data Protector Configurator started...
Unpacking...
Extracting files...

Select the type of Installation files you want to generate.
[ 1: Create All ]      : Creates entire Big Data Protector CSDs and Parcels.
[ 2: Update PTY_CERT ] : Creates new PTY_CERT parcel with an incremented patch version.
                     Use this if you have updated the ESA certificates.
[ 3: Update PTY_LOGFORWARDER_CONF ]
                   : Creates new PTY_LOGFORWARDER_CONF parcel with an incremented patch version.
                     Use this if you want to set Custom LogForwarder configuration files to
                     forward logs to an External Audit Store.

[ 1, 2 or 3 ]:

Note: From v10.0.0, the PTY_FLUENTBIT_CONF parcel is renamed to PTY_LOGFORWARDER_CONF.

To create the Big Data Protector parcels and CSDs, type 1.
To update the PTY_CERT parcels with an incremented patch version, type 2.
For more information about updating the PTY_CERT parcel, refer to section Updating the Certificates Parcel.
To update the PTY_LOGFORWARDER_CONF parcel with an incremented patch version, type 3.
For more information about updating the PTY_LOGFORWARDER_CONF parcel, refer to section Updating the Log Forwarder Parcel.

Press ENTER.

The prompt to select the operating system for the Cloudera Manager parcel appears.


Select the OS version for Cloudera Manager Parcel.
This will be used as the OS Distro suffix in the Parcel name.

[ 1: el7 ]    :  RHEL 7 and clones (CentOS, Scientific Linux, etc)
[ 2: el8 ]    :  RHEL 8 and clones (CentOS, Scientific Linux, etc)
[ 3: el9 ]    :  RHEL 9 and clones (CentOS, Scientific Linux, etc)
[ 4: sles12 ] :  SuSE Linux Enterprise Server 12.x

Enter the no.:

Depending on the requirements, type 1, 2, 3, or 4 to select the operating system version for the Big Data Protector parcels.
Press ENTER.
The prompt to enter the ESA hostname or IP address appears.
```
 Enter the ESA Hostname or IP Address:
```
Enter the ESA hostname or IP address.
Press ENTER.
The prompt to enter the ESA host listening port appears.
```
Enter ESA host listening port [8443]:
```
If you want to use the default value of the ESA host listening port, which is 8443, then press ENTER.
Press ENTER.
The prompt to enter the ESA JSON Web Token appears.
```
If you have an existing ESA JSON Web Token (JWT) with Export Certificates role, enter it otherwise enter 'no':
```
Note: The script silently reads the user input. Therefore, the user will be unable to see the entered JWT or no.

Enter the JWT token.

a. If you do not have an existing ESA JSON Web Token (JWT), type no.

b. Press ENTER.
The prompt to enter the user name with Export Certificates permission appears.

JWT was not provided. Script will now prompt for ESA username and password.
Enter ESA Username with Export Certificates role: admin

c. Enter the username that has permissions to export the certificates.

d. Press ENTER.

The prompt to enter the password appears.

e. Enter the password.

f. Press ENTER.
The script retrieves the JWT from the ESA, validates it, and the prompt to package custom log forwarder configuration appears.

Fetching JWT from ESA....

Fetching Certificates from ESA....

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 11264  100 11264    0     0   164k      0 --:--:-- --:--:-- --:--:--  166k

 -------------------------------------------------------------------------------

 Do you want to package any custom LogForwarder configuration files for External Audit Store?
 [ yes ] : Create a PTY_LOGFORWARDER_CONF parcel containing configuration files to be used with External Audit Store.
 [ no ]  : Skip this step.

 [ yes or no ]:

To package the Log Forwarder configuration file(s) for an external Audit Store, type yes.

Press ENTER.

The prompt to enter the local directory path containing the Log Forwarder configuration files appears.

Do you want to package any custom LogForwarder configuration files for External Audit Store?
[ yes ] : Create a PTY_LOGFORWARDER_CONF parcel containing configuration files to be used with External Audit Store.
[ no ]  : Skip this step.

[ yes or no ]: yes

Creation of PTY_LOGFORWARDER_CONF parcel is enabled.

Enter the local directory path on this machine that stores the LogForwarder configuration files for External Audit Store:

The PTY_LOGFORWARDER_CONF parcel is used to package any custom Log Forwarder configuration files that the user provides and can be distributed across the CDP nodes through the Cloudera Manager. Ensure that you name the custom Log Forwarder configuration files for the external Audit Store with the .conf extension.

Enter the local directory path that contains the Log Forwarder configuration files.

Press ENTER.

Enter the local directory path on this machine that stores the LogForwarder configuration files for External Audit Store: /root/log_forwarder/

Generating Installation files...

Big Data Protector parcels & CSDs are generated in ./Installation_Files/ directory.
NOTE:
Copy Big Data Protector CSDs (jars) to Cloudera Manager local csd repository.
Copy Big Data Protector parcels (*.parcel and *.sha files) to Cloudera Manager local parcel repository.

You can use the './Installation_Files/set_unset_bdp_config.sh' helper script for setting/unsetting BDP configs in Cloudera Manager.
Check the updated configurations on Cloudera Manager and Restart the required services.

The configurator script generates the following Big Data Protector parcels and CSDs in the ./Installation_Files/ directory:

BDP_PEP-<BDP_version>.jar
PTY_BDP-<BDP_version>_CDP7.1.p0-<operating_system_version>.parcel
PTY_BDP-<BDP_version>_CDP7.1.p0-<operating_system_version>.parcel.sha
PTY_CERT-<BDP_version>_CDP7.1.p0-<operating_system_version>.parcel
PTY_CERT-<BDP_version>_CDP7.1.p0-<operating_system_version>.parcel.sha
PTY_LOGFORWARDER_CONF-<BDP_version>_CDP7.1.p0-<operating_system_version>.parcel
PTY_LOGFORWARDER_CONF-<BDP_version>_CDP7.1.p0-<operating_system_version>.parcel.sha
set_unset_bdp_config.sh

If you type no at the prompt to create the PTY_LOGFORWARDER_CONF parcel, then the installer will skip the creation of the Log Forwarder parcel and proceed to generate the installation files.

Do you want to package any custom LogForwarder configuration files for External Audit Store?

[ yes ] : Create a PTY_LOGFORWARDER_CON parcel containing configuration files to be used with External Audit Store.
[ no ]  : Skip this step. 

[ yes or no ] : no 

Creation of PTY_LOGFORWARDER_CONF parcel is skipped. 

Generating Installation files...

Big Data Protector parcels & CSDs are generated in ./Installation_Files/ directory.
NOTE:
Copy Big Data Protector CSDs (jars) to Cloudera Manager local csd repository.
Copy Big Data Protector parcels (*.parcel and *.sha files) to Cloudera Manager local parcel repository.

You can use the './Installation_Files/set_unset_bdp_config.sh' helper script for setting/unsetting BDP configs in Cloudera Manager.
Check the updated configurations on Cloudera Manager and Restart the required services.

3 - Setting up the parcels

After the Big Data Protector parcels and CSDs are copied to the local Cloudera repository directories, restart the Cloudera SCM server. The restart ensures Cloudera Manager identifies the new CSD and parcel files. The restart also enables Cloudera Manager to display the Big Data Protector services in the Add Services section in Cloudera Manager.

To set up the Big Data Protector Parcels and CSDs:

Log in to the Master node.
Caution: Ensure to delete the older versions of the Big Data Protector parcels and .jar files before installing the new parcels and .jar files to the local repository of the Cloudera Manager.
Copy the following Big Data Protector parcels with the .parcel extension and their corresponding checksum files with the .sha extension to the local parcel repository of Cloudera Manager:
- PTY_BDP-<BDP_version>_CDP7.1.p0-<operating_system_version>.parcel
- PTY_BDP-<BDP_version>_CDP7.1.p0-<operating_system_version>.parcel.sha
- PTY_CERT-<BDP_version>_CDP7.1.p0-<operating_system_version>.parcel
- PTY_CERT-<BDP_version>_CDP7.1.p0-<operating_system_version>.parcel.sha
- PTY_LOGFORWARDER_CONF-<BDP_version>_CDP7.1.p0-<operating_system_version>.parcel
- PTY_LOGFORWARDER_CONF-<BDP_version>_CDP7.1.p0-<operating_system_version>.parcel.sha
Note: The local parcels for the Cloudera Manager are stored in the /opt/cloudera/parcel-repo/ directory.
Copy the following .jar files file to the local CSD repository:
- BDP_PEP-<BDP_version>.jar
Note: The local CSD or .jar files for Cloudera Manager are stored in the /opt/cloudera/csd/ directory.
Navigate to the local parcel repository directory.
Note: The local parcel files are available in the /opt/cloudera/parcel-repo/ directory.
To assign the ownership permissions for the Cloudera SCM user to the Protegrity Big Data Protector parcels and checksum files, run the following command:
```
chown cloudera-scm:cloudera-scm PTY_*
```
Press ENTER.
To assign 640 permissions to the parcel files, run the following command.
```
chmod 640 PTY_*
```
Press ENTER.
The command assigns read and write permissions to the owner, read permissions to the group, and restricts access to all other users.
Navigate to the local CSD repository directory.
Note: The local CSD or .jar files are available in the /opt/cloudera/csd directory.
To assign the ownership permissions for the Cloudera SCM user to the Big Data Protector CSD or .jar files, run the following command:
```
chown cloudera-scm:cloudera-scm *
```
Press ENTER.
To assign 640 permissions to the CSD or .jar files, run the following command.
```
chmod 640 *
```
Press ENTER.
The command assigns read and write permissions to the owner, read permissions to the group, and restricts access for all other users.
To restart the Cloudera SCM server and load the Big Data Protector CSDs in the Cloudera Manager, run the following command:
```
service cloudera-scm-server restart
```
Press ENTER.
The Cloudera Manager detects the new parcels in the local parcel repository.
Note: Restart the Cloudera SCM server to ensure that the Big Data Protector services are listed on the Add Services page in Cloudera Manager.

4 - Distributing the parcels

Distribute the following Big Data Protector parcels to the nodes in the cluster before installing or activating them on the nodes:

Big Data Protector parcel: PTY_BDP
Certificates parcel: PTY_CERT
Log Forwarder configuration parcel: PTY_LOGFORWARDER_CONF

Note: To distribute the Big Data Protector parcels to the nodes, Cluster Administrator privileges are required.

For more information about the required role, refer to https://docs.cloudera.com/cloudera-manager/7.1.1/managing-clusters/topics/cm-parcels.html.

To distribute the Big Data Protector Parcels to the Nodes in the Cluster:

Using a browser, navigate to the Cloudera Manager page.
Enter the Username.
Enter the Password.
Click Sign In.
The Cloudera Manager Home page appears.
Navigate to Administration > Settings.
The Settings page appears.
To view the settings related to parcels, from the Filters pane, under CATEGORY, click Parcels.
The options related to the parcels appear.
Ensure to select the following options:
- Create Users and Groups for Parcels
- Apply Permissions with respect to files installed by the parcels
From the left pane, click Parcels.
The Cloudera Manager Parcels page appears.
Note: The PTY_LOGFORWARDER_CONF parcel will be visible only when the location of the Log Forwarder configuration files is specified while generating the installation files.
Ensure that the following Protegrity parcels appear on the Parcels page:
- PTY_BDP: Big Data Protector parcel
- PTY_CERT: Certificates parcel
- PTY_LOGFORWARDER_CONF: Log Forwarder configuration parcel
To distribute the Big Data Protector parcel, besides the PTY_BDP parcel, click Distribute.
The distribution of the Big Data Protector parcel starts.
To distribute the Certificates parcel, besides the PTY_CERT parcel, click Distribute.
The distribution of the Certificates parcel starts.
To distribute the Log Forwarder configuration parcel, besides the PTY_LOGFORWARDER_CONF parcel, click Distribute.
The distribution of the Log Forwarder configuration parcel starts.
After the Protegrity parcels are distributed to the nodes, Cloudera Manager updates the status of the parcels. The status on the Parcels page is updated to Distributed, and the Activate button appears.

5 - Activating the parcels

After distributing the Big Data Protector parcels on the cluster nodes, activate the parcels to add and start the Big Data Protector-related services on the nodes in the cluster.

To activate the Big Data Protector Parcels on the Nodes:

Using a browser, navigate to the Cloudera Manager screen.
Enter the Username.
Enter the Password.
Click Sign In.
The Cloudera Manager Home page appears.
From the left pane, click Parcels.
The Cloudera Manager Parcels page appears.
Note: The PTY_LOGFORWARDER_CONF parcel will be visible only if the location of the Log Forwarder configuration files is specified while generating the installation files.
To activate the Big Data Protector parcel, besides the PTY_BDP parcel, click Activate.
A prompt to confirm the activation of the parcel appears.
To activate the Big Data Protector parcel, click OK.
Cloudera Manager activates the Big Data Protector parcel on all the nodes in the cluster.
To activate the Certificates parcel, besides the PTY_CERT parcel, click Activate.
A prompt to confirm the activation of the parcel appears.
To activate the Certificates parcel, click OK.
Cloudera Manager activates the Certificates parcel on all the nodes in the cluster.
To activate the Log Forwarder configuration parcel, besides the PTY_LOGFORWARDER_CONF parcel, click Activate.
A prompt to confirm the activation of the parcel appears.
To activate the PTY_LOGFORWARDER_CONF parcel, click OK.
After the Protegrity parcels are activated on the nodes, their status on the Parcels page is updated to Distributed, Activated. The Deactivate button appears.
Restart the Cloudera Management Service to re-deploy the service configuration for the stale configurations.

Note: After activating the PTY_BDP parcel, the CDP services will change to Stale configuration state and will require a restart. However, it is recommended to defer the restart of the services until you set all the required configurations for the Big Data Protector.
For more information about setting the configuration, refer Setting the Big Data Protector Configuration