Installation Notes (Release 7.1.0)
Describes considerations for installing release 7.1.0.
Note these considerations for new installations of release 7.1.0, which can be installed using manual steps or by using the Installer:
Considerations for Using the Installer
- Installer 1.18.0.0 and later can be used to install release 7.1.0. For more info, see Installer Updates.
- For release 7.0.0 and later clusters, Installer 1.18.0.0 and later enforce security by default. You cannot install a non-secure cluster by using Installer 1.18.0.0 and later, though it is possible to install a nonsecure cluster by using Stanzas.
- You cannot use Installer 1.18.x to install Zeppelin. You must install Zeppelin by using the manual steps. See Installing Zeppelin.
- The Installer is not FIPS compliant and is not supported to run on a FIPS-enabled node. However, you can use the Installer to install a FIPS-compliant cluster. To do this, the Installer node must be a non-FIPS node, and the cluster to be installed cannot include the Installer node as part of the cluster.
- You can use Installer 1.18.x to install a FIPS-enabled cluster only if all the nodes to be installed are FIPS-enabled. Using the Installer to install a mix of FIPS-enabled and non-FIPS-enabled nodes is not supported.
- For a list of the operating systems that support Installer 1.18.x, see Installer Support Matrix.
- For a list of known issues that affect Installer 1.18.x and other Installer versions, see Installer Known Issues.
32 GB Minimum Memory for Production Nodes
Minimum memory requirements for production nodes have changed. Production nodes require at least 32 GB of memory per node. For more information, see Memory and Disk Space.
Installing Ranger by Using the Installer
Installer 1.18.x cannot perform all of the installation tasks needed to install and configure Ranger. Some configuration steps must be completed manually after using the Installer. See Installing Ranger Using the Installer.
Installing Tez by Using the Installer
In EEP 9.0.0, the Installer can install Tez, but the Tez user interface (UI) will not work because EEP 9.0.0 includes the YARN Application Timeline Service (ATS) version 2 by default. ATSv2 does not support the Tez UI. However, you can configure ATS version 1.0 or 1.5 to work with Hadoop 3, thereby enabling Tez. To enable the Tez UI, follow the steps in Configuring ATS 1.0 or 1.5 for Hadoop 3.3.
Installing the YARN ATS by Using the Installer
The Installer Select Services page does not provide a dedicated
option for selecting and installing the YARN ATS (mapr-timelineserver). To
install the ATS, you must install Tez. Because the mapr-timelineserver has
a dependency on HBase, installing Tez by using the Installer automatically installs
mapr-hbase and the mapr-timelineserver.
Monitoring Components Support for FIPS
The Spyglass logging components (Elasticsearch, Fluentd, and Kibana) are NOT supported in FIPs mode. Spyglass metrics components (Collectd, Open TSDB, and Grafana) work in FIPS mode even through Grafana is written in Go and is not FIPS compliant.
Licensing Changes for FIPS
To support FIPS clusters, the license file now contains two identical licenses. One is
signed with a SHA-1 signature for non-FIPS clusters. The other is signed with a SHA256
signature for FIPS clusters. This enables MCS or maprcli commands to verify the signature
regardless of support for FIPS compliance. User-visible changes are minimal, since MCS and
the maprcli license list command show only the license that is currently
applied.
Installing HttpFS
Beginning with release 7.1.0 and EEP 9.0.0, HttpFS is included with Hadoop and YARN. To install HttpFS, see Installing Hadoop and YARN.
Manual Installations and FIPS
There are no changes to the procedure for manual package installation. The steps are the same as described in Installing without the Installer.
${MAPR_HOME}/server/configure.sh script to
configure both FIPS and non-FIPS nodes after the data-fabric packages are successfully
installed. There are no customer-visible changes to the existing manual setup procedure to
enable FIPS mode using the ${MAPR_HOME}/server/configure.sh script:- FIPS mode is automatically enabled only if the local operating system is FIPS enabled.
The
configure.shscript uses thesysctl crypto.fips_enabledcommand to detect if the operating system is in FIPS mode. - FIPS mode implies secure mode as well. Thus, on a FIPS enabled node,
-secureis the default, whereas in a regular, non-FIPS enabled node,-unsecureis the default. - If the local operating system is not FIPS-enabled, the
configure.shscript proceeds to perform regular, non-FIPS configuration.
Other than the change in the default -secure setting, system configuration
for a machine running a FIPS enabled operating system looks the same as that on a regular
machine running an operating system that is not FIPS-enabled.
It is important to note that nonsecure algorithms such as MD-5 and DES are disabled in FIPS. Therefore, legacy applications that use these algorithms will no longer run on FIPS-enabled nodes. So, while FIPS adds additional security, it also causes nonsecure legacy applications to fail unless they are upgraded. This is an important distinction between FIPS and non-FIPS mode.
Log Monitoring and FIPS
Log monitoring is not supported in installations with FIPS-enabled nodes in EEP 8.1.0 and later.