Installation Notes (Release 7.6.1)

Describes considerations for installing release 7.6.1.

Note these considerations for new installations of release 7.6.1, which can be installed using manual steps or by using the Installer:

Installer and the New Repository

Installer users on all releases should update to Installer 1.18.0.5. Installer 1.18.0.5 supports the new https://package.ezmeral.hpe.com/ repository described in What's New in Release 7.6.1. Using the new repository requires an HPE Passport user name and token. When installing the mapr-setup.sh script for Installer 1.18.0.5, you can specify your Passport credentials. See Installer and Updating the Installer.

Considerations for Using the Installer

Before using the Installer with release 7.6.1, review these considerations:
  • Only Installer 1.18.0.5 can be used to install release 7.6.1. For more info, see Installer Updates.
  • Installer 1.18.0.5 is not supported for use with JRE 17 or JDK 17 and will not install JDK 17.
  • Installer 1.18.0.5 does contain user interface controls for configuring IPv6.
    IMPORTANT HPE Ezmeral Ecosystem Pack (EEP) components do not support IPv6.
  • For releases 7.0.0 and later, Installer 1.18.0.5 enforces security by default. You cannot install a non-secure cluster by using Installer 1.18.0.5, though it is still possible to install a nonsecure cluster by using Stanzas.
  • You can use Installer 1.18.0.5 to install Zeppelin, but the Installer does not configure Zeppelin. All configuration and integration tasks must be done manually. See Zeppelin.
  • The Installer is not FIPS compliant and is not supported to run on a FIPS-enabled node. However, you can use the Installer to install a FIPS-compliant cluster. To do this, the Installer node must be installed on a non-FIPS node, and the cluster to be installed cannot include the Installer node as part of the cluster.
  • You can use Installer 1.18.0.5 to install a FIPS-enabled cluster only if all the nodes to be installed are FIPS-enabled. Using the Installer to install a mix of FIPS-enabled and non-FIPS-enabled nodes is not supported.
  • For a list of the operating systems that support Installer 1.18.0.5, see Installer Support Matrix.
  • For a list of known issues that affect Installer 1.18.0.5 and other Installer versions, see Installer Known Issues.

EEP 9.2.1 and Release 7.6.1

EEP 9.2.1 can be used with releases 7.6.1, 7.5.0, 7.4.0, 7.3.0 (with a patch), and 7.2.0 (with a patch). For more information about EEP compatibility, see EEP Support and Lifecycle Status and What's New in EEP 9.2.1.

32-GB Minimum Memory for Production Nodes

Minimum memory requirements for production nodes have changed. Production nodes require at least 32 GB of memory per node. For more information, see Memory and Disk Space.

Installing Ranger by Using the Installer

Installer 1.18.0.5 cannot perform all of the installation tasks needed to install and configure Ranger. Some configuration steps must be completed manually after using the Installer. See Installing Ranger Using the Installer.

Installing Tez by Using the Installer

In EEPs 9.0.0 and later, the Installer can install Tez, but the Tez user interface (UI) will not work because EEPs 9.0.0 and later include the YARN Application Timeline Service (ATS) version 2 by default. ATSv2 does not support the Tez UI. However, you can configure ATS version 1.0 or 1.5 to work with Hadoop 3, thereby enabling Tez. To enable the Tez UI, follow the steps in Configuring ATS 1.0 or 1.5 for Hadoop 3.3.

Installing the YARN ATS by Using the Installer

The Installer Select Services page does not provide a dedicated option for selecting and installing the YARN ATS (mapr-timelineserver). To install the ATS, you must install Tez. Because the mapr-timelineserver has a dependency on HBase, installing Tez by using the Installer automatically installs mapr-hbase and the mapr-timelineserver.

Monitoring Components Support for FIPS

The Spyglass logging components (Elasticsearch, Fluentd, and Kibana) are NOT supported in FIPs mode. Spyglass metrics components (Collectd, Open TSDB, and Grafana) work in FIPS mode even through Grafana is written in Go and is not FIPS compliant.

Licensing Changes for FIPS

To support FIPS clusters, the license file now contains two identical licenses. One is signed with a SHA-1 signature for non-FIPS clusters. The other is signed with a SHA256 signature for FIPS clusters. This enables MCS or maprcli commands to verify the signature regardless of support for FIPS compliance. User-visible changes are minimal, since MCS and the maprcli license list command show only the license that is currently applied.

Installing HttpFS

Beginning with release 7.1.0 and EEP 9.0.0, HttpFS is included with Hadoop and YARN. To install HttpFS, see Installing Hadoop and YARN.

Manual Installations and FIPS

There are no changes to the procedure for manual package installation. The steps are the same as described in Installing without the Installer.

Installers continue to use the ${MAPR_HOME}/server/configure.sh script to configure both FIPS and non-FIPS nodes after the data-fabric packages are successfully installed. There are no customer-visible changes to the existing manual setup procedure to enable FIPS mode using the ${MAPR_HOME}/server/configure.sh script:
  • FIPS mode is automatically enabled only if the local operating system is FIPS enabled. The configure.sh script uses the sysctl crypto.fips_enabled command to detect if the operating system is in FIPS mode.
  • FIPS mode implies secure mode as well. Thus, on a FIPS enabled node, -secure is the default, whereas in a regular, non-FIPS enabled node, -unsecure is the default for releases 7.2.0 and earlier.
  • If the local operating system is not FIPS-enabled, the configure.sh script proceeds to perform regular, non-FIPS configuration.

Other than the change in the default -secure setting, system configuration for a machine running a FIPS enabled operating system looks the same as that on a regular machine running an operating system that is not FIPS-enabled.

It is important to note that nonsecure algorithms such as MD-5 and DES are disabled in FIPS. Therefore, legacy applications that use these algorithms will no longer run on FIPS-enabled nodes. So, while FIPS adds additional security, it also causes nonsecure legacy applications to fail unless they are upgraded. This is an important distinction between FIPS and non-FIPS mode.

Log Monitoring and FIPS

Log monitoring is not supported in installations with FIPS-enabled nodes in EEPs 8.1.0 and later.