About Release 7.7.0
This site contains documentation for HPE Ezmeral Data Fabric release 7.7.0, including installation, configuration, administration, and reference content, as well as content for the associated ecosystem components and drivers.
7.7.0 Installation
This section contains information about installing and upgrading HPE Ezmeral Data Fabric software. It also contains information about how to migrate data and applications from an Apache Hadoop cluster to a HPE Ezmeral Data Fabric cluster.
7.7.0 Data Fabric
HPE Ezmeral Data Fabric is the industry-leading data platform for AI and analytics that solves enterprise business needs.
7.7.0 Administration
This section describes how to manage the nodes and services that make up a cluster.
- Administering Users and Clusters
  Lists topics that help manage a data-fabric cluster.
  - Managing Users and Groups
    Provides a brief introduction to user management on an HPE Ezmeral Data Fabric cluster.
    - Setting Up Email Addresses
      Describes how to set up email addresses using the Control System and the CLI.
    - Setting Up SMTP
      Describes how to set up SMTP information using the Control System and the CLI.
    - Configuring SSO
      Describes how the HPE Ezmeral Data Fabric supports single sign-on (SSO) and how to configure it.
      - Accessing the Keycloak Administration Console
        Describes how to start the Keycloak administration console so you can manage Keycloak and your SSO users.
      - Changing the Keycloak admin Password
        Describes how to change the default Keycloak admin password to prevent unauthorized access to Keycloak and your Data Fabric user information.
      - Adding New Users to Keycloak
        Describes how to add new users in Keycloak so you can use them to sign in to the HPE Ezmeral Data Fabric.
      - Adding a Group to Keycloak
        Describes how to add a Keycloak user group.
      - Integrating Your LDAP Directory with Keycloak
        Keycloak can interface with an external LDAP directory so that LDAP users can access the HPE Ezmeral Data Fabric.
      - Using LDAP Mappers
        Describes how to use mappers to auto-populate Keycloak with the mandatory attributes it needs for users and groups to access the Data Fabric UI.
      - Configuring Data Fabric Communications with Your SSO Server
        Describes how to configure the HPE Ezmeral Data Fabric to work with an SSO server.
      - Checking and Changing the Temporary Ticket Duration
        Describes how to gather information about the temporary ticket and change the duration of the ticket.
      - Using CLI Commands Without a User Ticket When SSO Is Configured
        Describes how to use temporary tickets with certain command line interfaces in SSO-enabled clusters.
      - Using MinIO Client (mc) Without a User Ticket When SSO Is Configured
        Describes how to use temporary tickets with MinIO Client (mc) commands in SSO-enabled clusters.
      - SSO User Login from a Cluster Node or Edge Node
        Describes how to log in from a cluster node or edge node using an SSO user.
      - Temporary Ticket Expiration
        Describes what happens when a temporary ticket expires.
      - Roles and Permissions When SSO Is Configured
        Describes the roles supported by the HPE Ezmeral Data Fabric in SSO-enabled clusters.
    - Managing Permissions
      Provides an overview of managing user permissions at the cluster, volume and file system levels.
  - Managing the Cluster
    Lists the settings for managing the data-fabric cluster.
- Administering Nodes
  Provides a synopsis of managing nodes in a cluster.
- Administering Volumes
  This section provide information about how to organize and manage data using volumes, a unique feature of HPE Ezmeral Data Fabric clusters.
- Administering Files and Directories
- Administering Tables
  Administration of the HPE Ezmeral Data Fabric Database is done primarily via the command line (maprcli) or with the Managed Control System (MCS). Regardless of whether the HPE Ezmeral Data Fabric Database table is used for binary files or JSON documents, the same types of commands are used with slightly different parameter options. HPE Ezmeral Data Fabric Database administration is associated with tables, columns and column families, and table regions.
- Administering Streams
- Administering Data Fabric Gateways
  A HPE Ezmeral Data Fabric gateway mediates one-way communication between a source HPE Ezmeral Data Fabric cluster and a destination cluster. You can replicate HPE Ezmeral Data Fabric Database tables (binary and JSON) and HPE Ezmeral Data Fabric Streams streams. HPE Ezmeral Data Fabric gateways also apply updates from JSON tables to their secondary indexes and propagate Change Data Capture (CDC) logs.
- Administering Services
- Monitoring the Cluster
  This section describes how to monitor the health and performance of a MapR cluster.
- Configuring Security
  Describes how to configure security and manage secure clusters.
- Managing Secure Clusters
  Provides procedures that will enable you to use MapR clusters securely.
- Administering the Data Access Gateway
  The HPE Ezmeral Data Fabric Data Access Gateway is a service that acts as a proxy and gateway for translating requests between lightweight client applications and the HPE Ezmeral Data Fabric cluster. This section describes considerations when upgrading the service, how to modify configuration settings, and how to administer and manage the service.
- Planning for High Availability
- Administrator's Reference
  This section contains in-depth reference information for the administrator.
- Troubleshooting Cluster Administration
  Lists the common errors and their solutions.
- Best Practices for Backing Up HPE Ezmeral Data Fabric Information
  Lists the best practices and performance considerations to follow when backing up HPE Ezmeral Data Fabric information.
- IPv6 Support in Data Fabric
  Describes the IPv6 support feature for Data Fabric.
7.7.0 Development
This section contains information related to application development for Ezmeral ecosystem components and HPE Ezmeral Data Fabric products, including the file system, Database (Key-Value and JSON), and Event Streams.
Other Docs
This section contains release-independent information, including: Installer documentation, Ecosystem release notes, interoperability matrices, security vulnerabilities, and links to other data-fabric version documentation.
Glossary
Definitions for commonly used terms in MapR Converged Data Platform environments.

Configuring Data Fabric Communications with Your SSO Server

Describes how to configure the HPE Ezmeral Data Fabric to work with an SSO server.

To enable your SSO provider to communicate with the HPE Ezmeral Data Fabric, release 7.4.0 or later must be installed, and you must configure SSO information by running the maprcli cluster setssoconf command.

Note these considerations:

Only the cluster admin or a user with the fabric manager role can run the maprcli cluster setssoconf command.
For a customer-managed data fabric, you must run the command only on the primary CLDB node. SSO information is propagated automatically to other CLDB nodes in the cluster.
For a consumption-based data fabric, you must run the command only on the primary CLDB node of the primary data fabric. SSO information is propagated automatically to other CLDB nodes and other fabrics in the global namespace.

To configure SSO:

Identify the primary CLDB node by using one of the following methods:
- On any node in the cluster, run the following maprcli command:
```
maprcli clustergroup getcgtable -showprimary true -json
```
- Log in to the Control System and go to the service information page for CLDB. The primary CLDB is the CLDB with a CLDB Mode equivalent to MASTER_READ_WRITE. For more information, see Viewing CLDB Information.
Log on to the primary CLDB node as the cluster admin (typically the mapr user).

Run the cluster setssoconf command and specify the following options:

-issuerendpoint
-providername
-clientid
-clientsecret
-certfile
-json (optional)

For example:

maprcli cluster setssoconf -issuerendpoint https://<IP_address>:8443/realms/TestReallm/ 
-providername keycloak -clientid testclient -clientsecret <secret>
-certfile /opt/mapr/keycloak/conf/<hostname>.crt -json
{
   "timestamp":1693834990616,
   "timeofday":"2023-09-04 06:43:10.616 GMT-0700 AM",
   "status":"OK",
   "total":1,
   "data":[
        {
                "status":"SUCCESS: SSO configuration set on CLDB."
        }
   ]
}

For information about each option, see cluster setssoconf.