Reference - Custom Properties

PolicySync

The following table contains the list of custom properties that can be configured for PolicySync connectors. To use a custom property from the table, just add it to the following YML file in the custom-vars folder configured as per your environment:

vars.policysync.snowflake.yml
vars.policysync.postgres.yml
vars.policysync.mssql.yml
vars.policysync.redshift.yml
vars.policysync.databricks.sql.analytics.yml
vars.policysync.bigquery.yml
vars.policysync.powerbi.yml

Property	Description	Values	Default Value
`POLICYSYNC_IMAGE_NAME`	Mention the PolicySync image name.
`POLICYSYNC_IMAGE_TAG`	Mention the PolicySync image tag.
`POLICYSYNC_ENABLE`	Enable PolicySync.	`true`/`false`	`false`

Common

Property	Description	Values	Default Value
`POLICYSYNC_USERLOADER_RANGER_PERSIST_CASE_SENSITIVITY`	After loading user/group/roles from Apache Ranger API's all are converted into lowercase, but in some cases, you would need to have the users in the same case as they are in Apache Ranger. When setting this value to `true`, it will maintain the case sensitivity of names as they are in Apache Ranger.	`true`/`false`	`false`
`DEPLOYMENT_SIZE`	This property specifies the size of the PolicySync deployment.	SMALL, MEDIUM or LARGE	`SMALL`

Memory Variables
`POLICYSYNC_HEAP_MIN_MEMORY_MB`	Minimum Java Heap memory in MB used by PolicySync. For example, POLICYSYNC_HEAP_MIN_MEMORY_MB: `"1024"`	Depends upon DEPLOYMENT_SIZE If `DEPLOYMENT_SIZE` property value is MEDIUM then the memory is `8192` If `DEPLOYMENT_SIZE` property value is LARGE then the memory is `32768`
`POLICYSYNC_HEAP_MIN_MEMORY`	Minimum Java Heap memory used by PolicySync. Setting this value will override `POLICYSYNC_HEAP_MIN_MEMORY_MB`. For example, `POLICYSYNC_HEAP_MIN_MEMORY`: `"1g"`		`POLICYSYNC_HEAP_MIN_MEMORY_MB`
`POLICYSYNC_HEAP_MAX_MEMORY_MB`	Maximum Java Heap memory in MB used by PolicySync. For example, `POLICYSYNC_HEAP_MAX_MEMORY_MB`: `"1024"`	Depends upon DEPLOYMENT_SIZE If `DEPLOYMENT_SIZE` property value is SMALL then the memory is `2048` If `DEPLOYMENT_SIZE` property value is MEDIUM then the memory is `8192` If `DEPLOYMENT_SIZE` property value is LARGE then the memory is `32768`
`POLICYSYNC_HEAP_MAX_MEMORY`	Maximum Java Heap memory used by PolicySync. Setting this value will override `POLICYSYNC_HEAP_MAX_MEMORY_MB`. For example, `POLICYSYNC_HEAP_MAX_MEMORY`: `"1g"`
`POLICYSYNC_K8S_MEM_REQUESTS_MB`	Minimum amount of Kubernetes memory in MB to be requested by PolicySync. For example, `POLICYSYNC_K8S_MEM_REQUESTS_MB`: `"1024"`
`POLICYSYNC_K8S_MEM_REQUESTS`	Minimum amount of Kubernetes memory to be used by PolicySync. Setting this value will override `POLICYSYNC_K8S_MEM_REQUESTS_MB`. For example, `POLICYSYNC_K8S_MEM_REQUESTS`: `"1G"`
`POLICYSYNC_K8S_MEM_LIMITS_MB`	Maximum amount of Kubernetes memory in MB to be requested by PolicySync. For example, `POLICYSYNC_K8S_MEM_LIMITS_MB`: `"1024"`
`POLICYSYNC_K8S_MEM_LIMITS`	Maximum amount of Kubernetes memory to be used by PolicySync. Setting this value will override `POLICYSYNC_K8S_MEM_LIMITS_MB`. For example, `POLICYSYNC_K8S_MEM_LIMITS`: `"1G"`		`POLICYSYNC_K8S_MEM_LIMITS_MB`
`POLICYSYNC_CPU_MIN`	Minimum amount of Kubernetes CPU to be requested by PolicySync. For example, `POLICYSYNC_CPU_MIN`: `"0.5"`	Depends upon DEPLOYMENT_SIZE If `DEPLOYMENT_SIZE` property value is MEDIUM then the CPU required is `4` If `DEPLOYMENT_SIZE` property value is LARGE then the CPU required is `8`
`POLICYSYNC_CPU_MAX`	Maximum amount of Kubernetes CPU to be used by PolicySync. For example, `POLICYSYNC_CPU_MAX`: `"0.5"`	Depends upon DEPLOYMENT_SIZE If `DEPLOYMENT_SIZE` property value is SMALL then the CPU required is `2` If `DEPLOYMENT_SIZE` property value is MEDIUM then the CPU required is `4` If `DEPLOYMENT_SIZE` property value is LARGE then the CPU required is `8`

Ranger Admin

The following table contains the list of custom properties that can be configured for Ranger Admin. To use a custom property from the table, just add it to the following YML file in the custom-vars folder configured as per your environment:

vars.ranger.admin.yml

Property	Description	Values	Default Value
RANGER_ENABLE
RANGER_INSTALL
RANGER_IMAGE_NAME
RANGER_IMAGE_TAG
RANGER_HTTP_PORT
RANGER_EXTERNAL_HTTP_PORT	Property to change the default port number for a non-secured Ranger Admin.		6080
RANGER_HTTPS_PORT
RANGER_EXTERNAL_HTTPS_PORT	Property to change the default port number for a secured Ranger Admin.		6182
RANGER_SSL_ENABLE
RANGER_SSL_SELF_SIGNED
RANGER_HOST_NAME
RANGER_INTERNAL_HOST_NAME
RANGER_ADMIN_PORT
RANGER_ADMIN_PROTOCOL
RANGER_PROTOCOL_URL
RANGER_SVC_IP
RANGER_EXTERNAL_HOST
RANGER_URL
RANGER_EXTERNAL_URL
RANGER_URL_INTERNAL
RANGER_URL_IP
RANGER_SETUP_MODE
RANGER_DB_FLAVOR
RANGER_DB_HOST
RANGER_DB_NAME
RANGER_DB_USER
RANGER_DB_PASSWORD
RANGER_DB_ROOT_USER
RANGER_DB_ROOT_PASSWORD
RANGER_CREATE_DB
RANGER_CREATE_DB_USER
RANGER_DB_SSL_ENABLE
RANGER_DB_SSL_REQUIRED
RANGER_DB_SSL_VERIFY_CERT
RANGER_DB_SSL_AUTH_TYPE
ANGER_ADMIN_DEFAULT_PASSWORD
RANGER_ADMIN_PASSWORD
RANGER_TAGSYNC_PASSWORD
RANGER_USERSYNC_PASSWORD
RANGER_KEYADMIN_PASSWORD
RANGER_VALID_EMAIL_REGEX	Set a custom regular expression to validate an email address.		^[\\w]([\\-\\.\\w\\+])+[\\w\\+]+@[\\w]+[\\w\\-]+[\\w]\\.([\\w]+[\\w\\-]+[\\w](\\.[a-z][a-z\|0-9]*)?)$
RANGER_ADMIN_HTTPS_ENABLED
RANGER_ADMIN_KEYSTORE_FILE
RANGER_ADMIN_KEYSTORE_ALIAS
RANGER_ADMIN_KEYSTORE_PASSWORD
RANGER_ADMIN_TRUSTSTORE_ALIAS
RANGER_ADMIN_TRUSTSTORE_PATH
RANGER_ADMIN_TRUSTSTORE_PASSWORD
RANGER_ADMIN_SSL_SIGNED_PEM_FULL_CHAIN
RANGER_ADMIN_SSL_SIGNED_PEM_PRIVATE_KEY
RANGER_ADMIN_SSL_PKCS12_PASSWORD
RANGER_ADMIN_SSL_SIGNED_CERT_FORMAT
RANGER_ADMIN_SSL_SIGNED_PKCS12_ALIAS
RANGER_ADMIN_SSL_SIGNED_PKCS12_FILE
RANGER_SUPPORTED_COMPONENTS
RANGER_SOLR_AUDIT_STORE
RANGER_SOLR_URL
RANGER_SOLR_ZOOKEEPERS
RANGER_SOLR_COLLECTION_NAME
RANGER_SOLR_CONFIG_NAME
RANGER_SOLR_NUMBER_OF_SHARDS
RANGER_SOLR_NUMBER_OF_REPLICAS
RANGER_SOLR_MAX_SHARDS_PER_NODE
RANGER_SOLR_ACL_USER_LIST
RANGER_UNIX_USER
RANGER_UNIX_USER_PASSWORD
RANGER_UNIX_GROUP
RANGER_AUTHENTICATION_METHOD
RANGER_REMOTE_LOGIN_ENABLED
RANGER_AUTH_SERVICE_HOSTNAME
RANGER_AUTH_SERVICE_PORT
RANGER_UNIX_AUTH_SERVICE_KEYSTORE
RANGER_UNIX_AUTH_KEYSTORE_PASSWORD
RANGER_UNIX_AUTH_TRUSTSTORE
RANGER_UNIX_AUTH_TRUSTSTORE_PASSWORD
RANGER_LDAP_URL
RANGER_LDAP_USER_DN_PATTERN
RANGER_LDAP_GROUP_SEARCH_BASE
RANGER_LDAP_GROUP_SEARCH_FILTER
RANGER_LDAP_GROUP_ROLE_ATTRIBUTE
RANGER_LDAP_BASE_DN
RANGER_LDAP_BIND_DN
RANGER_LDAP_BIND_PASSWORD
RANGER_LDAP_REFERRAL
RANGER_LDAP_USER_SEARCH_FILTER
RANGER_LDAP_AD_DOMAIN
RANGER_LDAP_AD_URL
RANGER_LDAP_AD_BASE_DN
RANGER_LDAP_AD_BIND_DN
RANGER_LDAP_AD_BIND_PASSWORD
RANGER_LDAP_AD_REFERRAL
RANGER_LDAP_AD_USER_SEARCH_FILTER
RANGER_SSO_ENABLED
RANGER_SSO_PROVIDER_URL
RANGER_SSO_PUBLICKEY
RANGER_ADMIN_LOG_DIR
RANGER_ADMIN_PID_DIR_PATH
RANGER_XAPOLICYMGR_DIR
RANGER_ADMIN_MAX_HEAP_SIZE
RANGER_EXTERNAL_USER_ADMIN_AUDIT_ENABLED	Enable/disable the admin audits for external users (usersync).	true, false	false
RANGER_PLUGIN_JCEKS_STOREPASS
RANGER_PLUGIN_SSL_KEYSTORE_PASSWORD
RANGER_PLUGIN_SSL_TRUSTSTORE_PASSWORD
RANGER_PLUGIN_KEYSTORE_ALIAS
RANGER_PLUGIN_SOLR_URL_INTERNAL
RANGER_PLUGIN_SOLR_URL_EXTERNAL
RANGER_PLUGIN_SOLR_BASIC_AUTH_ENABLED
RANGER_PLUGIN_SOLR_BASIC_AUTH_USER
RANGER_PLUGIN_SOLR_BASIC_AUTH_PASSWORD
RANGER_PLUGIN_SOLR_ZOOKEEPER
RANGER_PLUGIN_SOLR_ZOOKEEPER_INTERNAL
RANGER_PLUGIN_AUDITS_TO_KAFKA
RANGER_PLUGIN_KAFKA_BROKER_LIST
AWS_RANGER_LB_CERTIFICATE_ARN
RANGER_LB_SSL_CERT
RANGER_LB_BACKEND_PROTOCOL
RANGER_LB_SSL_PORT
RANGER_LB_TARGET_PORT
RANGER_ADMIN_ENCRYPT_SECRETS
RANGER_ADMIN_SECRETS_FILE
RANGER_ADMIN_SECRETS_KEYSTORE_PASSWORD
RANGER_ADMIN_ENCRYPT_PROPS_LIST
RANGER_K8S_LOADBALANCER_EXTERNAL
RANGER_K8S_ANNOTATION_LOADBALANCER_ANNOTATION
RANGER_K8S_MEM_LIMITS
RANGER_K8S_MEM_REQUESTS
RANGER_K8S_CPU_LIMITS
RANGER_K8S_CPU_REQUESTS
RANGER_K8S_REPLICAS
RANGER_ADMIN_GENERAL_PASSWORDS_LIST
RANGER_ADMIN_SSL_PASSWORDS_LIST
RANGER_ADMIN_SIGNED_SSL_PASSWORDS_LIST
RANGER_ADMIN_ENCRYPT_PASSWORDS_LIST
RANGER_INIT_CONTAINER_CUSTOM_COMMAND_LIST	You can provide a list of commands to download custom ``.jars`` to a desired location inside the Ranger container. For example: RANGER_INIT_CONTAINER_CUSTOM_COMMAND_LIST:-curl https://privacera/public/custom-1.jar -o /opt/ranger/ranger-admin/ews/webapp/WEB-INF/lib/custom-1.jar-curl https://privacera/public/custom-2.jar -o /opt/ranger/ranger-admin/ews/webapp/WEB-INF/lib/custom-2.jar
RANGER_INTERNAL_RESERVED_USERS_ACTIVATE	This property prohibits from any updation/deletion for users which are created as reserved users. Using this property, you can activate Ranger reserved users feature.	true,false	false
RANGER_INTERNAL_RESERVED_USERS	List of users to be marked as Ranger reserved users.		admin,rangerusersync,rangertagsync,keyadmin
Memory Variables
RANGER_HEAP_MIN_MEMORY_MB	Minimum Java Heap memory in MB used by Ranger Admin. For example, RANGER_HEAP_MIN_MEMORY_MB: "1024"
RANGER_HEAP_MIN_MEMORY	Minimum Java Heap memory used by Ranger Admin. Setting this value will override RANGER_HEAP_MIN_MEMORY_MB. For example, RANGER_HEAP_MIN_MEMORY: "1g"
RANGER_HEAP_MAX_MEMORY_MB	Maximum Java Heap memory in MB used by Ranger Admin. For example, RANGER_HEAP_MAX_MEMORY_MB: "1024"
RANGER_HEAP_MAX_MEMORY	Maximum Java Heap memory used by Ranger Admin. Setting this value will override RANGER_HEAP_MAX_MEMORY_MB. For example, RANGER_HEAP_MAX_MEMORY: "1g"
RANGER_K8S_MEM_REQUESTS_MB	Minimum amount of Kubernetes memory in MB to be requested by Ranger Admin. For example, RANGER_K8S_MEM_REQUESTS_MB: "1024"
RANGER_K8S_MEM_REQUESTS	Minimum amount of Kubernetes memory to be used by Ranger Admin. Setting this value will override RANGER_K8S_MEM_REQUESTS_MB. For example, RANGER_K8S_MEM_REQUESTS: "1G"
RANGER_K8S_MEM_LIMITS_MB	Maximum amount of Kubernetes memory in MB to be requested by Ranger Admin. For example, RANGER_K8S_MEM_LIMITS_MB: "1024"
RANGER_K8S_MEM_LIMITS	Maximum amount of Kubernetes memory to be used by Ranger Admin. Setting this value will override RANGER_K8S_MEM_LIMITS_MB. For example, RANGER_K8S_MEM_LIMITS: "1G"
RANGER_CPU_MIN	Minimum amount of Kubernetes CPU to be requested by Ranger Admin. For example, RANGER_CPU_MIN: "0.5"
RANGER_CPU_MAX	Maximum amount of Kubernetes CPU to be used by Ranger Admin. For example, RANGER_CPU_MAX: "0.5"

Ranger UserSync

The following table contains the list of custom properties that can be configured for Apache Ranger UserSync.

Privacera generally recommends using its proprietary version of UserSync (called Privacera UserSync) over open-source Apache Ranger UserSync, see Migration from Apache Ranger UserSync to Privacera UserSync to learn more.

Notice

For readability, the values with underscores in this table are often broken across lines but the property names are a single word, like this USERSYNC_AZUREAD_PASSWORD

Note

Support Chain SSL - Preview Functionality

Previously Privacera services were only using one SSL certificate of LDAP server even if a chain of certificates was available. Now as a Preview functionality, all the certificates which are available in the chain certificate are imported it into the truststore. This is added for Privacera usersync, Ranger usersync and portal SSL certificates.

Property	Description	Example Values	Default Value
USERSYNC_ ENABLE	Enable usersync module to sync users, groups, and/or roles from a directory (e.g., LDAP, AAD, SCIM) to Privacera and Ranger	true false	false
USERSYNC_ INSTALL	Instructs Privacera Manager to install Usersync components. Usually set by USERSYNC_ ENABLE	true false	{{ IS_ MASTER_ NODE if USERSYNC_ ENABLE == ‘true’ else ‘false’ }}
USERSYNC_ IMAGE_ NAME	Docker image to pull for Usersync container/pod	Set by Privacera release tag. Can be overridden by <privacera_ hub_ url> for local dockerhub	{{privacera_ hub_ url}}/ranger-usersync
USERSYNC_ IMAGE_ TAG	Tag to use for specified release. Set by <RANGER_ IMAGE_ TAG>	See above.	{{RANGER_ IMAGE_ TAG}}
USERSYNC_ PID_ DIR_ PATH	Contact Privacera Support if this needs to be changed.	Any valid PID path within the image.	/var/run/ranger
USERSYNC_ RANGER_ BASE_ DIR	Contact Privacera Support if this needs to be changed.	Base directory for UserSync install within the image	/etc/ranger
USERSYNC_ RANGER_ URL	URL for UserSync to connect to Apache Ranger APIs	Defaults to HTTP or HTTPS depending on <RANGER_ SSL_ ENABLE>	{{RANGER_ URL}}
USERSYNC_ SOURCE	Source type for user/group sync	ldap azuread unix	unix
USERSYNC_ SYNC_ LDAP_ URL	Full URL for LDAP or LDAPS connection to directory server	ldap://dir.ldap.us:389 ldaps://dir.ldap.us:636 Replace hostname and port with valid values for your directory service.	No default value.
USERSYNC_ SYNC_ LDAP_ BIND_ DN	Distinguished name (dn) for user to connect and read from directory	Example: CN=Bind User, OU=example, DC=ad, DC=example, DC=com	No default value.
USERSYNC_ SYNC_ LDAP_ BIND_ PASSWORD	Password for user to connect and read from directory	DoNotUseThisPassword2000	<PLEASE_ CHANGE>
USERSYNC_ SYNC_ LDAP_ SEARCH_ BASE	The base distinguished name (dn) used to search for all objects. Typically the root of the domain in the directory.	Example: DC=ad,DC=example,DC=com	No default value.
USERSYNC_ SYNC_ LDAP_ USER_ SEARCH_ BASE	The base distinguished name (dn) used to search for users. Only users from below this point in the directory will be included in the user-first search. Typically a user’s OU or similar. Multiple search bases may be separated with a semicolon.	Single example: OU=example_services, OU=example, DC=ad, DC=example, DC=com Multiple example: ou=ou1, dc=com, dc=example, dc=ad;ou=ou2, dc=com, dc=example, dc=ad	No default value.
USERSYNC_ SYNC_ LDAP_ DELTASYNC	Turn on the “delta” sync, which uses the updated date in the directory to sync only changed or new objects to Privacera and Apache Ranger.	true false	true
USERSYNC_ SYNC_ LDAP_ USER_ SEARCH_ SCOPE	Sets the level to search within the directory. Base only, one level, or full subtree.	sub one base	sub
USERSYNC_ SYNC_ LDAP_ OBJECT_ CLASS	User object class within the directory. Varies by directory. Typically person or organizationalPerson for Active Directory, inetOrgPerson for FreeIPA.	Examples: top person inetOrgPerson organizationalPerson user posixAccount	user
USERSYNC_ SYNC_ LDAP_ USER_ SEARCH_ FILTER	Valid LDAP search filter to limit the users returned and synced. Can be used to filter for group memberships or other attributes.	Return all users: cn=* Return members of Administrators and DBA groups: (\|(memberof=CN=Analysts, OU=groups, DC=example, DC=com)(memberof=CN=DBA, OU=groups, DC=example, DC=com))	No default value.
USERSYNC_ SYNC_ LDAP_ USER_ NAME_ ATTRIBUTE	LDAP attribute to map to Privacera user name.	samAccountName for Active Directory uid cn	cn
USERSYNC_ SYNC_ LDAP_ USER_ EMAIL_ ADDRESS_ ATTRIBUTE	LDAP attribute to map to Email address in Privacera	mail UPN	mail
USERSYNC_ SYNC_ LDAP_ USER_ GROUP_ NAME_ ATTRIBUTE	Attribute used to identify groups to which a user belongs	memberof ismemberof gidNumber primaryGroupID	memberof,ismemberof
USERSYNC_ SYNC_ LDAP_ USER_ OTHER_ ATTRIBUTES	LDAP user attributes that needs to be mapped to Ranger user entity (user attributes that are mapped by default). It can then used for access control in Ranger. In this property, you can assign those additional attributes. To assign multiple attributes, use comma-separated values.	cn badPasswordTime logonCount	cn,badPasswordTime,logonCount
USERSYNC_ SYNC_ GROUP_ OTHER_ ATTRIBUTES:	LDAP group attributes that needs to be mapped to Ranger group entity (group attributes that are mapped by default). It can then used for access control in Ranger. In this property, you can assign those additional attributes. To assign multiple attributes, use comma-separated values.	cn groupType	cn,groupType
USERSYNC_ SYNC_ LDAP_ GROUP_ HIERARCHY_ LEVELS	Property to determine the depth of how many groups to be considered in a nested group structure (a group within a group) for syncing users in Ranger. By default, Ranger syncs all the users belonging to its immediate group, and does not sync them to any other group in a nested group structure. Use this property if you want to sync/to add users of a group to its parent group or any sub-group. Consider the following LDAP nested group structure, where user 1 is a member of sub-group 2. Group A Sub-group 1 Sub-group 2 user 1 If 0 is set as the value, it applies the default behaviour. If 2 is set as the value, then user 1 becomes a member of its current group (Sub-group 2), and the groups above (Sub-group 1 and Group A) Be aware that there is a performance impact with deep hierarchies (greater than 2)	A valid integer 0 or greater	0
USERSYNC_ SYNC_ LDAP_ SSL_ ENABLED		true false	FALSE
USERSYNC_ SYNC_ LDAP_ SSL_ PM_ GEN_ TS	Set this to true if you want PM to take care of generating truststore for your ldaps server	true false	FALSE
USERSYNC_ SYNC_ LDAP_ SSL_ TRUSTSTORE_ FILE	Name of UserSync SSL truststore file.		client_ usersync_ ldaps_ truststore.jks
USERSYNC_ SYNC_ LDAP_ SSL_ TRUSTSTORE_ TYPE	UserSync SSL truststore type.	cer, jks, p12	jks
USERSYNC_ SYNC_ LDAP_ SSL_ TRUSTSTORE_ PASSWORD	Password for UserSync SSL trust store.		dwNdzqXsLEX83
USERSYNC_ SYNC_ LDAP_ SSL_ AUTO_ GEN_ TRUSTSTORE_ FILE	Privacera Manager can create a certificate automatically with a certain name and type. In this property, give a name for the certificate.	client_ usersync_ ldaps_ truststore.cer OR client_ usersync_ ldaps_ truststore.jks OR client_ usersync_ ldaps_ truststore.p12	client_ usersync_ ldaps_ truststore.cer
USERSYNC_ SYNC_ LDAP_ SSL_ AUTO_ GEN_ TRUSTSTORE_ TYPE	Privacera Manager can create a certificate automatically of a specific type. In this property, give a type for the certificate.	cer, jks, p12	cer
USERSYNC_ GROUP_ BASED_ ROLE_ ASSIGNMENT_ RULES
USERSYNC_ SYNC_ LDAP_ USERNAME_ CASE_ CONVERSION	Property to change the LDAP username case. If value is set to lower, then any username with uppercase would be changed to lowercase.	lower upper	lower
USERSYNC_ SYNC_ LDAP_ GROUPNAME_ CASE_ CONVERSION	Property to change the LDAP group name case. If value is set to lower, then any group name with uppercase would be changed to lowercase.	lower upper	lower
USERSYNC_ SYNC_ GROUP_ SEARCH_ ENABLED	Perform ldap search to find groups instead of relying on user entry attributes.		FALSE
USERSYNC_ SYNC_ GROUP_ SEARCH_ FIRST_ ENABLED	Enable group search first before user search.		FALSE
USERSYNC_ SYNC_ GROUP_ USER_ MAP_ SYNC_ ENABLED	Perform ldap search to find groups instead of relying on user entry attributes and sync memberships of those groups.		TRUE
USERSYNC_ SYNC_ GROUP_ SEARCH_ BASE	The base distinguished name (dn) used to search for groups. Only groups from below this point in the directory will be included in the group-first search. Typically a group’s OU or similar. Multiple search bases mey be separated with a semicolon.	Single example: OU=example_services, OU=example, DC=ad, DC=example, DC=com Multiple example: ou=ou1, dc=com, dc=example, dc=ad;ou=ou2, dc=com, dc=example, dc=ad
USERSYNC_ SYNC_ GROUP_ SEARCH_ SCOPE	Sets the search scope level for the group search within the directory.	base one sub	sub
USERSYNC_ SYNC_ GROUP_ OBJECT_ CLASS	Object class to identify group entries.		user
USERSYNC_ SYNC_ LDAP_ GROUP_ SEARCH_ FILTER	Optional additional filter constraining the users selected for syncing
USERSYNC_ SYNC_ PAGED_ RESULTS_ ENABLED	Enable flag for paged search results.		TRUE
USERSYNC_ SYNC_ GROUP_ NAME_ ATTRIBUTE	Attribute used to identify groups to which a user belongs
USERSYNC_ SYNC_ PAGED_ RESULTS_ SIZE	Page size of paged search results.		500
USERSYNC_ SYNC_ GROUPUSERS_ PAGED_ SIZE	By default, Ranger UserSync will sync a maximum of 1500 users from each group (depending on the LDAP version). If you want to sync LDAP users above this maximum, set a page size limit. Ranger UserSync will sync the users from the LDAP server based on the page size limit.		500
USERSYNC_ SYNC_ INTERVAL	Sync interval in minutes. (Minimum of 60)		60
USERSYNC_ UNIX_ USER	User for Unix UserSync process.		ranger
USERSYNC_ UNIX_ GROUP	Group for Unix UserSync process.		ranger
USERSYNC_ RANGERUSERSYNC_ PASSWORD	Password for rangerusersync user in Ranger.		welcome1
USERSYNC_ KERBEROS_ PRINCIPAL	Kerberos Principal for use in kerberos environment.
USERSYNC_ KERBEROS_ KEYTAB	Kerberos keytab for use in kerberos environment.
USERSYNC_ HADOOP_ CONF	Hadoop conf location or use in kerberos environment.		/etc/hadoop/conf
USERSYNC_ CRED_ KEYSTORE_ FILENAME	Keystore file where all credential is kept in cryptic format		/etc/ranger/usersync/ conf/rangerusersync.jceks
USERSYNC_ AUTH_ SSL_ ENABLED	Enable SSL		{{ENABLE_ SSL}}
USERSYNC_ AUTH_ SSL_ KEYSTORE_ FILE	SSL keystore path.		/etc/ranger/usersync/ conf/cert/unixauthservice.jks
USERSYNC_ AUTH_ SSL_ KEYSTORE_ PASSWORD	SSL keystore password.		UnIx529p
USERSYNC_ AUTH_ SSL_ TRUSTSTORE_ FILE	SSL truststore path.		/etc/ranger/usersync/ conf/{{PRIVACERA_ GLOBAL_ TRUSTSTORE_ FILENAME}}
USERSYNC_ AUTH_ SSL_ TRUSTSTORE_ PASSWORD	SSL truststore password.		{{PRIVACERA_ GLOBAL_ TRUSTSTORE_ PASSWORD}}
USERSYNC_ AZUREAD_ TENANT_ ID	Azure Active Directory Id (Tenant ID)
USERSYNC_ AZUREAD_ CLIENT_ ID	Azure Active Directory Application Credentials for accessing Microsoft Graph API
USERSYNC_ AZUREAD_ CLIENT_ SECRET	Azure Active Directory Application Credentials for accessing Microsoft Graph API
USERSYNC_ AZUREAD_ USERNAME	Azure Account Username for getting access token used on behalf of Azure AD application
USERSYNC_ AZUREAD_ PASSWORD	Azure Account Password for getting access token used on behalf of Azure AD application
USERSYNC_ AZUREAD_ SCOPE
USERSYNC_ AZUREAD_ DOMAINS	Comma Separated list of domain names of which users need to be synced.	For eg. example1.com,example2.com
USERSYNC_ AZUREAD_ USE_ GROUP_ LOOKUP_ FIRST	Set this flag to true if want to do group lookup first instead of users
USERSYNC_ AZUREAD_ GROUPS	Comma Separated list of group names of which users need to be synced. Set SYNC_ AZUREAD_ USE_ GROUP_ LOOKUP_ FIRST=true to use this property
USERSYNC_ SYNC_ AZUREAD_ USERNAME_ RETRIVAL_ FROM	Azure AD attribute to use as user’s username.		userPrincipalName
USERSYNC_ SYNC_ AZUREAD_ EMAIL_ RETRIVAL_ FROM	Azure AD attribute to use as user’s email address.		userPrincipalName
USERSYNC_ SYNC_ AZUREAD_ GROUP_ RETRIVAL_ FROM	Azure AD attribute to use as group name.		displayName
SYNC_ AZUREAD_ USER_ SERVICE_ PRINCIPAL_ ENABLED	Azure AD enable sync of service principals as users.		FALSE
SYNC_ AZUREAD_ USER_ SERVICE_ PRINCIPAL_ USERNAME_ RETRIVAL_ FROM	Azure AD attribute to use as service principal username.		appId
USERSYNC_ RANGER_ USERSYNC_ COOKIE	Enable flag for Ranger usersync cookie.		FALSE
USERSYNC_ LOGDIR	Directory to write Usersync logs.		logs
USERSYNC_ ENCRYPT_ SECRETS	Enable flag for encrypting Usersync secrets.		{{GLOBAL_ ENCRYPT_ SECRETS}}
USERSYNC_ SECRETS_ FILE	Keystore file to store encrypted secrets.		/etc/ranger/usersync/ conf/ranger-usersync{{GLOBAL_ SECRETS_ FILE_ SUFFIX}}
USERSYNC_ SECRETS_ KEYSTORE_ PASSWORD	Password of secrets keystore file.		{{GLOBAL_ DEFAULT_ SECRETS_ KEYSTORE_ PASSWORD}}
USERSYNC_ ENCRYPT_ PROPS_ LIST	List of PM variables to encrypt values of when encrypt secrets is enabled.
USERSYNC_ AUTH_ ADD_ ETCHOST			FALSE
USERSYNC_ AUTH_ IP
USERSYNC_ AUTH_ HOST
USERSYNC_ HEAP_ MIN_ MEMORY_ MB	Minimum Java Heap memory in MB used by Ranger Usersync. For example, USERSYNC_ HEAP_ MIN_ MEMORY_ MB: “1024”
USERSYNC_ HEAP_ MIN_ MEMORY	Minimum Java Heap memory used by Ranger Usersync. Setting this value will override USERSYNC_ HEAP_ MIN_ MEMORY_ MB. For example, USERSYNC_ HEAP_ MIN_ MEMORY: “1g”
USERSYNC_ HEAP_ MAX_ MEMORY_ MB	Maximum Java Heap memory in MB used by Ranger Usersync. For example, USERSYNC_ HEAP_ MAX_ MEMORY_ MB: “1024”
USERSYNC_ HEAP_ MAX_ MEMORY	Maximum Java Heap memory used by Ranger Usersync. Setting this value will override USERSYNC_ HEAP_ MAX_ MEMORY_ MB. For example, USERSYNC_ HEAP_ MAX_ MEMORY: “1g”
USERSYNC_ K8S_ MEM_ REQUESTS_ MB	Minimum amount of Kubernetes memory in MB to be requested by Ranger Usersync. For example, USERSYNC_ K8S_ MEM_ REQUESTS_ MB: “1024”
USERSYNC_ K8S_ MEM_ REQUESTS	Minimum amount of Kubernetes memory to be used by Ranger Usersync. Setting this value will override USERSYNC_ K8S_ MEM_ REQUESTS_ MB. For example, USERSYNC_ K8S_ MEM_ REQUESTS: “1G”
USERSYNC_ K8S_ MEM_ LIMITS_ MB	Maximum amount of Kubernetes memory in MB to be requested by Ranger Usersync. For example, USERSYNC_ K8S_ MEM_ LIMITS_ MB: “1024”
USERSYNC_ K8S_ MEM_ LIMITS	Maximum amount of Kubernetes memory to be used by Ranger Usersync. Setting this value will override USERSYNC_ K8S_ MEM_ LIMITS_ MB. For example, USERSYNC_ K8S_ MEM_ LIMITS: “1G”
USERSYNC_ CPU_ MIN	Minimum amount of Kubernetes CPU to be requested by Ranger Usersync. For example, USERSYNC_ CPU_ MIN: “0.5”
USERSYNC_ CPU_ MAX	Maximum amount of Kubernetes CPU to be used by Ranger Usersync. For example, USERSYNC_ CPU_ MAX: “0.5”
USERSYNC_ K8S_ CPU_ REQUESTS	Requested number of CPUs for UserSync pod.		{{ USERSYNC_ CPU_ MIN }}
USERSYNC_ K8S_ CPU_ LIMITS	Maximum number of CPUs for UserSync pod.		{{ USERSYNC_ CPU_ MAX }}
USERSYNC_ HELM_ CHART_ VERSION	Helm chart version		{{PRIVACERA_ HELM_ CHART_ VERSION}}
USERSYNC_ PASSWORDS_ LIST

Ranger TagSync

Ranger Tagsync

The following table contains the list of custom properties that can be configured for Ranger Tagsync. To use a custom property from the table, just add it to the following YML file in the custom-vars folder configured as per your environment:

vars.ranger.tagsync.yml

Property	Description	Default Value
RANGER_TAGSYNC_INSTALL	To enable Tagsync, set this property to true.	false
RANGER_TAGSYNC_IMAGE_NAME	Privacera Tagsync image name	{{privacera_hub_url}}/ranger-tagsync
RANGER_TAGSYNC_IMAGE_TAG	Privacera Tagsync image tag name	PRIVACERA_IMAGE_TAG
TAGSYNC_RANGER_URL	Ranger URL for the Tagsync to sync the tags.	http://ranger:6080
TAGSYNC_TAG_SOURCE_ATLASREST_ENDPOINT	Required only when you set the SOURCE as REST.	${ATLAS_HOST}:21000
TAGSYNC_RANGERTAGSYNC_PASSWORD	Password for Tagsync user to use an API to Ranger.	welcome1
TAGSYNC_TAG_DEST_RANGER_ENDPOINT	Ranger URL for the Tagsync to sync the tags.	http://ranger:6080
TAGSYNC_TAG_DEST_RANGER_SSL_CONFIG_FILENAME	SSL config file name is used by Tagsync to push tags to SSL-enabled Ranger and PolicyMgr files. It is required to be modified only when custom changes are made to the file.	/opt/ranger/ranger-tagsync/conf.dist/ranger-policymgr-ssl.xml
TAGSYNC_TAG_SOURCE_ATLAS_ENABLED	Enable Kafka as a SOURCE for Tagsync.	true
TAGSYNC_TAG_SOURCE_ATLAS_KAFKA_SERVICE_NAME	Service Name to be used while communicating with Kafka.	kafka
TAGSYNC_TAG_SOURCE_ATLAS_KAFKA_SECURITY_PROTOCOL	Protocol to be used to communicate to Kafka.	PLAINTEXTSASL
TAGSYNC_TAG_SOURCE_ATLAS_KERBEROS_PRINCIPAL	If Kafka is kerberos-enabled, then set the value to the principal name used by Tagsync to sync the tags.
TAGSYNC_TAG_SOURCE_ATLAS_KERBEROS_KEYTAB	If Kafka is kerberos-enabled, then set the value to the keytab location used by Tagsync to sync the tags.
TAGSYNC_TAG_SOURCE_ATLASREST_ENABLED	Enable REST-based Tagsync to Ranger. This is not recommended as REST has limitation for number of tags it can push to Ranger.	false
TAGSYNC_TAG_SOURCE_ATLASREST_DOWNLOAD_INTERVAL_IN_MILLIS	Tagsync interval required only when TAGSYNC_TAG_SOURCE_ATLASREST_ENABLED is set to true.	900000
TAGSYNC_TAG_SOURCE_ATLASREST_USERNAME	Atlas user name required only when TAGSYNC_TAG_SOURCE_ATLASREST_ENABLED is set to true.
TAGSYNC_TAG_SOURCE_ATLASREST_PASSWORD	Atlas password required only when TAGSYNC_TAG_SOURCE_ATLASREST_ENABLED is set to true.
TAGSYNC_TAG_SOURCE_FILE_ENABLED	To enable file-based TagSync.	false
TAGSYNC_TAG_SOURCE_FILE_FILENAME	Location of the file required only when TAGSYNC_TAG_SOURCE_FILE_ENABLED is set to true.	/etc/ranger/data/tags.json
TAGSYNC_TAG_SOURCE_FILE_CHECK_INTERVAL_IN_MILLIS	Tagsync interval, required only when TAGSYNC_TAG_SOURCE_FILE_ENABLED is set to true.	60000
TAGSYNC_TAGSYNC_ATLAS_CUSTOM_RESOURCE_MAPPERS	Any custom mappers to be configured in Tagsync for mapping Atlas entities to Ranger type definitions.	org.apache.ranger.tagsync.source.atlas.AtlasS3ResourceMapper
TAGSYNC_TAGSYNC_KEYSTORE_FILENAME	File will be generated to store the credentials for Ranger password for rangerTagsync user.	/etc/ranger/tagsync/conf/rangertagsync.jceks
TAGSYNC_TAG_SOURCE_ATLASREST_KEYSTORE_FILENAME	File will be generated to store the password for Atlas when TAGSYNC_TAG_SOURCE_ATLASREST_ENABLED is set to true.	/etc/ranger/tagsync/conf/atlasuser.jceks
TAGSYNC_TAG_SOURCE_ATLASREST_SSL_CONFIG_FILENAME	SSL config file name to communicate to Atlas required when TAGSYNC_TAG_SOURCE_ATLASREST_ENABLED is set to true.
TAGSYNC_UNIX_USER	User to run the process.	ranger
TAGSYNC_UNIX_GROUP	File permission group.	ranger
TAGSYNC_LOGDIR	Log location for Tagsync application.	log
TAGSYNC_PID_DIR_PATH	Location to store the PID file for the Java process.	/var/run/ranger
TAGSYNC_IS_SECURE	Property to check whether Tagsync Is secure (kerberos-enabled).	false
TAGSYNC_PRINCIPAL	Tagsync principal required only when the TAGSYNC_IS_SECURE is set to true.
TAGSYNC_KEYTAB	Tagsync keytab location required only when the TAGSYNC_IS_SECURE is set to true.
TAGSYNC_HADOOP_CONF	Hadoop Conf location.	/etc/hadoop/conf
TAGSYNC_FILE_PERMISSION	File permission on the PM host for the templates generated by PM. For example, file permissions on the file, install.properties.	700
TAGSYNC_K8S_SERVICE_ACCOUNT	Service Account Name to be used during installation in a Kubernetes environment.	privacera-sa
TAGSYNC_ROOT_LOG_LEVEL	Log-level for the root.	info
TAGSYNC_RANGER_LOG_LEVEL	Log-level for the org.apache.ranger.tagsync package.	info
Memory Variables
TAGSYNC_SMALL_MEMORY_MB	TAGSYNC MEMORY in MB for Java process if deployment size is set to SMALL.	1024
TAGSYNC_MEDIUM_MEMORY_MB	TAGSYNC MEMORY in MB for Java process if deployment size is set to MEDIUM.	4096
TAGSYNC_LARGE_MEMORY_MB	TAGSYNC MEMORY in MB for Java process if deployment size is set to LARGE.	8192
TAGSYNC_HEAP_MIN_MEMORY_MB	Depending upon the DEPLOYMENT SIZE the value will be calculated above properties.	1024
TAGSYNC_HEAP_MIN_MEMORY	Minimum Java Heap memory used by Ranger Tagsync. Setting this value will override TAGSYNC_HEAP_MIN_MEMORY_MB. For example, TAGSYNC_HEAP_MIN_MEMORY: "1g"	1024M
TAGSYNC_HEAP_MAX_MEMORY_MB	Maximum Java Heap memory in MB used by Ranger Tagsync. For example, TAGSYNC_HEAP_MAX_MEMORY_MB: "1024"	1024
TAGSYNC_HEAP_MAX_MEMORY	Maximum Java Heap memory used by Ranger Tagsync. Setting this value will override TAGSYNC_HEAP_MAX_MEMORY_MB. For example, TAGSYNC_HEAP_MAX_MEMORY: "1g"	1024M
TAGSYNC_K8S_MEM_REQUESTS_MB	Minimum amount of Kubernetes memory in MB to be requested by Ranger Tagsync. For example, TAGSYNC_K8S_MEM_REQUESTS_MB: "1024"	1024
TAGSYNC_K8S_MEM_REQUESTS	Minimum amount of Kubernetes memory to be used by Ranger Tagsync. Setting this value will override TAGSYNC_K8S_MEM_REQUESTS_MB. For example, TAGSYNC_K8S_MEM_REQUESTS: "1G"	1024M
TAGSYNC_K8S_MEM_LIMITS_MB	Maximum amount of Kubernetes memory in MB to be requested by Ranger Tagsync. For example, TAGSYNC_K8S_MEM_LIMITS_MB: "1024"	1024
TAGSYNC_K8S_MEM_LIMITS	Maximum amount of Kubernetes memory to be used by Ranger Tagsync. Setting this value will override TAGSYNC_K8S_MEM_LIMITS_MB. For example, TAGSYNC_K8S_MEM_LIMITS: "1G"	1024M
TAGSYNC_CPU_MIN	Minimum amount of Kubernetes CPU to be requested by Ranger Tagsync. For example, TAGSYNC_CPU_MIN: "0.5"	0.5
TAGSYNC_CPU_MAX	Maximum amount of Kubernetes CPU to be used by Ranger Tagsync. For example, TAGSYNC_CPU_MAX: "0.5"	0.5
TAGSYNC_K8S_CPU_REQUESTS	Minimum amount of Kubernetes CPU to be requested by Ranger Tagsync. For example, TAGSYNC_CPU_MIN: "0.5"	0.5
TAGSYNC_K8S_CPU_LIMITS	Maximum amount of Kubernetes CPU to be used by Ranger Tagsync. For example, TAGSYNC_CPU_MAX: "0.5"	0.5
TAGSYNC_HELM_CHART_VERSION	Tagsync Helm Chart Version	4.3.0

PEG

The following table contains the list of custom properties that can be configured for PEG. To use a custom property from the table, just add it to the following YML file in the custom-vars folder configured as per your environment:

vars.peg.yml

Property	Description	Default Value
PEG_IMAGE_NAME
PEG_IMAGE_TAG
USERSYNC_IMAGE_NAME
PEG_ENABLE
PEG_SSL_ENABLE
PEG_SSL_SELF_SIGNED
USERSYNC_RANGER_URL
PEG_INTERNAL_PORT
PEG_PORT	Property to change the default port number for PEG.	6869
PEG_PROTOCOL
PEG_PROTOCOL_URL
USERSYNC_SYNC_LDAP_USER_SEARCH_BASE
PEG_SERVICE_NAME
USERSYNC_SYNC_LDAP_OBJECT_CLASS
PEG_HOST_NAME
USERSYNC_SYNC_LDAP_USER_EMAIL_ADDRESS_ATTRIBUTE
PEG_SVC_IP
PEG_EXTERNAL_HOST
USERSYNC_SYNC_LDAP_SSL_ENABLED
PEG_URL
USERSYNC_SYNC_LDAP_SSL_TRUSTSTORE_FILE
PEG_EXTERNAL_URL
USERSYNC_SYNC_LDAP_SSL_TRUSTSTORE_PASSWORD
PEG_URL_IP
PEG_PORTAL_USERNAME	Username used by PEG to access Privacera Portal.	padmin
PEG_PORTAL_PASSWORD	Password used by PEG to access Privacera Portal.	{{PORTAL_PADMIN_PASSWORD}}
PEG_USERNAME	Username of PEG API credentials to access the PEG API services.	padmin
PEG_PASSWORD	Password of PEG API credentials to access the PEG API services.
PEG_LOG4J_LEVEL
PEG_TOMCAT_BASE_DIR
PEG_SSL_KEY_STORE
PEG_SSL_TRUST_STORE
PEG_KEYSTORE_PASSWORD
PEG_TRUSTSTORE_PASSWORD
PEG_KEYSTORE_ALIAS
PEG_SSL_KEYSTORETYPE
USERSYNC_SYNC_GROUP_OBJECT_CLASS
PEG_PORTAL_AUTH
PEG_METRICS_ENABLE
PEG_METRICS_ENABLE_GRAPHITE
PEG_METRICS_ENABLE_JVM
USERSYNC_SYNC_PAGED_RESULTS_SIZE
PEG_INMEM_AUTH
PEG_SSL_SIGNED_PEM_FULL_CHAIN
PEG_SSL_SIGNED_PEM_PRIVATE_KEY
PEG_SSL_PKCS12_PASSWORD
PEG_SSL_SIGNED_CERT_FORMAT
PEG_SSL_SIGNED_PKCS12_ALIAS
PEG_SSL_SIGNED_PKCS12_FILE
PEG_AUTHORIZATION_ENABLED
PEG_AUTHORIZER_IMPL
USERSYNC_KERBEROS_KEYTAB
PEG_ENCRYPT_SECRETS
PEG_SECURE_JCEKS_FILE_PATHS
PEG_SECURE_JCEKS_KEYS
PEG_SECURE_JCEKS_KEYPREFIX
PEG_ENCRYPT_PROPS_LIST
PEG_K8S_PVC_NAME
PEG_K8S_PVC_STORAGE_SIZE_MB
PEG_K8S_PVC_STORAGE_SIZE
PEG_K8S_STORAGE_PROVISIONER
PEG_K8S_SC_NAME
PEG_K8S_PV_ENCRYPTED
PEG_K8S_PV_KEY
USERSYNC_AZUREAD_PASSWORD
PEG_REPLICAS_MIN
PEG_REPLICAS_MAX
PEG_K8S_LOADBALANCER_EXTERNAL
PEG_K8S_ANNOTATION_LOADBALANCER_ANNOTATION
PEG_K8S_MEM_LIMITS
PEG_K8S_MEM_REQUESTS
PEG_K8S_CPU_LIMITS
PEG_K8S_CPU_REQUESTS
SYNC_AZUREAD_USER_SERVICE_PRINCIPAL_ENABLED
SYNC_AZUREAD_USER_SERVICE_PRINCIPAL_USERNAME_RETRIVAL_FROM
USERSYNC_RANGER_USERSYNC_COOKIE
USERSYNC_LOGDIR
USERSYNC_ENCRYPT_SECRETS
USERSYNC_SECRETS_FILE
USERSYNC_SECRETS_KEYSTORE_PASSWORD
USERSYNC_ENCRYPT_PROPS_LIST
USERSYNC_AUTH_ADD_ETCHOST
USERSYNC_AUTH_IP
USERSYNC_AUTH_HOST
USERSYNC_K8S_MEM_LIMITS
USERSYNC_K8S_MEM_REQUESTS
USERSYNC_K8S_CPU_LIMITS
USERSYNC_K8S_CPU_REQUESTS
USERSYNC_PASSWORDS_LIST
Memory Variables
PEG_HEAP_MIN_MEMORY_MB	Minimum Java Heap memory in MB used by PEG. For example, PEG_HEAP_MIN_MEMORY_MB: "1024"
PEG_HEAP_MIN_MEMORY	Minimum Java Heap memory used by PEG. Setting this value will override PEG_HEAP_MIN_MEMORY_MB. For example, PEG_HEAP_MIN_MEMORY: "1g"
PEG_HEAP_MAX_MEMORY_MB	Maximum Java Heap memory in MB used by PEG. For example, PEG_HEAP_MAX_MEMORY_MB: "1024"
PEG_HEAP_MAX_MEMORY	Maximum Java Heap memory used by PEG. Setting this value will override PEG_HEAP_MAX_MEMORY_MB. For example, PEG_HEAP_MAX_MEMORY: "1g"
PEG_K8S_MEM_REQUESTS_MB	Minimum amount of Kubernetes memory in MB to be requested by PEG. For example, PEG_K8S_MEM_REQUESTS_MB: "1024"
PEG_K8S_MEM_REQUESTS	Minimum amount of Kubernetes memory to be used by PEG. Setting this value will override PEG_K8S_MEM_REQUESTS_MB. For example, PEG_K8S_MEM_REQUESTS: "1G"
PEG_K8S_MEM_LIMITS_MB	Maximum amount of Kubernetes memory in MB to be requested by PEG. For example, PEG_K8S_MEM_LIMITS_MB: "1024"
PEG_K8S_MEM_LIMITS	Maximum amount of Kubernetes memory to be used by PEG. Setting this value will override PEG_K8S_MEM_LIMITS_MB. For example, PEG_K8S_MEM_LIMITS: "1G"
PEG_CPU_MIN	Minimum amount of Kubernetes CPU to be requested by PEG. For example, PEG_CPU_MIN: "0.5"
PEG_CPU_MAX	Maximum amount of Kubernetes CPU to be used by PEG. For example, PEG_CPU_MAX: "0.5"

Discovery

This topic provides the list of custom properties that can be configured for the Discovery service. It covers how you can configure the custom properties in Privacera Manager (PM) CLI.

PM CLI Configuration

To use a custom property from the properties table:

Add the property to the following YML file in the custom-vars folder configured as per your environment.
- vars.discovery.aws.yml
- vars.discovery.azure.yml
- vars.discovery.gcp.yml

Run the following command:

cd ~/privacera/privacera-manager
./privacera-manager.sh update

Properties Table

Property	Description	Values	Default Value
DISCOVERY_IMAGE_NAME
DISCOVERY_IMAGE_TAG
DISCOVERY_ENABLE	Set it true to enable Discovery.	true,false
USE_DATABRICKS_SPARK	Enable to use Databricks Spark instead of Apache Spark.	true,false
DISCOVERY_INSTALL
DISCOVERY_FS_PREFIX	For accessing the filesytem of the cloud storage service, do the following: For AWS and GCP, set the filesystem prefix. s3a:// is the prefix for AWS, and gs:// for GCP. For Azure, set the container name. A container name is associated with your Azure storage account and where the blobs are organized containing the data to be scanned.	s3a:// StorageContainerName gs://
DISCOVERY_CLOUD_TYPE	Set the cloud type used for the Discovery setup.	AWS AZURE GCP
DISCOVERY_TRUSTSTORE_PASSWORD
AUTO_START_DATABRICKS_JOB
DISCOVERY_REALTIME_ENABLE	Set to true to enable real-time scan in Discovery.	true,false	false
DISCOVERY_MENU_ENABLE	Set to true to enable Discovery menu on Privacera Portal.	true,false	false
DISCOVERY_LOG_LEVEL
DISCOVERY_FOLDER_TAGGER_ENABLE
DISCOVERY_STORE_SAMPLE_VALUES	Whether any sample values should be stored for a column or field	true,false	false
DISCOVERY_MAX_SAMPLE_VALUES	Maximum sample values stored for a column or field.
DISCOVERY_ENCRYPT_SAMPLE_VALUES	Whether the samples should be stored encrypted.	true,false;	false
DISCOVERY_STREAM_SUFFIX
DISCOVERY_STREAM_TAGS
DISCOVERY_TABLE_SUFFIX
DISCOVERY_TABLE_TAGS
DISCOVERY_BUCKET_NAME
DISCOVERY_BUCKET_TAGS
DISCOVERY_CREATE_NOSQL_TABLES
DISCOVERY_GEN_TERRAFORM_NOSQL_TABLES	Set to true if you want to create Dynamodb tables using terraform. Set to false to disable terraform and create the resource manually.		true
DISCOVERY_CREATE_STREAMS
DISCOVERY_GEN_TERRAFORM_STREAMS	Set to true if you want to create Kinesis streams using terraform. Set to false to disable terraform and create the resource manually.		true
DISCOVERY_CREATE_BUCKET
DISCOVERY_GEN_TERRAFORM_BUCKET	Set to true if you want to create S3 bucket using terraform. Set to false to disable terraform and create the resource manually.		true
DISCOVERY_GEN_TERRAFORM_AZURE_ACCOUNT
DISCOVERY_SPARK_DRIVER_MEMORY
DISCOVERY_SPARK_EXECUTOR_MEMORY
DISCOVERY_SPARK_DRIVER_CORES
DISCOVERY_SPARK_EXECUTOR_CORES
DISCOVERY_SPARK_EXECUTOR_INSTANCES
DISCOVERY_CREATE_DEFAULT_APP_IN_PORTAL
DISCOVERY_COSMOSDB_FILE_REPOSITORY_PATH
DISCOVERY_COSMOSDB_DOCUMENT_SIZE_LIMIT
DISCOVERY_COSMOSDB_OFFER_THROUGHPUT
DISCOVERY_AWS_CLOUD_ASSUME_ROLE	Property to enable/disable to grant Discovery access to AWS services to perform the scanning operation.		true
DISCOVERY_AWS_CLOUD_ASSUME_ROLE_ARN
DISCOVERY_BUCKET_SQS_NAME	Set this property if you want to set a custom name for a SQS queue.		privacera_bucket_sqs_{{DEPLOYMENT_ENV_NAME}}
DISCOVERY_SQS_TAGS
DISCOVERY_CREATE_SQS
DISCOVERY_GEN_TERRAFORM_SQS	Set to true if you want to create SQS resource using terraform. Set to false to disable terraform and create the resource manually.		true
DATABRICKS_INIT_DBFS_FOLDER
DATABRICKS_DISCOVERY_CUST_CONF_ZIP_NAME
DATABRICKS_DISCOVERY_INIT_SCRIPT_PATH
DATABRICKS_DISCOVERY_SPARK_VERSION	The version of Spark used in a Databricks cluster.	6.4.x-scala2.11 (Spark 2.4) 7.3.x-scala2.12 (Spark 3.0) 7.4.x-scala2.12 (Spark 3.0) 7.5.x-scala2.12 (Spark 3.0) 7.6.x-scala2.12 (Spark 3.0)	7.3.x-scala2.12
DISCOVERY_SPARK_TASK_SCHEDULER_ENABLE
DISCOVERY_RANGER_REST_ENABLED
DISCOVERY_K8S_IMAGE_NAME
DISCOVERY_K8S_IMAGE_TAG
DISCOVERY_K8S_IMAGE_PULL_POLICY
DISCOVERY_K8S_PVC_NAME
DISCOVERY_K8S_PVC_STORAGE_SIZE_MB
DISCOVERY_K8S_PVC_STORAGE_SIZE
DISCOVERY_K8S_STORAGE_PROVISIONER
DISCOVERY_K8S_SC_NAME
DISCOVERY_K8S_PV_ENCRYPTED
DISCOVERY_K8S_PV_KEY
DISCOVERY_K8S_LOADBALANCER_EXTERNAL
DISCOVERY_K8S_ANNOTATION_LOADBALANCER_ANNOTATION
DISCOVERY_K8S_SPARK_UI_PORT
DISCOVERY_K8S_SPARK_UI_PORT_EXTERNAL	Property to change the default port number for Discovery.		4040
DISCOVERY_K8S_SPARK_EVENT_LOG_ENABLED
DISCOVERY_K8S_SPARK_DRIVER_PORT
DISCOVERY_K8S_SPARK_BLOCKMANAGER_PORT
DISCOVERY_K8S_SPARK_PORT_MAX_RETRIES
DISCOVERY_K8S_SPARK_SERVICE_AC_NAME
DISCOVERY_K8S_SPARK_DRIVER_MEMORY	Minimum amount of Kubernetes memory to be used by Discovery Driver. For example, DISCOVERY_K8S_SPARK_DRIVER_MEMORY: "1G".
DISCOVERY_K8S_SPARK_EXECUTOR_MEMORY	Minimum amount of Kubernetes memory in MB to be requested by Discovery Executor. For example, DISCOVERY_K8S_SPARK_EXECUTOR_MEMORY: "1024".
DISCOVERY_K8S_SPARK_DRIVER_CORES	Minimum amount of Kubernetes CPU to be requested by Discovery Driver. For example DISCOVERY_K8S_SPARK_DRIVER_CORES: “1”.
DISCOVERY_K8S_SPARK_EXECUTOR_CORES	Minimum amount of Kubernetes CPU to be requested by Discovery Executor. For example DISCOVERY_K8S_SPARK_EXECUTOR_CORES: “1”.
DISCOVERY_K8S_SPARK_EXECUTOR_INSTANCES
DISCOVERY_K8S_SPARK_DRIVER_LIMIT_CORES	Maximum amount of Kubernetes CPU to be used by Discovery Driver. For example, DISCOVERY_K8S_SPARK_DRIVER_LIMIT_CORES: "0.5".
DISCOVERY_K8S_SPARK_EXECUTOR_LIMIT_CORES	Maximum amount of Kubernetes CPU to be used by Discovery Executor. For example, DISCOVERY_K8S_SPARK_EXECUTOR_LIMIT_CORES: “0.5”.
DISCOVERY_K8S_SPARK_EXECUTOR_REQUEST_CORES	Minimum amount of Kubernetes CPU to be used by Discovery Executor. For example, DISCOVERY_K8S_SPARK_EXECUTOR_REQUEST_CORES: “0.5”.
DISCOVERY_K8S_SPARK_MASTER
DISCOVERY_K8S_MEM_LIMITS
DISCOVERY_K8S_MEM_REQUESTS
DISCOVERY_K8S_CPU_LIMITS
DISCOVERY_K8S_CPU_REQUESTS
DISCOVERY_AZURE_APP_CLIENT_ID
DISCOVERY_AZURE_STORAGE_ACCOUNT_NAME
DISCOVERY_AZURE_URL_PREFIX
DISCOVERY_AZURE_AUDIT_TYPE
DISCOVERY_AZURE_LOCATION
CREATE_AZURE_RESOURCES
DISCOVERY_AZURE_RESOURCE_GROUP
DISCOVERY_AZURE_APPLICATION_ID
DISCOVERY_AZURE_TENANTID
DISCOVERY_AZURE_APP_CLIENT_SECRET_BASE64
DISCOVERY_AZURE_SUBSCRIPTION_ID
DISCOVERY_AZURE_COSMOS_DB_ACCOUNT
DISCOVERY_PORTAL_SERVICE_USERNAME
DISCOVERY_PORTAL_SERVICE_PASSWORD
DISCOVERY_CLOUD_MODE
DISCOVERY_AWS_ENDPOINT_ENABLE
DISCOVERY_KINESIS_ENDPOINT_URL
DISCOVERY_DYNAMODB_ENDPOINT_URL
DISCOVERY_SOLR_BASIC_AUTH_ENABLED
DISCOVERY_SOLR_BASIC_AUTH_USER
DISCOVERY_SOLR_BASIC_AUTH_PASSWORD
PRIVACERA_DISCOVERY_SECRETS_FILE
DISCOVERY_ENCRYPT_SECRETS
PRIVACERA_DISCOVERY_SECRETS_KEYSTORE_PASSWORD
DISCOVERY_ENCRYPT_PROPS_LIST
DISCOVERY_PORTAL_SERVICE_PASSWORD
PRIVACERA_DISCOVERY_DATASOURCE_PASSWORD
RANGER_TAGSYNC_PASSWORD
DISCOVERY_SOLR_BASIC_AUTH_PASSWORD
PRIVACERA_DISCOVERY_DATASOURCE_PASSWORD
DISCOVERY_FS_S3A_ACCCESS_KEY
DISCOVERY_FS_S3A_SECRET_KEY
DISCOVERY_CLUSTER_NAME
DISCOVERY_AGENT_MODE
DISCOVERY_LOGS_SOLR_ENABLE
DISCOVERY_RANGER_HOOK_ENABLED
DISCOVERY_SPARK_DOCKER_DRIVER_MEMORY
DISCOVERY_SPARK_DOCKER_EXECUTOR_MEMORY
DISCOVERY_SPARK_DOCKER_DRIVER_CORES
DISCOVERY_SPARK_DOCKER_EXECUTOR_CORES
DISCOVERY_SPARK_DOCKER_EXECUTOR_INSTANCES
DISCOVERY_DOCKER_SPARK_MASTER
DISCOVERY_OFFLINE_SCAN_DEBUG_ENABLED
DISCOVERY_SCAN_BACKUP_CLEANER_INTERVAL_HR
DISCOVERY_RTBF_POLICY_ENABLED
DISCOVERY_WORKFLOW_POLICY_ENABLED
DISCOVERY_WORKFLOW_EXPUNGE_POLICY_ENABLED
DISCOVERY_DEIDENTIFICATION_POLICY_ENABLED
DISCOVERY_CONTENT_SCANNING_ENABLED
DISCOVERY_SCAN_OFFICE_MIME_TYPES_AS_ARCHIVE_ENABLED
DISCOVERY_OFFLINE_SCAN_BACKUP_FOLDER
DISCOVERY_DICT_BASE_PATH
DISCOVERY_ML_BASE_PATH
DISCOVERY_ML_TAG_ACTION_MODEL_PATH
DISCOVERY_SCAN_REQUEST_FILES_DIR
PARTIAL_MATCH_ENABLE
DISCOVERY_COSMOSDB_URL
DISCOVERY_COSMOSDB_KEY
DISCOVERY_GEN_TERRAFORM_WITH_MSI_ROLE
DISCOVERY_AZURE_HNS_ENALBED
DISCOVERY_AZURE_ACCOUNT_REPLICATION_TYPE
DISCOVERY_AZURE_ACCOUNT_KIND
DISCOVERY_SAMPLE_VALUES_MAX_LENGTH	Maximum length of a sample that is stored for a column or field
DISCOVERY_S3_AUDITS_ENABLE
DISCOVERY_ADLS_AUDITS_ENABLE
DISCOVERY_GCS_AUDITS_ENABLE
DISCOVERY_GBQ_AUDITS_ENABLE
DISCOVERY_DEPLOYMENT_SUFFIX_ID
DISCOVERY_SERVICE_USER
DISCOVERY_VERSION_FILE_NAME
DISCOVERY_HEARTBEAT_UPDATE_INTERVAL_SEC
DISCOVERY_SCAN_BACKUP_CLEANER_THRESHOLD_HR
DISCOVERY_LOOKUP_COPY_TO_HDFS_INTERVAL_SEC
DISCOVERY_GENERATE_SRC_ALERT_INTERVAL_MIN
DISCOVERY_LOOKUP_COPY_TO_HDFS_FROM_AGENT
DISCOVERY_RETRY_ON_FAILURE_INTERVAL_SEC
DISCOVERY_SCAN_DELAY_RETRY_INTERVAL
DISCOVERY_SCAN_DELAY_RETRY_COUNT
DISCOVERY_HOST
DISCOVERY_KAFKA_HEARTBEAT_INTERVAL_MS
DISCOVERY_KAFKA_REQUEST_TIMEOUT_MS
DISCOVERY_KAFKA_SESSION_TIMEOUT_MS
DISCOVERY_KAFKA_CONNECTIONS_MAX_IDLE_MS
DISCOVERY_KAFKA_ENABLE_AUTO_COMMIT
DISCOVERY_KAFKA_AUTO_OFFSET_RESET
DISCOVERY_KERBEROS_ENABLE
DISCOVERY_SOLR_KERBEROS_ENABLE
DISCOVERY_HBASE_KERBEROS_ENABLE
DISCOVERY_KAFKA_KERBEROS_ENABLE
DISCOVERY_KERBEROS_RELOGIN_INTERVAL_SECS
DISCOVERY_PORTAL_KERBEROS_ENABLE
DISCOVERY_SCAN_WORKER_KAFKA_SEND_BUFFER_MEMORY
DISCOVERY_SCAN_WORKER_KAFKA_SEND_LINGERMS
DISCOVERY_SCAN_WORKER_KAFKA_SEND_BATCHSIZE
DISCOVERY_SCAN_WORKER_KAFKA_SEND_RETRIES
DISCOVERY_SOLR_COLLECTION
DISCOVERY_SOLR_LINEAGE_COLLECTION
DISCOVERY_SOLR_ALERT_COLLECTION
DISCOVERY_SOLR_RESOURCE_COLLECTION
DISCOVERY_SOLR_OFFLINE_SCAN_SUMMARY_COLLECTION
DISCOVERY_SOLR_RESOURCE_META_INFO_COLLECTION
DISCOVERY_SOLR_RESOURCE_AUDIT_COLLECTION
DISCOVERY_SOLR_SPARK_EVENT_COLLECTION
DISCOVERY_SOLR_OFFLINE_SCAN_CLEANUP_COLLECTION
DISCOVERY_UNSTRUCTURED_VALUE_CHECKING_ENABLED
DISCOVERY_NUM_TOKENS_FOR_UNSTRUCTURED_DATA_DETECTION
DISCOVERY_SCAN_INCLUDE_PART_FILES_MAX_INDEX
DISCOVERY_ACTIVE_SCAN_ENABLE
DISCOVERY_SPARK_JOB_SCHEDULER_SLEEP_TIME_MS
DISCOVERY_AMOUNT_ARRAYVALUES_EXTRACTED
DISCOVERY_RECOVERY_SPARK_DEFAULT_POOL_NAME
DISCOVERY_CONSUMER_RECORD_WAIT_TIMEOUT_MS
DISCOVERY_CONSUMER_RECORD_BATCH_SIZE
DISCOVERY_RECOVERY_RETRY_MAX
DISCOVERY_GENERAL_CONSUMER_QUEUE_SIZE
DISCOVERY_OFFLINE_CONSUMER_QUEUE_SIZE
DISCOVERY_CONSUMER_RECORD_DB_PATHS
DISCOVERY_CONSUMER_RECORD_HANDLER_THREAD_POOL_SIZE	Property to configure the thread pool size for handling the consumer records. The property determines how many data source applications can be handled by the scheduler, so the property value should be more than the data source applications that are registered in an installation.		100
DISCOVERY_SEND_CHILD_TO_EXCLUDE_RESOURCE_INFO_ENABLE
DISCOVERY_DYNAMODB_WRITE_ITEM_MAX_SIZE
DISCOVERY_DYNAMODB_WRITE_BATCH_SIZE
DISCOVERY_DYNAMODB_READ_BATCH_SIZE
DISCOVERY_DYNAMODB_CHILD_COLUMN_LIMIT
DISCOVERY_AZURE_PAYLOAD_LIMIT
DISCOVERY_METASTORE_PAYLOAD_TABLE
DISCOVERY_METANAME_LEAF_ONLY
DISCOVERY_SEND_SPARK_JOB_EVENT
DISCOVERY_RESTART_ON_STUCK_JOBS
DISCOVERY_START_SCRIPT
DISCOVERY_DB_MAX_STATEMENTS
DISCOVERY_DB_MAX_POOL_SIZE
DISCOVERY_DB_ACQUIRE_INCREMENT
DISCOVERY_DB_MIN_POOL_SIZE
DISCOVERY_COSMOSDB_MAX_POOL_SIZE
DISCOVERY_COSMOSDB_RETRY_INTERVAL_SEC
DISCOVERY_COSMOSDB_MAX_RETRY
DISCOVERY_COSMOSDB_DATABASE_NAME
DISCOVERY_SAVE_ARCHIVE_FILES
DISCOVERY_RTBF_USE_ENCRYPTION
DISCOVERY_DATAZONE_MONITOR_OFF_PREMISE_SRC_ENABLE
DISCOVERY_DATAZONE_RESOURCE_REEVALUATE_ENABLED
DISCOVERY_SCAN_NEW_SCANNER_ENABLE
DISCOVERY_RIGHT_TO_PRIVACY_THREAD_POOL_SIZE
DISCOVERY_OFFLINE_SCAN_RETRY_COUNT
DISCOVERY_OFFLINE_SCAN_AUTO_RETRY_ENABLE
DISCOVERY_OFFLINE_FILE_AND_FOLDER_COUNTING_TASK_POLL_TIME_MS
DISCOVERY_OFFLINE_FILE_AND_FOLDER_COUNTING_TASK_TIMEOUT_MS
DISCOVERY_OFFLINE_SCAN_PARTITION_ENABLE
DISCOVERY_MAX_DICT_WORD_TO_SENTENCE_RATIO
DISCOVERY_APPLY_METANAME_DICT_TO_UNSTRUCT
DISCOVERY_MAX_BYTES_FOR_WORKFLOW
DISCOVERY_PRECORDS_PARQUET_VERSION
DISCOVERY_UNSTRUCT_TAGS_FILENAME
DISCOVERY_WORKFLOW_DUPLICATE_FILE_RETRY_MAX_ATTEMPTS
DISCOVERY_WORKFLOW_EXPUNGE_SPARKDF_SINGLE_FILE
DISCOVERY_WORKFLOW_EXPUNGE_SPARKDF_ENABLE
DISCOVERY_CLOUD_USE_ASSUMEROLE
DISCOVERY_GCP_CLOUD_OUTPUTWRITERS_ENABLE
DISCOVERY_DROOLS_POOL_SIZE
DISCOVERY_DROOLS_USE_POOL
DISCOVERY_INVALID_HEADER_CHARS_PAT
DISCOVERY_MAX_HEADER_LEN
DISCOVERY_STRUCT_VALUE_FULL_MATCH_ENABLED
DISCOVERY_CLASSIFIER_AUTO_CREATE_MANUAL_TAG
DISCOVERY_HBASE_BACKUP_TTL_MS
DISCOVERY_HBASE_BACKUP_TTL_ENABLE
DISCOVERY_HBASE_CLIENT_SCANNER_TIMEOUT_MS
DISCOVERY_EXCLUSION_CLEANER_SLEEP_MIN
DISCOVERY_EXCLUSION_CLEANER_BATCH_SIZE
DISCOVERY_EXCLUSION_CLEANER_ENABLE
DISCOVERY_FOLDER_TAGGER_BATCH_SIZE
DISCOVERY_FOLDER_TAGGER_BACKOFF_TIME_SEC
DISCOVERY_FOLDER_TAGGER_SLEEP_TIME_MS
DISCOVERY_CMD_SERVER_ENABLED
DISCOVERY_CMD_SERVER_PORT
DISCOVERY_RULE_ENGINE_ADJUST_SCORES
DISCOVERY_NOUN_LIST_FILE
DISCOVERY_SPARK_JOB_MAX_TIME_MS
DISCOVERY_ClASSIFY_RECORD_MAPPER_TASK_POLL_TIME_MS
DISCOVERY_ClASSIFY_RECORD_MAPPER_TASK_TIMEOUT_MS
DISCOVERY_ATLAS_HOOK_MAPPER_TASK_POLL_TIME_MS
DISCOVERY_ATLAS_HOOK_MAPPER_TASK_TIMEOUT_MS
DISCOVERY_NAV_TO_PRIVACERA_MAPPER_TASK_POLL_TIME_MS
DISCOVERY_NAV_TO_PRIVACERA_MAPPER_TASK_TIMEOUT_MS
DISCOVERY_SCAN_DELAY_MAPPER_TASK_POLL_TIME_MS
DISCOVERY_SCAN_DELAY_MAPPER_TASK_TIMEOUT_MS
DISCOVERY_ADLS_AUDITS_MAPPER_TASK_POLL_TIME_MS
DISCOVERY_ADLS_AUDITS_MAPPER_TASK_TIMEOUT_MS
DISCOVERY_S3_AUDITS_MAPPER_TASK_POLL_TIME_MS
DISCOVERY_S3_AUDITS_MAPPER_TASK_TIMEOUT_MS
DISCOVERY_DYNAMODB_AUDITS_MAPPER_TASK_POLL_TIME_MS
DISCOVERY_DYNAMODB_AUDITS_MAPPER_TASK_TIMEOUT_MS
DISCOVERY_HIVE_AUDITS_MAPPER_TASK_POLL_TIME_MS
DISCOVERY_HIVE_AUDITS_MAPPER_TASK_TIMEOUT_MS
DISCOVERY_CONTENT_CLASSIFIER_MAPPER_TASK_POLL_TIME_MS
DISCOVERY_CONTENT_ClASSIFIER_MAPPER_TASK_TIMEOUT_MS
DISCOVERY_CONTENT_SCAN_WORKER_TOPIC_PARTITION
DISCOVERY_CONTENT_SCAN_COLLECTOR_CYCLE_TIME_MS
DISCOVERY_DEFAULT_SPARK_PARTITION_PERCENT
DISCOVERY_USE_SPARK_PARTITION_CALC
DISCOVERY_HIVE_PROXY_USER_FEATURE
DISCOVERY_KERBEROS_LOGIN_RETRY_INTERVAL_MS
DISCOVERY_KERBEROS_LOGIN_NUM_RETRIES
DISCOVERY_LFS_USE_FILE_MONITOR
DISCOVERY_LFS_USE_FILE_WATCHER
DISCOVERY_OFFLINE_SCAN_CLEANUP_THREAD_POOL_SIZE
DISCOVERY_OFFLINE_SCAN_THREAD_POOL_SIZE
DISCOVERY_QUICK_SCAN_LIMIT
DISCOVERY_QUICK_SCAN_ENABLE
DISCOVERY_DO_HDFS_SCHEMA_MAPPING
DISCOVERY_ALLOW_FUZZY_MATCH_TAGS
DISCOVERY_EXEC_MIMETYPE_REMOVE_DEFAULTS
DISCOVERY_DEV_TEST_MODE
DISCOVERY_TRIGGER_FILE_PATH
DISCOVERY_POST_PROCESS_DROOLS_RULES_FILENAME
DISCOVERY_CLASSIFIER_RULES_UNSTRUCT_FILENAME
DISCOVERY_CLASSIFIER_RULES_FILENAME
DISCOVERY_CLASSIFIER_DROOLS_RULES_FILENAME
DISCOVERY_CHAT_SCAN_SKIP_INVALID_JSON_OUTPUT
DISCOVERY_UNSTRUCT_AS_SINGLE_LINE
DISCOVERY_POST_PROCESS_DATA_KEYSCORE_THRESHOLD
DISCOVERY_UNSTRUCTURED_DATA_KEYSCORE_THRESHOLD
DISCOVERY_STRUCTURED_DATA_KEYSCORE_THRESHOLD
DISCOVERY_USE_KEYSCORE_THRESHOLD
DISCOVERY__ML_PYTHON_FILE
DISCOVERY_ML_CONDA_ENV_PATH
DISCOVERY_ML_NLP_ENABLED
DISCOVERY_POST_PROCESS_RULE_ENGINE_ENABLED
DISCOVERY_RULE_ENGINE_DO_FALLBACK
DISCOVERY_RULE_DATABASE_ENABLED
DISCOVERY_RULE_ENGINE_ENABLED
DISCOVERY_RULE_ENGINE_DROOLS_ENABLED
DISCOVERY_RESOURCE_META_SCAN_MAPPER_CHECK_TASK_ACTIVE_INTERVAL_TIME_MS
DISCOVERY_RESOURCE_META_SCAN_MAPPER_TASK_POLL_TIME_MS
DISCOVERY_RESOURCE_META_SCAN_MAPPER_TASK_TIMEOUT_MS
DISCOVERY_SCHEMA_MAP_BASE_PATH
DISCOVERY_OFFLINE_SCAN_KAFKA_ENABLE
DISCOVERY_ML_ENABLE
DISCOVERY_SAS_SUFFIXES
DISCOVERY_ENABLE_SIMPLE_KAFKA_CONSUMER_FOR_AUDIT_PARSING
DISCOVERY_ENABLE_KAFKA_CONSUMER_FOR_MAPR_AUDIT_PARSING
DISCOVERY_ENABLE_KAFKA_CONSUMER_FOR_AUDIT_PARSING
DISCOVERY_ZIP_LOOKUP_KEY
DISCOVERY_GENERIC_ML_TYPE
DISCOVERY_CORE_NLP_ML_TYPE
DISCOVERY_PHONE_NUMBER_ML_TYPE
DISCOVERY_GEO_LAT_LONG_ML_TYPE
DISCOVERY_DOB_ML_TYPE
DISCOVERY_VIN_ML_TYPE
DISCOVERY_ITIN_ML_TYPE
DISCOVERY_EIN_ML_TYPE
DISCOVERY_SSN_ML_TYPE
DISCOVERY_IMEI_ML_TYPE
DISCOVERY_CC_ML_TYPE
DISCOVERY_ZIP_ML_TYPE
DISCOVERY_LFS_WATCHER_POLLTIME_MS
DISCOVERY_LFS_CREATE_MAX_TIME_MS
DISCOVERY_LFS_WATCHER_CACHE_SIZE
DISCOVERY_LFS_WATCHER_ENABLE
DISCOVERY_LFS_APP_TOPIC
DISCOVERY_LFS_APP
DISCOVERY_GOOGLE_BIGQUERY_PARSE_CTAS
DISCOVERY_DYNAMODB_ENABLE
DISCOVERY_FUZZY_SCORING_SENSE_CHECK_ENABLE
DISCOVERY_FUZZY_SCORING_MIN_CUTOFF_SCORE
DISCOVERY_ML_SRC_DETECT_MODEL_PATH
DISCOVERY_ML_MODEL_PATH
DISCOVERY_ML_CLASSIFY_TAG_ACTION_ENABLE
DISCOVERY_ML_CLASSIFY_SRC_CODE_ENABLE
DISCOVERY_ML_CLASSIFY_TAG_ENABLE
DISCOVERY_ML_STORE_SCAN_RESULTS
DISCOVERY_OUTPUTWRITERS_ENABLE
DISCOVERY_DATABRICKS_SPARK_ENABLE
DISCOVERY_KAFKA_PRODUCER_COMPRESSION_CODEC
DISCOVERY_SET_REMOTE_USER
DISCOVERY_STALE_DATA_RETRY_COUNT
DISCOVERY_AUDITS_TO_SOLR_ENABLED
DISCOVERY_ATLAS_HOOK_SIMPLE
DISCOVERY_ATLAS_HOOK_ENABLED
DISCOVERY_SPLUNK_ENABLE
DISCOVERY_SPLUNK_PORT
DISCOVERY_SPLUNK_ALERT_INDEX
DISCOVERY_SPLUNK_SCHEME
DISCOVERY_SPLUNK_HEC_SOURCE
DISCOVERY_ANOMALY_SCHEDULAR_ENABLE
DISCOVERY_MONITORING_SCHEDULAR_ENABLE
DISCOVERY_METRICS_JVM
DISCOVERY_METRICS_KAFKA_TOPIC
DISCOVERY_METRICS_KAFKA_INTERVAL_SEC
DISCOVERY_METRICS_ENABLE_KAFKA
DISCOVERY_METRICS_GRAPHITE_INTERVAL_SEC
DISCOVERY_METRICS_GRAPHITE_ENABLE
DISCOVERY_METRICS_CONSOLE_INTERVAL_SEC
DISCOVERY_METRICS_ENABLE_CONSOLE
DISCOVERY_METRICS_CSV_INTERVAL_SEC
DISCOVERY_METRICS_ENABLE_CSV
DISCOVERY_METRICS_CSVPATH
DISCOVERY_SOLR_LOGS_COLLECTION
DISCOVERY_SOLR_METRICS_COLLECTION
DISCOVERY_DB_CPDS_TEST_ONCHECKIN
DISCOVERY_DB_CPDS_TEST_ONCHECKOUT
DISCOVERY_DB_CPDS_IDLECONN_TEST_PERIOD_SEC
DISCOVERY_DB_CPDS_TESTQUERY
DISCOVERY_COMMON_EXCLUDE_RESOURCE_LIST
DISCOVERY_CSV_USE_HEADER
DISCOVERY_SCAN_MARK_LIMIT_BYTES
DISCOVERY_SCAN_MIN_CSV_FIELDS
DISCOVERY_SCAN_HIVE_MAX_COLS	Maximum number of columns in a database table or fields in a structured file to be scanned. This can be overriden by using `record.max.fields` property at data source level.		2000
DISCOVERY_SCAN_HIVE_MAX_ROWS	Maximum number of rows of a database table to be scanned.		500
DISCOVERY_SCAN_MAX_LINES	Maximum number of records of a structured file to be scanned.		500
DISCOVERY_CONTENT_MAX_CHARACTER	Maximum number of bytes in a column cell or field cell to be scanned.		1000
DISCOVERY_TIKA_MAX_BYTES	Maximum number of bytes of an unstructured file to be scanned.		102400
DISCOVERY_MAX_TAG_SNIPPET_SAMPLE_VALUES	Maximum number of samples to be captured for display in a tag.		3
DISCOVERY_QUICK_COUNT_THRESHOLD
DISCOVERY_KAFKA_CLASSIFIEDINFO_MAX_POLL_RECORDS
DISCOVERY_KAFKA_CLASSIFIEDINFO_SESSION_TIMEOUT_MS
DISCOVERY_KAFKA_CLASSIFIEDINFO_REQUEST_TIMEOUT_MS
DISCOVERY_META_SCANNING_ENABLE
DISCOVERY_OFFLINE_SCAN_SUMMARY_SOLR_ENABLE
DISCOVERY_METRICS_SOLR_ENABLE
DISCOVERY_NON_NULL_REPORT_OUTPUT_PATH
DISCOVERY_CLASSIFICATION_NON_NULL_COUNT_ENABLE
DISCOVERY_KAFKA_TOPIC_ENCRYPTION
DISCOVERY_KAFKA_TOPIC_DISCOVERY
DISCOVERY_KAFKA_DISCOVERY
DISCOVERY_KAFKA_DISCOVERY_REQUEST_TIMEOUT_MS
DISCOVERY_KAFKA_DISCOVERY_BOOSTRAP_SERVERS
DISCOVERY_KAFKA_DISCOVERY_USE_SSL
DISCOVERY_KAFKA_DISCOVERY_USE_KERBEROS
DISCOVERY_KAFKA_DISCOVERY_NAME
DISCOVERY_KAFKA_DISCOVERY_GROUP_ID
DISCOVERY_KAFKA_DISCOVERY_POLL_TIME_MS
DISCOVERY_KAFKA_DISCOVERY_ENABLE
DISCOVERY_IS_ATLAS_TAG_ENABLE
DISCOVERY_ATLAS_HOOK_VERSION
DISCOVERY_SCAN_RESOURCE_META_INFO_SOLR
DISCOVERY_IS_ATLAS_ENABLE
DISCOVERY_SPARK_STREAMING_RECEIVER_MAXRATE
DISCOVERY_SPARK_STREAMING_CHECKPOINT
DISCOVERY_SPARK_ENABLE_HIVE_SUPPORT
DISCOVERY_SPARK_LOCAL_MASTER
DISCOVERY_SPARK_APPLICATION_NAME
DISCOVERY_PORTAL_API_SCORE_THRESHOLD
DISCOVERY_PORTAL_API_APP_LIST
DISCOVERY_PORTAL_API_SYSTEM_LIST
DISCOVERY_KERBEROS_PRINCIPAL
DISCOVERY_KAFKA_ALERT_REPLICATION
DISCOVERY_KAFKA_GROUP_ID
DISCOVERY_GRAPHITE_HOST
DISCOVERY_KAFKA_CLASSFICATION_INFO_REPLICATION
DISCOVERY_MONITORING_HDFS_INPUT_PATH
DISCOVERY_KERBEROS_KEYTAB
DISCOVERY_SCAN_WORKER_KAFKA_GROUP_ID
DISCOVERY_SOLR_ALERTS_COLLECTION
DISCOVERY_SOLR_CLASSIFICATION_COLLECTION
DISCOVERY_GRAPHITE_PORT
DISCOVERY_HIVE_METASTORE_USEJDBC
DISCOVERY_INIT_CONTAINER_COMMAND_LIST	You can provide a list of commands to download custom jars to a specified location inside the Discovery container. For example: DISCOVERY_INIT_CONTAINER_COMMAND_LIST:-wget https://privacera/public/custom-1.jar -O /opt/privacera/discovery/libs/custom-1.jar-wget https://privacera/public/custom-2.jar -O /opt/privacera/discovery/libs/custom-2.jar
DISCOVERY_SCAN_PARQUET_ORC_FROM_ARCHIVE_ENABLE	Property to enable/disable the scanning of ORC/Parquet files within a ZIP file.	true, false	false
DISCOVERY_SCAN_PARQUET_ORC_STREAM_FILE_SIZE_LIMIT	Property to set the file size limit in megabytes (MB) on the ORC/Parquet files being scanned from the archive location.		5242880
DISCOVERY_SCAN_PARQUET_TEMP_FILE_FROM_ARCHIVE_ENABLE	By default, Parquet files are stored in a temporary file within a zip file. Set to true to scan the Parquet files from a temporary file. Set to false to scan the Parquet files from a zip file stream.	true, false	true
DISCOVERY_SCAN_ORC_TEMP_FILE_FROM_ARCHIVE_ENABLE	By default, ORC files are stored in a temporary file within a zip file. Set to true to scan the ORC files from a temporary file. Set to false to scan the ORC files from a zip file stream.	true, false	false
DISCOVERY_GOOGLE_CLOUD_STORAGE_LINEAGE_LOOPBACK_TIME_MS	This property indicates time for GCS lineage loopback.	-	3000
DISCOVERY_GOOGLE_CLOUD_STORAGE_LINEAGE_CUTOFF_TIME_MS	This property indicates cut off time to wait for GCS log event for lineage.	-	300000
DISCOVERY_GOOGLE_CLOUD_STORAGE_LINEAGE_CUTOFF_TIME_CHECK_INTERVAL_MS	This property indicates fixed interval at which to check for delayed GCS lineage pending realtime file.	-	30000
DISCOVERY_CONTENT_SCAN_THREAD_POOL_SIZE	If you are scanning more than 2 datasource with different projects, then set this property as the number of projects you will be scanning in discovery.	-	2
DISCOVERY_CONNECTION_TEST_INTERVAL_SEC	The fixed interval in seconds at which all key Privacera internal components are checked. Status of the connection is sent to Portal. See Health Check	Allowable value is non-zero integer number of seconds. Recommended short duration and not to exceed 900 seconds (15 minutes).	60
DISCOVERY_TELEMETRY_UPDATE_TO_SOLR	Set to true to send telemetry to Apache Solr. Set to false to not send telemetry to the Apache Solr. The following telemetry is sent to Apache Solr: Count of tags. Count of resource scanned based on application and application type. Scan amount based on application and application type. Total compliance count and compliance count for individual policy.	true, false	true
DISCOVERY_RTBF_SUMMARY_ENABLED	Set this property to true to view the summary for RTP policy and Expunge policy on the UI for Auto Run jobs. Set this property to false to not view the summary. Although this property string contains "RTBF", the property relates to RTP.	true, false	false
DISCOVERY_K8S_SPARK_DYNAMIC_ALLOCATION_ENABLED	Whether to use dynamic resource allocation, which scales the number of executors registered with this application up and down based on the workload.	true, false	false
DISCOVERY_K8S_SPARK_DYNAMIC_ALLOCATION_SHUFFLE_TRACKING_ENABLED	Enables shuffle file tracking for executors, which allows dynamic allocation without the need for an external shuffle service. This option will try to keep alive executors that are storing shuffle data for active jobs.	true, false	true
DISCOVERY_K8S_SPARK_DYNAMIC_ALLOCATION_EXECUTOR_IDLE_TIMEOUT	If dynamic allocation is enabled and an executor has been idle for more than this duration, the executor will be removed.	-	60s
DISCOVERY_K8S_SPARK_DYNAMIC_ALLOCATION_CACHED_EXECUTOR_IDLE_TIMEOUT	If dynamic allocation is enabled and an executor which has cached data blocks has been idle for more than this duration, the executor will be removed.	-	120s
DISCOVERY_K8S_SPARK_DYNAMIC_ALLOCATION_MAX_EXECUTORS	Upper bound for the number of executors if dynamic allocation is enabled.	-	4
DISCOVERY_K8S_SPARK_MEMORY_OVERHEAD_FACTOR	This sets the Memory Overhead Factor that will allocate memory to non-JVM memory, which includes off-heap memory allocations, non-JVM tasks, and various systems processes.	-	0.1
DISCOVERY_HBASE_RETRY_ON_FAILURE_COUNT	Number of retries for Hbase connection.	-	2
DISCOVERY_HBASE_WAIT_BETWEEN_RETRY_MS	Wait time before retrying Hbase connection.	-	100 ms (milliseconds)
DISCOVERY_CONSUMER_ENABLE	Set this property to true if you want to start a separate consumer pod, which will be used for writing Privacera Discovery Classification and Scan Summary Data in Solr. Set this property to false if you do not require a separate consumer pod. Note This property is enabled only for AWS Kubernetes Spark.
DISCOVERY_SPARK_JOB_MAX_TIME_MS	How long to wait (in milliseconds) before stopping a long running spark job.		14400000
DISCOVERY_K8S_SPARK_DYNAMIC_ALLOCATION_SHUFFLE_TRACKING_TIMEOUT	When enabled, shuffle tracking controls the timeout for executors that are holding shuffle data. The default value means that Spark will rely on the shuffles being garbage collected to be able to release executors. If garbage collection is slow to clean up shuffles, you can control when to time out executors, even when they are storing shuffle data.		300s
Memory Variables Note Memory variables are used only for Discovery on Kubernetes Spark.
DISCOVERY_DRIVER_HEAP_MIN_MEMORY_MB	Minimum Java Heap memory in MB used by Discovery Driver. For example, DISCOVERY_DRIVER_HEAP_MIN_MEMORY_MB: "1024".
DISCOVERY_DRIVER_HEAP_MIN_MEMORY	Minimum Java Heap memory used by Discovery Driver. Setting this value will override DISCOVERY_DRIVER_HEAP_MIN_MEMORY_MB. For example, DISCOVERY_DRIVER_HEAP_MIN_MEMORY: "1g".
DISCOVERY_DRIVER_HEAP_MAX_MEMORY_MB	Maximum Java Heap memory in MB used by Discovery Driver. For example, DISCOVERY_DRIVER_HEAP_MAX_MEMORY_MB: "1024".
DISCOVERY_DRIVER_HEAP_MAX_MEMORY	Maximum Java Heap memory used by Discovery Driver. Setting this value will override DISCOVERY_DRIVER_HEAP_MAX_MEMORY_MB. For example, DISCOVERY_DRIVER_HEAP_MAX_MEMORY: "1g".
DISCOVERY_DRIVER_K8S_MEM_REQUESTS_MB	Minimum amount of Kubernetes memory in MB to be requested by Discovery Driver. For example, DISCOVERY_DRIVER_K8S_MEM_REQUESTS_MB: "1024".
DISCOVERY_DRIVER_K8S_MEM_REQUESTS	Minimum amount of Kubernetes memory to be used by Discovery Driver. Setting this value will override DISCOVERY_DRIVER_K8S_MEM_REQUESTS_MB. For example, DISCOVERY_DRIVER_K8S_MEM_REQUESTS: "1G".
DISCOVERY_DRIVER_K8S_MEM_LIMITS_MB	Maximum amount of Kubernetes memory to be requested by Discovery Driver. The value set in in this field will be considered as megabytes. For example, DISCOVERY_DRIVER_K8S_MEM_LIMITS_MB: "1024".
DISCOVERY_DRIVER_K8S_MEM_LIMITS	Maximum amount of Kubernetes memory to be used by Discovery Driver. Setting this value will override DISCOVERY_DRIVER_K8S_MEM_LIMITS_MB. For example, DISCOVERY_DRIVER_K8S_MEM_LIMITS: "1G".
DISCOVERY_DRIVER_CPU_MIN	Minimum amount of Kubernetes CPU to be requested by Discovery Driver. For example, DISCOVERY_DRIVER_CPU_MIN: "0.5".
DISCOVERY_DRIVER_CPU_MAX	Maximum amount of Kubernetes CPU to be used by Discovery Driver. For example, DISCOVERY_DRIVER_CPU_MAX: "0.5".
DISCOVERY_EXECUTOR_HEAP_MIN_MEMORY_MB	Minimum Java Heap memory in MB used by Discovery Executor. For example, DISCOVERY_EXECUTOR_HEAP_MIN_MEMORY_MB: "1024".
DISCOVERY_EXECUTOR_HEAP_MIN_MEMORY	Minimum Java Heap memory used by Discovery Executor. Setting this value will override DISCOVERY_EXECUTOR_HEAP_MIN_MEMORY_MB. For example, DISCOVERY_EXECUTOR_HEAP_MIN_MEMORY: "1g".
DISCOVERY_EXECUTOR_HEAP_MAX_MEMORY_MB	Maximum Java Heap memory in MB used by Discovery Executor. For example, DISCOVERY_EXECUTOR_HEAP_MAX_MEMORY_MB: "1024".
DISCOVERY_EXECUTOR_HEAP_MAX_MEMORY	Maximum Java Heap memory used by Discovery Executor. Setting this value will override DISCOVERY_EXECUTOR_HEAP_MAX_MEMORY_MB. For example, DISCOVERY_EXECUTOR_HEAP_MAX_MEMORY: "1g".
DISCOVERY_EXECUTOR_K8S_MEM_REQUESTS_MB	Minimum amount of Kubernetes memory in MB to be requested by Discovery Executor. For example, DISCOVERY_EXECUTOR_K8S_MEM_REQUESTS_MB: "1024".
DISCOVERY_EXECUTOR_K8S_MEM_REQUESTS	Minimum amount of Kubernetes memory to be used by Discovery Executor. Setting this value will override DISCOVERY_EXECUTOR_K8S_MEM_REQUESTS_MB. For example, DISCOVERY_EXECUTOR_K8S_MEM_REQUESTS: "1G".
DISCOVERY_EXECUTOR_K8S_MEM_LIMITS_MB	Maximum amount of Kubernetes memory in MB to be requested by Discovery Executor. For example, DISCOVERY_EXECUTOR_K8S_MEM_LIMITS_MB: "1024".
DISCOVERY_EXECUTOR_K8S_MEM_LIMITS	Maximum amount of Kubernetes memory to be used by Discovery Executor. Setting this value will override DISCOVERY_EXECUTOR_K8S_MEM_LIMITS_MB. For example, DISCOVERY_EXECUTOR_K8S_MEM_LIMITS: "1G".
DISCOVERY_EXECUTOR_CPU_MIN	Minimum amount of Kubernetes CPU to be requested by Discovery Executor. For example, DISCOVERY_EXECUTOR_CPU_MIN: "0.5".
DISCOVERY_EXECUTOR_CPU_MAX	Maximum amount of Kubernetes CPU to be used by Discovery Executor. For example, DISCOVERY_EXECUTOR_CPU_MAX: "0.5".
DISCOVERY_DRIVER_K8S_CPU_LIMITS	Maximum amount of Kubernetes CPU to be used by Discovery Driver. For example, DISCOVERY_DRIVER_K8S_CPU_LIMITS: "0.5".	true, false	false
DISCOVERY_DRIVER_K8S_CPU_REQUESTS	Minimum amount of Kubernetes CPU to be requested by Discovery Driver. For example, DISCOVERY_DRIVER_K8S_CPU_REQUESTS: "0.5".
DISCOVERY_EXECUTOR_K8S_CPU_LIMITS	Maximum amount of Kubernetes CPU to be used by Discovery Executor. For example, DISCOVERY_EXECUTOR_K8S_CPU_LIMITS: “0.5”.
DISCOVERY_EXECUTOR_K8S_CPU_REQUESTS	Minimum amount of Kubernetes memory to be used by Discovery Executor. For example, DISCOVERY_EXECUTOR_K8S_CPU_REQUESTS: “0.5”.
DISCOVERY_CONSUMER_K8S_MEM_LIMITS	Maximum amount of Kubernetes memory to be used by Discovery Consumer. For example, DISCOVERY_CONSUMER_K8S_MEM_LIMITS: "1G".
DISCOVERY_CONSUMER_K8S_MEM_REQUESTS	Minimum amount of Kubernetes memory to be used by Discovery Consumer. For example, DISCOVERY_CONSUMER_K8S_MEM_REQUESTS: "1G".
DISCOVERY_CONSUMER_K8S_CPU_LIMITS	Maximum amount of Kubernetes CPU to be used by Discovery Consumer. For example, DISCOVERY_CONSUMER_K8S_CPU_LIMITS: "0.5".
DISCOVERY_CONSUMER_K8S_CPU_REQUESTS	Minimum amount of Kubernetes CPU to be requested by Discovery Consumer. For example, DISCOVERY_CONSUMER_K8S_CPU_REQUESTS: "0.5".

Enabling Multithreading for Different Consumers

For enabling multithreading for different consumers in the Discovery driver pod or Discovery consumer pod, refer to Configure system properties and follow these steps:

Note

This feature is supported only for AWS Kubernetes Spark.

For the Discovery driver, create the property file discovery-custom.properties.
For the Discovery consumer, create the property file discovery-consumer-custom.properties.
Add all of the following properties in both of the above files.
Note
The values in the following properties are recommended values.

#privacera_offline_scan_topic privacera.discovery.cloud.consumer.config.offline.scan.summary.max.poll.records=1
privacera.discovery.cloud.consumer.config.offline.scan.max.poll.records=1

#this is the timeout for offline scan job for each batch file
privacera.discovery.cloud.consumer.config.offline.scan.summary.task.timeout.ms=172800000
privacera.discovery.cloud.consumer.config.offline.scan.task.timeout.ms=172800000

#privacera_scan_resource_info_topic privacera.discovery.cloud.consumer.config.ow.solr.scan.resource.info.max.poll.records=10000
privacera.discovery.cloud.consumer.config.ow.solr.resource.max.poll.records=10000
privacera.discovery.cloud.consumer.config.ow.solr.scan.resource.meta.max.poll.records=10000

privacera.discovery.cloud.consumer.config.ow.solr.scan.resource.info.task.timeout.ms=172800000
privacera.discovery.cloud.consumer.config.ow.solr.resource.task.timeout.ms=172800000
privacera.discovery.cloud.consumer.config.ow.solr.scan.resource.meta.task.timeout.ms=172800000

privacera.discovery.cloud.consumer.config.ow.solr.scan.resource.info.parallel.size=50
privacera.discovery.cloud.consumer.config.ow.solr.scan.resource.meta.parallel.size=50
privacera.discovery.cloud.consumer.config.ow.solr.resource.parallel.size=50

#privacera_classification_topic privacera.discovery.cloud.consumer.config.ow.solr.classifications.max.poll.records=10000
privacera.discovery.cloud.consumer.config.ow.resource.workflow.max.poll.records=10000
privacera.discovery.cloud.consumer.ow.ranger.rest.classifications.max.poll.records=10000

privacera.discovery.cloud.consumer.config.ow.solr.classifications.task.timeout.ms=86400000
privacera.discovery.cloud.consumer.config.ow.resource.workflow.task.timeout.ms=86400000
privacera.discovery.cloud.consumer.ow.ranger.rest.classifications.task.timeout.ms=86400000

privacera.discovery.cloud.consumer.config.ow.solr.classifications.parallel.size=50
privacera.discovery.cloud.consumer.ow.ranger.rest.classifications.parallel.size=50

Dataserver

The following table contains the list of custom properties that can be configured for Dataserver. To use a custom property from the table, just add it to the following YML file in the custom-vars folder configured as per your environment:

vars.dataserver.aws.yml
vars.dataserver.azure.yml
vars.dataserver.gcp.yml

Property	Description	Values	Default Value
DATASERVER_ENABLE
DATASERVER_INSTALL
DATASERVER_IMAGE_NAME
DATASERVER_IMAGE_TAG
DATASERVER_HTTP_HOSTNAME
DATASERVER_HTTP_PORT	Property to change the default port number for a non-secured Dataserver.		8181
DATASERVER_PROXY_SSL	Set the property to enable/disable DataServer Proxy SSL	true, false	true
DATASERVER_HTTPS_HOSTNAME
DATASERVER_HTTPS_PORT	Property to change the default port number for a secured Dataserver.		8282
DATASERVER_HTTPS_KEYSTORE_FILE
DATASERVER_HTTPS_KEYSTORE_TYPE
DATASERVER_HTTPS_KEYSTORE_ALIAS
DATASERVER_HTTPS_KEYSTORE_PASSWORD
DATASERVER_HTTPS_KEYMANAGER_FACTORY_TYPE
DATASERVER_SSL_TRUSTSTORE_PASSWORD
DATASERVER_SSL_SELF_SIGNED	Set the value of the property to `false` to use signed certificate for DataServer.		true
DATASERVER_HOST_NAME	Signed DNS name for DataServer.
DATASERVER_SSL_SIGNED_PEM_FULL_CHAIN	The SSL certificates chain that consists of root certificates and intermediate certificate.
DATASERVER_SSL_SIGNED_PEM_PRIVATE_KEY	Signed certificate authority private key.
DATASERVER_SSL_SIGNED_CERT_FORMAT	Signed certificate key format. The format is `.pem`.
DATASERVER_INTERNAL_HOST_NAME
DATASERVER_PROXY_PORT
DATASERVER_PROTOCOL
DATASERVER_PROTOCOL_URL
DATASERVER_SVC_IP
DATASERVER_EXTERNAL_HOST
DATASERVER_URL
DATASERVER_EXTERNAL_URL
DATASERVER_CLOUD_PROVIDER
DATASERVER_USE_CLOUDACCESSMGR
DATASERVER_PORTAL_BASEURL
DATASERVER_PORTAL_LOGIN_USER_NAME
DATASERVER_PORTAL_LOGIN_USER_PASS
DATASERVER_SSL_KEYSTORE
DATASERVER_SSL_KEYSTORE_PASSWORD
DATASERVER_TOKENSIGNER_KEYSTORE_FILE
DATASERVER_TOKENSIGNER_KEYSTORE_TYPE
DATASERVER_KEYSTORE_ALIAS
DATASERVER_KEYSTORE_PASSWORD
DATASERVER_MAC_ALGORITHM
DATASERVER_RANGER_AUTH_ENABLED
DATASERVER_ENCRYPT_SECRETS
DATASERVER_SECURE_JCEKS_FILE_PATHS
DATASERVER_SECURE_JCEKS_KEYS
DATASERVER_SECURE_JCEKS_KEYPREFIX
DATASERVER_ENCRYPT_PROPS_LIST
DATASERVER_AWS_SERVICES
DATASERVER_AWS_REGION
DATASERVER_AWS_S3_MULTI_ACCOUNT_ACCESS_ENABLE	Property to enable or disable the AWS S3 multiple IAM role support in Dataserver.	true, false	false
DATASERVER_AWS_S3_MULTI_ACCOUNT_DEFAULT_IAM	Property to set the role ARN of the AWS S3 bucket. The default IAM role will be used, if IAM Role mapping is not found for any s3 bucket This bucket can be a shared bucket containing common artifacts or resources.
DATASERVER_AWS_S3_MULTI_ACCOUNT_MAPPING	Property to define the mapping between role ARNs and buckets. You can add comma-separated buckets. Set the mapping as shown below: DATASERVER_AWS_S3_MULTI_ACCOUNT_MAPPING:-"<role-arn>\|<bucketA,bucketB>"-"<role-arn>\|<bucketC,bucketD>"
DATA_SERVER_AWS_S3_ENCRYPTION_ENABLE	Property to enable or disable the AWS S3 bucket encryption support.	true,false	false
DATA_SERVER_AWS_S3_ENCRYPTION_MAPPING	Property to set the mapping of S3 buckets, encryption SSE type, and SSE key (base64 encoded ). For example, `"bucketC,BucketD\|SSE-KMS\|<base64 encoded sse key>"`. The base64-encoded encryption key should be set for the following: Encryption type is set to `SSE-KMS` and customer managed CMKs is used for encryption. Encryption type is set to `SSE-C`. Example of the mapping of S3 buckets: DATA_SERVER_AWS_S3_ENCRYPTION_MAPPING:-"bucketB\|SSE-KMS"-"bucketC,BucketD\|SSE-KMS\|<base64encodedssekey>"-"bucketE*\|SSE-C\|<base64encodedssekey>"
DATASERVER_S3_AWS_API_KEY
DATASERVER_S3_AWS_SECRET_KEY
DATASERVER_ATHENA_S3_USE_S3POLICY
DATASERVER_ATHENA_RESULTS_STORAGE_URL
DATASERVER_ATHENA_RESULTS_STORAGE_ENCRYPT_OPTION
DATASERVER_ATHENA_RESULTS_STORAGE_ENCRYPT_KMS_KEY
DATASERVER_V2_S3_ENDPOINT_ENABLE
DATASERVER_V2_S3_ENDPOINT_HOST
DATASERVER_V2_S3_ENDPOINT_PORT
DATASERVER_V2_S3_ENDPOINT_SSL
DATASERVER_AZURE_SERVICES
DATASERVER_AZURE_TENANTID
DATASERVER_AZURE_CLIENTID
DATASERVER_AZURE_SUBSCRIPTION_ID
DATASERVER_AZURE_RESOURCE_GROUP
DATASERVER_AZURE_CLIENT_SECRET
DATASERVER_AZURE_GEN2_SHARED_KEY_AUTH
DATASERVER_AZURE_ACCT_SHARED_KEY_PAIRS
DATASERVER_AZURE_ACCOUNT_NAME
DATASERVER_AZURE_SHARED_KEY
DATASERVER_AZURE_KERBEROS_KEYTAB
DATASERVER_AZURE_KERBEROS_PRINCIPAL
DATASERVER_AZURE_KERBEROS_USER
DATASERVER_GCP_SERVICES
DATASERVER_GCP_CREDENTIAL_FILE_PATH
DATASERVER_S3_CREDENTIAL_PROVIDER_PATH
DATASERVER_SUPERUSERS
DATASERVER_JWT_OAUTH_ENABLE
DATASERVER_JWT_TOKEN_ISSUER
DATASERVER_JWT_TOKEN_SUBJECT
DATASERVER_JWT_TOKEN_SECRET
DATASERVER_JWT_TOKEN_PUBLICKEY
DATASERVER_AUTHENTICATION_SOURCES
DATASERVER_AUTHENTICATION_IMPL_PROVIDERS
DATASERVER_MYLDAP_LDAP_URL
DATASERVER_MYLDAP_LDAP_USER_SEARCHFILTER
DATASERVER_MYLDAP_LDAP_USER_DNPATTERN
DATASERVER_MYLDAP_LDAP_REFERRAL
DATASERVER_MYLDAP_LDAP_BIND_DN
DATASERVER_MYLDAP_LDAP_BIND_PASSWORD
DATASERVER_MYLDAP_LDAP_BASE_DN
DATASERVER_MYAD_AD_URL
DATASERVER_MYAD_AD_USER_SEARCHFILTER
DATASERVER_MYAD_AD_REFERRAL
DATASERVER_MYAD_AD_BIND_DN
DATASERVER_MYAD_AD_BIND_PASSWORD
DATASERVER_MYAD_AD_BASE_DN
DATASERVER_DATABRICKS_ALLOWED_URLS	Property accepts a comma-separated list of allowable Databricks URLs. For example: DATASERVER_DATABRICKS_ALLOWED_URLS: "https://nvirginia.cloud.databricks.com,https://your.single.tenent.databricks.url"
DATASERVER_AWS_STS_ROLE
DATASERVER_V2_WORKDER_THREADS	Number of worker threads to process inbound connection.		20
DATASERVER_V2_CHANNEL_CONNECTION_BACKLOG	Maximum queue size for inbound connection.		128
DATASERVER_V2_CHANNEL_CONNECTION_POOL	Enable connection pool for outbound request.	true, false	false
DATASERVER_V2_FRONT_CHANNEL_IDLE_TIMEOUT	Idle timeout for inbound connection.		60
DATASERVER_V2_BACK_CHANNEL_IDLE_TIMEOUT	Idle timeout for outbound connection and will take effect only if the connection pool enabled.		60
DATASERVER_METRICS_PREFIX
DATASERVER_METRICS_GRAPHITE_ENABLE
DATASERVER_METRICS_GRAPHITE_HOST
DATASERVER_METRICS_GRAPHITE_PORT
DATASERVER_METRICS_GRAPHITE_INTERVAL
DATASERVER_TUNNEL_PORT
DATASERVER_K8S_LOADBALANCER_EXTERNAL
DATASERVER_K8S_ANNOTATION_LOADBALANCER_ANNOTATION
DATASERVER_K8S_PVC_NAME
DATASERVER_K8S_PVC_STORAGE_SIZE_MB
DATASERVER_K8S_PVC_STORAGE_SIZE
DATASERVER_K8S_STORAGE_PROVISIONER
DATASERVER_K8S_SC_NAME
DATASERVER_K8S_PV_ENCRYPTED
DATASERVER_K8S_PV_KEY
DATASERVER_K8S_MEM_LIMITS
DATASERVER_K8S_MEM_REQUESTS
DATASERVER_K8S_CPU_LIMITS
DATASERVER_K8S_CPU_REQUESTS
DATASERVER_PASSWORDS_LIST
Memory Variables
DATASERVER_HEAP_MIN_MEMORY_MB	Minimum Java Heap memory in MB used by Dataserver. For example, DATASERVER_HEAP_MIN_MEMORY_MB: "1024"
DATASERVER_HEAP_MIN_MEMORY	Minimum Java Heap memory used by Dataserver. Setting this value will override DATASERVER_HEAP_MIN_MEMORY_MB. For example, DATASERVER_HEAP_MIN_MEMORY: "1g"
DATASERVER_HEAP_MAX_MEMORY_MB	Maximum Java Heap memory in MB used by Dataserver. For example, DATASERVER_HEAP_MAX_MEMORY_MB: "1024"
DATASERVER_HEAP_MAX_MEMORY	Maximum Java Heap memory used by Dataserver. Setting this value will override DATASERVER_HEAP_MAX_MEMORY_MB. For example, DATASERVER_HEAP_MAX_MEMORY: "1g"
DATASERVER_K8S_MEM_REQUESTS_MB	Minimum amount of Kubernetes memory in MB to be requested by Dataserver. For example, DATASERVER_K8S_MEM_REQUESTS_MB: "1024"
DATASERVER_K8S_MEM_REQUESTS	Minimum amount of Kubernetes memory to be used by Dataserver. Setting this value will override DATASERVER_K8S_MEM_REQUESTS_MB. For example, DATASERVER_K8S_MEM_REQUESTS: "1G"
DATASERVER_K8S_MEM_LIMITS_MB	Maximum amount of Kubernetes memory in MB to be requested by Dataserver. For example, DATASERVER_K8S_MEM_LIMITS_MB: "1024"
DATASERVER_K8S_MEM_LIMITS	Maximum amount of Kubernetes memory to be used by Dataserver. Setting this value will override DATASERVER_K8S_MEM_LIMITS_MB. For example, DATASERVER_K8S_MEM_LIMITS: "1G"
DATASERVER_CPU_MIN	Minimum amount of Kubernetes CPU to be requested by Dataserver. For example, DATASERVER_CPU_MIN: "0.5"
DATASERVER_CPU_MAX	Maximum amount of Kubernetes CPU to be used by Dataserver. For example, DATASERVER_CPU_MAX: "0.5"

Crypto

This topic provides the list of custom properties that should be configured for the Crypto service. It covers how you can configure the custom properties in Privacera Manager (PM) CLI.

PM CLI Configuration

To use a custom property from the properties table, add it to the following YML file in the custom-vars folder configured as per your environment:

vars.crypto.yml

Properties Table

Property	Description	Example	Default Value
CRYPTO_PEG_EXTERNAL_URL	The URL to access hostname and port of the PEG service. Unless you have changed the standard configuration, this is the host where the Privacera Platform is in stalled and the default port for PEG, which is 6869.	http://privacera.BigCo.com:6869	None
CRYPTO_PEG_LOG_USER_NAME	This is the service/adminstrative user defined in the PEG service with properties `privacera.portal.username` and `privacera.portal.password`.		None
CRYPTO_PEG_DATABRICKS_USER_PASSWORD	The Privacera Platform password for the user defined in CRYPTO_PEG_LOG_USER_NAME.		None
PRIVACERA_CRYPTO_SCHEME_EXPIRY_SECONDS	TTL in seconds for cached schemes. Auto-refreshes after expiry.		1,800 (30 minutes).

Solr

This topic provides the list of custom properties that can be configured for the Solr service. It covers how you can configure the custom properties in Privacera Manager (PM) CLI.

PM CLI Configuration

To use a custom property from the table, just add it to the following YML file in the custom-vars folder configured as per your environment:

vars.solr.yml

Properties Table

Property	Description	Value	Default Value
SOLR_ENABLE
SOLR_INSTALL
SOLR_IMAGE_NAME
SOLR_IMAGE_TAG
SOLR_INTERNAL_PORT
SOLR_EXTERNAL_PORT	Property to change the default port number for Solr.		8983
SOLR_SERVICE_NAME
SOLR_SSL_ENABLE
SOLR_SSL_SELF_SIGNED
SOLR_SSL_SIGNED_CERT_FORMAT
SOLR_GC
SOLR_HOME
SOLR_LOGS_DIR
SOLR_HOST_NAME
SOLR_INTERNAL_HOST_NAME
SOLR_SVC_IP
SOLR_EXTERNAL_HOST_NAME
SOLR_LISTEN_HOST_NAME
SOLR_URL_SCHEME
SOLR_PROTOCOL
SOLR_URL
SOLR_URL_EXTERNAL
SOLR_URL_IP
SOLR_ZK_HOST
SOLR_BASIC_AUTH_ENABLED
SOLR_BASIC_AUTH_USER
SOLR_BASIC_AUTH_PASSWORD
SOLR_NODE_COUNT
SOLR_ZK_HOST_DOCKER
SOLR_KEYSTORE_ALIAS
SOLR_KEYSTORE_PASSWORD
SOLR_TRUSTSTORE_PASSWORD
SOLR_SSL_TRUSTSTORE
SOLR_SSL_TRUSTSTORE_TYPE
SOLR_SSL_KEYSTORE_TYPE
SOLR_KEYSTORE_FILENAME
SOLR_SSL_KEYSTORE
SOLR_SSL_VALIDATE_LOOP_COUNT	Number of retries to be attempted to validate whether the SOLR service is up and running. PM CLI After adding the property, run the `./privacera-manager.sh update` command. Wait for 30 minutes and then run the restart command for the property to take effect. To learn how to restart, click here.		60
SOLR_SSL_VALIDATE_SLEEP_SECS	Wait for number of secs before calling the API to validate whether the SOLR service is up and running. PM CLI After adding the property, run the `./privacera-manager.sh update` command. Wait for 30 minutes and then run the restart command for the property to take effect. To learn how to restart, click here. Note: In PM CLI, restarting the Privacera services does not apply any changes done in the property configuration. You will have to run the update to apply the configuration changes.		30
SOLR_SSL_NEED_CLIENT_AUTH
SOLR_SSL_WANT_CLIENT_AUTH
SOLR_SSL_CHECK_PEER_NAME
SOLR_SSL_SIGNED_PKCS12_ALIAS
SOLR_SSL_SIGNED_PKCS12_FILE
SOLR_SSL_SIGNED_PEM_FULL_CHAIN
SOLR_SSL_SIGNED_PEM_PRIVATE_KEY
SOLR_K8S_CLUSTER_SIZE
SOLR_K8S_TERMINATION_GRACE_PERIOD_SECS
SOLR_K8S_READINESS_PROBE_DELAY_SECS	Time in seconds to delay the Kubernetes readiness probe for the Solr pod.		5
SOLR_K8S_READINESS_PROBE_FAILURE_THRESHOLD	Failure threshold is the number of times Kubernetes will try to perform the readiness probe for the Solr pod.		3
SOLR_K8S_READINESS_PROBE_PERIOD_SECS	Time in seconds to perform the Kubernetes readiness probe for the Solr pod.		10
SOLR_K8S_LIVENESS_PROBE_DELAY_SECS	Time in seconds to delay the Kubernetes liveness probe for the Solr pod.		60
SOLR_K8S_LIVENESS_PROBE_PERIOD_SECS	Time in seconds to perform the Kubernetes liveness probe for the Solr pod.		60
SOLR_K8S_LIVENESS_PROBE_FAILURE_THRESHOLD	Failure threshold is the number of times Kubernetes will try to perform the liveness probe for the Solr pod.		3
SOLR_K8S_STARTUP_PROBE_ENABLED	Enable the startup probe for the Solr pod.	true, false	false
SOLR_K8S_STARTUP_PROBE_PERIOD_SECS	Time in seconds to perform the Kubernetes startup probe for the Solr pod.		60
SOLR_K8S_STARTUP_PROBE_DELAY_SECS	Time in seconds to delay the Kubernetes startup probe for the Solr pod.		60
SOLR_K8S_STARTUP_PROBE_FAILURE_THRESHOLD	Failure threshold is the number of times Kubernetes will try to perform the startup probe for the Solr pod.		3
SOLR_K8S_LOADBALANCER_EXTERNAL
SOLR_K8S_ANNOTATION_LOADBALANCER_ANNOTATION
SOLR_K8S_ANNOTATION_LOADBALANCER_NAME
SOLR_K8S_ANNOTATION_LOADBALANCER_VALUE
SOLR_K8S_STORAGE_PROVISIONER
SOLR_K8S_SC_NAME
SOLR_K8S_PV_ENCRYPTED
SOLR_K8S_PV_KEY
SOLR_K8S_PVC_STORAGE_SIZE
SOLR_K8S_CPU_REQUESTS
SOLR_K8S_CPU_LIMITS
SOLR_K8S_ZK_HOST
MAX_AUDIT_RETENTION_DAYS	Property to specify how long to retain the Solr audit logs. By default, audit logs are retained for 90 days.		90
SOLR_DNS_NAME_CERT
SOLR_K8S_NETWORKING_LOADBALANCER_IP
SOLR_K8S_NETWORKING_LOADBALANCER_SOURCE_RANGES
SOLR_TOPOLOGIES
SOLR_K8S_SERVICE_ACCOUNT
SOLR_K8S_POD_DISRUPTION_BUDGET_MIN_AVAILABLE
Memory Variables
SOLR_HEAP_MIN_MEMORY_MB	Minimum Java Heap memory in MB used by Solr. For example, SOLR_HEAP_MIN_MEMORY_MB: "1024"
SOLR_HEAP_MIN_MEMORY	Minimum Java Heap memory used by Solr. Setting this value will override SOLR_HEAP_MIN_MEMORY_MB. For example, SOLR_HEAP_MIN_MEMORY: "1g"
SOLR_HEAP_MAX_MEMORY_MB	Maximum Java Heap memory in MB used by Solr. For example, SOLR_HEAP_MAX_MEMORY_MB: "1024"
SOLR_HEAP_MAX_MEMORY	Maximum Java Heap memory used by Solr. Setting this value will override SOLR_HEAP_MAX_MEMORY_MB. For example, SOLR_HEAP_MAX_MEMORY: "1g"
SOLR_K8S_MEM_REQUESTS_MB	Minimum amount of Kubernetes memory in MB to be requested by Solr. For example, SOLR_K8S_MEM_REQUESTS_MB: "1024"
SOLR_K8S_MEM_REQUESTS	Minimum amount of Kubernetes memory to be used by Solr. Setting this value will override SOLR_K8S_MEM_REQUESTS_MB. For example, SOLR_K8S_MEM_REQUESTS: "1G"
SOLR_K8S_MEM_LIMITS_MB	Maximum amount of Kubernetes memory in MB to be requested by Solr. For example, SOLR_K8S_MEM_LIMITS_MB: "1024"
SOLR_K8S_MEM_LIMITS	Maximum amount of Kubernetes memory to be used by Solr. Setting this value will override SOLR_K8S_MEM_LIMITS_MB. For example, SOLR_K8S_MEM_LIMITS: "1G"
SOLR_CPU_MIN	Minimum amount of Kubernetes CPU to be requested by Solr. For example, SOLR_CPU_MIN: "0.5"
SOLR_CPU_MAX	Maximum amount of Kubernetes CPU to be used by Solr. For example, SOLR_CPU_MAX: "0.5"

Zookeeper

The following table contains the list of custom properties that can be configured for Zookeeper.

Property	Description	Value	Default Value
ZOOKEEPER_PORT_EXTERNAL	Property to change the default port number for Zookeeper.		2181
ZOOKEEPER_K8S_READINESS_PROBE_DELAY_SECS	Time in seconds to delay the Kubernetes readiness probe for the Zookeeper pod.		5
ZOOKEEPER_K8S_READINESS_PROBE_FAILURE_THRESHOLD	Failure threshold is the number of times Kubernetes will try to perform the readiness probe for the Zookeeper pod.		3
ZOOKEEPER_K8S_READINESS_PROBE_PERIOD_SECS	Time in seconds to perform the Kubernetes readiness probe for the Zookeeper pod.		10
ZOOKEEPER_K8S_LIVENESS_PROBE_DELAY_SECS	Time in seconds to delay the Kubernetes liveness probe for the Zookeeper pod.		60
ZOOKEEPER_K8S_LIVENESS_PROBE_PERIOD_SECS	Time in seconds to perform the Kubernetes liveness probe for the Zookeeper pod.		60
ZOOKEEPER_K8S_LIVENESS_PROBE_FAILURE_THRESHOLD	Failure threshold is the number of times Kubernetes will try to perform the liveness probe for the Zookeeper pod.		3
ZOOKEEPER_K8S_STARTUP_PROBE_ENABLED	Enable the startup probe for the Zookeeper pod.	true, false	false
ZOOKEEPER_K8S_STARTUP_PROBE_PERIOD_SECS	Time in seconds to perform the Kubernetes startup probe for the Zookeeper pod.		60
ZOOKEEPER_K8S_STARTUP_PROBE_DELAY_SECS	Time in seconds to delay the Kubernetes startup probe for the Zookeeper pod.		60
ZOOKEEPER_K8S_STARTUP_PROBE_FAILURE_THRESHOLD	Failure threshold is the number of times Kubernetes will try to perform the startup probe for the Zookeeper pod.		3
Memory Variables

ZOOKEEPER_HEAP_MIN_MEMORY_MB	Minimum Java Heap memory in MB used by Zookeeper. For example, ZOOKEEPER_HEAP_MIN_MEMORY_MB: "1024"
ZOOKEEPER_HEAP_MIN_MEMORY	Minimum Java Heap memory used by Zookeeper. Setting this value will override ZOOKEEPER_HEAP_MIN_MEMORY_MB. For example, ZOOKEEPER_HEAP_MIN_MEMORY: "1g"
ZOOKEEPER_HEAP_MAX_MEMORY_MB	Maximum Java Heap memory in MB used by Zookeeper. For example, ZOOKEEPER_HEAP_MAX_MEMORY_MB: "1024"
ZOOKEEPER_HEAP_MAX_MEMORY	Maximum Java Heap memory used by Zookeeper. Setting this value will override ZOOKEEPER_HEAP_MAX_MEMORY_MB. For example, ZOOKEEPER_HEAP_MAX_MEMORY: "1g"
ZOOKEEPER_K8S_MEM_REQUESTS_MB	Minimum amount of kubernetes memory in MB to be requested by Zookeeper. For example, ZOOKEEPER_K8S_MEM_REQUESTS_MB: "1024"
ZOOKEEPER_K8S_MEM_REQUESTS	Minimum amount of kubernetes memory to be used by Zookeeper. Setting this value will override ZOOKEEPER_K8S_MEM_REQUESTS_MB. For example, ZOOKEEPER_K8S_MEM_REQUESTS: "1G"
ZOOKEEPER_K8S_MEM_LIMITS_MB	Maximum amount of kubernetes memory in MB to be requested by Zookeeper. For example, ZOOKEEPER_K8S_MEM_LIMITS_MB: "1024"
ZOOKEEPER_K8S_MEM_LIMITS	Maximum amount of kubernetes memory to be used by Zookeeper. Setting this value will override ZOOKEEPER_K8S_MEM_LIMITS_MB. For example, ZOOKEEPER_K8S_MEM_LIMITS: "1G"
ZOOKEEPER_CPU_MIN	Minimum amount of kubernetes CPU to be requested by Zookeeper. For example, ZOOKEEPER_CPU_MIN: "0.5"
ZOOKEEPER_CPU_MAX	Maximum amount of kubernetes CPU to be used by Zookeeper. For example, ZOOKEEPER_CPU_MAX: "0.5"

Portal

The following table contains the list of custom properties that can be configured for the Portal service. To use a custom property from the table, just add it to the following YML file in the custom-vars folder configured as per your environment:

vars.portal.yml

Property	Description	Values	Default Value
PORTAL_ENABLE
PORTAL_INSTALL
PORTAL_IMAGE_NAME
PORTAL_IMAGE_TAG
PORTAL_SERVER_MODE
PORTAL_SSL_ENABLE
PORTAL_SSL_SELF_SIGNED
PORTAL_UI_SSO_ENABLE
AAD_SSO_ENABLE
PORTAL_LIQUIBASE_ENABLE
PORTAL_PORT
PORTAL_PROTOCOL
PORTAL_PROTOCOL_URL
PORTAL_PORT_EXTERNAL	Property to change the default port number for Portal.		6868
PORTAL_SERVICE_NAME
PORTAL_HOST_NAME
PORTAL_SVC_IP
PORTAL_INGRESS_IP
PORTAL_EXTERNAL_HOST
PORTAL_URL
PORTAL_EXTERNAL_URL
PORTAL_INGRESS_URL
PORTAL_URL_IP
SAML_ENTITY_ID
SAML_BASE_URL
SAML_METADATA_FILEPATH
SAML_GLOBAL_LOGOUT	Enabled by default. The global logout for SAML is enabled. Once a logout is initiated, all the sessions you've accessed from the browser would be terminated from the Identity Provider (IDP).	true, false	true
SAML_EMAIL_ATTRIBUTE	Property to customize the email assertion attribute of SAML.		http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
SAML_USERNAME_ATTRIBUTE	Property to customize the username assertion attribute of SAML.		http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
SAML_LASTNAME_ATTRIBUTE	Property to customize the lastname assertion attribute of SAML.		http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
SAML_FIRSTNAME_ATTRIBUTE	Property to customize the firstname assertion attribute of SAML.		http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
PRIVACERA_PORTAL_DATASOURCE_URL
PRIVACERA_PORTAL_DATASOURCE_USERNAME
PRIVACERA_PORTAL_DATASOURCE_PASSWORD
PRIVACERA_PORTAL_DATASOURCE_DRIVER_CLASS_NAME
PRIVACERA_PORTAL_DATASOURCE_DIALECT
PRIVACERA_PORTAL_KEYSTORE_ALIAS
PRIVACERA_PORTAL_KEYSTORE_PASSWORD
PRIVACERA_PORTAL_TRUSTSTORE_PASSWORD
PRIVACERA_PORTAL_RANGER_ADMIN_TRUST_STORE
PRIVACERA_PORTAL_SSL_TRUSTSTORE
PRIVACERA_PORTAL_SSL_TRUSTORETYPE
PRIVACERA_PORTAL_SSL_KEYSTORETYPE
PRIVACERA_PORTAL_KEYSTORE_FILENAME
PRIVACERA_PORTAL_SSL_KEY_STORE
PRIVACERA_PORTAL_RANGER_USER_PASSWORD
PRIVACERA_PORTAL_TOPIC_DYNAMIC_PREFIX
PRIVACERA_PORTAL_SSL_SIGNED_PEM_FULL_CHAIN
PRIVACERA_PORTAL_SSL_SIGNED_PEM_PRIVATE_KEY
PRIVACERA_PORTAL_SSL_PKCS12_PASSWORD
PRIVACERA_PORTAL_SSL_SIGNED_CERT_FORMAT
PRIVACERA_PORTAL_SSL_SIGNED_PKCS12_ALIAS
PRIVACERA_PORTAL_SSL_SIGNED_PKCS12_FILE
PORTAL_PADMIN_DEFAULT_PASSWORD
PORTAL_PADMIN_PASSWORD
PRIVACERA_PORTAL_HIVE_USER_PASSWORD
PRIVACERA_PORTAL_AUTH_TOKEN
PRIVACERA_PORTAL_ATLAS_USER_PASSWORD
PRIVACERA_PORTAL_HOST_HEADER_PREVENTION_ENABLE	Set the property to true to enable Privacera Portal host header prevention.	true
PRIVACERA_PORTAL_WHITELIST_HOST	Use this property to add the comma-separated list of allowed hosts.	<HOST_IP>, <HOST_NAME>
DATASERVER_SVC_IP
DATASERVER_ENDPOINT_HOSTNAME
PORTAL_LDAP_BIND_PASSWORD
PORTAL_LDAP_ENABLE
PORTAL_LDAP_SSL_ENABLED
PORTAL_LDAP_ADD_ETCHOST
PORTAL_LDAP_IP
PORTAL_LDAP_HOST
PORTAL_LDAP_SSL_PM_GEN_TS
PORTAL_LDAP_SSL_TRUSTSTORE_FILE
PORTAL_LDAP_SSL_TRUSTSTORE_TYPE
PORTAL_LDAP_SSL_TRUSTSTORE_PASSWORD
PORTAL_LDAP_SSL_AUTO_GEN_TRUSTSTORE_FILE	Privacera Manager can create a certificate automatically with a certain name. In this property, give a name for the certificate.	client_ldaps_truststore.cer OR client_ldaps_truststore.jks OR client_ldaps_truststore.p12	client_ldaps_truststore.cer
PORTAL_LDAP_SSL_AUTO_GEN_TRUSTSTORE_TYPE	Privacera Manager can create a certificate automatically of a specific type. In this property, give a type for the certificate.	cer, jks, p12	cer
PORTAL_SOLR_BASIC_AUTH_ENABLED
PORTAL_SOLR_BASIC_AUTH_USER
PORTAL_SOLR_BASIC_AUTH_PASSWORD
PRIVACERA_ACCESS_REQUEST_MANAGER_PASSWORD
PRIVACERA_ACCESS_REQUEST_MANAGER_USER
PRIVACERA_PORTAL_SECRETS_FILE
PORTAL_ENCRYPT_SECRETS
PRIVACERA_PORTAL_SECRETS_KEYSTORE_PASSWORD
PORTAL_ENCRYPT_PROPS_LIST
AWS_PORTAL_LB_CERTIFICATE_ARN
PORTAL_LB_SSL_CERT
PORTAL_LB_SSL_PORT
PORTAL_LB_TARGET_PORT
PORTAL_LB_BACKEND_PROTOCOL
PORTAL_K8S_PVC_NAME
PORTAL_K8S_PVC_STORAGE_SIZE_MB
PORTAL_K8S_PVC_STORAGE_SIZE
PORTAL_K8S_LOADBALANCER_EXTERNAL
PORTAL_K8S_ANNOTATION_LOADBALANCER_ANNOTATION
PORTAL_K8S_STORAGE_PROVISIONER
PORTAL_K8S_SC_NAME
PORTAL_K8S_PV_ENCRYPTED
PORTAL_K8S_PV_KEY
PORTAL_K8S_CPU_REQUESTS
PORTAL_K8S_CPU_LIMITS
PORTAL_K8S_REPLICAS
PORTAL_HELM_CHART_VERSION
PRIVACERA_PORTAL_DATASERVER_ENABLE_APP_DAO_CREATE
PRIVACERA_PORTAL_DATASERVER_ENABLE
PRIVACERA_PORTAL_DATASERVER_PROXY_HOST
PRIVACERA_PORTAL_DATASERVER_PROXY_PORT
PRIVACERA_PORTAL_DATASERVER_PROXY_PROTOCOL
PRIVACERA_PORTAL_DATASERVER_EXPLORER_PROTOCOL
PRIVACERA_PORTAL_DATASERVER_ADLS_STORAGE_TYPE
PRIVACERA_PORTAL_RANGER_SERVICE_NAME
PRIVACERA_PORTAL_RANGER_CLUSTER_NAME
PRIVACERA_ACCESS_REQUEST_MANAGER_ENABLE
PRIVACERA_ACCESS_REQUEST_MANAGER_PROCESS_KEY
PRIVACERA_ACCESS_REQUEST_MANAGER_PROJECT_ROLES_FILE
PRIVACERA_PORTAL_K8S_HA_ENABLE
PRIVACERA_PORTAL_ELECTION_NODE_PATH
PRIVACERA_PORTAL_ZK_CONNECTION_STRING
PRIVACERA_PORTAL_ELECTION_ZK_RETRY
PRIVACERA_PORTAL_ELECTION_ZK_RETRY_SLEEP_IN_MS
PRIVACERA_PORTAL_ELECTION_RETRY_COUNT
PRIVACERA_PORTAL_ELECTION_RETRY_SLEEP_INTERVAL_SEC
PORTAL_K8S_READINESS_PROBE_DELAY_SECS	Time in seconds to delay the Kubernetes readiness probe for the Portal pod.		120
PORTAL_K8S_READINESS_PROBE_FAILURE_THRESHOLD	Failure threshold is the number of times Kubernetes will try to perform the readiness probe for the Portal pod.		6
PORTAL_K8S_READINESS_PROBE_PERIOD_SECS	Time in seconds to perform the Kubernetes readiness probe for the Portal pod.		30
PORTAL_K8S_LIVENESS_PROBE_DELAY_SECS	Time in seconds to delay the Kubernetes liveness probe for the Portal pod.		400
PORTAL_K8S_LIVENESS_PROBE_PERIOD_SECS	Time in seconds to perform the Kubernetes liveness probe for the Portal pod.		30
PORTAL_K8S_LIVENESS_PROBE_FAILURE_THRESHOLD	Failure threshold is the number of times Kubernetes will try to perform the liveness probe for the Portal pod.		3
PORTAL_K8S_STARTUP_PROBE_ENABLED	Enable the startup probe for the Portal pod.	true, false	false
PORTAL_K8S_STARTUP_PROBE_PERIOD_SECS	Time in seconds to perform the Kubernetes startup probe for the Portal pod.		30
PORTAL_K8S_STARTUP_PROBE_DELAY_SECS	Time in seconds to delay the Kubernetes startup probe for the Portal pod.		400
PORTAL_K8S_STARTUP_PROBE_FAILURE_THRESHOLD	Failure threshold is the number of times Kubernetes will try to perform the startup probe for the Portal pod.		3
PORTAL_K8S_NETWORKING_LOADBALANCER_IP
PORTAL_K8S_NETWORKING_LOADBALANCER_SOURCE_RANGES
PORTAL_TOPOLOGIES
PORTAL_K8S_SERVICE_ACCOUNT
PORTAL_DATABRICKS_REPORT_ENABLE	Property to enable/disable offline reporting in Databricks. Note: Do not set this property, if a Discovery service is already running in your environment.	true,false	false
SAML_MAX_AUTH_AGE_SEC	it is the maximum time in seconds that a users is allowed by IDP to be logged in since his initial authentication. The default time is 7889400 seconds (3 months).		7889400
SAML_RESPONSE_SKEW_SEC	It is the maximum difference between local time and time of the assertion creation which still allows messages to be processed. It determines the maximum difference between the clocks of the IDP and SP machines.		600
SAML_FORCE_AUTHN	When the property is set to true, IDP is required to re-authenticate a user even if the user has an existing session and not rely on any previous authentication events.	true, false	false
Memory Variables
PORTAL_HEAP_MIN_MEMORY_MB	Minimum Java Heap memory in MB used by Privacera Portal. For example, PORTAL_HEAP_MIN_MEMORY_MB: "1024"
PORTAL_HEAP_MIN_MEMORY	Minimum Java Heap memory used by Privacera Portal. Setting this value will override PORTAL_HEAP_MIN_MEMORY_MB. For example, PORTAL_HEAP_MIN_MEMORY: "1g"
PORTAL_HEAP_MAX_MEMORY_MB	Maximum Java Heap memory in MB used by Privacera Portal. For example, PORTAL_HEAP_MAX_MEMORY_MB: "1024"
PORTAL_HEAP_MAX_MEMORY	Maximum Java Heap memory used by Privacera Portal. Setting this value will override PORTAL_HEAP_MAX_MEMORY_MB. For example, PORTAL_HEAP_MAX_MEMORY: "1g"
PORTAL_K8S_MEM_REQUESTS_MB	Minimum amount of kubernetes memory in MB to be requested by Privacera Portal. For example, PORTAL_K8S_MEM_REQUESTS_MB: "1024"
PORTAL_K8S_MEM_REQUESTS	Minimum amount of kubernetes memory to be used by Privacera Portal. Setting this value will override PORTAL_K8S_MEM_REQUESTS_MB. For example, PORTAL_K8S_MEM_REQUESTS: "1G"
PORTAL_K8S_MEM_LIMITS_MB	Maximum amount of kubernetes memory in MB to be requested by Privacera Portal. For example, PORTAL_K8S_MEM_LIMITS_MB: "1024"
PORTAL_K8S_MEM_LIMITS	Maximum amount of kubernetes memory to be used by Privacera Portal. Setting this value will override PORTAL_K8S_MEM_LIMITS_MB. For example, PORTAL_K8S_MEM_LIMITS: "1G"
PORTAL_CPU_MIN	Minimum amount of kubernetes CPU to be requested by Privacera Portal. For example, PORTAL_CPU_MIN: "0.5"
PORTAL_CPU_MAX	Maximum amount of kubernetes CPU to be used by Privacera Portal. For example, PORTAL_CPU_MAX: "0.5"

Ranger KMS

The following table contains the list of custom properties that can be configured for Ranger KMS.

Property	Description	Default Value
RANGER_KMS_IMAGE_NAME
RANGER_KMS_IMAGE_TAG
RANGER_KMS_DB_HOST
RANGER_KMS_DB_SSL_ENABLED
RANGER_KMS_DB_SSL_REQUIRED
RANGER_KMS_DB_SSL_VERIFY_CERT
RANGER_KMS_DB_SSL_AUTH_TYPE
RANGER_KMS_DB_ROOT_USER
RANGER_KMS_DB_ROOT_PASSWORD
RANGER_KMS_DB_NAME
RANGER_KMS_DB_USER
RANGER_KMS_DB_PASSWORD
RANGER_KMS_HTTP_ENABLED		FALSE
RANGER_KMS_HTTPS_KEYSTORE_FILE		/opt/ranger/ranger-2.0.0-SNAPSHOT-kms/ews/webapp/WEB-INF/classes/conf/{{RANGER_KMS_SSL_KEYSTORE_FILENAME}}
RANGER_KMS_MASTER_KEY_PASSWORD	Property to set master key password for Ranger KMS. It is the password to encrypt the master. Once the master key and zone key are created, and if this password is changed, then you wouldn't be able to get the master key back. Also, this will impact the retrieval of data using zone key. Hence, it should be set properly at the first time itself.	Str0ngPassw0rd
RANGER_KMS_HSM_TYPE		LunaProvider
RANGER_KMS_HSM_ENABLED		FALSE
RANGER_KMS_HSM_PARTITION_NAME		par19
RANGER_KMS_HSM_PARTITION_PASSWORD		<UPDATE_THIS_VALUE>
RANGER_KMS_KEYSECURE_ENABLED
RANGER_KMS_KEYSECURE_USER_PASSWORD_AUTHENTICATION
RANGER_KMS_KEYSECURE_MASTERKEY_NAME
RANGER_KMS_KEYSECURE_USERNAME
RANGER_KMS_KEYSECURE_PASSWORD
RANGER_KMS_KEYSECURE_MASTER_KEY_SIZE
RANGER_KMS_KEYSECURE_LIB_CONFIG_PATH
RANGER_KMS_UNIX_USER		kms
RANGER_KMS_UNIX_USER_PWD		kms
RANGER_KMS_UNIX_GROUP		kms
RANGER_KMS_REPOSITORY_NAME		privacera_kms
RANGER_KMS_XAAUDIT_SUMMARY_ENABLE		FALSE
RANGER_KMS_XAAUDIT_SOLR_ENABLE		TRUE
RANGER_KMS_XAAUDIT_SOLR_URL
RANGER_KMS_XAAUDIT_SOLR_USER
RANGER_KMS_XAAUDIT_SOLR_PASSWORD
RANGER_KMS_XAAUDIT_SOLR_ZOOKEEPER		NONE
RANGER_KMS_XAAUDIT_SOLR_FILE_SPOOL_DIR		/var/log/ranger/kms/audit/solr/spool
RANGER_KMS_LOG_DIR		/var/log/kms
RANGER_KMS_PID_DIR_PATH		/var/run/ranger_kms
RANGER_KMS_DIR		$PWD
RANGER_KMS_APP_HOME		$PWD/ews/webapp
RANGER_KMS_TMPFILE		$PWD/.fi_tmp
RANGER_KMS_LOGFILE		$PWD/logfile
RANGER_KMS_MYSQL_CORE_FILE		db/mysql/kms_core_db.sql
RANGER_KMS_ORACLE_CORE_FILE		db/oracle/kms_core_db_oracle.sql
RANGER_KMS_POSTGRES_CORE_FILE		db/postgres/kms_core_db_postgres.sql
RANGER_KMS_SQLSERVER_CORE_FILE		db/sqlserver/kms_core_db_sqlserver.sql
RANGER_KMS_SQLANYWHERE_CORE_FILE		db/sqlanywhere/kms_core_db_sqlanywhere.sql
RANGER_KMS_CRED_KEYSTORE_FILENAME		localjceks://file$app_home/WEB-INF/classes/conf/.jceks/rangerkms.jceks
RANGER_KMS_BLACKLIST_DECRYPT_EEK		hdfs
CRYPTO_RANGER_ENABLE
RANGER_KMS_HOST_NAME		ranger-kms
RANGER_KMS_PORT
RANGER_KMS_EXTERNAL_HTTP_PORT	Property to change the default port number for a secured Ranger KMS.	9494
RANGER_KMS_EXTERNAL_HTTPS_PORT	Property to change the default port number for a secured Ranger KMS.	9393
RANGER_KMS_URL
RANGER_KMS_SSL_ENABLE
RANGER_KMS_SSL_SELF_SIGNED		TRUE
RANGER_KMS_SSL_KEYSTORE_FILE_PATH		/etc/ranger/kms/conf/{{RANGER_PLUGIN_KEYSTORE_FILENAME}}
RANGER_KMS_PLUGIN_SSL_KEYSTORE_PASSWORD
RANGER_KMS_SSL_KEYSTORETYPE
RANGER_KMS_SSL_KEYSTORE_FILENAME
RANGER_KMS_SSL_KEYSTORE_PASSWORD
RANGER_KMS_SSL_TRUSTSTORE_FILE_PATH		/etc/ranger/kms/conf/{{PRIVACERA_GLOBAL_TRUSTSTORE_FILENAME}}
RANGER_KMS_SSL_TRUSTSTORE_PASSWORD
RANGER_KMS_KEYSTORE_PASSWORD
RANGER_KMS_TRUSTSTORE_PASSWORD
RANGER_KMS_KEYSTORE_ALIAS		ranger-kms-alias
RANGERKMS_PLUGIN_JCEKS_STOREPASS		none
RANGER_KMS_SSL_SIGNED_PEM_FULL_CHAIN
RANGER_KMS_SSL_SIGNED_PEM_PRIVATE_KEY
RANGER_KMS_SSL_PKCS12_PASSWORD
RANGER_KMS_SSL_SIGNED_CERT_FORMAT		pem
RANGER_KMS_SSL_SIGNED_PKCS12_ALIAS		ranger-kms-alias
RANGER_KMS_SSL_SIGNED_PKCS12_FILE		ranger-kms.pkcs12
HSM_ENABLED		FALSE
HSM_PARTITION_NAME		par19
HSM_PARTITION_PASSWORD		<UPDATE_THIS_VALUE>
AZURE_KEYVAULT_ENABLED		FALSE
AZURE_KEYVAULT_SSL_ENABLED		FALSE
AZURE_KEYVAULT_CLIENT_ID		None
AZURE_KEYVAULT_CLIENT_SECRET		None
AZURE_KEYVAULT_CERTIFICATE_PATH		None
AZURE_KEYVAULT_CERTIFICATE_PASSWORD		None
AZURE_KEYVAULT_MASTERKEY_NAME		RangerMasterKey
AZURE_KEYVAULT_MASTER_KEY_TYPE		RSA
AZURE_KEYVAULT_ZONE_KEY_ENCRYPTION_ALGO		RSA_OAEP
AZURE_KEYVAULT_URL		None
AZURE_KEYVAULT_CERT_FILE		None
RANGER_KMS_ENCRYPT_SECRETS
RANGER_KMS_SECRETS_FILE		/opt/ranger/ranger-2.0.0-SNAPSHOT-kms/ews/webapp/WEB-INF/classes/conf/ranger-kms{{GLOBAL_SECRETS_FILE_SUFFIX}}
RANGER_KMS_SECRETS_KEYSTORE_PASSWORD
RANGER_KMS_SECRETS_KEYPREFIX
RANGER_KMS_ENCRYPT_PROPS_LIST
RANGER_KMS_K8S_PVC_NAME		{{K8S_NAMESPACE}}-ranger-kms-pvc
RANGER_KMS_K8S_PVC_STORAGE_SIZE_MB		1024
RANGER_KMS_K8S_PVC_STORAGE_SIZE		{{RANGER_KMS_K8S_PVC_STORAGE_SIZE_MB}}M
RANGER_KMS_K8S_STORAGE_PROVISIONER
RANGER_KMS_K8S_SC_NAME		{{K8S_NAMESPACE}}-store-privacera-ranger-kms
RANGER_KMS_K8S_PV_ENCRYPTED
RANGER_KMS_K8S_PV_KEY
RANGER_KMS_K8S_LOADBALANCER_EXTERNAL		FALSE
RANGER_KMS_K8S_ANNOTATION_LOADBALANCER_ANNOTATION
RANGER_KMS_HEAP_MIN_MEMORY_MB	Minimum Java Heap memory in MB used by Ranger KMS.	1024
RANGER_KMS_HEAP_MIN_MEMORY		{{ RANGER_KMS_HEAP_MIN_MEMORY_MB }}m
RANGER_KMS_HEAP_MAX_MEMORY_MB	Maximum Java Heap memory in MB used by Ranger KMS.	1024
RANGER_KMS_HEAP_MAX_MEMORY		{{ RANGER_KMS_HEAP_MAX_MEMORY_MB }}m
RANGER_KMS_K8S_MEM_REQUESTS_MB
RANGER_KMS_K8S_MEM_LIMITS		{{ RANGER_KMS_K8S_MEM_LIMITS_MB }}M
RANGER_KMS_CPU_MIN
RANGER_KMS_CPU_MAX
RANGER_KMS_K8S_CPU_REQUESTS
RANGER_KMS_K8S_CPU_LIMITS

AuditServer

The following table contains the list of custom properties that can be configured for the AuditServer service. To use a custom property from the table, just add it to the following YML file in the custom-vars folder configured as per your environment:

vars.auditserver.yml

Property	Description	Default Value
AUDITSERVER_EXTERNAL_PORT	Property to change the default port number for AuditServer.	6084
Memory Variables
AUDITSERVER_HEAP_MIN_MEMORY_MB	Minimum Java Heap memory in MB used by Auditserver. For example, AUDITSERVER_HEAP_MIN_MEMORY_MB: "1024"
AUDITSERVER_HEAP_MIN_MEMORY	Minimum Java Heap memory used by Auditserver. Setting this value will override AUDITSERVER_HEAP_MIN_MEMORY_MB. For example, AUDITSERVER_HEAP_MIN_MEMORY: "1g"
AUDITSERVER_HEAP_MAX_MEMORY_MB	Maximum Java Heap memory in MB used by Auditserver. For example, AUDITSERVER_HEAP_MAX_MEMORY_MB: "1024"
AUDITSERVER_HEAP_MAX_MEMORY	Maximum Java Heap memory used by Auditserver. Setting this value will override AUDITSERVER_HEAP_MAX_MEMORY_MB. For example, AUDITSERVER_HEAP_MAX_MEMORY: "1g"
AUDITSERVER_K8S_MEM_REQUESTS_MB	Minimum amount of kubernetes memory in MB to be requested by Auditserver. For example, AUDITSERVER_K8S_MEM_REQUESTS_MB: "1024"
AUDITSERVER_K8S_MEM_REQUESTS	Minimum amount of kubernetes memory to be used by Auditserver. Setting this value will override AUDITSERVER_K8S_MEM_REQUESTS_MB. For example, AUDITSERVER_K8S_MEM_REQUESTS: "1G"
AUDITSERVER_K8S_MEM_LIMITS_MB	Maximum amount of kubernetes memory in MB to be requested by Auditserver. For example, AUDITSERVER_K8S_MEM_LIMITS_MB: "1024"
AUDITSERVER_K8S_MEM_LIMITS	Maximum amount of kubernetes memory to be used by Auditserver. Setting this value will override AUDITSERVER_K8S_MEM_LIMITS_MB. For example, AUDITSERVER_K8S_MEM_LIMITS: "1G"
AUDITSERVER_CPU_MIN	Minimum amount of kubernetes CPU to be requested by Auditserver. For example, AUDITSERVER_CPU_MIN: "0.5"
AUDITSERVER_CPU_MAX	Maximum amount of kubernetes CPU to be used by Auditserver. For example, AUDITSERVER_CPU_MAX: "0.5"

Audit Fluentd

The following table contains the list of custom properties that can be configured for the Audit Fluentd service. To use a custom property from the table, just add it to the following YML file in the custom-vars folder configured as per your environment:

vars.audit-fluentd.yml

Property	Description	Default Value
`AUDIT_FLUENTD_PORT`	Property to change the default port number for Audit Fluentd.	9880
`AUDIT_FLUENTD_S3_FILE_TIME_INTERVAL`	This is the time interval after which the audits will be pushed to the S3 destination.	3600s
`AUDIT_FLUENTD_LOCAL_FILE_TIME_INTERVAL`	This is the time interval after which the audits will be pushed to the local destination.	3600s
`AUDIT_FLUENTD_AZURE_FILE_TIME_INTERVAL`	This is the time interval after which the audits will be pushed to the Azure ADLS/Blob destination.	3600s

Kafka

The following table contains the list of custom properties that can be configured for the Kafka service. To use a custom property from the table, just add it to the following YML file in the custom-vars folder configured as per your environment:

vars.kafka.yml

Property	Description	Default Value
KAFKA_PORT	Property to change the default port number for Kafka.	9092
Memory Variables
KAFKA_HEAP_MIN_MEMORY_MB	Minimum Java Heap memory in MB used by Kafka. For example, KAFKA_HEAP_MIN_MEMORY_MB: "1024"
KAFKA_HEAP_MIN_MEMORY	Minimum Java Heap memory used by Kafka. Setting this value will override KAFKA_HEAP_MIN_MEMORY_MB. For example, KAFKA_HEAP_MIN_MEMORY: "1g"
KAFKA_HEAP_MAX_MEMORY_MB	Maximum Java Heap memory in MB used by Kafka. For example, KAFKA_HEAP_MAX_MEMORY_MB: "1024"
KAFKA_HEAP_MAX_MEMORY	Maximum Java Heap memory used by Kafka. Setting this value will override KAFKA_HEAP_MAX_MEMORY_MB. For example, KAFKA_HEAP_MAX_MEMORY: "1g"
KAFKA_K8S_MEM_REQUESTS_MB	Minimum amount of kubernetes memory in MB to be requested by Kafka. For example, KAFKA_K8S_MEM_REQUESTS_MB: "1024"
KAFKA_K8S_MEM_REQUESTS	Minimum amount of kubernetes memory to be used by Kafka. Setting this value will override KAFKA_K8S_MEM_REQUESTS_MB. For example, KAFKA_K8S_MEM_REQUESTS: "1G"
KAFKA_K8S_MEM_LIMITS_MB	Maximum amount of kubernetes memory in MB to be requested by Kafka. For example, KAFKA_K8S_MEM_LIMITS_MB: "1024"
KAFKA_K8S_MEM_LIMITS	Maximum amount of kubernetes memory to be used by Kafka. Setting this value will override KAFKA_K8S_MEM_LIMITS_MB. For example, KAFKA_K8S_MEM_LIMITS: "1G"
KAFKA_CPU_MIN	Minimum amount of kubernetes CPU to be requested by Kafka. For example, KAFKA_CPU_MIN: "0.5"
KAFKA_CPU_MAX	Maximum amount of kubernetes CPU to be used by Kafka. For example, KAFKA_CPU_MAX: "0.5"

EMR

The following table contains the list of custom properties that can be configured for the EMR service. To use a custom property from the table, just add it to the following YML file in the custom-vars folder configured as per your environment:

vars.emr.native.ranger.yml

Property	Values	Default Value
EMR_NATIVE_EMRFS_REPO		privacera_emrfs_s3
EMR_NATIVE_HIVE_REPO		privacera_hive
EMR_NATIVE_ADD_EMRFS_S3_REPO	true, false	true
EMR_NATIVE_PLUGIN_JAR_CMDLIST		EMR_NATIVE_PLUGIN_JAR_CMDLIST: - mkdir -p /tmp/emr-emrfs-plugin/ && curl https://s3.AWSaws.com/elasticmapreduce/ranger/service-definitions/version-2.0/ranger-emr-emrfs-plugin-2.x.jar -o /tmp/emr-emrfs-plugin/ranger-emr-emrfs-plugin-2.x.jar
EMR_NATIVE_RANGER_ADMIN_URL		{{RANGER_EXTERNAL_URL}}
EMR_NATIVE_RANGER_SSL_ENABLE		{{RANGER_SSL_ENABLE}}
EMR_NATIVE_AUDITSERVER_URL		{{AUDITSERVER_URL_EXTERNAL}}/solr/ranger_audits
EMR_NATIVE_SOLR_URL		{{SOLR_URL_EXTERNAL}}/solr/ranger_audits
EMR_NATIVE_PRIVACERA_BASE_DOWNLOAD_URL		{{PRIVACERA_BASE_DOWNLOAD_URL}}

Grafana

The following table contains the list of custom properties that can be configured for the Grafana service.

Property	Description	Values	Default Value
GRAFANA_HTTP_PORT	Property to change the default port number for Grafana.		3000

Graphite

The following table contains the list of custom properties that can be configured for the Graphite service.

Property	Description	Values	Default Value
GRAPHITE_HTTP_PORT	Property to change the default port number for Graphite.		8080

Privacera Platform

Table of ContentsTable of Contents