blob: ae9314b9e72a5682c767e15f34921be1ef2872d6 [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?>
<!--
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-->
<configuration supports_final="true">
<property>
<name>policy_user</name>
<value>ambari-qa</value>
<display-name>Policy user for KNOX</display-name>
<description>This user must be system user and also present at Ranger admin portal</description>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>common.name.for.certificate</name>
<value/>
<description>Common name for certificate, this value should match what is specified in repo within ranger admin</description>
<value-attributes>
<empty-value-valid>true</empty-value-valid>
</value-attributes>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>ranger-knox-plugin-enabled</name>
<value>No</value>
<display-name>Enable Ranger for KNOX</display-name>
<description>Enable ranger knox plugin ?</description>
<depends-on>
<property>
<type>ranger-env</type>
<name>ranger-knox-plugin-enabled</name>
</property>
</depends-on>
<value-attributes>
<type>boolean</type>
<overridable>false</overridable>
</value-attributes>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>REPOSITORY_CONFIG_USERNAME</name>
<value>admin</value>
<display-name>Ranger repository config user</display-name>
<description>Used for repository creation on ranger admin</description>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>REPOSITORY_CONFIG_PASSWORD</name>
<value>admin-password</value>
<property-type>PASSWORD</property-type>
<display-name>Ranger repository config password</display-name>
<description>Used for repository creation on ranger admin</description>
<value-attributes>
<type>password</type>
</value-attributes>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>KNOX_HOME</name>
<value>/usr/local/knox-server</value>
<display-name>Knox Home</display-name>
<description>Knox home folder</description>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>XAAUDIT.DB.IS_ENABLED</name>
<value>true</value>
<display-name>Audit to DB</display-name>
<description/>
<value-attributes>
<type>boolean</type>
</value-attributes>
<depends-on>
<property>
<type>ranger-env</type>
<name>xasecure.audit.destination.db</name>
</property>
</depends-on>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>XAAUDIT.HDFS.IS_ENABLED</name>
<value>false</value>
<display-name>Audit to HDFS</display-name>
<description/>
<value-attributes>
<type>boolean</type>
</value-attributes>
<depends-on>
<property>
<type>ranger-env</type>
<name>xasecure.audit.destination.hdfs</name>
</property>
</depends-on>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>XAAUDIT.HDFS.DESTINATION_DIRECTORY</name>
<value>hdfs://localhost:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value>
<description/>
<depends-on>
<property>
<type>ranger-env</type>
<name>xasecure.audit.destination.hdfs.dir</name>
</property>
</depends-on>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY</name>
<value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit</value>
<description/>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY</name>
<value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit/archive</value>
<description/>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>XAAUDIT.HDFS.DESTINTATION_FILE</name>
<value>%hostname%-audit.log</value>
<description/>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS</name>
<value>900</value>
<description/>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS</name>
<value>86400</value>
<description/>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS</name>
<value>60</value>
<description/>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>XAAUDIT.HDFS.LOCAL_BUFFER_FILE</name>
<value>%time:yyyyMMdd-HHmm.ss%.log</value>
<description/>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS</name>
<value>60</value>
<description/>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS</name>
<value>600</value>
<description/>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT</name>
<value>10</value>
<description/>
<value-attributes>
<type>password</type>
</value-attributes>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>SSL_KEYSTORE_FILE_PATH</name>
<value>/etc/hadoop/conf/ranger-plugin-keystore.jks</value>
<description/>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>SSL_KEYSTORE_PASSWORD</name>
<value>myKeyFilePassword</value>
<property-type>PASSWORD</property-type>
<description/>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>SSL_TRUSTSTORE_FILE_PATH</name>
<value>/etc/hadoop/conf/ranger-plugin-truststore.jks</value>
<description/>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>SSL_TRUSTSTORE_PASSWORD</name>
<value>changeit</value>
<property-type>PASSWORD</property-type>
<description/>
<value-attributes>
<type>password</type>
</value-attributes>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>POLICY_MGR_URL</name>
<value>{{policymgr_mgr_url}}</value>
<description>Policy Manager url</description>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>SQL_CONNECTOR_JAR</name>
<value>{{sql_connector_jar}}</value>
<description>Location of DB client library (please check the location of the jar file)</description>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>XAAUDIT.DB.FLAVOUR</name>
<value>{{xa_audit_db_flavor}}</value>
<description>The database type to be used (mysql/oracle)</description>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>XAAUDIT.DB.DATABASE_NAME</name>
<value>{{xa_audit_db_name}}</value>
<description>Audit database name</description>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>XAAUDIT.DB.USER_NAME</name>
<value>{{xa_audit_db_user}}</value>
<description>Audit database user</description>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>XAAUDIT.DB.PASSWORD</name>
<value>{{xa_audit_db_password}}</value>
<property-type>PASSWORD</property-type>
<description>Audit database password</description>
<value-attributes>
<type>password</type>
</value-attributes>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>XAAUDIT.DB.HOSTNAME</name>
<value>{{xa_db_host}}</value>
<description>Audit database hostname</description>
<on-ambari-upgrade add="false"/>
</property>
<property>
<name>REPOSITORY_NAME</name>
<value>{{repo_name}}</value>
<description>Ranger repository name</description>
<on-ambari-upgrade add="false"/>
</property>
</configuration>