| # Licensed to the Apache Software Foundation (ASF) under one or more |
| # contributor license agreements. See the NOTICE file distributed with |
| # this work for additional information regarding copyright ownership. |
| # The ASF licenses this file to You under the Apache License, Version 2.0 |
| # (the "License"); you may not use this file except in compliance with |
| # the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| # The meta server configuration. |
| |
| # Where is the metaserver |
| metaServer.name = <%= scope['qfs::common::metaserver_host'] %> |
| metaServer.port = <%= scope['qfs::common::metaserver_port'] %> |
| |
| # -------------------- Client and meta server authentication. ------------------ |
| # By default QFS client and meta server authentication (client and chunk server |
| # authentication as a consequence) is off. |
| # |
| # If any of the following meta authentication method is configured then QFS |
| # client and the meta server perform mutual authentication. |
| # |
| # The QFS client configuration parameters can be specified also via environment |
| # variables: QFS_CLIENT_CONFIG and QFS_CLIENT_CONFIG and |
| # QFS_CLIENT_CONFIG_meta_server_ip_port. The later variable takes precedence. |
| # The dots in the meta server ip (or host name) are replaced with _ (underscore) |
| # symbols. The underscore symbol also used to separate meta server ip and port. |
| # The later, longer form allows to use configuration specific to a |
| # particular meta server, and mainly intended to be used with the QFS |
| # delegation where both the delegation token and the key can be passed via |
| # environment variables (see PSK authentication section below)), |
| # |
| # The two from environment vairable values are supported: |
| # 1. FILE:configuration_file_name |
| # 2. parameter_name1=parameter_value1 parameter_name2=parameter_value2... |
| # The second space separated key value pairs can be used to pass delegation |
| # token and the corresponding key. Both these must be obtained from the meta |
| # server via "delegate" request. See qfs tool help. |
| # For example: |
| # QFS_CLIENT_CONFIG_127_0_0_1_20000='client.auth.psk.keyId=AAAB9dYIWfKBXhXCI1jJ9gAAU0XunwAAAACMoK0z30ztT5S7k9slRuRdzy9CXmi1 client.auth.psk.keyId=P+4XRIBLLBvkICXWO+1aXBPUTMghEakkTk1T+RVsifR9NQ71E32KVd27y+2DbyC2' |
| # export QFS_CLIENT_CONFIG_127_0_0_1_20000 |
| |
| |
| # ================= X509 authentication ======================================== |
| # |
| # QFS client's X509 certificate file in PEM format. |
| # client.auth.X509.X509PemFile = |
| |
| # Password if X509 PEM file is encrypted. |
| # client.auth.X509.X509Password = |
| |
| # QFS client's private key file. |
| # client.auth.X509.PKeyPemFile = |
| |
| # Password if private key PEM file is encrypted. |
| # client.auth.X509.PKeyPassword = |
| |
| # Certificate authorities file. Used for both meta server certificate |
| # validation and to create certificate chain with QFS client's X509 |
| # certificate. |
| # client.auth.X509.CAFile = |
| |
| # Certificate authorities directory can be used in addition to CAFile. |
| # For more detailed information please see SSL_CTX_load_verify_locations manual |
| # page. CAFile/CADir corresponds to CAfile/CApath in the man page. |
| # client.auth.X509.CADir = |
| |
| # If set (the default) verify peer certificate, and declare error if peer, i.e. |
| # meta server, does not preset "trusted" valid X509 certificate. |
| # Default is on. |
| # client.auth.X509.verifyPeer = 1 |
| |
| # OpenSSL cipher configuration. |
| # client.auth.X509.cipher = !ADH:!AECDH:!MD5:HIGH:@STRENGTH |
| |
| # The long integer value passed to SSL_CTX_set_options() call. |
| # See open ssl documentation for details. |
| # Default is the integer value that corresponds to SSL_OP_NO_COMPRESSION |
| # client.auth.X509.options = |
| |
| # ================= Kerberos authentication ==================================== |
| # |
| # Kerberos service principal: service/host@realm |
| |
| # Meta server's Kerberos principal [service/host@realm] service name part. |
| # client.auth.krb5.service = |
| |
| # Meta server's Kerberos principal [service/host@realm] host name part. |
| # client.auth.krb5.host = |
| |
| # Normally kinit is sufficient for the user authentication. |
| # The following Kerberos parameters might be used in the case when another |
| # "service" acts as QFS client. |
| |
| # Kerberos keytab file with the key(s) that corresponds to the QFS client's |
| # principal, if used. Key table is typically used for service. |
| # client.auth.krb5.keytab = |
| |
| # QFS client's kerberos principal. krb5_parse_name() used to convert the name |
| # into the Kerberos 5 internal principal representation. |
| # client.auth.krb5.clientName = |
| |
| # Force Kerberos client cache initialization during intialization. |
| # Default is off. |
| # client.auth.krb5.initClientCache = 0 |
| |
| # OpenSSL cipher configuration for TLS-PSK authentication method. This method |
| # is used with delegation and with Kerberos authentication. |
| # client.auth.psk.cipherpsk = !ADH:!AECDH:!MD5:!3DES:PSK:@STRENGTH |
| |
| # The long integer value passed to SSL_CTX_set_options() call. |
| # See open ssl documentation for details. |
| # Default is the integer value that corresponds to the logical OR of |
| # SSL_OP_NO_COMPRESSION and SSL_OP_NO_TICKET |
| # metaServer.clientAuthentication.psk.options = |
| |
| # ================= PSK / delegation authentication ============================ |
| # |
| # Both delegation token and delegation key are expected to be valid base 64 |
| # encoded binary blobs -- the exact string representation returned by the |
| # delegation request. |
| |
| # QFS client delegation token, The token must be obtained via delegation request |
| # the meta server. Both the token and the corresponding key must be specified. |
| # client.auth.psk.keyId = |
| |
| # QFS client delegation key, The key must be obtained via delegation request to |
| # the meta server. |
| # client.auth.psk.key = |
| |
| #------------------------------------------------------------------------------- |