bigtop-deploy/puppet/modules/qfs/templates/QfsClient.prp - bigtop - Git at Google

 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements.  See the NOTICE file distributed with
 # this work for additional information regarding copyright ownership.
 # The ASF licenses this file to You under the Apache License, Version 2.0
 # (the "License"); you may not use this file except in compliance with
 # the License.  You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.

 # The meta server configuration.

 # Where is the metaserver
 metaServer.name = <%= scope['qfs::common::metaserver_host'] %>
 metaServer.port = <%= scope['qfs::common::metaserver_port'] %>

 # -------------------- Client and meta server authentication. ------------------
 # By default QFS client and meta server authentication (client and chunk server
 # authentication as a consequence) is off.
 #
 # If any of the following meta authentication method is configured then QFS
 # client and the meta server perform mutual authentication.
 #
 # The QFS client configuration parameters can be specified also via environment
 # variables: QFS_CLIENT_CONFIG and QFS_CLIENT_CONFIG and
 # QFS_CLIENT_CONFIG_meta_server_ip_port. The later variable takes precedence.
 # The dots in the meta server ip (or host name) are replaced with _ (underscore)
 # symbols. The underscore symbol also used to separate meta server ip and port.
 # The later, longer form allows to use configuration specific to a
 # particular meta server, and mainly intended to be used with the QFS
 # delegation where both the delegation token and the key can be passed via
 # environment variables (see PSK authentication section below)),
 #
 # The two from environment vairable values are supported:
 # 1. FILE:configuration_file_name
 # 2. parameter_name1=parameter_value1 parameter_name2=parameter_value2...
 # The second space separated key value pairs can be used to pass delegation
 # token and the corresponding key. Both these must be obtained from the meta
 # server via "delegate" request. See qfs tool help.
 # For example:
 # QFS_CLIENT_CONFIG_127_0_0_1_20000='client.auth.psk.keyId=AAAB9dYIWfKBXhXCI1jJ9gAAU0XunwAAAACMoK0z30ztT5S7k9slRuRdzy9CXmi1 client.auth.psk.keyId=P+4XRIBLLBvkICXWO+1aXBPUTMghEakkTk1T+RVsifR9NQ71E32KVd27y+2DbyC2'
 # export QFS_CLIENT_CONFIG_127_0_0_1_20000


 # ================= X509 authentication ========================================
 #
 # QFS client's X509 certificate file in PEM format.
 # client.auth.X509.X509PemFile =

 # Password if X509 PEM file is encrypted.
 # client.auth.X509.X509Password =

 # QFS client's private key file.
 # client.auth.X509.PKeyPemFile =

 # Password if private key PEM file is encrypted.
 # client.auth.X509.PKeyPassword =

 # Certificate authorities file. Used for both meta server certificate
 # validation and to create certificate chain with QFS client's X509
 # certificate.
 # client.auth.X509.CAFile =

 # Certificate authorities directory can be used in addition to CAFile.
 # For more detailed information please see SSL_CTX_load_verify_locations manual
 # page. CAFile/CADir corresponds to CAfile/CApath in the man page.
 # client.auth.X509.CADir =

 # If set (the default) verify peer certificate, and declare error if peer, i.e.
 # meta server, does not preset "trusted" valid X509 certificate.
 # Default is on.
 # client.auth.X509.verifyPeer = 1

 # OpenSSL cipher configuration.
 # client.auth.X509.cipher = !ADH:!AECDH:!MD5:HIGH:@STRENGTH

 # The long integer value passed to SSL_CTX_set_options() call.
 # See open ssl documentation for details.
 # Default is the integer value that corresponds to SSL_OP_NO_COMPRESSION
 # client.auth.X509.options =

 # ================= Kerberos authentication ====================================
 #
 # Kerberos service principal: service/host@realm

 # Meta server's Kerberos principal [service/host@realm] service name part.
 # client.auth.krb5.service =

 # Meta server's Kerberos principal [service/host@realm] host name part.
 # client.auth.krb5.host =

 # Normally kinit is sufficient for the user authentication.
 # The following Kerberos parameters might be used in the case when another
 # "service" acts as QFS client.

 # Kerberos keytab file with the key(s) that corresponds to the QFS client's
 # principal, if used. Key table is typically used for service.
 # client.auth.krb5.keytab =

 # QFS client's kerberos principal. krb5_parse_name() used to convert the name
 # into the Kerberos 5 internal principal representation.
 # client.auth.krb5.clientName =

 # Force Kerberos client cache initialization during intialization.
 # Default is off.
 # client.auth.krb5.initClientCache = 0

 # OpenSSL cipher configuration for TLS-PSK authentication method. This method
 # is used with delegation and with Kerberos authentication.
 # client.auth.psk.cipherpsk = !ADH:!AECDH:!MD5:!3DES:PSK:@STRENGTH

 # The long integer value passed to SSL_CTX_set_options() call.
 # See open ssl documentation for details.
 # Default is the integer value that corresponds to the logical OR of
 # SSL_OP_NO_COMPRESSION and SSL_OP_NO_TICKET
 # metaServer.clientAuthentication.psk.options =

 # ================= PSK / delegation authentication ============================
 #
 # Both delegation token and delegation key are expected to be valid base 64
 # encoded binary blobs -- the exact string representation returned by the
 # delegation request.

 # QFS client delegation token, The token must be obtained via delegation request
 # the meta server. Both the token and the corresponding key must be specified.
 # client.auth.psk.keyId =

 # QFS client delegation key, The key must be obtained via delegation request to
 # the meta server.
 # client.auth.psk.key =

 #-------------------------------------------------------------------------------
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to You under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	# The meta server configuration.

	# Where is the metaserver
	metaServer.name = <%= scope['qfs::common::metaserver_host'] %>
	metaServer.port = <%= scope['qfs::common::metaserver_port'] %>

	# -------------------- Client and meta server authentication. ------------------
	# By default QFS client and meta server authentication (client and chunk server
	# authentication as a consequence) is off.
	#
	# If any of the following meta authentication method is configured then QFS
	# client and the meta server perform mutual authentication.
	#
	# The QFS client configuration parameters can be specified also via environment
	# variables: QFS_CLIENT_CONFIG and QFS_CLIENT_CONFIG and
	# QFS_CLIENT_CONFIG_meta_server_ip_port. The later variable takes precedence.
	# The dots in the meta server ip (or host name) are replaced with _ (underscore)
	# symbols. The underscore symbol also used to separate meta server ip and port.
	# The later, longer form allows to use configuration specific to a
	# particular meta server, and mainly intended to be used with the QFS
	# delegation where both the delegation token and the key can be passed via
	# environment variables (see PSK authentication section below)),
	#
	# The two from environment vairable values are supported:
	# 1. FILE:configuration_file_name
	# 2. parameter_name1=parameter_value1 parameter_name2=parameter_value2...
	# The second space separated key value pairs can be used to pass delegation
	# token and the corresponding key. Both these must be obtained from the meta
	# server via "delegate" request. See qfs tool help.
	# For example:
	# QFS_CLIENT_CONFIG_127_0_0_1_20000='client.auth.psk.keyId=AAAB9dYIWfKBXhXCI1jJ9gAAU0XunwAAAACMoK0z30ztT5S7k9slRuRdzy9CXmi1 client.auth.psk.keyId=P+4XRIBLLBvkICXWO+1aXBPUTMghEakkTk1T+RVsifR9NQ71E32KVd27y+2DbyC2'
	# export QFS_CLIENT_CONFIG_127_0_0_1_20000


	# ================= X509 authentication ========================================
	#
	# QFS client's X509 certificate file in PEM format.
	# client.auth.X509.X509PemFile =

	# Password if X509 PEM file is encrypted.
	# client.auth.X509.X509Password =

	# QFS client's private key file.
	# client.auth.X509.PKeyPemFile =

	# Password if private key PEM file is encrypted.
	# client.auth.X509.PKeyPassword =

	# Certificate authorities file. Used for both meta server certificate
	# validation and to create certificate chain with QFS client's X509
	# certificate.
	# client.auth.X509.CAFile =

	# Certificate authorities directory can be used in addition to CAFile.
	# For more detailed information please see SSL_CTX_load_verify_locations manual
	# page. CAFile/CADir corresponds to CAfile/CApath in the man page.
	# client.auth.X509.CADir =

	# If set (the default) verify peer certificate, and declare error if peer, i.e.
	# meta server, does not preset "trusted" valid X509 certificate.
	# Default is on.
	# client.auth.X509.verifyPeer = 1

	# OpenSSL cipher configuration.
	# client.auth.X509.cipher = !ADH:!AECDH:!MD5:HIGH:@STRENGTH

	# The long integer value passed to SSL_CTX_set_options() call.
	# See open ssl documentation for details.
	# Default is the integer value that corresponds to SSL_OP_NO_COMPRESSION
	# client.auth.X509.options =

	# ================= Kerberos authentication ====================================
	#
	# Kerberos service principal: service/host@realm

	# Meta server's Kerberos principal [service/host@realm] service name part.
	# client.auth.krb5.service =

	# Meta server's Kerberos principal [service/host@realm] host name part.
	# client.auth.krb5.host =

	# Normally kinit is sufficient for the user authentication.
	# The following Kerberos parameters might be used in the case when another
	# "service" acts as QFS client.

	# Kerberos keytab file with the key(s) that corresponds to the QFS client's
	# principal, if used. Key table is typically used for service.
	# client.auth.krb5.keytab =

	# QFS client's kerberos principal. krb5_parse_name() used to convert the name
	# into the Kerberos 5 internal principal representation.
	# client.auth.krb5.clientName =

	# Force Kerberos client cache initialization during intialization.
	# Default is off.
	# client.auth.krb5.initClientCache = 0

	# OpenSSL cipher configuration for TLS-PSK authentication method. This method
	# is used with delegation and with Kerberos authentication.
	# client.auth.psk.cipherpsk = !ADH:!AECDH:!MD5:!3DES:PSK:@STRENGTH

	# The long integer value passed to SSL_CTX_set_options() call.
	# See open ssl documentation for details.
	# Default is the integer value that corresponds to the logical OR of
	# SSL_OP_NO_COMPRESSION and SSL_OP_NO_TICKET
	# metaServer.clientAuthentication.psk.options =

	# ================= PSK / delegation authentication ============================
	#
	# Both delegation token and delegation key are expected to be valid base 64
	# encoded binary blobs -- the exact string representation returned by the
	# delegation request.

	# QFS client delegation token, The token must be obtained via delegation request
	# the meta server. Both the token and the corresponding key must be specified.
	# client.auth.psk.keyId =

	# QFS client delegation key, The key must be obtained via delegation request to
	# the meta server.
	# client.auth.psk.key =

	#-------------------------------------------------------------------------------