| <?xml version="1.0" encoding="UTF-8"?> |
| <?xml-stylesheet type="text/xsl" href="configuration.xsl"?> |
| <!-- |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <configuration> |
| |
| <!-- HttpFSServer Server --> |
| |
| <property> |
| <name>httpfs.buffer.size</name> |
| <value>4096</value> |
| <description> |
| The buffer size used by a read/write request when streaming data from/to |
| HDFS. |
| </description> |
| </property> |
| |
| <!-- HttpFSServer Services --> |
| |
| <property> |
| <name>httpfs.services</name> |
| <value> |
| org.apache.hadoop.lib.service.instrumentation.InstrumentationService, |
| org.apache.hadoop.lib.service.scheduler.SchedulerService, |
| org.apache.hadoop.lib.service.security.GroupsService, |
| org.apache.hadoop.lib.service.security.ProxyUserService, |
| org.apache.hadoop.lib.service.hadoop.FileSystemAccessService |
| </value> |
| <description> |
| Services used by the httpfs server. |
| </description> |
| </property> |
| |
| <!-- Kerberos Configuration --> |
| |
| <property> |
| <name>kerberos.realm</name> |
| <value>LOCALHOST</value> |
| <description> |
| Kerberos realm, used only if Kerberos authentication is used between |
| the clients and httpfs or between HttpFS and HDFS. |
| |
| This property is only used to resolve other properties within this |
| configuration file. |
| </description> |
| </property> |
| |
| <!-- HttpFSServer Security Configuration --> |
| |
| <property> |
| <name>httpfs.hostname</name> |
| <value>${httpfs.http.hostname}</value> |
| <description> |
| Property used to synthetize the HTTP Kerberos principal used by httpfs. |
| |
| This property is only used to resolve other properties within this |
| configuration file. |
| </description> |
| </property> |
| |
| <property> |
| <name>httpfs.authentication.signature.secret.file</name> |
| <value>${httpfs.config.dir}/httpfs-signature.secret</value> |
| <description> |
| File containing the secret to sign HttpFS hadoop-auth cookies. |
| |
| This file should be readable only by the system user running HttpFS service. |
| |
| If multiple HttpFS servers are used in a load-balancer/round-robin fashion, |
| they should share the secret file. |
| </description> |
| </property> |
| |
| <property> |
| <name>httpfs.authentication.type</name> |
| <value>simple</value> |
| <description> |
| Defines the authentication mechanism used by httpfs for its HTTP clients. |
| |
| Valid values are 'simple' and 'kerberos'. |
| |
| If using 'simple' HTTP clients must specify the username with the |
| 'user.name' query string parameter. |
| |
| If using 'kerberos' HTTP clients must use HTTP SPNEGO. |
| </description> |
| </property> |
| |
| <property> |
| <name>httpfs.authentication.kerberos.principal</name> |
| <value>HTTP/${httpfs.hostname}@${kerberos.realm}</value> |
| <description> |
| The HTTP Kerberos principal used by HttpFS in the HTTP endpoint. |
| |
| The HTTP Kerberos principal MUST start with 'HTTP/' per Kerberos |
| HTTP SPENGO specification. |
| </description> |
| </property> |
| |
| <property> |
| <name>httpfs.authentication.kerberos.keytab</name> |
| <value>${user.home}/httpfs.keytab</value> |
| <description> |
| The Kerberos keytab file with the credentials for the |
| HTTP Kerberos principal used by httpfs in the HTTP endpoint. |
| </description> |
| </property> |
| |
| <!-- HttpFSServer proxy user Configuration --> |
| |
| <property> |
| <name>httpfs.proxyuser.#USER#.hosts</name> |
| <value>*</value> |
| <description> |
| List of hosts the '#USER#' user is allowed to perform 'doAs' |
| operations. |
| |
| The '#USER#' must be replaced with the username o the user who is |
| allowed to perform 'doAs' operations. |
| |
| The value can be the '*' wildcard or a list of hostnames. |
| |
| For multiple users copy this property and replace the user name |
| in the property name. |
| </description> |
| </property> |
| |
| <property> |
| <name>httpfs.proxyuser.#USER#.groups</name> |
| <value>*</value> |
| <description> |
| List of groups the '#USER#' user is allowed to impersonate users |
| from to perform 'doAs' operations. |
| |
| The '#USER#' must be replaced with the username o the user who is |
| allowed to perform 'doAs' operations. |
| |
| The value can be the '*' wildcard or a list of groups. |
| |
| For multiple users copy this property and replace the user name |
| in the property name. |
| </description> |
| </property> |
| |
| <!-- FileSystemAccess Namenode Configuration --> |
| |
| <property> |
| <name>namenode.hostname</name> |
| <value>localhost</value> |
| <description> |
| The HDFS Namenode host the httpfs server connects to perform file |
| system operations. |
| |
| This property is only used to resolve other properties within this |
| configuration file. |
| </description> |
| </property> |
| |
| <property> |
| <name>httpfs.hadoop.conf:fs.default.name</name> |
| <value>hdfs://${namenode.hostname}:8020</value> |
| <description> |
| The HDFS Namenode URI the httpfs server connects to perform file |
| system operations. |
| </description> |
| </property> |
| |
| <!-- FileSystemAccess Namenode Security Configuration --> |
| |
| <property> |
| <name>httpfs.hadoop.authentication.type</name> |
| <value>simple</value> |
| <description> |
| Defines the authentication mechanism used by httpfs to connect to |
| the HDFS Namenode. |
| |
| Valid values are 'simple' and 'kerberos'. |
| </description> |
| </property> |
| |
| <property> |
| <name>httpfs.hadoop.authentication.kerberos.keytab</name> |
| <value>${user.home}/httpfs.keytab</value> |
| <description> |
| The Kerberos keytab file with the credentials for the |
| Kerberos principal used by httpfs to connect to the HDFS Namenode. |
| </description> |
| </property> |
| |
| <property> |
| <name>httpfs.hadoop.authentication.kerberos.principal</name> |
| <value>${user.name}/${httpfs.hostname}@${kerberos.realm}</value> |
| <description> |
| The Kerberos principal used by httpfs to connect to the HDFS Namenode. |
| </description> |
| </property> |
| |
| <property> |
| <name>httpfs.hadoop.conf:dfs.namenode.kerberos.principal</name> |
| <value>hdfs/${namenode.hostname}@${kerberos.realm}</value> |
| <description> |
| The HDFS Namenode Kerberos principal. |
| </description> |
| </property> |
| |
| </configuration> |