| <?xml version="1.0" encoding="utf-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <topology> |
| |
| <gateway> |
| |
| <!-- test: curl -i -k https://localhost:8443/gateway/preauth254sla/webhdfs/v1?op=GETHOMEDIRECTORY --> |
| <!-- test: curl -i -k -H "SM_USER: guest" https://localhost:8443/gateway/preauth254sla/webhdfs/v1?op=GETHOMEDIRECTORY --> |
| <!-- test: curl -i -k -H "SM_USER:guest" -H "sm_group:analyst" https://localhost:8443/gateway/preauth254sla/webhdfs/v1?op=GETHOMEDIRECTORY --> |
| <provider> |
| <role>federation</role> |
| <name>HeaderPreAuth</name> |
| <enabled>true</enabled> |
| <param><name>preauth.validation.method</name><value>preauth.ip.validation</value></param> |
| <!-- testing from localhost request ip shows up as |
| 127.0.0.1 |
| or |
| 0:0:0:0:0:0:0:1 --> |
| <param><name>preauth.validation.method</name><value>preauth.ip.validation</value></param> |
| <param><name>preauth.ip.addresses</name><value>254.*</value></param> |
| <param><name>preauth.custom.header</name><value>SM_USER</value></param> |
| <param><name>preauth.custom.group.header</name><value>sm_group</value></param> |
| </provider> |
| |
| <provider> |
| <role>identity-assertion</role> |
| <name>Default</name> |
| <enabled>true</enabled> |
| </provider> |
| |
| <provider> |
| <role>authorization</role> |
| <name>AclsAuthz</name> |
| <enabled>true</enabled> |
| <param> |
| <name>webhdfs.acl</name> |
| <value>*;analyst;*</value> |
| </param> |
| </provider> |
| |
| <!-- |
| Defines rules for mapping host names internal to a Hadoop cluster to externally accessible host names. |
| For example, a hadoop service running in AWS may return a response that includes URLs containing the |
| some AWS internal host name. If the client needs to make a subsequent request to the host identified |
| in those URLs they need to be mapped to external host names that the client Knox can use to connect. |
| |
| If the external hostname and internal host names are same turn of this provider by setting the value of |
| enabled parameter as false. |
| |
| The name parameter specifies the external host names in a comma separated list. |
| The value parameter specifies corresponding internal host names in a comma separated list. |
| |
| Note that when you are using Sandbox, the external hostname needs to be localhost, as seen in out |
| of box sandbox.xml. This is because Sandbox uses port mapping to allow clients to connect to the |
| Hadoop services using localhost. In real clusters, external host names would almost never be localhost. |
| --> |
| <provider> |
| <role>hostmap</role> |
| <name>static</name> |
| <enabled>false</enabled> |
| <param><name>localhost</name><value>sandbox,sandbox.hortonworks.com</value></param> |
| </provider> |
| |
| </gateway> |
| |
| <service> |
| <role>NAMENODE</role> |
| <url>hdfs://hdp.example.com:8020</url> |
| </service> |
| |
| <service> |
| <role>JOBTRACKER</role> |
| <url>rpc://hdp.example.com:8050</url> |
| </service> |
| |
| <service> |
| <role>WEBHDFS</role> |
| <url>http://hdp.example.com:50070/webhdfs</url> |
| </service> |
| |
| <service> |
| <role>WEBHCAT</role> |
| <url>http://hdp.example.com:50111/templeton</url> |
| </service> |
| |
| <service> |
| <role>OOZIE</role> |
| <url>http://hdp.example.com:11000/oozie</url> |
| </service> |
| |
| <service> |
| <role>WEBHBASE</role> |
| <url>http://hdp.example.com:60080</url> |
| </service> |
| |
| <service> |
| <role>HIVE</role> |
| <url>http://hdp.example.com:10001/cliservice</url> |
| </service> |
| |
| </topology> |