| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <configuration> |
| |
| <property> |
| <name>gateway.port</name> |
| <value>8443</value> |
| <description>The HTTP port for the Gateway.</description> |
| </property> |
| |
| <property> |
| <name>gateway.path</name> |
| <value>gateway</value> |
| <description>The default context path for the gateway.</description> |
| </property> |
| |
| <property> |
| <name>gateway.gateway.conf.dir</name> |
| <value>deployments</value> |
| <description>The directory within GATEWAY_HOME that contains gateway topology files and deployments.</description> |
| </property> |
| |
| <property> |
| <name>gateway.hadoop.kerberos.secured</name> |
| <value>false</value> |
| <description>Boolean flag indicating whether the Hadoop cluster protected by Gateway is secured with Kerberos</description> |
| </property> |
| |
| <property> |
| <name>java.security.krb5.conf</name> |
| <value>/etc/knox/conf/krb5.conf</value> |
| <description>Absolute path to krb5.conf file</description> |
| </property> |
| |
| <property> |
| <name>java.security.auth.login.config</name> |
| <value>/etc/knox/conf/krb5JAASLogin.conf</value> |
| <description>Absolute path to JAAS login config file</description> |
| </property> |
| |
| <property> |
| <name>sun.security.krb5.debug</name> |
| <value>false</value> |
| <description>Boolean flag indicating whether to enable debug messages for krb5 authentication</description> |
| </property> |
| |
| <!-- @since 0.10 Websocket configs --> |
| <property> |
| <name>gateway.websocket.feature.enabled</name> |
| <value>false</value> |
| <description>Enable/Disable websocket feature.</description> |
| </property> |
| |
| <property> |
| <name>gateway.scope.cookies.feature.enabled</name> |
| <value>false</value> |
| <description>Enable/Disable cookie scoping feature.</description> |
| </property> |
| |
| <property> |
| <name>gateway.cluster.config.monitor.ambari.enabled</name> |
| <value>false</value> |
| <description>Enable/disable Ambari cluster configuration monitoring.</description> |
| </property> |
| |
| <property> |
| <name>gateway.cluster.config.monitor.ambari.interval</name> |
| <value>60</value> |
| <description>The interval (in seconds) for polling Ambari for cluster configuration changes.</description> |
| </property> |
| |
| <!-- Knox Admin related config --> |
| <property> |
| <name>gateway.knox.admin.groups</name> |
| <value>admin</value> |
| </property> |
| |
| <!-- DEMO LDAP config for Hadoop Group Provider --> |
| <property> |
| <name>gateway.group.config.hadoop.security.group.mapping</name> |
| <value>org.apache.hadoop.security.LdapGroupsMapping</value> |
| </property> |
| <property> |
| <name>gateway.group.config.hadoop.security.group.mapping.ldap.bind.user</name> |
| <value>uid=guest,ou=people,dc=hadoop,dc=apache,dc=org</value> |
| </property> |
| <property> |
| <name>gateway.group.config.hadoop.security.group.mapping.ldap.bind.password</name> |
| <value>guest-password</value> |
| </property> |
| <property> |
| <name>gateway.group.config.hadoop.security.group.mapping.ldap.url</name> |
| <value>ldap://localhost:33389</value> |
| </property> |
| <property> |
| <name>gateway.group.config.hadoop.security.group.mapping.ldap.base</name> |
| <value></value> |
| </property> |
| <property> |
| <name>gateway.group.config.hadoop.security.group.mapping.ldap.search.filter.user</name> |
| <value>(&(|(objectclass=person)(objectclass=applicationProcess))(cn={0}))</value> |
| </property> |
| <property> |
| <name>gateway.group.config.hadoop.security.group.mapping.ldap.search.filter.group</name> |
| <value>(objectclass=groupOfNames)</value> |
| </property> |
| <property> |
| <name>hgateway.group.config.adoop.security.group.mapping.ldap.search.attr.member</name> |
| <value>member</value> |
| </property> |
| <property> |
| <name>gateway.group.config.hadoop.security.group.mapping.ldap.search.attr.group.name</name> |
| <value>cn</value> |
| </property> |
| <property> |
| <name>gateway.dispatch.whitelist.services</name> |
| <value>DATANODE,HBASEUI,HDFSUI,JOBHISTORYUI,NODEUI,YARNUI,knoxauth</value> |
| <description>The comma-delimited list of service roles for which the gateway.dispatch.whitelist should be applied.</description> |
| </property> |
| <property> |
| <name>gateway.dispatch.whitelist</name> |
| <value>^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$</value> |
| <description>The whitelist to be applied for dispatches associated with the service roles specified by gateway.dispatch.whitelist.services. |
| If the value is DEFAULT, a domain-based whitelist will be derived from the Knox host.</description> |
| </property> |
| <property> |
| <name>gateway.xforwarded.header.context.append.servicename</name> |
| <value>LIVYSERVER</value> |
| <description>Add service name to x-forward-context header for the list of services defined above.</description> |
| </property> |
| |
| </configuration> |