| <?xml version="1.0" encoding="utf-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <topology> |
| |
| <gateway> |
| |
| <provider> |
| <role>authentication</role> |
| <enabled>true</enabled> |
| <name>ShiroProvider</name> |
| <param> |
| <name>main.ldapRealm</name> |
| <value>org.apache.knox.gateway.shirorealm.KnoxLdapRealm</value> |
| </param> |
| <param> |
| <name>main.ldapContextFactory</name> |
| <value>org.apache.knox.gateway.shirorealm.KnoxLdapContextFactory</value> |
| </param> |
| <param> |
| <name>main.ldapRealm.contextFactory</name> |
| <value>$ldapContextFactory</value> |
| </param> |
| <param> |
| <name>main.ldapRealm.userDnTemplate</name> |
| <value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value> |
| </param> |
| <param> |
| <name>main.ldapRealm.contextFactory.url</name> |
| <value>ldap://localhost:33389</value> |
| </param> |
| <param> |
| <name>main.ldapRealm.contextFactory.authenticationMechanism</name> |
| <value>simple</value> |
| </param> |
| <param> |
| <name>urls./**</name> |
| <value>authcBasic</value> |
| </param> |
| </provider> |
| <provider> |
| <role>identity-assertion</role> |
| <enabled>true</enabled> |
| <name>Default</name> |
| </provider> |
| |
| <!-- |
| Defines rules for mapping host names internal to a Hadoop cluster to externally accessible host names. |
| For example, a hadoop service running in AWS may return a response that includes URLs containing the |
| some AWS internal host name. If the client needs to make a subsequent request to the host identified |
| in those URLs they need to be mapped to external host names that the client Knox can use to connect. |
| |
| If the external hostname and internal host names are same turn of this provider by setting the value of |
| enabled parameter as false. |
| |
| The name parameter specifies the external host names in a comma separated list. |
| The value parameter specifies corresponding internal host names in a comma separated list. |
| |
| Note that when you are using Sandbox, the external hostname needs to be localhost, as seen in out |
| of box sandbox.xml. This is because Sandbox uses port mapping to allow clients to connect to the |
| Hadoop services using localhost. In real clusters, external host names would almost never be localhost. |
| --> |
| <provider> |
| <role>hostmap</role> |
| <name>static</name> |
| <enabled>true</enabled> |
| <param><name>localhost</name><value>sandbox,sandbox.hortonworks.com</value></param> |
| </provider> |
| |
| </gateway> |
| |
| <service> |
| <role>NAMENODE</role> |
| <url>hdfs://localhost:8020</url> |
| </service> |
| |
| <!-- |
| In Hadoop 2 the Job Tracker RPC APIs are implemented by the Resource Manager. |
| --> |
| <service> |
| <role>JOBTRACKER</role> |
| <url>rpc://localhost:8050</url> |
| </service> |
| |
| <service> |
| <role>WEBHDFS</role> |
| <url>http://localhost:50070/webhdfs</url> |
| </service> |
| |
| <service> |
| <role>WEBHCAT</role> |
| <url>http://localhost:50111/templeton</url> |
| </service> |
| |
| <service> |
| <role>OOZIE</role> |
| <url>http://localhost:11000/oozie</url> |
| </service> |
| |
| <service> |
| <role>WEBHBASE</role> |
| <url>http://localhost:60080</url> |
| </service> |
| |
| <service> |
| <role>HIVE</role> |
| <url>http://localhost:10000</url> |
| </service> |
| |
| </topology> |