| <?xml version="1.0" encoding="utf-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <topology> |
| |
| <gateway> |
| <provider> |
| <role>authentication</role> |
| <name>ShiroProvider</name> |
| <enabled>true</enabled> |
| <param name="main.ldapRealm" value="org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm"/> |
| <param name="main.ldapContextFactory" value="org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory"/> |
| <param name="main.ldapRealm.contextFactory" value="$ldapContextFactory"/> |
| |
| <param name="main.ldapRealm.contextFactory.url" value="ldap://ad.qa.your-domain.com:389"/> |
| <param name="main.ldapRealm.contextFactory.systemUsername" value="CN=sam,CN=Users,DC=hwqe,DC=hortonworks,DC=com"/> |
| <param name="main.ldapRealm.contextFactory.systemPassword" value="********"/> |
| |
| <param name="main.ldapRealm.userSearchBase" value="CN=Users,DC=hwqe,DC=hortonworks,DC=com"/> |
| <param name="main.ldapRealm.userSearchAttributeName" value="sAMAccountName"/> |
| <param name="main.ldapRealm.userObjectClass" value="person"/> |
| |
| <param name="main.ldapRealm.authorizationEnabled" value="true"/> |
| <param name="main.ldapRealm.groupSearchBase" value="OU=groups,DC=hwqe,DC=hortonworks,DC=com"/> |
| <param name="main.ldapRealm.groupObjectClass" value="group"/> |
| <param name="main.ldapRealm.groupIdAttribute" value="sAMAccountName"/> |
| <param name="main.ldapRealm.memberAttribute" value="member"/> |
| |
| <param name="main.cacheManager" value="org.apache.shiro.cache.ehcache.EhCacheManager"/> |
| <param name="main.securityManager.cacheManager" value="$cacheManager"/> |
| <param name="main.ldapRealm.authenticationCachingEnabled" value="true"/> |
| |
| <param name="urls./**" value="authcBasic"/> |
| </provider> |
| |
| <provider> |
| <role>identity-assertion</role> |
| <name>Default</name> |
| <enabled>true</enabled> |
| </provider> |
| |
| <!-- |
| Defines rules for mapping host names internal to a Hadoop cluster to externally accessible host names. |
| For example, a hadoop service running in AWS may return a response that includes URLs containing the |
| some AWS internal host name. If the client needs to make a subsequent request to the host identified |
| in those URLs they need to be mapped to external host names that the client Knox can use to connect. |
| |
| If the external hostname and internal host names are same turn of this provider by setting the value of |
| enabled parameter as false. |
| |
| The name parameter specifies the external host names in a comma separated list. |
| The value parameter specifies corresponding internal host names in a comma separated list. |
| |
| Note that when you are using Sandbox, the external hostname needs to be localhost, as seen in out |
| of box sandbox.xml. This is because Sandbox uses port mapping to allow clients to connect to the |
| Hadoop services using localhost. In real clusters, external host names would almost never be localhost. |
| --> |
| <provider> |
| <role>hostmap</role> |
| <name>static</name> |
| <enabled>false</enabled> |
| <param><name>localhost</name><value>sandbox,sandbox.hortonworks.com</value></param> |
| </provider> |
| |
| </gateway> |
| |
| <service> |
| <role>NAMENODE</role> |
| <url>hdfs://hdp.example.com:8020</url> |
| </service> |
| |
| <service> |
| <role>JOBTRACKER</role> |
| <url>rpc://hdp.example.com:8050</url> |
| </service> |
| |
| <service> |
| <role>WEBHDFS</role> |
| <url>http://hdp.example.com:50070/webhdfs</url> |
| </service> |
| |
| <service> |
| <role>WEBHCAT</role> |
| <url>http://hdp.example.com:50111/templeton</url> |
| </service> |
| |
| <service> |
| <role>OOZIE</role> |
| <url>http://hdp.example.com:11000/oozie</url> |
| </service> |
| |
| <service> |
| <role>WEBHBASE</role> |
| <url>http://hdp.example.com:60080</url> |
| </service> |
| |
| <service> |
| <role>HIVE</role> |
| <url>http://hdp.example.com:10001/cliservice</url> |
| </service> |
| |
| </topology> |