hadoop-ozone/dist/src/main/compose/ozonesecure/docker-config - ozone - Git at Google

 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.

 CORE-SITE.XML_fs.defaultFS=ofs://om
 CORE-SITE.XML_fs.trash.interval=1

 OZONE-SITE.XML_ozone.om.address=om
 OZONE-SITE.XML_ozone.om.http-address=om:9874
 OZONE-SITE.XML_ozone.scm.container.size=1GB
 OZONE-SITE.XML_ozone.scm.pipeline.creation.interval=30s
 OZONE-SITE.XML_ozone.scm.pipeline.owner.container.count=1
 OZONE-SITE.XML_ozone.scm.names=scm
 OZONE-SITE.XML_ozone.scm.datanode.id.dir=/data
 OZONE-SITE.XML_ozone.scm.block.client.address=scm
 OZONE-SITE.XML_ozone.metadata.dirs=/data/metadata
 OZONE-SITE.XML_ozone.handler.type=distributed
 OZONE-SITE.XML_ozone.scm.client.address=scm
 OZONE-SITE.XML_hdds.block.token.enabled=true
 OZONE-SITE.XML_ozone.replication=3
 OZONE-SITE.XML_ozone.datanode.pipeline.limit=1

 OZONE-SITE.XML_ozone.recon.om.snapshot.task.interval.delay=1m
 OZONE-SITE.XML_ozone.recon.db.dir=/data/metadata/recon
 OZONE-SITE.XML_ozone.recon.om.snapshot.task.initial.delay=20s
 OZONE-SITE.XML_ozone.recon.address=recon:9891

 OZONE-SITE.XML_ozone.security.enabled=true
 OZONE-SITE.XML_ozone.acl.enabled=true
 OZONE-SITE.XML_ozone.acl.authorizer.class=org.apache.hadoop.ozone.security.acl.OzoneNativeAuthorizer
 OZONE-SITE.XML_ozone.administrators="testuser/scm@EXAMPLE.COM,testuser/s3g@EXAMPLE.COM"

 OZONE-SITE.XML_hdds.datanode.dir=/data/hdds
 HDFS-SITE.XML_dfs.datanode.address=0.0.0.0:1019
 HDFS-SITE.XML_dfs.datanode.http.address=0.0.0.0:1012
 CORE-SITE.XML_dfs.data.transfer.protection=authentication
 CORE-SITE.XML_hadoop.security.authentication=kerberos
 CORE-SITE.XML_hadoop.security.auth_to_local="RULE:[2:$1](testuser2.*) RULE:[2:$1@$0](.*)s/.*/root/"
 CORE-SITE.XML_hadoop.security.key.provider.path=kms://http@kms:9600/kms


 OZONE-SITE.XML_hdds.scm.kerberos.principal=scm/scm@EXAMPLE.COM
 OZONE-SITE.XML_hdds.scm.kerberos.keytab.file=/etc/security/keytabs/scm.keytab
 OZONE-SITE.XML_ozone.om.kerberos.principal=om/om@EXAMPLE.COM
 OZONE-SITE.XML_ozone.om.kerberos.keytab.file=/etc/security/keytabs/om.keytab
 OZONE-SITE.XML_ozone.recon.kerberos.keytab.file=/etc/security/keytabs/recon.keytab
 OZONE-SITE.XML_ozone.recon.kerberos.principal=recon/recon@EXAMPLE.COM

 HDFS-SITE.XML_dfs.datanode.kerberos.principal=dn/_HOST@EXAMPLE.COM
 HDFS-SITE.XML_dfs.datanode.keytab.file=/etc/security/keytabs/dn.keytab
 HDFS-SITE.XML_dfs.web.authentication.kerberos.principal=HTTP/_HOST@EXAMPLE.COM
 HDFS-SITE.XML_dfs.web.authentication.kerberos.keytab=/etc/security/keytabs/HTTP.keytab


 OZONE-SITE.XML_ozone.security.http.kerberos.enabled=true
 OZONE-SITE.XML_ozone.http.filter.initializers=org.apache.hadoop.security.AuthenticationFilterInitializer

 OZONE-SITE.XML_ozone.om.http.auth.type=kerberos
 OZONE-SITE.XML_hdds.scm.http.auth.type=kerberos
 OZONE-SITE.XML_hdds.datanode.http.auth.type=kerberos
 OZONE-SITE.XML_ozone.s3g.http.auth.type=kerberos
 OZONE-SITE.XML_ozone.recon.http.auth.type=kerberos

 OZONE-SITE.XML_hdds.scm.http.auth.kerberos.principal=HTTP/scm@EXAMPLE.COM
 OZONE-SITE.XML_hdds.scm.http.auth.kerberos.keytab=/etc/security/keytabs/HTTP.keytab
 OZONE-SITE.XML_ozone.om.http.auth.kerberos.principal=HTTP/om@EXAMPLE.COM
 OZONE-SITE.XML_ozone.om.http.auth.kerberos.keytab=/etc/security/keytabs/HTTP.keytab
 OZONE-SITE.XML_hdds.datanode.http.auth.kerberos.principal=HTTP/_HOST@EXAMPLE.COM
 OZONE-SITE.XML_hdds.datanode.http.auth.kerberos.keytab=/etc/security/keytabs/HTTP.keytab
 OZONE-SITE.XML_ozone.s3g.http.auth.kerberos.keytab=/etc/security/keytabs/HTTP.keytab
 OZONE-SITE.XML_ozone.s3g.http.auth.kerberos.principal=HTTP/s3g@EXAMPLE.COM
 OZONE-SITE.XML_ozone.recon.http.auth.kerberos.principal=HTTP/recon@EXAMPLE.COM
 OZONE-SITE.XML_ozone.recon.http.auth.kerberos.keytab=/etc/security/keytabs/HTTP.keytab

 CORE-SITE.XML_hadoop.http.authentication.simple.anonymous.allowed=false
 CORE-SITE.XML_hadoop.http.authentication.signature.secret.file=/etc/security/http_secret
 CORE-SITE.XML_hadoop.http.authentication.type=kerberos
 CORE-SITE.XML_hadoop.http.authentication.kerberos.principal=HTTP/_HOST@EXAMPLE.COM
 CORE-SITE.XML_hadoop.http.authentication.kerberos.keytab=/etc/security/keytabs/HTTP.keytab


 CORE-SITE.XML_hadoop.security.authorization=true
 HADOOP-POLICY.XML_ozone.om.security.client.protocol.acl=*
 HADOOP-POLICY.XML_hdds.security.client.datanode.container.protocol.acl=*
 HADOOP-POLICY.XML_hdds.security.client.scm.container.protocol.acl=*
 HADOOP-POLICY.XML_hdds.security.client.scm.block.protocol.acl=*
 HADOOP-POLICY.XML_hdds.security.client.scm.certificate.protocol.acl=*

 HDFS-SITE.XML_rpc.metrics.quantile.enable=true
 HDFS-SITE.XML_rpc.metrics.percentiles.intervals=60,300

 #Enable this variable to print out all hadoop rpc traffic to the stdout. See http://byteman.jboss.org/ to define your own instrumentation.
 #BYTEMAN_SCRIPT_URL=https://raw.githubusercontent.com/apache/hadoop/trunk/dev-support/byteman/hadooprpc.btm

 OZONE_DATANODE_SECURE_USER=root
 SECURITY_ENABLED=true
 KEYTAB_DIR=/etc/security/keytabs
 KERBEROS_KEYSTORES=hadoop
 KERBEROS_SERVER=kdc
 JAVA_HOME=/usr/lib/jvm/jre
 JSVC_HOME=/usr/bin
 SLEEP_SECONDS=5
 KERBEROS_ENABLED=true

 no_proxy=om,scm,recon,s3g,kdc,localhost,127.0.0.1
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	CORE-SITE.XML_fs.defaultFS=ofs://om
	CORE-SITE.XML_fs.trash.interval=1

	OZONE-SITE.XML_ozone.om.address=om
	OZONE-SITE.XML_ozone.om.http-address=om:9874
	OZONE-SITE.XML_ozone.scm.container.size=1GB
	OZONE-SITE.XML_ozone.scm.pipeline.creation.interval=30s
	OZONE-SITE.XML_ozone.scm.pipeline.owner.container.count=1
	OZONE-SITE.XML_ozone.scm.names=scm
	OZONE-SITE.XML_ozone.scm.datanode.id.dir=/data
	OZONE-SITE.XML_ozone.scm.block.client.address=scm
	OZONE-SITE.XML_ozone.metadata.dirs=/data/metadata
	OZONE-SITE.XML_ozone.handler.type=distributed
	OZONE-SITE.XML_ozone.scm.client.address=scm
	OZONE-SITE.XML_hdds.block.token.enabled=true
	OZONE-SITE.XML_ozone.replication=3
	OZONE-SITE.XML_ozone.datanode.pipeline.limit=1

	OZONE-SITE.XML_ozone.recon.om.snapshot.task.interval.delay=1m
	OZONE-SITE.XML_ozone.recon.db.dir=/data/metadata/recon
	OZONE-SITE.XML_ozone.recon.om.snapshot.task.initial.delay=20s
	OZONE-SITE.XML_ozone.recon.address=recon:9891

	OZONE-SITE.XML_ozone.security.enabled=true
	OZONE-SITE.XML_ozone.acl.enabled=true
	OZONE-SITE.XML_ozone.acl.authorizer.class=org.apache.hadoop.ozone.security.acl.OzoneNativeAuthorizer
	OZONE-SITE.XML_ozone.administrators="testuser/scm@EXAMPLE.COM,testuser/s3g@EXAMPLE.COM"

	OZONE-SITE.XML_hdds.datanode.dir=/data/hdds
	HDFS-SITE.XML_dfs.datanode.address=0.0.0.0:1019
	HDFS-SITE.XML_dfs.datanode.http.address=0.0.0.0:1012
	CORE-SITE.XML_dfs.data.transfer.protection=authentication
	CORE-SITE.XML_hadoop.security.authentication=kerberos
	CORE-SITE.XML_hadoop.security.auth_to_local="RULE:[2:$1](testuser2.) RULE:[2:$1@$0](.)s/.*/root/"
	CORE-SITE.XML_hadoop.security.key.provider.path=kms://http@kms:9600/kms


	OZONE-SITE.XML_hdds.scm.kerberos.principal=scm/scm@EXAMPLE.COM
	OZONE-SITE.XML_hdds.scm.kerberos.keytab.file=/etc/security/keytabs/scm.keytab
	OZONE-SITE.XML_ozone.om.kerberos.principal=om/om@EXAMPLE.COM
	OZONE-SITE.XML_ozone.om.kerberos.keytab.file=/etc/security/keytabs/om.keytab
	OZONE-SITE.XML_ozone.recon.kerberos.keytab.file=/etc/security/keytabs/recon.keytab
	OZONE-SITE.XML_ozone.recon.kerberos.principal=recon/recon@EXAMPLE.COM

	HDFS-SITE.XML_dfs.datanode.kerberos.principal=dn/_HOST@EXAMPLE.COM
	HDFS-SITE.XML_dfs.datanode.keytab.file=/etc/security/keytabs/dn.keytab
	HDFS-SITE.XML_dfs.web.authentication.kerberos.principal=HTTP/_HOST@EXAMPLE.COM
	HDFS-SITE.XML_dfs.web.authentication.kerberos.keytab=/etc/security/keytabs/HTTP.keytab


	OZONE-SITE.XML_ozone.security.http.kerberos.enabled=true
	OZONE-SITE.XML_ozone.http.filter.initializers=org.apache.hadoop.security.AuthenticationFilterInitializer

	OZONE-SITE.XML_ozone.om.http.auth.type=kerberos
	OZONE-SITE.XML_hdds.scm.http.auth.type=kerberos
	OZONE-SITE.XML_hdds.datanode.http.auth.type=kerberos
	OZONE-SITE.XML_ozone.s3g.http.auth.type=kerberos
	OZONE-SITE.XML_ozone.recon.http.auth.type=kerberos

	OZONE-SITE.XML_hdds.scm.http.auth.kerberos.principal=HTTP/scm@EXAMPLE.COM
	OZONE-SITE.XML_hdds.scm.http.auth.kerberos.keytab=/etc/security/keytabs/HTTP.keytab
	OZONE-SITE.XML_ozone.om.http.auth.kerberos.principal=HTTP/om@EXAMPLE.COM
	OZONE-SITE.XML_ozone.om.http.auth.kerberos.keytab=/etc/security/keytabs/HTTP.keytab
	OZONE-SITE.XML_hdds.datanode.http.auth.kerberos.principal=HTTP/_HOST@EXAMPLE.COM
	OZONE-SITE.XML_hdds.datanode.http.auth.kerberos.keytab=/etc/security/keytabs/HTTP.keytab
	OZONE-SITE.XML_ozone.s3g.http.auth.kerberos.keytab=/etc/security/keytabs/HTTP.keytab
	OZONE-SITE.XML_ozone.s3g.http.auth.kerberos.principal=HTTP/s3g@EXAMPLE.COM
	OZONE-SITE.XML_ozone.recon.http.auth.kerberos.principal=HTTP/recon@EXAMPLE.COM
	OZONE-SITE.XML_ozone.recon.http.auth.kerberos.keytab=/etc/security/keytabs/HTTP.keytab

	CORE-SITE.XML_hadoop.http.authentication.simple.anonymous.allowed=false
	CORE-SITE.XML_hadoop.http.authentication.signature.secret.file=/etc/security/http_secret
	CORE-SITE.XML_hadoop.http.authentication.type=kerberos
	CORE-SITE.XML_hadoop.http.authentication.kerberos.principal=HTTP/_HOST@EXAMPLE.COM
	CORE-SITE.XML_hadoop.http.authentication.kerberos.keytab=/etc/security/keytabs/HTTP.keytab


	CORE-SITE.XML_hadoop.security.authorization=true
	HADOOP-POLICY.XML_ozone.om.security.client.protocol.acl=*
	HADOOP-POLICY.XML_hdds.security.client.datanode.container.protocol.acl=*
	HADOOP-POLICY.XML_hdds.security.client.scm.container.protocol.acl=*
	HADOOP-POLICY.XML_hdds.security.client.scm.block.protocol.acl=*
	HADOOP-POLICY.XML_hdds.security.client.scm.certificate.protocol.acl=*

	HDFS-SITE.XML_rpc.metrics.quantile.enable=true
	HDFS-SITE.XML_rpc.metrics.percentiles.intervals=60,300

	#Enable this variable to print out all hadoop rpc traffic to the stdout. See http://byteman.jboss.org/ to define your own instrumentation.
	#BYTEMAN_SCRIPT_URL=https://raw.githubusercontent.com/apache/hadoop/trunk/dev-support/byteman/hadooprpc.btm

	OZONE_DATANODE_SECURE_USER=root
	SECURITY_ENABLED=true
	KEYTAB_DIR=/etc/security/keytabs
	KERBEROS_KEYSTORES=hadoop
	KERBEROS_SERVER=kdc
	JAVA_HOME=/usr/lib/jvm/jre
	JSVC_HOME=/usr/bin
	SLEEP_SECONDS=5
	KERBEROS_ENABLED=true

	no_proxy=om,scm,recon,s3g,kdc,localhost,127.0.0.1