Google Git
Sign in
apache / ranger / refs/heads/master / . / security-admin / src / main / resources / conf.dist / ranger-admin-default-site.xml
blob: 0217489f86be65132a42bd77f3afc37160f82175 [file] [log] [blame]
<!--
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License. See accompanying LICENSE file.
-->
<configuration>
<property>
<name>ranger.jdbc.sqlconnectorjar</name>
<value>/usr/share/java/mysql-connector-java.jar</value>
<description></description>
</property>
<property>
<name>ranger.service.user</name>
<value>ranger</value>
<description></description>
</property>
<property>
<name>ranger.service.group</name>
<value>ranger</value>
<description></description>
</property>
<property>
<name>ajp.enabled</name>
<value>false</value>
<description></description>
</property>
<!-- ################### System override properties (default values) ################## -->
<!-- #Search properties -->
<property>
<name>ranger.db.maxrows.default</name>
<value>200</value>
</property>
<property>
<name>ranger.db.min_inlist</name>
<value>20</value>
</property>
<property>
<name>ranger.ui.defaultDateformat</name>
<value>MM/dd/yyyy</value>
</property>
<property>
<name>ranger.db.defaultDateformat</name>
<value>yyyy-MM-dd</value>
</property>
<!-- #Security Spring configurations -->
<property>
<name>ranger.ajax.auth.required.code</name>
<value>401</value>
</property>
<property>
<name>ranger.ajax.auth.success.page</name>
<value>/ajax_success.html</value>
</property>
<property>
<name>ranger.logout.success.page</name>
<value>/login.jsp?action=logged_out</value>
</property>
<property>
<name>ranger.ajax.auth.failure.page</name>
<value>/ajax_failure.jsp</value>
</property>
<!-- #Role list -->
<property>
<name>ranger.users.roles.list</name>
<value>ROLE_SYS_ADMIN, ROLE_USER, ROLE_OTHER, ROLE_ANON, ROLE_KEY_ADMIN, ROLE_ADMIN_AUDITOR, ROLE_KEY_ADMIN_AUDITOR</value>
</property>
<!-- #Mail listing -->
<property>
<name>ranger.mail.enabled</name>
<value>true</value>
</property>
<property>
<name>ranger.mail.smtp.auth</name>
<value>false</value>
</property>
<property>
<name>ranger.mail.retry.sleep.ms</name>
<value>2000</value>
</property>
<property>
<name>ranger.mail.retry.max.count</name>
<value>5</value>
</property>
<property>
<name>ranger.mail.retry.sleep.incr_factor</name>
<value>1</value>
</property>
<property>
<name>ranger.mail.listener.enable</name>
<value>false</value>
</property>
<!-- #Second Level Cache -->
<property>
<name>ranger.second_level_cache</name>
<value>true</value>
</property>
<property>
<name>ranger.use_query_cache</name>
<value>true</value>
</property>
<!-- ############################### General application properties ############################## -->
<property>
<name>ranger.user.firstname.maxlength</name>
<value>16</value>
</property>
<property>
<name>ranger.bookmark.name.maxlen</name>
<value>150</value>
</property>
<!-- #RBAC -->
<property>
<name>ranger.rbac.enable</name>
<value>false</value>
</property>
<!-- #REST paths -->
<property>
<name>ranger.rest.paths</name>
<value>org.apache.ranger.rest,xa.rest</value>
</property>
<!-- #Password -->
<property>
<name>ranger.password.hidden</name>
<value>*****</value>
</property>
<property>
<name>ranger.resource.accessControl.enabled</name>
<value>true</value>
</property>
<property>
<name>ranger.xuser.createdByUserId</name>
<value>1</value>
</property>
<!-- #auto lock when too many failed logon attempts -->
<property>
<name>ranger.admin.login.autolock.enabled</name>
<value>true</value>
</property>
<property>
<name>ranger.admin.login.autolock.window.seconds</name>
<value>300</value>
</property>
<property>
<name>ranger.admin.login.autolock.maxfailure</name>
<value>5</value>
</property>
<!-- # anonymous access -->
<property>
<name>ranger.admin.allow.unauthenticated.access</name>
<value>false</value>
<description>
Enable unauthenticated access, it can not be used in production environment.
See security-applicationContext.xml for more.
</description>
</property>
<property>
<name>ranger.admin.allow.unauthenticated.download.access</name>
<value>false</value>
<description>
Enable unauthenticated download access. It enables /service/tags/download, /service/roles/download/ and
/service/plugins/policies/download only.
In the kerberos environment where the security requirements are not particularly high, it can be used to
avoid the trouble of download only ranger plugin accessing ranger via kerberos to download policies and
roles. In many cases, this kind of downloading behavior does not need to be protected.
</description>
</property>
<!-- #hacks -->
<property>
<name>ranger.allow.hack</name>
<value>1</value>
</property>
<!-- #audit logging -->
<property>
<name>ranger.log.SC_NOT_MODIFIED</name>
<value>false</value>
</property>
<!-- # ServletMapping Url Pattern -->
<property>
<name>ranger.servlet.mapping.url.pattern</name>
<value>service</value>
</property>
<!-- # File Separator -->
<property>
<name>ranger.file.separator</name>
<value>/</value>
</property>
<property>
<name>ranger.db.access.filter.enable</name>
<value>true</value>
</property>
<property>
<name>ranger.moderation.enabled</name>
<value>false</value>
</property>
<property>
<name>ranger.userpref.enabled</name>
<value>false</value>
</property>
<!-- Embedded Web-Server properties -->
<property>
<name>ranger.valve.errorreportvalve.showserverinfo</name>
<value>false</value>
</property>
<property>
<name>ranger.valve.errorreportvalve.showreport</name>
<value>false</value>
</property>
<!--
#
# Service Information
#
-->
<!-- Unix auth properties -->
<property>
<name>ranger.unixauth.remote.login.enabled</name>
<value>true</value>
</property>
<property>
<name>ranger.unixauth.service.hostname</name>
<value>localhost</value>
</property>
<property>
<name>ranger.unixauth.service.port</name>
<value>5151</value>
</property>
<property>
<name>ranger.unixauth.ssl.enabled</name>
<value>true</value>
</property>
<property>
<name>ranger.unixauth.debug</name>
<value>false</value>
</property>
<property>
<name>ranger.unixauth.server.cert.validation</name>
<value>false</value>
</property>
<property>
<name>ranger.unixauth.keystore</name>
<value>keystore.jks</value>
</property>
<property>
<name>ranger.unixauth.keystore.credential.alias</name>
<value>unixAuthKeyStoreAlias</value>
</property>
<property>
<name>ranger.unixauth.keystore.password</name>
<value>password</value>
</property>
<property>
<name>ranger.unixauth.truststore</name>
<value>cacerts</value>
</property>
<property>
<name>ranger.unixauth.truststore.credential.alias</name>
<value>unixAuthTrustStoreAlias</value>
</property>
<property>
<name>ranger.unixauth.truststore.password</name>
<value>changeit</value>
</property>
<!-- Maven project Version -->
<property>
<name>maven.project.version</name>
<value>0.5.0</value>
<description></description>
</property>
<property>
<name>ranger.service.shutdown.port</name>
<value>6085</value>
</property>
<property>
<name>ranger.service.shutdown.command</name>
<value>SHUTDOWN</value>
</property>
<property>
<name>ranger.service.https.attrib.ssl.protocol</name>
<value>TLSv1.2</value>
</property>
<property>
<name>ranger.service.https.attrib.client.auth</name>
<value>false</value>
</property>
<property>
<name>ranger.accesslog.dateformat</name>
<value>-yyyy-MM-dd</value>
</property>
<property>
<name>ranger.accesslog.pattern</name>
<value>%h %l %u %t "%r" %s %b %D "%{Referer}i" "%{User-Agent}i"</value>
</property>
<property>
<name>ranger.accesslog.rotate.enabled</name>
<value>true</value>
</property>
<property>
<name>ranger.accesslog.rotate.max_days</name>
<value>15</value>
</property>
<property>
<name>ranger.accesslog.rotate.rename_on_rotate</name>
<value>15</value>
</property>
<property>
<name>ranger.contextName</name>
<value>/</value>
<description></description>
</property>
<property>
<name>ranger.jpa.showsql</name>
<value>false</value>
<description></description>
</property>
<property>
<name>ranger.env.local</name>
<value>true</value>
<description></description>
</property>
<property>
<name>ranger.jpa.jdbc.dialect</name>
<value>org.eclipse.persistence.platform.database.MySQLPlatform</value>
<description></description>
</property>
<property>
<name>ranger.jpa.jdbc.maxpoolsize</name>
<value>40</value>
<description></description>
</property>
<property>
<name>ranger.jpa.jdbc.minpoolsize</name>
<value>5</value>
<description></description>
</property>
<property>
<name>ranger.jpa.jdbc.idletimeout</name>
<value>300000</value>
<description></description>
</property>
<property>
<name>ranger.jpa.jdbc.maxlifetime</name>
<value>1800000</value>
<description></description>
</property>
<property>
<name>ranger.jpa.jdbc.preferredtestquery</name>
<value>select 1</value>
<description></description>
</property>
<property>
<name>ranger.jpa.jdbc.connectiontimeout</name>
<value>30000</value>
<description></description>
</property>
<property>
<name>ranger.jpa.jdbc.batch-clear.enable</name>
<value>true</value>
<description>property to enable bulk mode optimization</description>
</property>
<property>
<name>ranger.jpa.jdbc.batch-clear.size</name>
<value>10</value>
<description>batch size (in number of policies) to flush and clear jdbc statements during batch policy import/delete</description>
</property>
<property>
<name>ranger.jpa.jdbc.batch-persist.size</name>
<value>500</value>
<description>batch size (in number of objects) to flush and clear jdbc statements during jpa persistence</description>
</property>
<property>
<name>ranger.jpa.jdbc.credential.alias</name>
<value>ranger.db.password</value>
<description></description>
</property>
<property>
<name>ranger.credential.provider.path</name>
<value>/etc/ranger/admin/rangeradmin.jceks</value>
<description></description>
</property>
<property>
<name>ranger.logs.base.dir</name>
<value>user.home</value>
<description></description>
</property>
<property>
<name>ranger.jpa.audit.jdbc.dialect</name>
<value>org.eclipse.persistence.platform.database.MySQLPlatform</value>
<description></description>
</property>
<property>
<name>ranger.jpa.audit.jdbc.credential.alias</name>
<value>ranger.auditdb.password</value>
<description></description>
</property>
<property>
<name>ranger.ldap.binddn.credential.alias</name>
<value>ranger.ldap.binddn.password</value>
<description></description>
</property>
<property>
<name>ranger.ldap.ad.binddn.credential.alias</name>
<value>ranger.ad.binddn.password</value>
<description></description>
</property>
<property>
<name>ranger.resource.lookup.timeout.value.in.ms</name>
<value>1000</value>
<description></description>
</property>
<property>
<name>ranger.validate.config.timeout.value.in.ms</name>
<value>10000</value>
<description></description>
</property>
<property>
<name>ranger.timed.executor.max.threadpool.size</name>
<value>10</value>
<description></description>
</property>
<property>
<name>ranger.timed.executor.queue.size</name>
<value>100</value>
<description></description>
</property>
<property>
<name>ranger.solr.audit.credential.alias</name>
<value>ranger.solr.password</value>
<description></description>
</property>
<property>
<name>ranger.audit.solr.time.interval</name>
<value>60000</value>
<description>Time in milliseconds</description>
</property>
<property>
<name>ranger.audit.solr.bootstrap.enabled</name>
<value>true</value>
</property>
<property>
<name>ranger.audit.elasticsearch.bootstrap.enabled</name>
<value>true</value>
</property>
<property>
<name>ranger.audit.solr.max.retry</name>
<value>30</value>
<description>Maximum no. of retry to setup solr</description>
</property>
<property>
<name>ranger.sha256Password.update.disable</name>
<value>false</value>
<description></description>
</property>
<property>
<name>ranger.password.history.count</name>
<value>4</value>
<description></description>
</property>
<!-- # DB Info for audit_DB -->
<property>
<name>ranger.jpa.audit.jdbc.driver</name>
<value>net.sf.log4jdbc.DriverSpy</value>
<description></description>
</property>
<property>
<name>ranger.jpa.audit.jdbc.url</name>
<value>jdbc:log4jdbc:mysql://localhost/rangeraudit</value>
<description></description>
</property>
<property>
<name>ranger.jpa.audit.jdbc.user</name>
<value>rangerlogger</value>
<description></description>
</property>
<property>
<name>ranger.jpa.audit.jdbc.password</name>
<value>rangerlogger</value>
<description></description>
</property>
<property>
<name>ranger.supportedcomponents</name>
<value></value>
</property>
<property>
<name>ranger.sso.cookiename</name>
<value>hadoop-jwt</value>
</property>
<property>
<name>ranger.sso.query.param.originalurl</name>
<value>originalUrl</value>
</property>
<property>
<name>ranger.rest-csrf.enabled</name>
<value>true</value>
</property>
<property>
<name>ranger.rest-csrf.custom-header</name>
<value>X-XSRF-HEADER</value>
</property>
<property>
<name>ranger.rest-csrf.methods-to-ignore</name>
<value>GET,OPTIONS,HEAD,TRACE</value>
</property>
<property>
<name>ranger.rest-csrf.token.length</name>
<value>20</value>
</property>
<property>
<name>ranger.rest-csrf.browser-useragents-regex</name>
<value>Mozilla,Opera,Chrome</value>
</property>
<property>
<name>ranger.krb.browser-useragents-regex</name>
<value>Mozilla,Opera,Chrome</value>
</property>
<property>
<name>ranger.db.ssl.enabled</name>
<value>false</value>
</property>
<property>
<name>ranger.db.ssl.required</name>
<value>false</value>
</property>
<property>
<name>ranger.db.ssl.verifyServerCertificate</name>
<value>false</value>
</property>
<property>
<name>ranger.db.ssl.auth.type</name>
<value>2-way</value>
</property>
<property>
<name>ranger.db.ssl.certificateFile</name>
<value></value>
</property>
<property>
<name>ranger.truststore.file.type</name>
<value>jks</value>
</property>
<property>
<name>ranger.keystore.file.type</name>
<value>jks</value>
</property>
<property>
<name>ranger.keystore.file</name>
<value></value>
</property>
<property>
<name>ranger.keystore.alias</name>
<value>keyStoreAlias</value>
</property>
<property>
<name>ranger.keystore.password</name>
<value></value>
</property>
<property>
<name>ranger.truststore.file</name>
<value></value>
</property>
<property>
<name>ranger.truststore.alias</name>
<value>trustStoreAlias</value>
</property>
<property>
<name>ranger.truststore.password</name>
<value></value>
</property>
<property>
<name>ranger.service.https.attrib.ssl.enabled.protocols</name>
<value>TLSv1.2</value>
</property>
<!-- Encryption -->
<property>
<name>ranger.password.encryption.key</name>
<value>tzL1AKl5uc4NKYaoQ4P3WLGIBFPXWPWdu1fRm9004jtQiV</value>
</property>
<property>
<name>ranger.password.salt</name>
<value>f77aLYLo</value>
</property>
<property>
<name>ranger.password.iteration.count</name>
<value>1000</value>
</property>
<property>
<name>ranger.password.encryption.algorithm</name>
<value>PBEWithHmacSHA512AndAES_128</value>
</property>
<property>
<name>ranger.default.browser-useragents</name>
<value>Mozilla,Opera,Chrome</value>
</property>
<property>
<name>ranger.tomcat.work.dir</name>
<value></value>
</property>
<property>
<name>ranger.allow.kerberos.auth.login.browser</name>
<value>false</value>
</property>
</configuration>