knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From su...@apache.org
Subject [01/11] knox git commit: KNOX-827 added manager topology
Date Thu, 22 Dec 2016 15:35:08 GMT
Repository: knox
Updated Branches:
  refs/heads/master 1bc09836c -> b65a0175b


http://git-wip-us.apache.org/repos/asf/knox/blob/b65a0175/gateway-release/home/conf/topologies/admin.xml
----------------------------------------------------------------------
diff --git a/gateway-release/home/conf/topologies/admin.xml b/gateway-release/home/conf/topologies/admin.xml
index 8ca9024..2f3d9a9 100644
--- a/gateway-release/home/conf/topologies/admin.xml
+++ b/gateway-release/home/conf/topologies/admin.xml
@@ -20,16 +20,6 @@
     <gateway>
 
         <provider>
-            <role>webappsec</role>
-            <name>WebAppSec</name>
-            <enabled>true</enabled>
-            <param><name>csrf.enabled</name><value>true</value></param>
-            <param><name>csrf.customHeader</name><value>X-XSRF-Header</value></param>
-            <param><name>csrf.methodsToIgnore</name><value>GET,OPTIONS,HEAD</value></param>
-            <param><name>xframe-options.enabled</name><value>true</value></param>
-        </provider>
-
-        <provider>
             <role>authentication</role>
             <name>ShiroProvider</name>
             <enabled>true</enabled>
@@ -113,10 +103,6 @@
 
     </gateway>
 
-    <application>
-        <role>admin-ui</role>
-    </application>
-
     <service>
         <role>KNOX</role>
     </service>

http://git-wip-us.apache.org/repos/asf/knox/blob/b65a0175/gateway-release/home/conf/topologies/manager.xml
----------------------------------------------------------------------
diff --git a/gateway-release/home/conf/topologies/manager.xml b/gateway-release/home/conf/topologies/manager.xml
new file mode 100644
index 0000000..8ca9024
--- /dev/null
+++ b/gateway-release/home/conf/topologies/manager.xml
@@ -0,0 +1,124 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<topology>
+
+    <gateway>
+
+        <provider>
+            <role>webappsec</role>
+            <name>WebAppSec</name>
+            <enabled>true</enabled>
+            <param><name>csrf.enabled</name><value>true</value></param>
+            <param><name>csrf.customHeader</name><value>X-XSRF-Header</value></param>
+            <param><name>csrf.methodsToIgnore</name><value>GET,OPTIONS,HEAD</value></param>
+            <param><name>xframe-options.enabled</name><value>true</value></param>
+        </provider>
+
+        <provider>
+            <role>authentication</role>
+            <name>ShiroProvider</name>
+            <enabled>true</enabled>
+            <param>
+                <!-- 
+                session timeout in minutes,  this is really idle timeout,
+                defaults to 30mins, if the property value is not defined,, 
+                current client authentication would expire if client idles contiuosly for
more than this value
+                -->
+                <name>sessionTimeout</name>
+                <value>30</value>
+            </param>
+            <param>
+                <name>main.ldapRealm</name>
+                <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
+            </param>
+            <param>
+                <name>main.ldapContextFactory</name>
+                <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
+            </param>
+            <param>
+                <name>main.ldapRealm.contextFactory</name>
+                <value>$ldapContextFactory</value>
+            </param>
+            <param>
+                <name>main.ldapRealm.userDnTemplate</name>
+                <value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value>
+            </param>
+            <param>
+                <name>main.ldapRealm.contextFactory.url</name>
+                <value>ldap://localhost:33389</value>
+            </param>
+            <param>
+                <name>main.ldapRealm.contextFactory.authenticationMechanism</name>
+                <value>simple</value>
+            </param>
+            <param>
+                <name>urls./**</name>
+                <value>authcBasic</value>
+            </param>
+        </provider>
+
+        <provider>
+            <role>authorization</role>
+            <name>AclsAuthz</name>
+            <enabled>true</enabled>
+            <param>
+                <name>knox.acl</name>
+                <value>admin;*;*</value>
+            </param>
+        </provider>
+
+        <provider>
+            <role>identity-assertion</role>
+            <name>Default</name>
+            <enabled>true</enabled>
+        </provider>
+
+        <!--
+        Defines rules for mapping host names internal to a Hadoop cluster to externally accessible
host names.
+        For example, a hadoop service running in AWS may return a response that includes
URLs containing the
+        some AWS internal host name.  If the client needs to make a subsequent request to
the host identified
+        in those URLs they need to be mapped to external host names that the client Knox
can use to connect.
+
+        If the external hostname and internal host names are same turn of this provider by
setting the value of
+        enabled parameter as false.
+
+        The name parameter specifies the external host names in a comma separated list.
+        The value parameter specifies corresponding internal host names in a comma separated
list.
+
+        Note that when you are using Sandbox, the external hostname needs to be localhost,
as seen in out
+        of box sandbox.xml.  This is because Sandbox uses port mapping to allow clients to
connect to the
+        Hadoop services using localhost.  In real clusters, external host names would almost
never be localhost.
+        -->
+        <provider>
+            <role>hostmap</role>
+            <name>static</name>
+            <enabled>true</enabled>
+            <param><name>localhost</name><value>sandbox,sandbox.hortonworks.com</value></param>
+        </provider>
+
+    </gateway>
+
+    <application>
+        <role>admin-ui</role>
+    </application>
+
+    <service>
+        <role>KNOX</role>
+    </service>
+
+</topology>


Mime
View raw message