knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pzamp...@apache.org
Subject svn commit: r1834170 - in /knox: site/books/knox-1-1-0/user-guide.html trunk/books/1.1.0/config.md
Date Fri, 22 Jun 2018 22:45:03 GMT
Author: pzampino
Date: Fri Jun 22 22:45:02 2018
New Revision: 1834170

URL: http://svn.apache.org/viewvc?rev=1834170&view=rev
Log:
Documented gateway-site config properties for default discovery address and cluster values,
forced read-only topologies, and allowing unauthenticated remote regsitry reads

Modified:
    knox/site/books/knox-1-1-0/user-guide.html
    knox/trunk/books/1.1.0/config.md

Modified: knox/site/books/knox-1-1-0/user-guide.html
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-1-0/user-guide.html?rev=1834170&r1=1834169&r2=1834170&view=diff
==============================================================================
--- knox/site/books/knox-1-1-0/user-guide.html (original)
+++ knox/site/books/knox-1-1-0/user-guide.html Fri Jun 22 22:45:02 2018
@@ -721,6 +721,11 @@ https://{gateway-host}:{gateway-port}/{g
       <td>null</td>
     </tr>
     <tr>
+      <td>gateway.remote.config.monitor.client.allowUnauthenticatedReadAccess </td>
+      <td>When a remote registry client is configured to access a registry securely,
this property can be set to allow unauthenticated clients to continue to read the content
from that registry by setting the ACLs accordingly. </td>
+      <td>false</td>
+    </tr>
+    <tr>
       <td>gateway.remote.config.registry.<b>&lt;name&gt;</b></td>
       <td>A named <a href="#Remote+Configuration+Registry+Clients">remote configuration
registry client</a> definition</td>
       <td>null</td>
@@ -740,6 +745,21 @@ https://{gateway-host}:{gateway-port}/{g
       <td>Turn on/off Remote Alias Discovery, this will take effect only when remote
configuration monitor is enabled </td>
       <td>true</td>
     </tr>
+    <tr>
+      <td>gateway.read.only.override.topologies </td>
+      <td>A comma-delimited list of topology names which should be forcibly treated
as read-only. </td>
+      <td>none</td>
+    </tr>
+    <tr>
+      <td>gateway.discovery.default.address </td>
+      <td>The default discovery address, which is applied if no address is specified
in a descriptor. </td>
+      <td>null</td>
+    </tr>
+    <tr>
+      <td>gateway.discovery.default.cluster </td>
+      <td>The default discovery cluster name, which is applied if no cluster name is
specified in a descriptor. </td>
+      <td>null</td>
+    </tr>
   </tbody>
 </table><h4><a id="Topology+Descriptors">Topology Descriptors</a>
<a href="#Topology+Descriptors"><img src="markbook-section-link.png"/></a></h4><p>The
topology descriptor files provide the gateway with per-cluster configuration information.
This includes configuration for both the providers within the gateway and the services within
the Hadoop cluster. These files are located in <code>{GATEWAY_HOME}/conf/topologies</code>.
The general outline of this document looks like this.</p>
 <pre><code>&lt;topology&gt;
@@ -910,7 +930,7 @@ ip-10-39-107-209.ec2.internal
     </tr>
     <tr>
       <td>discovery-address</td>
-      <td>The endpoint address for the discovery source.</td>
+      <td>The endpoint address for the discovery source. If omitted, then Knox will
check for the gateway-site configuration property named <em>gateway.discovery.default.address</em>,
and use its value if defined.</td>
     </tr>
     <tr>
       <td>discovery-user</td>
@@ -926,7 +946,7 @@ ip-10-39-107-209.ec2.internal
     </tr>
     <tr>
       <td>cluster</td>
-      <td>The name of the cluster from which the topology service endpoints should
be determined.</td>
+      <td>The name of the cluster from which the topology service endpoints should
be determined. If omitted, then Knox will check for the gateway-site configuration property
named <em>gateway.discovery.default.cluster</em>, and use its value if defined.</td>
     </tr>
     <tr>
       <td>services</td>

Modified: knox/trunk/books/1.1.0/config.md
URL: http://svn.apache.org/viewvc/knox/trunk/books/1.1.0/config.md?rev=1834170&r1=1834169&r2=1834170&view=diff
==============================================================================
--- knox/trunk/books/1.1.0/config.md (original)
+++ knox/trunk/books/1.1.0/config.md Fri Jun 22 22:45:02 2018
@@ -143,10 +143,14 @@ ssl.include.ciphers|A comma separated li
 ssl.exclude.ciphers|A comma separated list of ciphers to reject for SSL. See the [JSSE Provider
docs](http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider)
for possible ciphers. These can also contain regular expressions as shown in the [Jetty documentation](http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html).|none|
 ssl.exclude.protocols|Excludes a comma separated list of protocols to not accept for SSL
or "none"|SSLv3
 gateway.remote.config.monitor.client|A reference to the [remote configuration registry client](#Remote+Configuration+Registry+Clients)
the remote configuration monitor will employ.|null
+gateway.remote.config.monitor.client.allowUnauthenticatedReadAccess | When a remote registry
client is configured to access a registry securely, this property can be set to allow unauthenticated
clients to continue to read the content from that registry by setting the ACLs accordingly.
| false
 gateway.remote.config.registry.<b>&lt;name&gt;</b>|A named [remote configuration
registry client](#Remote+Configuration+Registry+Clients) definition|null
 gateway.cluster.config.monitor.ambari.enabled | Indicates whether the cluster monitoring
and associated dynamic topology updating is enabled. | false
 gateway.cluster.config.monitor.ambari.interval | The interval (in seconds) at which the cluster
monitor will poll Ambari for cluster configuration changes. | 60
 gateway.remote.alias.service.enabled | Turn on/off Remote Alias Discovery, this will take
effect only when remote configuration monitor is enabled  | true
+gateway.read.only.override.topologies | A comma-delimited list of topology names which should
be forcibly treated as read-only. | none
+gateway.discovery.default.address | The default discovery address, which is applied if no
address is specified in a descriptor. | null
+gateway.discovery.default.cluster | The default discovery cluster name, which is applied
if no cluster name is specified in a descriptor. | null
 
 
 #### Topology Descriptors ####
@@ -467,11 +471,11 @@ topology descriptor.
 property&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|
description
 ------------|-----------
 discovery-type|The discovery source type. (Currently, the only supported type is *AMBARI*).
-discovery-address|The endpoint address for the discovery source.
+discovery-address|The endpoint address for the discovery source. If omitted, then Knox will
check for the gateway-site configuration property named *gateway.discovery.default.address*,
and use its value if defined.
 discovery-user|The username with permission to access the discovery source. If omitted, then
Knox will check for an alias named *ambari.discovery.user*, and use its value if defined.
 discovery-pwd-alias|The alias of the password for the user with permission to access the
discovery source. If omitted, then Knox will check for an alias named *ambari.discovery.password*,
and use its value if defined.
 provider-config-ref|A reference to a provider configuration in `{GATEWAY_HOME}/conf/shared-providers/`.
-cluster|The name of the cluster from which the topology service endpoints should be determined.
+cluster|The name of the cluster from which the topology service endpoints should be determined.
 If omitted, then Knox will check for the gateway-site configuration property named *gateway.discovery.default.cluster*,
and use its value if defined.
 services|The collection of services to be included in the topology.
 applications|The collection of applications to be included in the topology.
 



Mime
View raw message