http://git-wip-us.apache.org/repos/asf/ambari/blob/984d4605/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/hbase-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/hbase-site.xml b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/hbase-site.xml deleted file mode 100644 index 058facd..0000000 --- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/hbase-site.xml +++ /dev/null @@ -1,573 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ ---> -<configuration> - <!-- These properties exist in common services. --> - <property> - <name>hbase.rootdir</name> - <value>hdfs://localhost:8020/apps/hbase/data</value> - <description>The directory shared by region servers and into - which HBase persists. The URL should be 'fully-qualified' - to include the filesystem scheme. For example, to specify the - HDFS directory '/hbase' where the HDFS instance's namenode is - running at namenode.example.org on port 9000, set this value to: - hdfs://namenode.example.org:9000/hbase. By default HBase writes - into /tmp. Change this configuration else all data will be lost - on machine restart. - </description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.cluster.distributed</name> - <value>true</value> - <description>The mode the cluster will be in. Possible values are - false for standalone mode and true for distributed mode. If - false, startup will run all HBase and ZooKeeper daemons together - in the one JVM. - </description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.tmp.dir</name> - <value>/tmp/hbase-${user.name}</value> - <display-name>HBase tmp directory</display-name> - <description>Temporary directory on the local filesystem. - Change this setting to point to a location more permanent - than '/tmp' (The '/tmp' directory is often cleared on - machine restart). - </description> - <value-attributes> - <type>directory</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.local.dir</name> - <value>${hbase.tmp.dir}/local</value> - <description>Directory on the local filesystem to be used as a local storage - </description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.master.info.bindAddress</name> - <value>0.0.0.0</value> - <description>The bind address for the HBase Master web UI - </description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.regionserver.handler.count</name> - <value>30</value> - <description> - Count of RPC Listener instances spun up on RegionServers. - Same property is used by the Master for count of master handlers. - </description> - <display-name>Number of Handlers per RegionServer</display-name> - <value-attributes> - <type>int</type> - <minimum>5</minimum> - <maximum>240</maximum> - <increment-step>1</increment-step> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.hregion.majorcompaction</name> - <value>604800000</value> - <description> - Time between major compactions. Set to 0 to disable automatic major compactions. - </description> - <display-name>Major Compaction Interval</display-name> - <value-attributes> - <type>int</type> - <minimum>0</minimum> - <maximum>2592000000</maximum> - <unit>milliseconds</unit> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - - <property> - <name>hbase.hregion.memstore.block.multiplier</name> - <value>4</value> - <description> - Block updates if a memstore's size spikes this many times above the size that would cause it to be flushed. - Useful to prevent runaway memstores during a sudden spike in update traffic. - </description> - <display-name>Per-Column Family Memstore Block Multiplier</display-name> - <value-attributes> - <type>value-list</type> - <entries> - <entry> - <value>2</value> - </entry> - <entry> - <value>4</value> - </entry> - <entry> - <value>8</value> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.hregion.memstore.flush.size</name> - <value>134217728</value> - <description> - The size of an individual memstore. Each column familiy within each region is allocated its own memstore. - </description> - <display-name>Memstore Flush Size</display-name> - <value-attributes> - <type>int</type> - <minimum>33554432</minimum> - <maximum>268435456</maximum> - <increment-step>1048576</increment-step> - <unit>B</unit> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.hregion.memstore.mslab.enabled</name> - <value>true</value> - <description> - Enables the MemStore-Local Allocation Buffer, - a feature which works to prevent heap fragmentation under - heavy write loads. This can reduce the frequency of stop-the-world - GC pauses on large heaps. - </description> - <value-attributes> - <type>boolean</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.hregion.max.filesize</name> - <value>10737418240</value> - <description> - Maximum HFile size. If the sum of the sizes of a region's HFiles has grown to exceed this - value, the region is split in two. - </description> - <display-name>Maximum Region File Size</display-name> - <value-attributes> - <type>int</type> - <minimum>1073741824</minimum> - <maximum>107374182400</maximum> - <unit>B</unit> - <increment-step>1073741824</increment-step> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.client.scanner.caching</name> - <value>100</value> - <description>Number of rows that will be fetched when calling next - on a scanner if it is not served from (local, client) memory. Higher - caching values will enable faster scanners but will eat up more memory - and some calls of next may take longer and longer times when the cache is empty. - Do not set this value such that the time between invocations is greater - than the scanner timeout; i.e. hbase.regionserver.lease.period - </description> - <display-name>Number of Fetched Rows when Scanning from Disk</display-name> - <value-attributes> - <type>int</type> - <minimum>100</minimum> - <maximum>10000</maximum> - <increment-step>100</increment-step> - <unit>rows</unit> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>zookeeper.session.timeout</name> - <value>90000</value> - <description>ZooKeeper session timeout. - ZooKeeper session timeout in milliseconds. It is used in two different ways. - First, this value is used in the ZK client that HBase uses to connect to the ensemble. - It is also used by HBase when it starts a ZK server and it is passed as the 'maxSessionTimeout'. See - http://hadoop.apache.org/zookeeper/docs/current/zookeeperProgrammers.html#ch_zkSessions. - For example, if a HBase region server connects to a ZK ensemble that's also managed by HBase, then the - session timeout will be the one specified by this configuration. But, a region server that connects - to an ensemble managed with a different configuration will be subjected that ensemble's maxSessionTimeout. So, - even though HBase might propose using 90 seconds, the ensemble can have a max timeout lower than this and - it will take precedence. - </description> - <display-name>Zookeeper Session Timeout</display-name> - <value-attributes> - <type>int</type> - <minimum>10000</minimum> - <maximum>180000</maximum> - <unit>milliseconds</unit> - <increment-step>10000</increment-step> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.client.keyvalue.maxsize</name> - <value>1048576</value> - <description> - Specifies the combined maximum allowed size of a KeyValue - instance. This is to set an upper boundary for a single entry saved in a - storage file. Since they cannot be split it helps avoiding that a region - cannot be split any further because the data is too large. It seems wise - to set this to a fraction of the maximum region size. Setting it to zero - or less disables the check. - </description> - <display-name>Maximum Record Size</display-name> - <value-attributes> - <type>int</type> - <minimum>1048576</minimum> - <maximum>31457280</maximum> - <unit>B</unit> - <increment-step>262144</increment-step> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.hstore.compactionThreshold</name> - <value>3</value> - <description> - The maximum number of StoreFiles which will be selected for a single minor - compaction, regardless of the number of eligible StoreFiles. Effectively, the value of - hbase.hstore.compaction.max controls the length of time it takes a single compaction to - complete. Setting it larger means that more StoreFiles are included in a compaction. For most - cases, the default value is appropriate. - </description> - <display-name>Maximum Store Files before Minor Compaction</display-name> - <value-attributes> - <type>int</type> - <entries> - <entry> - <value>2</value> - </entry> - <entry> - <value>3</value> - </entry> - <entry> - <value>4</value> - </entry> - </entries> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.hstore.flush.retries.number</name> - <value>120</value> - <description> - The number of times the region flush operation will be retried. - </description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.hstore.blockingStoreFiles</name> - <display-name>hstore blocking storefiles</display-name> - <value>10</value> - <description> - If more than this number of StoreFiles in any one Store - (one StoreFile is written per flush of MemStore) then updates are - blocked for this HRegion until a compaction is completed, or - until hbase.hstore.blockingWaitTime has been exceeded. - </description> - <value-attributes> - <type>int</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hfile.block.cache.size</name> - <value>0.40</value> - <description>Percentage of RegionServer memory to allocate to read buffers.</description> - <display-name>% of RegionServer Allocated to Read Buffers</display-name> - <value-attributes> - <type>float</type> - <minimum>0</minimum> - <maximum>0.8</maximum> - <increment-step>0.01</increment-step> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <!-- Additional configuration specific to HBase security --> - <property> - <name>hbase.superuser</name> - <value>hbase</value> - <description>List of users or groups (comma-separated), who are allowed - full privileges, regardless of stored ACLs, across the cluster. - Only used when HBase security is enabled. - </description> - <depends-on> - <property> - <type>hbase-env</type> - <name>hbase_user</name> - </property> - </depends-on> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.security.authentication</name> - <value>simple</value> - <description> - Select Simple or Kerberos authentication. Note: Kerberos must be set up before the Kerberos option will take effect. - </description> - <display-name>Enable Authentication</display-name> - <value-attributes> - <type>value-list</type> - <entries> - <entry> - <label>Simple</label> - <value>simple</value> - </entry> - <entry> - <label>Kerberos</label> - <value>kerberos</value> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.security.authorization</name> - <value>false</value> - <description> Set Authorization Method.</description> - <display-name>Enable Authorization</display-name> - <value-attributes> - <type>value-list</type> - <entries> - <entry> - <value>true</value> - <label>Native</label> - </entry> - <entry> - <value>false</value> - <label>Off</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.coprocessor.region.classes</name> - <value>org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint</value> - <description>A comma-separated list of Coprocessors that are loaded by - default on all tables. For any override coprocessor method, these classes - will be called in order. After implementing your own Coprocessor, just put - it in HBase's classpath and add the fully qualified class name here. - A coprocessor can also be loaded on demand by setting HTableDescriptor. - </description> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - <depends-on> - <property> - <type>hbase-site</type> - <name>hbase.security.authorization</name> - </property> - <property> - <type>hbase-site</type> - <name>hbase.security.authentication</name> - </property> - </depends-on> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.coprocessor.master.classes</name> - <value/> - <description>A comma-separated list of - org.apache.hadoop.hbase.coprocessor.MasterObserver coprocessors that are - loaded by default on the active HMaster process. For any implemented - coprocessor methods, the listed classes will be called in order. After - implementing your own MasterObserver, just put it in HBase's classpath - and add the fully qualified class name here. - </description> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - <depends-on> - <property> - <type>hbase-site</type> - <name>hbase.security.authorization</name> - </property> - </depends-on> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.zookeeper.property.clientPort</name> - <value>2181</value> - <description>Property from ZooKeeper's config zoo.cfg. - The port at which the clients will connect. - </description> - <on-ambari-upgrade add="false"/> - </property> - <!-- - The following three properties are used together to create the list of - host:peer_port:leader_port quorum servers for ZooKeeper. - --> - <property> - <name>hbase.zookeeper.quorum</name> - <value>localhost</value> - <description>Comma separated list of servers in the ZooKeeper Quorum. - For example, "host1.mydomain.com,host2.mydomain.com,host3.mydomain.com". - By default this is set to localhost for local and pseudo-distributed modes - of operation. For a fully-distributed setup, this should be set to a full - list of ZooKeeper quorum servers. If HBASE_MANAGES_ZK is set in hbase-env.sh - this is the list of servers which we will start/stop ZooKeeper on. - </description> - <value-attributes> - <type>multiLine</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <!-- End of properties used to generate ZooKeeper host:port quorum list. --> - <property> - <name>hbase.zookeeper.useMulti</name> - <value>true</value> - <description>Instructs HBase to make use of ZooKeeper's multi-update functionality. - This allows certain ZooKeeper operations to complete more quickly and prevents some issues - with rare Replication failure scenarios (see the release note of HBASE-2611 for an example).· - IMPORTANT: only set this to true if all ZooKeeper servers in the cluster are on version 3.4+ - and will not be downgraded. ZooKeeper versions before 3.4 do not support multi-update and will - not fail gracefully if multi-update is invoked (see ZOOKEEPER-1495). - </description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>zookeeper.znode.parent</name> - <value>/hbase-unsecure</value> - <description>Root ZNode for HBase in ZooKeeper. All of HBase's ZooKeeper - files that are configured with a relative path will go under this node. - By default, all of HBase's ZooKeeper file path are configured with a - relative path, so they will all go under this directory unless changed. - </description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.client.retries.number</name> - <value>35</value> - <description>Maximum retries. Used as maximum for all retryable - operations such as the getting of a cell's value, starting a row update, - etc. Retry interval is a rough function based on hbase.client.pause. At - first we retry at this interval but then with backoff, we pretty quickly reach - retrying every ten seconds. See HConstants#RETRY_BACKOFF for how the backup - ramps up. Change this setting and hbase.client.pause to suit your workload.</description> - <display-name>Maximum Client Retries</display-name> - <value-attributes> - <type>int</type> - <minimum>5</minimum> - <maximum>50</maximum> - <increment-step>1</increment-step> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.rpc.timeout</name> - <value>90000</value> - <description> - This is for the RPC layer to define how long HBase client applications - take for a remote call to time out. It uses pings to check connections - but will eventually throw a TimeoutException. - </description> - <display-name>HBase RPC Timeout</display-name> - <value-attributes> - <type>int</type> - <minimum>10000</minimum> - <maximum>180000</maximum> - <unit>milliseconds</unit> - <increment-step>10000</increment-step> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.defaults.for.version.skip</name> - <value>true</value> - <description>Disables version verification.</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>phoenix.query.timeoutMs</name> - <value>60000</value> - <description>Number of milliseconds after which a Phoenix query will timeout on the client.</description> - <display-name>Phoenix Query Timeout</display-name> - <value-attributes> - <type>int</type> - <minimum>30000</minimum> - <maximum>180000</maximum> - <unit>milliseconds</unit> - <increment-step>10000</increment-step> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>dfs.domain.socket.path</name> - <value>/var/lib/hadoop-hdfs/dn_socket</value> - <description>Path to domain socket.</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.rpc.protection</name> - <value>authentication</value> - <on-ambari-upgrade add="false"/> - </property> - - <!-- These properties exist in HDP 2.3 and higher. --> - <property> - <name>hbase.master.port</name> - <value>16000</value> - <display-name>HBase Master Port</display-name> - <description>The port the HBase Master should bind to.</description> - <value-attributes> - <overridable>false</overridable> - <type>int</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.master.info.port</name> - <value>16010</value> - <description>The port for the HBase Master web UI.</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.regionserver.port</name> - <value>16020</value> - <description>The port the HBase RegionServer binds to.</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>hbase.regionserver.info.port</name> - <value>16030</value> - <description>The port for the HBase RegionServer web UI.</description> - <on-ambari-upgrade add="false"/> - </property> - - - <!-- These properties exist in HDP 2.5 and higher. --> - <property> - <name>hbase.master.ui.readonly</name> - <value>false</value> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>zookeeper.recovery.retry</name> - <value>6</value> - <on-ambari-upgrade add="false"/> - </property> -</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/984d4605/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/ranger-hbase-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/ranger-hbase-audit.xml b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/ranger-hbase-audit.xml deleted file mode 100644 index e518ea0..0000000 --- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/ranger-hbase-audit.xml +++ /dev/null @@ -1,122 +0,0 @@ -<?xml version="1.0"?> -<!-- -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ ---> -<configuration> - <!-- These properties exist in HDP 2.5 and higher. --> - <property> - <name>xasecure.audit.is.enabled</name> - <value>true</value> - <description>Is Audit enabled?</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.hdfs</name> - <value>true</value> - <display-name>Audit to HDFS</display-name> - <description>Is Audit to HDFS enabled?</description> - <value-attributes> - <type>boolean</type> - </value-attributes> - <depends-on> - <property> - <type>ranger-env</type> - <name>xasecure.audit.destination.hdfs</name> - </property> - </depends-on> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.hdfs.dir</name> - <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value> - <description>HDFS folder to write audit to, make sure the service user has requried permissions</description> - <depends-on> - <property> - <type>ranger-env</type> - <name>xasecure.audit.destination.hdfs.dir</name> - </property> - </depends-on> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name> - <value>/var/log/hbase/audit/hdfs/spool</value> - <description>/var/log/hbase/audit/hdfs/spool</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.solr</name> - <value>false</value> - <display-name>Audit to SOLR</display-name> - <description>Is Solr audit enabled?</description> - <value-attributes> - <type>boolean</type> - </value-attributes> - <depends-on> - <property> - <type>ranger-env</type> - <name>xasecure.audit.destination.solr</name> - </property> - </depends-on> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.solr.urls</name> - <value/> - <description>Solr URL</description> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - <depends-on> - <property> - <type>ranger-admin-site</type> - <name>ranger.audit.solr.urls</name> - </property> - </depends-on> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.solr.zookeepers</name> - <value>NONE</value> - <description>Solr Zookeeper string</description> - <depends-on> - <property> - <type>ranger-admin-site</type> - <name>ranger.audit.solr.zookeepers</name> - </property> - </depends-on> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.solr.batch.filespool.dir</name> - <value>/var/log/hbase/audit/solr/spool</value> - <description>/var/log/hbase/audit/solr/spool</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.provider.summary.enabled</name> - <value>true</value> - <display-name>Audit provider summary enabled</display-name> - <description>Enable Summary audit?</description> - <value-attributes> - <type>boolean</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> -</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/984d4605/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml deleted file mode 100644 index c761b26..0000000 --- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml +++ /dev/null @@ -1,66 +0,0 @@ -<?xml version="1.0"?> -<!-- -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ ---> -<configuration> - <property> - <name>xasecure.policymgr.clientssl.keystore</name> - <value>/usr/hdp/current/hbase-client/conf/ranger-plugin-keystore.jks</value> - <description>Java Keystore files</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.policymgr.clientssl.keystore.password</name> - <value>myKeyFilePassword</value> - <property-type>PASSWORD</property-type> - <description>password for keystore</description> - <value-attributes> - <type>password</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.policymgr.clientssl.truststore</name> - <value>/usr/hdp/current/hbase-client/conf/ranger-plugin-truststore.jks</value> - <description>java truststore file</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.policymgr.clientssl.truststore.password</name> - <value>changeit</value> - <property-type>PASSWORD</property-type> - <description>java truststore password</description> - <value-attributes> - <type>password</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.policymgr.clientssl.keystore.credential.file</name> - <value>jceks://file{{credential_file}}</value> - <description>java keystore credential file</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.policymgr.clientssl.truststore.credential.file</name> - <value>jceks://file{{credential_file}}</value> - <description>java truststore credential file</description> - <on-ambari-upgrade add="false"/> - </property> -</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/984d4605/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/ranger-hbase-security.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/ranger-hbase-security.xml b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/ranger-hbase-security.xml deleted file mode 100644 index 1deb9e5..0000000 --- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/configuration/ranger-hbase-security.xml +++ /dev/null @@ -1,68 +0,0 @@ -<?xml version="1.0"?> -<!-- -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ ---> -<configuration> - <property> - <name>ranger.plugin.hbase.service.name</name> - <value>{{repo_name}}</value> - <description>Name of the Ranger service containing HBase policies</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.plugin.hbase.policy.source.impl</name> - <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value> - <description>Class to retrieve policies from the source</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.plugin.hbase.policy.rest.url</name> - <value>{{policymgr_mgr_url}}</value> - <description>URL to Ranger Admin</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.plugin.hbase.policy.rest.ssl.config.file</name> - <value>/etc/hbase/conf/ranger-policymgr-ssl.xml</value> - <description>Path to the file containing SSL details to contact Ranger Admin</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.plugin.hbase.policy.pollIntervalMs</name> - <value>30000</value> - <description>How often to poll for changes in policies?</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.plugin.hbase.policy.cache.dir</name> - <value>/etc/ranger/{{repo_name}}/policycache</value> - <description>Directory where Ranger policies are cached after successful retrieval from the source</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.hbase.update.xapolicies.on.grant.revoke</name> - <value>true</value> - <display-name>Should HBase GRANT/REVOKE update XA policies</display-name> - <description>Should HBase plugin update Ranger policies for updates to permissions done using GRANT/REVOKE?</description> - <value-attributes> - <type>boolean</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> -</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/984d4605/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/kerberos.json b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/kerberos.json deleted file mode 100644 index f510770..0000000 --- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/kerberos.json +++ /dev/null @@ -1,159 +0,0 @@ -{ - "services": [ - { - "name": "HBASE", - "identities": [ - { - "name": "/spnego" - }, - { - "name": "hbase", - "principal": { - "value": "${hbase-env/hbase_user}${principal_suffix}@${realm}", - "type" : "user", - "configuration": "hbase-env/hbase_principal_name", - "local_username": "${hbase-env/hbase_user}" - }, - "keytab": { - "file": "${keytab_dir}/hbase.headless.keytab", - "owner": { - "name": "${hbase-env/hbase_user}", - "access": "r" - }, - "group": { - "name": "${cluster-env/user_group}", - "access": "r" - }, - "configuration": "hbase-env/hbase_user_keytab" - } - }, - { - "name": "/smokeuser" - } - ], - "configurations": [ - { - "hbase-site": { - "hbase.security.authentication": "kerberos", - "hbase.security.authorization": "true", - "zookeeper.znode.parent": "/hbase-secure", - "hbase.coprocessor.master.classes": "{{hbase_coprocessor_master_classes}}", - "hbase.coprocessor.region.classes": "{{hbase_coprocessor_region_classes}}", - "hbase.coprocessor.regionserver.classes": "{{hbase_coprocessor_regionserver_classes}}", - "hbase.bulkload.staging.dir": "/apps/hbase/staging", - "hbase.master.ui.readonly": "true" - } - }, - { - "ranger-hbase-audit": { - "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule", - "xasecure.audit.jaas.Client.loginModuleControlFlag": "required", - "xasecure.audit.jaas.Client.option.useKeyTab": "true", - "xasecure.audit.jaas.Client.option.storeKey": "false", - "xasecure.audit.jaas.Client.option.serviceName": "solr", - "xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true" - } - } - ], - "components": [ - { - "name": "HBASE_MASTER", - "identities": [ - { - "name": "/HDFS/NAMENODE/hdfs" - }, - { - "name": "hbase_master_hbase", - "principal": { - "value": "hbase/_HOST@${realm}", - "type" : "service", - "configuration": "hbase-site/hbase.master.kerberos.principal", - "local_username": "${hbase-env/hbase_user}" - }, - "keytab": { - "file": "${keytab_dir}/hbase.service.keytab", - "owner": { - "name": "${hbase-env/hbase_user}", - "access": "r" - }, - "group": { - "name": "${cluster-env/user_group}", - "access": "" - }, - "configuration": "hbase-site/hbase.master.keytab.file" - } - }, - { - "name": "/spnego", - "principal": { - "configuration": "hbase-site/hbase.security.authentication.spnego.kerberos.principal" - }, - "keytab": { - "configuration": "hbase-site/hbase.security.authentication.spnego.kerberos.keytab" - } - }, - { - "name": "/HBASE/HBASE_MASTER/hbase_master_hbase", - "principal": { - "configuration": "ranger-hbase-audit/xasecure.audit.jaas.Client.option.principal" - }, - "keytab": { - "configuration": "ranger-hbase-audit/xasecure.audit.jaas.Client.option.keyTab" - } - } - ] - }, - { - "name": "HBASE_REGIONSERVER", - "identities": [ - { - "name": "hbase_regionserver_hbase", - "principal": { - "value": "hbase/_HOST@${realm}", - "type" : "service", - "configuration": "hbase-site/hbase.regionserver.kerberos.principal", - "local_username": "${hbase-env/hbase_user}" - }, - "keytab": { - "file": "${keytab_dir}/hbase.service.keytab", - "owner": { - "name": "${hbase-env/hbase_user}", - "access": "r" - }, - "group": { - "name": "${cluster-env/user_group}", - "access": "" - }, - "configuration": "hbase-site/hbase.regionserver.keytab.file" - } - }, - { - "name": "/spnego", - "principal": { - "configuration": "hbase-site/hbase.security.authentication.spnego.kerberos.principal" - }, - "keytab": { - "configuration": "hbase-site/hbase.security.authentication.spnego.kerberos.keytab" - } - } - ] - }, - { - "name": "PHOENIX_QUERY_SERVER", - "identities": [ - { - "name": "phoenix_spnego", - "reference": "/spnego", - "principal": { - "configuration": "hbase-site/phoenix.queryserver.kerberos.principal" - }, - "keytab": { - "configuration": "hbase-site/phoenix.queryserver.keytab.file" - } - } - ] - } - ] - } - ] -} http://git-wip-us.apache.org/repos/asf/ambari/blob/984d4605/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/metainfo.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/metainfo.xml b/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/metainfo.xml deleted file mode 100644 index f1f4b7d..0000000 --- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/HBASE/metainfo.xml +++ /dev/null @@ -1,197 +0,0 @@ -<?xml version="1.0"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> -<metainfo> - <schemaVersion>2.0</schemaVersion> - <services> - <service> - <name>HBASE</name> - <displayName>HBase</displayName> - <version>1.1.1.2.3</version> - <comment>A Non-relational distributed database, plus Phoenix, a high performance SQL layer for low latency applications.</comment> - - <components> - <component> - <name>HBASE_MASTER</name> - <displayName>HBase Master</displayName> - <category>MASTER</category> - <cardinality>1+</cardinality> - <versionAdvertised>true</versionAdvertised> - <timelineAppid>HBASE</timelineAppid> - <dependencies> - <dependency> - <name>HDFS/HDFS_CLIENT</name> - <scope>host</scope> - <auto-deploy> - <enabled>true</enabled> - </auto-deploy> - </dependency> - <dependency> - <name>ZOOKEEPER/ZOOKEEPER_SERVER</name> - <scope>cluster</scope> - <auto-deploy> - <enabled>true</enabled> - <co-locate>HBASE/HBASE_MASTER</co-locate> - </auto-deploy> - </dependency> - </dependencies> - <commandScript> - <script>scripts/hbase_master.py</script> - <scriptType>PYTHON</scriptType> - <timeout>1200</timeout> - </commandScript> - <logs> - <log> - <logId>hbase_master</logId> - <primary>true</primary> - </log> - </logs> - <customCommands> - <customCommand> - <name>DECOMMISSION</name> - <commandScript> - <script>scripts/hbase_master.py</script> - <scriptType>PYTHON</scriptType> - <timeout>600</timeout> - </commandScript> - </customCommand> - </customCommands> - </component> - - <component> - <name>PHOENIX_QUERY_SERVER</name> - <displayName>Phoenix Query Server</displayName> - <category>SLAVE</category> - <cardinality>0+</cardinality> - <versionAdvertised>true</versionAdvertised> - <commandScript> - <script>scripts/phoenix_queryserver.py</script> - <scriptType>PYTHON</scriptType> - </commandScript> - <logs> - <log> - <logId>hbase_phoenix_server</logId> - <primary>true</primary> - </log> - </logs> - </component> - - <component> - <name>HBASE_REGIONSERVER</name> - <displayName>RegionServer</displayName> - <category>SLAVE</category> - <cardinality>1+</cardinality> - <versionAdvertised>true</versionAdvertised> - <decommissionAllowed>true</decommissionAllowed> - <timelineAppid>HBASE</timelineAppid> - <commandScript> - <script>scripts/hbase_regionserver.py</script> - <scriptType>PYTHON</scriptType> - </commandScript> - <bulkCommands> - <displayName>RegionServers</displayName> - <!-- Used by decommission and recommission --> - <masterComponent>HBASE_MASTER</masterComponent> - </bulkCommands> - <logs> - <log> - <logId>hbase_regionserver</logId> - <primary>true</primary> - </log> - </logs> - </component> - - <component> - <name>HBASE_CLIENT</name> - <displayName>HBase Client</displayName> - <category>CLIENT</category> - <cardinality>1+</cardinality> - <versionAdvertised>true</versionAdvertised> - <commandScript> - <script>scripts/hbase_client.py</script> - <scriptType>PYTHON</scriptType> - </commandScript> - <configFiles> - <configFile> - <type>xml</type> - <fileName>hbase-site.xml</fileName> - <dictionaryName>hbase-site</dictionaryName> - </configFile> - <configFile> - <type>env</type> - <fileName>hbase-env.sh</fileName> - <dictionaryName>hbase-env</dictionaryName> - </configFile> - <configFile> - <type>xml</type> - <fileName>hbase-policy.xml</fileName> - <dictionaryName>hbase-policy</dictionaryName> - </configFile> - <configFile> - <type>env</type> - <fileName>log4j.properties</fileName> - <dictionaryName>hbase-log4j</dictionaryName> - </configFile> - </configFiles> - </component> - </components> - - <themes> - <theme> - <fileName>theme.json</fileName> - <default>true</default> - </theme> - </themes> - - <quickLinksConfigurations> - <quickLinksConfiguration> - <fileName>quicklinks.json</fileName> - <default>true</default> - </quickLinksConfiguration> - </quickLinksConfigurations> - - <!-- No packages to install. --> - <osSpecifics></osSpecifics> - - <configuration-dependencies> - <config-type>hbase-alert-config</config-type> - <config-type>core-site</config-type> <!-- hbase puts core-site in it's folder --> - <config-type>hbase-policy</config-type> - <config-type>hbase-site</config-type> - <config-type>hbase-env</config-type> - <config-type>hbase-log4j</config-type> - <config-type>ranger-hbase-plugin-properties</config-type> - <config-type>ranger-hbase-audit</config-type> - <config-type>ranger-hbase-policymgr-ssl</config-type> - <config-type>ranger-hbase-security</config-type> - <config-type>ams-ssl-client</config-type> - </configuration-dependencies> - - <commandScript> - <script>scripts/service_check.py</script> - <scriptType>PYTHON</scriptType> - <timeout>300</timeout> - </commandScript> - - <requiredServices> - <service>ZOOKEEPER</service> - <service>HDFS</service> - </requiredServices> - - </service> - </services> -</metainfo>
