Modified: nifi/site/trunk/docs/nifi-docs/html/administration-guide.html URL: http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/html/administration-guide.html?rev=1719609&r1=1719608&r2=1719609&view=diff ============================================================================== --- nifi/site/trunk/docs/nifi-docs/html/administration-guide.html (original) +++ nifi/site/trunk/docs/nifi-docs/html/administration-guide.html Sat Dec 12 00:55:22 2015 @@ -455,24 +455,25 @@ body.book #toc,body.book #preamble,body. <div id="toc" class="toc"> <div id="toctitle">Table of Contents</div> <ul class="sectlevel1"> -<li><a href="administration-guide.html#system-requirements">System Requirements</a></li> -<li><a href="administration-guide.html#how-to-install-and-start-nifi">How to install and start NiFi</a></li> -<li><a href="administration-guide.html#configuration-best-practices">Configuration Best Practices</a></li> -<li><a href="administration-guide.html#security-configuration">Security Configuration</a></li> -<li><a href="administration-guide.html#controlling-levels-of-access">Controlling Levels of Access</a></li> -<li><a href="administration-guide.html#clustering">Clustering Configuration</a></li> -<li><a href="administration-guide.html#bootstrap_properties">Bootstrap Properties</a></li> -<li><a href="administration-guide.html#notification_services">Notification Services</a></li> -<li><a href="administration-guide.html#system_properties">System Properties</a></li> +<li><a href="#system-requirements">System Requirements</a></li> +<li><a href="#how-to-install-and-start-nifi">How to install and start NiFi</a></li> +<li><a href="#configuration-best-practices">Configuration Best Practices</a></li> +<li><a href="#security-configuration">Security Configuration</a></li> +<li><a href="#user-authentication">User Authentication</a></li> +<li><a href="#controlling-levels-of-access">Controlling Levels of Access</a></li> +<li><a href="#clustering">Clustering Configuration</a></li> +<li><a href="#bootstrap_properties">Bootstrap Properties</a></li> +<li><a href="#notification_services">Notification Services</a></li> +<li><a href="#system_properties">System Properties</a></li> </ul> </div> </div> <div id="content"> <div class="sect1"> -<h2 id="system-requirements"><a class="anchor" href="administration-guide.html#system-requirements"></a>System Requirements</h2> +<h2 id="system-requirements"><a class="anchor" href="#system-requirements"></a>System Requirements</h2> <div class="sectionbody"> <div class="paragraph"> -<p>Apache NiFi can run on something as simple as a laptop, but it can also be clustered across many enterprise-class servers. Therefore, the amount of hardware and memory needed will depend on the size and nature of the dataflow involved. The data is stored on disk while NiFi is processing it. So NiFi needs to have sufficient disk space allocated for its various repositories, particularly the content repository, flowfile repository, and provenance repository (see the <a href="administration-guide.html#system_properties">System Properties</a> section for more information about these repositories). NiFi has the following minimum system requirements:</p> +<p>Apache NiFi can run on something as simple as a laptop, but it can also be clustered across many enterprise-class servers. Therefore, the amount of hardware and memory needed will depend on the size and nature of the dataflow involved. The data is stored on disk while NiFi is processing it. So NiFi needs to have sufficient disk space allocated for its various repositories, particularly the content repository, flowfile repository, and provenance repository (see the <a href="#system_properties">System Properties</a> section for more information about these repositories). NiFi has the following minimum system requirements:</p> </div> <div class="ulist"> <ul> @@ -525,7 +526,7 @@ body.book #toc,body.book #preamble,body. </div> </div> <div class="sect1"> -<h2 id="how-to-install-and-start-nifi"><a class="anchor" href="administration-guide.html#how-to-install-and-start-nifi"></a>How to install and start NiFi</h2> +<h2 id="how-to-install-and-start-nifi"><a class="anchor" href="#how-to-install-and-start-nifi"></a>How to install and start NiFi</h2> <div class="sectionbody"> <div class="ulist"> <ul> @@ -541,7 +542,7 @@ body.book #toc,body.book #preamble,body. <div class="ulist"> <ul> <li> -<p>At a minimum, we recommend editing the <em>nifi.properties</em> file and entering a password for the nifi.sensitive.props.key (see <a href="administration-guide.html#system_properties">System Properties</a> below)</p> +<p>At a minimum, we recommend editing the <em>nifi.properties</em> file and entering a password for the nifi.sensitive.props.key (see <a href="#system_properties">System Properties</a> below)</p> </li> </ul> </div> @@ -596,7 +597,7 @@ body.book #toc,body.book #preamble,body. <div class="ulist"> <ul> <li> -<p>At a minimum, we recommend editing the <em>nifi.properties</em> file and entering a password for the nifi.sensitive.props.key (see <a href="administration-guide.html#system_properties">System Properties</a> below)</p> +<p>At a minimum, we recommend editing the <em>nifi.properties</em> file and entering a password for the nifi.sensitive.props.key (see <a href="#system_properties">System Properties</a> below)</p> </li> </ul> </div> @@ -650,12 +651,12 @@ body.book #toc,body.book #preamble,body. </ul> </div> <div class="paragraph"> -<p>See the <a href="administration-guide.html#system_properties">System Properties</a> section of this guide for more information about configuring NiFi repositories and configuration files.</p> +<p>See the <a href="#system_properties">System Properties</a> section of this guide for more information about configuring NiFi repositories and configuration files.</p> </div> </div> </div> <div class="sect1"> -<h2 id="configuration-best-practices"><a class="anchor" href="administration-guide.html#configuration-best-practices"></a>Configuration Best Practices</h2> +<h2 id="configuration-best-practices"><a class="anchor" href="#configuration-best-practices"></a>Configuration Best Practices</h2> <div class="sectionbody"> <div class="admonitionblock note"> <table> @@ -760,7 +761,7 @@ and for the partition(s) of interest add </div> </div> <div class="sect1"> -<h2 id="security-configuration"><a class="anchor" href="administration-guide.html#security-configuration"></a>Security Configuration</h2> +<h2 id="security-configuration"><a class="anchor" href="#security-configuration"></a>Security Configuration</h2> <div class="sectionbody"> <div class="paragraph"> <p>NiFi provides several different configuration options for security purposes. The most important properties are those under the @@ -779,11 +780,10 @@ and for the partition(s) of interest add </thead> <tfoot> <tr> -<td class="tableblock halign-left valign-top"><p class="tableblock"><code>nifi.security.needClientAuth</code></p></td> -<td class="tableblock halign-left valign-top"><p class="tableblock">Specifies whether or not connecting clients must authenticate themselves. If the Truststore properties are not set, - this must be <code>false</code>. Otherwise, a value of <code>true</code> indicates that users will be authenticated and must have - certificates that are trusted by the Truststore loaded into their web browsers. A value of <code>false</code> indicates - that all users should be given access as the <em>Anonymous</em> user.</p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock"><code>nifi.security.anonymous.authorities</code></p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">Specifies the roles that should be granted to users that connect over HTTPS anonymously. All users can make + use of anonymous access, however if they have been granted a particular level of access by an administrator + it will take precedence if they access NiFi using a client certificate or once they have logged in.</p></td> </tr> </tfoot> <tbody> @@ -816,6 +816,13 @@ and for the partition(s) of interest add <td class="tableblock halign-left valign-top"><p class="tableblock"><code>nifi.security.truststorePasswd</code></p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">The password for the Truststore.</p></td> </tr> +<tr> +<td class="tableblock halign-left valign-top"><p class="tableblock"><code>nifi.security.needClientAuth</code></p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">Specifies whether or not connecting clients must authenticate themselves. Specifically this property is used + by the NiFi cluster protocol. If the Truststore properties are not set, this must be <code>false</code>. Otherwise, a value + of <code>true</code> indicates that nodes in the cluster will be authenticated and must have certificates that are trusted + by the Truststores.</p></td> +</tr> </tbody> </table> <div class="paragraph"> @@ -837,16 +844,178 @@ It is important when enabling HTTPS that </table> </div> <div class="paragraph"> +<p>Similar to <code>nifi.security.needClientAuth</code>, the web server can be configured to require certificate based client authentication for users accessing +the User Interface. In order to do this it must be configured to not support username/password authentication (see below) and not grant access to +anonymous users (see <code>nifi.security.anonymous.authorities</code> above). Either of these options will configure the web server to WANT certificate based client +authentication. This will allow it to support users with certificates and those without that may be logging in with their credentials or those accessing +anonymously. If username/password authentication and anonymous access are not configured, the web server will REQUIRE certificate based client authentication.</p> +</div> +<div class="paragraph"> <p>Now that the User Interface has been secured, we can easily secure Site-to-Site connections and inner-cluster communications, as well. This is accomplished by setting the <code>nifi.remote.input.secure</code> and <code>nifi.cluster.protocol.is.secure</code> properties, respectively, to <code>true</code>.</p> </div> </div> </div> <div class="sect1"> -<h2 id="controlling-levels-of-access"><a class="anchor" href="administration-guide.html#controlling-levels-of-access"></a>Controlling Levels of Access</h2> +<h2 id="user-authentication"><a class="anchor" href="#user-authentication"></a>User Authentication</h2> <div class="sectionbody"> <div class="paragraph"> -<p>Once NiFi is configured to run securely as discussed in the previous section, it is necessary +<p>NiFi supports user authentication via client certificates or via username/password. Username/password authentication is performed by a <em>Login Identity +Provider</em>. The Login Identity Provider is a pluggable mechanism for authenticating users via their username/password. Which Login Identity Provider +to use is configured in two properties in the <em>nifi.properties</em> file.</p> +</div> +<div class="paragraph"> +<p>The <code>nifi.login.identity.provider.configuration.file</code> property specifies the configuration file for Login Identity Providers. +The <code>nifi.security.user.login.identity.provider</code> property indicates which of the configured Login Identity Provider should be +used. If this property is not configured, NiFi will not support username/password authentication and will require client +certificates for authenticating users over HTTPS. By default, this property is not configured meaning that username/password must be +explicity enabled.</p> +</div> +<div class="paragraph"> +<p>NiFi does not perform user authentication over HTTP. Using HTTP all users will be granted all roles.</p> +</div> +<div class="paragraph"> +<p>Below is an example and description of configuring a Login Identity Provider that integrates with a Directory Server to authenticate users.</p> +</div> +<div class="listingblock"> +<div class="content"> +<pre><provider> + <identifier>ldap-provider</identifier> + <class>org.apache.nifi.ldap.LdapProvider</class> + <property name="Authentication Strategy">START_TLS</property> + + <property name="Manager DN"></property> + <property name="Manager Password"></property> + + <property name="TLS - Keystore"></property> + <property name="TLS - Keystore Password"></property> + <property name="TLS - Keystore Type"></property> + <property name="TLS - Truststore"></property> + <property name="TLS - Truststore Password"></property> + <property name="TLS - Truststore Type"></property> + <property name="TLS - Client Auth"></property> + <property name="TLS - Protocol"></property> + <property name="TLS - Shutdown Gracefully"></property> + + <property name="Referral Strategy">FOLLOW</property> + <property name="Connect Timeout">10 secs</property> + <property name="Read Timeout">10 secs</property> + + <property name="Url"></property> + <property name="User Search Base"></property> + <property name="User Search Filter"></property> + + <property name="Authentication Expiration">12 hours</property> +</provider></pre> +</div> +</div> +<div class="paragraph"> +<p>With this configuration, username/password authentication can be enabled by referencing this provider in <em>nifi.properties</em>.</p> +</div> +<div class="listingblock"> +<div class="content"> +<pre>nifi.security.user.login.identity.provider=ldap-provider</pre> +</div> +</div> +<table class="tableblock frame-all grid-all spread"> +<colgroup> +<col style="width: 50%;"> +<col style="width: 50%;"> +</colgroup> +<thead> +<tr> +<th class="tableblock halign-left valign-top">Property Name</th> +<th class="tableblock halign-left valign-top">Description</th> +</tr> +</thead> +<tfoot> +<tr> +<td class="tableblock halign-left valign-top"><p class="tableblock"><code>Authentication Expiration</code></p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">The duration of how long the user authentication is valid for. If the user never logs out, they will be required to log back in following this duration.</p></td> +</tr> +</tfoot> +<tbody> +<tr> +<td class="tableblock halign-left valign-top"><p class="tableblock"><code>Authentication Strategy</code></p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">How the connection to the LDAP server is authenticated. Possible values are ANONYMOUS, SIMPLE, or START_TLS.</p></td> +</tr> +<tr> +<td class="tableblock halign-left valign-top"><p class="tableblock"><code>Manager DN</code></p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">The DN of the manager that is used to bind to the LDAP server to search for users.</p></td> +</tr> +<tr> +<td class="tableblock halign-left valign-top"><p class="tableblock"><code>Manager Password</code></p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">The password of the manager that is used to bind to the LDAP server to search for users.</p></td> +</tr> +<tr> +<td class="tableblock halign-left valign-top"><p class="tableblock"><code>TLS - Keystore</code></p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">Path to the Keystore that is used when connecting to LDAP using START_TLS.</p></td> +</tr> +<tr> +<td class="tableblock halign-left valign-top"><p class="tableblock"><code>TLS - Keystore Password</code></p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">Password for the Keystore that is used when connecting to LDAP using START_TLS.</p></td> +</tr> +<tr> +<td class="tableblock halign-left valign-top"><p class="tableblock"><code>TLS - Keystore Type</code></p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">Type of the Keystore that is used when connecting to LDAP using START_TLS (i.e. JKS or PKCS12).</p></td> +</tr> +<tr> +<td class="tableblock halign-left valign-top"><p class="tableblock"><code>TLS - Truststore</code></p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">Path to the Truststore that is used when connecting to LDAP using START_TLS.</p></td> +</tr> +<tr> +<td class="tableblock halign-left valign-top"><p class="tableblock"><code>TLS - Truststore Password</code></p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">Password for the Truststore that is used when connecting to LDAP using START_TLS.</p></td> +</tr> +<tr> +<td class="tableblock halign-left valign-top"><p class="tableblock"><code>TLS - Truststore Type</code></p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">Type of the Truststore that is used when connecting to LDAP using START_TLS (i.e. JKS or PKCS12).</p></td> +</tr> +<tr> +<td class="tableblock halign-left valign-top"><p class="tableblock"><code>TLS - Client Auth</code></p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">Client authentication policy when connecting to LDAP using START_TLS. Possible values are REQUIRED, WANT, NONE.</p></td> +</tr> +<tr> +<td class="tableblock halign-left valign-top"><p class="tableblock"><code>TLS - Protocol</code></p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">Protocol to use when connecting to LDAP using START_TLS. (i.e. TLS, TLSv1.1, TLSv1.2, etc).</p></td> +</tr> +<tr> +<td class="tableblock halign-left valign-top"><p class="tableblock"><code>TLS - Shutdown Gracefully</code></p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">Specifies whether the TLS should be shut down gracefully before the target context is closed. Defaults to false.</p></td> +</tr> +<tr> +<td class="tableblock halign-left valign-top"><p class="tableblock"><code>Referral Strategy</code></p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">Strategy for handling referrals. Possible values are FOLLOW, IGNORE, THROW.</p></td> +</tr> +<tr> +<td class="tableblock halign-left valign-top"><p class="tableblock"><code>Connect Timeout</code></p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">Duration of connect timeout. (i.e. 10 secs).</p></td> +</tr> +<tr> +<td class="tableblock halign-left valign-top"><p class="tableblock"><code>Read Timeout</code></p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">Duration of read timeout. (i.e. 10 secs).</p></td> +</tr> +<tr> +<td class="tableblock halign-left valign-top"><p class="tableblock"><code>Url</code></p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">Url of the LDAP servier (i.e. ldap://<hostname>:<port>).</p></td> +</tr> +<tr> +<td class="tableblock halign-left valign-top"><p class="tableblock"><code>User Search Base</code></p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">Base DN for searching for users (i.e. CN=Users,DC=example,DC=com).</p></td> +</tr> +<tr> +<td class="tableblock halign-left valign-top"><p class="tableblock"><code>User Search Filter</code></p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">Filter for searching for users against the <em>User Search Base</em>. (i.e. sAMAccountName={0}). The user specified name is inserted into <em>{0}</em>.</p></td> +</tr> +</tbody> +</table> +</div> +</div> +<div class="sect1"> +<h2 id="controlling-levels-of-access"><a class="anchor" href="#controlling-levels-of-access"></a>Controlling Levels of Access</h2> +<div class="sectionbody"> +<div class="paragraph"> +<p>Once NiFi is configured to run securely and an authentication mechanism is configured, it is necessary to configure who will have access to the system and what types of access those people will have. NiFi controls this through the user of an <em>Authority Provider.</em> The Authority Provider is a pluggable mechanism for providing authorizations to different users. Which Authority Provider to use is configured @@ -911,7 +1080,7 @@ Once the application starts, the ADMIN u able to access the UI at the HTTPS URL that is configured in the <em>nifi.properties</em> file.</p> </div> <div class="paragraph"> -<p>From the UI, click on the Users icon ( <span class="image"><img src="images/iconUsers.png" alt="Users" width="32"></span> ) in the +<p>From the UI, click on the Users icon ( <span class="image"><img src="./images/iconUsers.png" alt="Users" width="32"></span> ) in the Management Toolbar (upper-right corner of the UI), and the User Management Page opens.</p> </div> <div class="paragraph"> @@ -1001,7 +1170,7 @@ cluster, s/he can grant it to the group </div> </div> <div class="sect1"> -<h2 id="clustering"><a class="anchor" href="administration-guide.html#clustering"></a>Clustering Configuration</h2> +<h2 id="clustering"><a class="anchor" href="#clustering"></a>Clustering Configuration</h2> <div class="sectionbody"> <div class="paragraph"> <p>This section provides a quick overview of NiFi Clustering and instructions on how to set up a basic cluster. In the future, we hope to provide supplemental documentation that covers the NiFi Cluster Architecture in depth.</p> @@ -1032,19 +1201,19 @@ the NiFi Cluster Manager (NCM), and the <p><strong>Nodes</strong>: Each cluster is made up of the NCM and one or more nodes. The nodes do the actual data processing. (The NCM does not process any data; all data runs through the nodes.) While nodes are connected to a cluster, the DFM may not access the User Interface for any of the individual nodes. The User Interface of a node may only be accessed if the node is manually removed from the cluster.</p> </div> <div class="paragraph"> -<p><strong>Primary Node</strong>: Every cluster has one Primary Node. On this node, it is possible to run "Isolated Processors" (see below). By default, the NCM will elect the first node that connects to the cluster as the Primary Node; however, the DFM may select a new node as the Primary Node in the Cluster Management page of the User Interface if desired. If the cluster restarts, the NCM will "remember" which node was the Primary Node and wait for that node to re-connect before allowing the DFM to make any changes to the dataflow. The ADMIN may adjust how long the NCM waits for the Primary Node to reconnect by adjusting the property <em>nifi.cluster.manager.safemode.duration</em> in the <em>nifi.properties</em> file, which is discussed in the <a href="administration-guide.html#system_properties">System Properties</a> section of this document.</p> +<p><strong>Primary Node</strong>: Every cluster has one Primary Node. On this node, it is possible to run "Isolated Processors" (see below). By default, the NCM will elect the first node that connects to the cluster as the Primary Node; however, the DFM may select a new node as the Primary Node in the Cluster Management page of the User Interface if desired. If the cluster restarts, the NCM will "remember" which node was the Primary Node and wait for that node to re-connect before allowing the DFM to make any changes to the dataflow. The ADMIN may adjust how long the NCM waits for the Primary Node to reconnect by adjusting the property <em>nifi.cluster.manager.safemode.duration</em> in the <em>nifi.properties</em> file, which is discussed in the <a href="#system_properties">System Properties</a> section of this document.</p> </div> <div class="paragraph"> <p><strong>Isolated Processors</strong>: In a NiFi cluster, the same dataflow runs on all the nodes. As a result, every component in the flow runs on every node. However, there may be cases when the DFM would not want every processor to run on every node. The most common case is when using a processor that communicates with an external service using a protocol that does not scale well. For example, the GetSFTP processor pulls from a remote directory, and if the GetSFTP on every node in the cluster tries simultaneously to pull from the same remote directory, there could be race conditions. Therefore, the DFM could configure the GetSFTP on the Primary Node to run in isolation, meaning that it only runs on that node. It could pull in data and -with the proper dataflow configuration- load-balance it across the rest of the nodes in the cluster. Note that while this feature exists, it is also very common to simply use a standalone NiFi instance to pull data and feed it to the cluster. It just depends on the resources available and how the Administrator decides to configure the cluster.</p> </div> <div class="paragraph"> -<p><strong>Heartbeats</strong>: The nodes communicate their health and status to the NCM via "heartbeats", which let the NCM know they are still connected to the cluster and working properly. By default, the nodes emit heartbeats to the NCM every 5 seconds, and if the NCM does not receive a heartbeat from a node within 45 seconds, it disconnects the node due to "lack of heartbeat". (The 5-second and 45-second settings are configurable in the <em>nifi.properties</em> file. See the <a href="administration-guide.html#system_properties">System Properties</a> section of this document for more information.) The reason that the NCM disconnects the node is because the NCM needs to ensure that every node in the cluster is in sync, and if a node is not heard from regularly, the NCM cannot be sure it is still in sync with the rest of the cluster. If, after 45 seconds, the node does send a new heartbeat, the NCM will automatically reconnect the node to the cluster. Both the disconnection due to lack of heartbeat and the reconnection once a heartbeat is received are reported to the DFM in the NCM’s User Interface.</p> +<p><strong>Heartbeats</strong>: The nodes communicate their health and status to the NCM via "heartbeats", which let the NCM know they are still connected to the cluster and working properly. By default, the nodes emit heartbeats to the NCM every 5 seconds, and if the NCM does not receive a heartbeat from a node within 45 seconds, it disconnects the node due to "lack of heartbeat". (The 5-second and 45-second settings are configurable in the <em>nifi.properties</em> file. See the <a href="#system_properties">System Properties</a> section of this document for more information.) The reason that the NCM disconnects the node is because the NCM needs to ensure that every node in the cluster is in sync, and if a node is not heard from regularly, the NCM cannot be sure it is still in sync with the rest of the cluster. If, after 45 seconds, the node does send a new heartbeat, the NCM will automatically reconnect the node to the cluster. Both the disconnection due to lack of heartbeat and th e reconnection once a heartbeat is received are reported to the DFM in the NCM’s User Interface.</p> </div> <div class="paragraph"> <p><strong>Communication within the Cluster</strong><br></p> </div> <div class="paragraph"> -<p>As noted, the nodes communicate with the NCM via heartbeats. The communication that allows the nodes to find the NCM may be set up as multicast or unicast; this is configured in the <em>nifi.properties</em> file (See <a href="administration-guide.html#system_properties">System Properties</a> ). By default, unicast is used. It is important to note that the nodes in a NiFi cluster are not aware of each other. They only communicate with the NCM. Therefore, if one of the nodes goes down, the other nodes in the cluster will not automatically pick up the load of the missing node. It is possible for the DFM to configure the dataflow for failover contingencies; however, this is dependent on the dataflow design and does not happen automatically.</p> +<p>As noted, the nodes communicate with the NCM via heartbeats. The communication that allows the nodes to find the NCM may be set up as multicast or unicast; this is configured in the <em>nifi.properties</em> file (See <a href="#system_properties">System Properties</a> ). By default, unicast is used. It is important to note that the nodes in a NiFi cluster are not aware of each other. They only communicate with the NCM. Therefore, if one of the nodes goes down, the other nodes in the cluster will not automatically pick up the load of the missing node. It is possible for the DFM to configure the dataflow for failover contingencies; however, this is dependent on the dataflow design and does not happen automatically.</p> </div> <div class="paragraph"> <p>When the DFM makes changes to the dataflow, the NCM communicates those changes to the nodes and waits for each node to respond, indicating that it has made the change on its local flow. If the DFM wants to make another change, the NCM will only allow this to happen once all the nodes have acknowledged that they’ve implemented the last change. This is a safeguard to ensure that all the nodes in the cluster have the correct and up-to-date flow.</p> @@ -1078,7 +1247,7 @@ the NiFi Cluster Manager (NCM), and the <p>Administrators may install each instance on a separate server; however, it is also perfectly fine to install the NCM and one of the nodes on the same server, as the NCM is very lightweight. Just keep in mind that the ports assigned to each instance must not collide if the NCM and one of the nodes share the same server.</p> </div> <div class="paragraph"> -<p>For each instance, certain properties in the <em>nifi.properties</em> file will need to be updated. In particular, the Web and Clustering properties should be evaluated for your situation and adjusted accordingly. All the properties are described in the <a href="administration-guide.html#system_properties">System Properties</a> section of this guide; however, in this section, we will focus on the minimum properties that must be set for a simple cluster.</p> +<p>For each instance, certain properties in the <em>nifi.properties</em> file will need to be updated. In particular, the Web and Clustering properties should be evaluated for your situation and adjusted accordingly. All the properties are described in the <a href="#system_properties">System Properties</a> section of this guide; however, in this section, we will focus on the minimum properties that must be set for a simple cluster.</p> </div> <div class="paragraph"> <p>For all three instances, the Cluster Common Properties can be left with the default settings. Note, however, that if you change these settings, they must be set the same on every instance in the cluster (NCM and nodes).</p> @@ -1099,7 +1268,7 @@ the NiFi Cluster Manager (NCM), and the <p>nifi.cluster.is.manager - Set this to <em>true</em>.</p> </li> <li> -<p>nifi.cluster.protocol.manager.port - Set this to an open port that is higher than 1024 (anything lower requires root). Take note of this setting, as you will need to reference it when you set up the nodes.</p> +<p>nifi.cluster.manager.protocol.port - Set this to an open port that is higher than 1024 (anything lower requires root). Take note of this setting, as you will need to reference it when you set up the nodes.</p> </li> </ul> </div> @@ -1125,7 +1294,7 @@ the NiFi Cluster Manager (NCM), and the <p>nifi.cluster.node.address - Set this to the fully qualified hostname of the node. If left blank, it defaults to "localhost".</p> </li> <li> -<p>nifi.cluster.node.protocol.port - Set this to an open port that is higher than 1024 (anything lower requires root). If Node 1 and the NCM are on the same server, make sure this port is different from the nifi.cluster.protocol.manager.port.</p> +<p>nifi.cluster.node.protocol.port - Set this to an open port that is higher than 1024 (anything lower requires root). If Node 1 and the NCM are on the same server, make sure this port is different from the nifi.cluster.manager.protocol.port.</p> </li> <li> <p>nifi.cluster.node.unicast.manager.address - Set this to the NCM’s fully qualified hostname.</p> @@ -1174,7 +1343,7 @@ the NiFi Cluster Manager (NCM), and the <p>Now, it is possible to start up the cluster. Technically, it does not matter which instance starts up first. However, you could start the NCM first, then Node 1 and then Node 2. Since the first node that connects is automatically elected as the Primary Node, this sequence should create a cluster where Node 1 is the Primary Node. Navigate to the URL for the NCM in your web browser, and the User Interface should look similar to the following:</p> </div> <div class="paragraph"> -<p><span class="image"><img src="images/ncm.png" alt="NCM User Interface" width="940"></span></p> +<p><span class="image"><img src="./images/ncm.png" alt="NCM User Interface" width="940"></span></p> </div> <div class="paragraph"> <p><strong>Troubleshooting</strong></p> @@ -1193,15 +1362,15 @@ additivity="false"> </div> </div> <div class="sect1"> -<h2 id="bootstrap_properties"><a class="anchor" href="administration-guide.html#bootstrap_properties"></a>Bootstrap Properties</h2> +<h2 id="bootstrap_properties"><a class="anchor" href="#bootstrap_properties"></a>Bootstrap Properties</h2> <div class="sectionbody"> <div class="paragraph"> <p>The <em>bootstrap.conf</em> file in the <em>conf</em> directory allows users to configure settings for how NiFi should be started. This includes parameters, such as the size of the Java Heap, what Java command to run, and Java System Properties.</p> </div> <div class="paragraph"> -<p>Here, we will address the different properties that are made available in the file. Any chances to this file will -take affect only after NiFi has been stopped and restarted.</p> +<p>Here, we will address the different properties that are made available in the file. Any changes to this file will +take effect only after NiFi has been stopped and restarted.</p> </div> <table class="tableblock frame-all grid-all spread"> <colgroup> @@ -1245,7 +1414,7 @@ take affect only after NiFi has been sto <td class="tableblock halign-left valign-top"><p class="tableblock">notification.services.file</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">When NiFi is started, or stopped, or when the Bootstrap detects that NiFi has died, the Bootstrap is able to send notifications of these events to interested parties. This is configured by specifying an XML file that defines which notification services can be used. More about this - file can be found in the <a href="administration-guide.html#notification_services">Notification Services</a> section.</p></td> + file can be found in the <a href="#notification_services">Notification Services</a> section.</p></td> </tr> <tr> <td class="tableblock halign-left valign-top"><p class="tableblock">notification.max.attempts</p></td> @@ -1275,7 +1444,7 @@ take affect only after NiFi has been sto </div> </div> <div class="sect1"> -<h2 id="notification_services"><a class="anchor" href="administration-guide.html#notification_services"></a>Notification Services</h2> +<h2 id="notification_services"><a class="anchor" href="#notification_services"></a>Notification Services</h2> <div class="sectionbody"> <div class="paragraph"> <p>When the NiFi bootstrap starts or stops NiFi, or detects that it has died unexpectedly, it is able to notify configured recipients. At this point @@ -1415,7 +1584,7 @@ must be set.</p> </div> </div> <div class="sect1"> -<h2 id="system_properties"><a class="anchor" href="administration-guide.html#system_properties"></a>System Properties</h2> +<h2 id="system_properties"><a class="anchor" href="#system_properties"></a>System Properties</h2> <div class="sectionbody"> <div class="paragraph"> <p>The <em>nifi.properties</em> file in the <em>conf</em> directory is the main configuration file for controlling how NiFi runs. This section provides an overview of the properties in this file and includes some notes on how to configure it in a way that will make upgrading easier. <strong>After making changes to this file, restart NiFi in order @@ -1482,16 +1651,17 @@ for example "10 sec" or "10 MB", not sim <td class="tableblock halign-left valign-top"><p class="tableblock">If a component allows an unexpected exception to escape, it is considered a bug. As a result, the framework will pause (or administratively yield) the component for this amount of time. This is done so that the component does not use up massive amounts of system resources, since it is known to have problems in the existing state. The default value is 30 sec.</p></td> </tr> <tr> -<td class="tableblock halign-left valign-top"><p class="tableblock">nifi.authority.provider.configuration.file*</p></td> -<td class="tableblock halign-left valign-top"><p class="tableblock">This is the location of the file that specifies how user access is authenticated. The default value is ./conf/authority-providers.xml.</p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">nifi.bored.yield.duration</p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">When a component has no work to do (i.e., is "bored"), this is the amount of time it will wait before checking to see if it has new data to work on. This way, it does not use up CPU resources by checking for new work too often. When setting this property, be aware that it could add extra latency for components that do not constantly have work to do, as once they go into this "bored" state, they will wait this amount of time before checking for more work. The default value is 10 millis.</p></td> </tr> <tr> -<td class="tableblock halign-left valign-top"><p class="tableblock">nifi.reporting.task.configuration.file*</p></td> -<td class="tableblock halign-left valign-top"><p class="tableblock">This is the location of the Reporting Tasks file. The default value is ./conf/reporting-tasks.xml.</p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">nifi.authority.provider.configuration.file*</p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">This is the location of the file that specifies how user access is authorized. The default value is ./conf/authority-providers.xml.</p></td> </tr> <tr> -<td class="tableblock halign-left valign-top"><p class="tableblock">nifi.controller.service.configuration.file*</p></td> -<td class="tableblock halign-left valign-top"><p class="tableblock">This is the location of the Controller Services file. The default value is ./conf/controller-services.xml.</p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">nifi.login.identity.provider.configuration.file*</p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">This is the location of the file that specifies how username/password authentication is performed. This file is +only consider if <code>nifi.security.user.login.identity.provider</code> configured with a provider identifier. The default value is ./conf/login-identity-providers.xml.</p></td> </tr> <tr> <td class="tableblock halign-left valign-top"><p class="tableblock">nifi.templates.directory*</p></td> @@ -1517,10 +1687,6 @@ for example "10 sec" or "10 MB", not sim <td class="tableblock halign-left valign-top"><p class="tableblock">nifi.documentation.working.directory</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">The documentation working directory. The default value is ./work/docs/components and probably should be left as is.</p></td> </tr> -<tr> -<td class="tableblock halign-left valign-top"><p class="tableblock">nifi.bored.yield.duration</p></td> -<td class="tableblock halign-left valign-top"><p class="tableblock">When a component has no work to do (i.e., is "bored"), this is the amount of time it will wait before checking to see if it has new data to work on. This way, it does not use up CPU resources by checking for new work too often. When setting this property, be aware that it could add extra latency for components that do not constantly have work to do, as once they go into this "bored" state, they will wait this amount of time before checking for more work. The default value is 10 millis.</p></td> -</tr> </tbody> </table> <div class="paragraph"> @@ -1682,15 +1848,15 @@ Providing three total locations, includi <tr> <td class="tableblock halign-left valign-top"><p class="tableblock">nifi.content.repository.archive.max.retention.period</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">If archiving is enabled (see nifi.content.repository.archive.enabled below), then -this property specifies the maximum amount of time to keep the archived data. It is blank by default.</p></td> +this property specifies the maximum amount of time to keep the archived data. It is 12 hours by default.</p></td> </tr> <tr> <td class="tableblock halign-left valign-top"><p class="tableblock">nifi.content.repository.archive.max.usage.percentage</p></td> -<td class="tableblock halign-left valign-top"><p class="tableblock">If archiving is enabled (see nifi.content.repository.archive.enabled below), then this property also must have a value to indicate the maximum percentage of disk space that may be used for archiving. It is blank by default.</p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">If archiving is enabled (see nifi.content.repository.archive.enabled below), then this property also must have a value to indicate the maximum percentage of disk space that may be used before archive data is removed. If this value is already met even before archiving then arhival will not be of much use. It is 50% by default.</p></td> </tr> <tr> <td class="tableblock halign-left valign-top"><p class="tableblock">nifi.content.repository.archive.enabled</p></td> -<td class="tableblock halign-left valign-top"><p class="tableblock">To enable archiving, set this to <em>true</em> and specify a value for the nifi.content.repository.archive.max.usage.percentage property above. By default, archiving is not enabled.</p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">To enable archiving, set this to <em>true</em> and specify a value for the nifi.content.repository.archive.max.usage.percentage property above. By default, archiving is enabled.</p></td> </tr> <tr> <td class="tableblock halign-left valign-top"><p class="tableblock">nifi.content.repository.always.sync</p></td> @@ -1791,16 +1957,20 @@ Providing three total locations, includi </tr> <tr> <td class="tableblock halign-left valign-top"><p class="tableblock">nifi.provenance.repository.indexed.fields</p></td> -<td class="tableblock halign-left valign-top"><p class="tableblock">This is a comma-separated list of the fields that should be indexed and made searchable. Fields that are not indexed will not be searchable. Valid fields are: EventType, FlowFileUUID, Filename, TransitURI, ProcessorID, AlternateIdentifierURI, ContentType, Relationship, Details. The default value is: EventType, FlowFileUUID, Filename, ProcessorID.</p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">This is a comma-separated list of the fields that should be indexed and made searchable. Fields that are not indexed will not be searchable. Valid fields are: EventType, FlowFileUUID, Filename, TransitURI, ProcessorID, AlternateIdentifierURI, Relationship, Details. The default value is: EventType, FlowFileUUID, Filename, ProcessorID.</p></td> </tr> <tr> <td class="tableblock halign-left valign-top"><p class="tableblock">nifi.provenance.repository.indexed.attributes</p></td> -<td class="tableblock halign-left valign-top"><p class="tableblock">This is a comma-separated list of FlowFile Attributes that should be indexed and made searchable. It is blank by default.</p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">This is a comma-separated list of FlowFile Attributes that should be indexed and made searchable. It is blank by default. But some good examples to consider are <em>filename</em>, <em>uuid</em>, and <em>mime.type</em> as well as any custom attritubes you might use which are valuable for your use case.</p></td> </tr> <tr> <td class="tableblock halign-left valign-top"><p class="tableblock">nifi.provenance.repository.index.shard.size</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">Large values for the shard size will result in more Java heap usage when searching the Provenance Repository but should provide better performance. The default value is 500 MB.</p></td> </tr> +<tr> +<td class="tableblock halign-left valign-top"><p class="tableblock">nifi.provenance.repository.max.attribute.length</p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">Indicates the maximum length that a FlowFile attribute can be when retrieving a Provenance Event from the repository. If the length of any attribute exceeds this value, it will be truncated when the event is retrieved. The default is 65536.</p></td> +</tr> </tbody> </table> <div class="paragraph"> @@ -1988,7 +2158,7 @@ Security Configuration section of this A </tr> <tr> <td class="tableblock halign-left valign-top"><p class="tableblock">nifi.security.needClientAuth</p></td> -<td class="tableblock halign-left valign-top"><p class="tableblock">This indicates whether client authentication is required. It is blank by default.</p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">This indicates whether client authentication in the cluster protocol. It is blank by default.</p></td> </tr> <tr> <td class="tableblock halign-left valign-top"><p class="tableblock">nifi.security.user.credential.cache.duration</p></td> @@ -1997,13 +2167,24 @@ Security Configuration section of this A <tr> <td class="tableblock halign-left valign-top"><p class="tableblock">nifi.security.user.authority.provider</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">This indicates what type of authority provider to use. The default value is file-provider, which refers to the file -configured in the core property nifi.authority.provider.configuration.file. Another authority provider may be used, such as when the NiFi instance is part of a cluster. But the default value of file-provider is fine for a standalone instance of NiFi.</p></td> +configured in the core property <code>nifi.authority.provider.configuration.file</code>. Another authority provider may be used, such as when the NiFi instance is part of a cluster. But the default value of file-provider is fine for a standalone instance of NiFi.</p></td> +</tr> +<tr> +<td class="tableblock halign-left valign-top"><p class="tableblock">nifi.security.user.login.identity.provider</p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">This indicates what type of login identity provider to use. The default value is blank, can be set to the identifier from a provider +in the file specified in <code>nifi.login.identity.provider.configuration.file</code>. Setting this property will trigger NiFi to support username/password authentication.</p></td> </tr> <tr> <td class="tableblock halign-left valign-top"><p class="tableblock">nifi.security.support.new.account.requests</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">This indicates whether a secure NiFi is configured to allow users to request access. It is blank by default.</p></td> </tr> <tr> +<td class="tableblock halign-left valign-top"><p class="tableblock">nifi.security.anonymous.authorities</p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">This indicates what roles to grant to anonymous users accessing NiFi over HTTPS. It is blank by default, but could be +set to any combination of ROLE_MONITOR, ROLE_DFM, ROLE_ADMIN, ROLE_PROVENANCE, ROLE_NIFI. Leaving this property blank will require that users accessing NiFi +over HTTPS be authenticated either using a client certificate or their credentials against the configured log identity provider.</p></td> +</tr> +<tr> <td class="tableblock halign-left valign-top"><p class="tableblock">nifi.security.ocsp.responder.url</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">This is the URL for the Online Certificate Status Protocol (OCSP) responder if one is being used. It is blank by default.</p></td> </tr> @@ -2191,6 +2372,27 @@ If multicast is used, the following nifi </tr> </tbody> </table> +<div class="paragraph"> +<p><strong>Kerberos</strong><br></p> +</div> +<table class="tableblock frame-all grid-all spread"> +<colgroup> +<col style="width: 50%;"> +<col style="width: 50%;"> +</colgroup> +<tbody> +<tr> +<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>Property</strong></p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock"><strong>Description</strong></p></td> +</tr> +<tr> +<td class="tableblock halign-left valign-top"><p class="tableblock">nifi.kerberos.krb5.file*</p></td> +<td class="tableblock halign-left valign-top"><p class="tableblock">The location of the krb5 file, if used. It is blank by default. Note that this property is not used to authenticate NiFi users. + Rather, it is made available for extension points, such as Hadoop-based Processors, to use. At this time, only a single krb5 file is allowed to + be specified per NiFi instance, so this property is configured here rather than in individual Processors.</p></td> +</tr> +</tbody> +</table> <div class="admonitionblock note"> <table> <tr> @@ -2208,7 +2410,7 @@ If multicast is used, the following nifi </div> <div id="footer"> <div id="footer-text"> -Last updated 2015-09-19 09:32:06 -04:00 +Last updated 2015-12-08 13:53:16 -05:00 </div> </div> </body>
Added: nifi/site/trunk/docs/nifi-docs/html/asciidoc-mod.css URL: http://svn.apache.org/viewvc/nifi/site/trunk/docs/nifi-docs/html/asciidoc-mod.css?rev=1719609&view=auto ============================================================================== --- nifi/site/trunk/docs/nifi-docs/html/asciidoc-mod.css (added) +++ nifi/site/trunk/docs/nifi-docs/html/asciidoc-mod.css Sat Dec 12 00:55:22 2015 @@ -0,0 +1,418 @@ +/* Asciidoctor default stylesheet | MIT License | http://asciidoctor.org */ +/* Copyright (C) 2012-2015 Dan Allen, Ryan Waldron and the Asciidoctor Project + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. */ +/* Remove the comments around the @import statement below when using this as a custom stylesheet */ +@import "https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400";; +article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block} +audio,canvas,video{display:inline-block} +audio:not([controls]){display:none;height:0} +[hidden],template{display:none} +script{display:none!important} +html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%} +body{margin:0} +a{background:transparent} +a:focus{outline:thin dotted} +a:active,a:hover{outline:0} +h1{font-size:2em;margin:.67em 0} +abbr[title]{border-bottom:1px dotted} +b,strong{font-weight:bold} +dfn{font-style:italic} +hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0} +mark{background:#ff0;color:#000} +code,kbd,pre,samp{font-family:monospace;font-size:1em} +pre{white-space:pre-wrap} +q{quotes:"\201C" "\201D" "\2018" "\2019"} +small{font-size:80%} +sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline} +sup{top:-.5em} +sub{bottom:-.25em} +img{border:0} +svg:not(:root){overflow:hidden} +figure{margin:0} +fieldset{border:1px solid silver;margin:0 2px;padding:.35em .625em .75em} +legend{border:0;padding:0} +button,input,select,textarea{font-family:inherit;font-size:100%;margin:0} +button,input{line-height:normal} +button,select{text-transform:none} +button,html input[type="button"],input[type="reset"],input[type="submit"]{-webkit-appearance:button;cursor:pointer} +button[disabled],html input[disabled]{cursor:default} +input[type="checkbox"],input[type="radio"]{box-sizing:border-box;padding:0} +input[type="search"]{-webkit-appearance:textfield;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;box-sizing:content-box} +input[type="search"]::-webkit-search-cancel-button,input[type="search"]::-webkit-search-decoration{-webkit-appearance:none} +button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0} +textarea{overflow:auto;vertical-align:top} +table{border-collapse:collapse;border-spacing:0} +*,*:before,*:after{-moz-box-sizing:border-box;-webkit-box-sizing:border-box;box-sizing:border-box} +html,body{font-size:100%} +body{background:#fff;color:rgba(0,0,0,.8);padding:0;margin:0;font-family:"Noto Serif","DejaVu Serif",serif;font-weight:400;font-style:normal;line-height:1;position:relative;cursor:auto} +a:hover{cursor:pointer} +img,object,embed{max-width:100%;height:auto} +object,embed{height:100%} +img{-ms-interpolation-mode:bicubic} +#map_canvas img,#map_canvas embed,#map_canvas object,.map_canvas img,.map_canvas embed,.map_canvas object{max-width:none!important} +.left{float:left!important} +.right{float:right!important} +.text-left{text-align:left!important} +.text-right{text-align:right!important} +.text-center{text-align:center!important} +.text-justify{text-align:justify!important} +.hide{display:none} +.antialiased,body{-webkit-font-smoothing:antialiased} +img{display:inline-block;vertical-align:middle} +textarea{height:auto;min-height:50px} +select{width:100%} +p.lead,.paragraph.lead>p,#preamble>.sectionbody>.paragraph:first-of-type p{font-size:1.21875em;line-height:1.6} +.subheader,.admonitionblock td.content>.title,.audioblock>.title,.exampleblock>.title,.imageblock>.title,.listingblock>.title,.literalblock>.title,.stemblock>.title,.openblock>.title,.paragraph>.title,.quoteblock>.title,table.tableblock>.title,.verseblock>.title,.videoblock>.title,.dlist>.title,.olist>.title,.ulist>.title,.qlist>.title,.hdlist>.title{line-height:1.45;color:#7a2518;font-weight:400;margin-top:0;margin-bottom:.25em} +div,dl,dt,dd,ul,ol,li,h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6,pre,form,p,blockquote,th,td{margin:0;padding:0;direction:ltr} +a{color:#2156a5;text-decoration:underline;line-height:inherit} +a:hover,a:focus{color:#1d4b8f} +a img{border:none} +p{font-family:inherit;font-weight:400;font-size:1em;line-height:1.6;margin-bottom:1.25em;text-rendering:optimizeLegibility} +p aside{font-size:.875em;line-height:1.35;font-style:italic} +h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{font-family:"Open Sans","DejaVu Sans",sans-serif;font-weight:300;font-style:normal;color:#ba3925;text-rendering:optimizeLegibility;margin-top:1em;margin-bottom:.5em;line-height:1.0125em} +h1 small,h2 small,h3 small,#toctitle small,.sidebarblock>.content>.title small,h4 small,h5 small,h6 small{font-size:60%;color:#e99b8f;line-height:0} +h1{font-size:2.125em} +h2{font-size:1.6875em} +h3,#toctitle,.sidebarblock>.content>.title{font-size:1.375em} +h4,h5{font-size:1.125em} +h6{font-size:1em} +hr{border:solid #ddddd8;border-width:1px 0 0;clear:both;margin:1.25em 0 1.1875em;height:0} +em,i{font-style:italic;line-height:inherit} +strong,b{font-weight:bold;line-height:inherit} +small{font-size:60%;line-height:inherit} +code{font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;font-weight:400;color:rgba(0,0,0,.9);padding-right: 1px;} +ul,ol,dl{font-size:1em;line-height:1.6;margin-bottom:1.25em;list-style-position:outside;font-family:inherit} +ul,ol,ul.no-bullet,ol.no-bullet{margin-left:1.5em} +ul li ul,ul li ol{margin-left:1.25em;margin-bottom:0;font-size:1em} +ul.square li ul,ul.circle li ul,ul.disc li ul{list-style:inherit} +ul.square{list-style-type:square} +ul.circle{list-style-type:circle} +ul.disc{list-style-type:disc} +ul.no-bullet{list-style:none} +ol li ul,ol li ol{margin-left:1.25em;margin-bottom:0} +dl dt{margin-bottom:.3125em;font-weight:bold} +dl dd{margin-bottom:1.25em} +abbr,acronym{text-transform:uppercase;font-size:90%;color:rgba(0,0,0,.8);border-bottom:1px dotted #ddd;cursor:help} +abbr{text-transform:none} +blockquote{margin:0 0 1.25em;padding:.5625em 1.25em 0 1.1875em;border-left:1px solid #ddd} +blockquote cite{display:block;font-size:.9375em;color:rgba(0,0,0,.6)} +blockquote cite:before{content:"\2014 \0020"} +blockquote cite a,blockquote cite a:visited{color:rgba(0,0,0,.6)} +blockquote,blockquote p{line-height:1.6;color:rgba(0,0,0,.85)} +@media only screen and (min-width:768px){h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{line-height:1.2} +h1{font-size:2.75em} +h2{font-size:2.3125em} +h3,#toctitle,.sidebarblock>.content>.title{font-size:1.6875em} +h4{font-size:1.4375em}}table{background:#fff;margin-bottom:1.25em;border:solid 1px #dedede} +table thead,table tfoot{background:#f7f8f7;font-weight:bold} +table thead tr th,table thead tr td,table tfoot tr th,table tfoot tr td{padding:.5em .625em .625em;font-size:inherit;color:rgba(0,0,0,.8);text-align:left} +table tr th,table tr td{padding:.5625em .625em;font-size:inherit;color:rgba(0,0,0,.8)} +table tr.even,table tr.alt,table tr:nth-of-type(even){background:#f8f8f7} +table thead tr th,table tfoot tr th,table tbody tr td,table tr td,table tfoot tr td{display:table-cell;line-height:1.6} +h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{line-height:1.2;word-spacing:-.05em} +h1 strong,h2 strong,h3 strong,#toctitle strong,.sidebarblock>.content>.title strong,h4 strong,h5 strong,h6 strong{font-weight:400} +.clearfix:before,.clearfix:after,.float-group:before,.float-group:after{content:" ";display:table} +.clearfix:after,.float-group:after{clear:both} +*:not(pre)>code{font-size:.9375em;font-style:normal!important;letter-spacing:0;word-spacing:-.15em;background-color:#f7f7f8;-webkit-border-radius:4px;border-radius:4px;line-height:1.45;text-rendering:optimizeSpeed} +pre,pre>code{line-height:1.45;color:rgba(0,0,0,.9);font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;font-weight:400;text-rendering:optimizeSpeed} +.keyseq{color:rgba(51,51,51,.8)} +kbd{display:inline-block;color:rgba(0,0,0,.8);font-size:.75em;line-height:1.4;background-color:#f7f7f7;border:1px solid #ccc;-webkit-border-radius:3px;border-radius:3px;-webkit-box-shadow:0 1px 0 rgba(0,0,0,.2),0 0 0 .1em white inset;box-shadow:0 1px 0 rgba(0,0,0,.2),0 0 0 .1em #fff inset;margin:-.15em .15em 0 .15em;padding:.2em .6em .2em .5em;vertical-align:middle;white-space:nowrap} +.keyseq kbd:first-child{margin-left:0} +.keyseq kbd:last-child{margin-right:0} +.menuseq,.menu{color:rgba(0,0,0,.8)} +b.button:before,b.button:after{position:relative;top:-1px;font-weight:400} +b.button:before{content:"[";padding:0 3px 0 2px} +b.button:after{content:"]";padding:0 2px 0 3px} +p a>code:hover{color:rgba(0,0,0,.9)} +#header,#content,#footnotes,#footer{width:100%;margin-left:auto;margin-right:auto;margin-top:0;margin-bottom:0;max-width:62.5em;*zoom:1;position:relative;padding-left:.9375em;padding-right:.9375em} +#header:before,#header:after,#content:before,#content:after,#footnotes:before,#footnotes:after,#footer:before,#footer:after{content:" ";display:table} +#header:after,#content:after,#footnotes:after,#footer:after{clear:both} +#content{margin-top:1.25em} +#content:before{content:none} +#header>h1:first-child{color:rgba(0,0,0,.85);margin-top:2.25rem;margin-bottom:0} +#header>h1:first-child+#toc{margin-top:8px;border-top:1px solid #ddddd8} +#header>h1:only-child,body.toc2 #header>h1:nth-last-child(2){border-bottom:1px solid #ddddd8;padding-bottom:8px} +#header .details{border-bottom:1px solid #ddddd8;line-height:1.45;padding-top:.25em;padding-bottom:.25em;padding-left:.25em;color:rgba(0,0,0,.6);display:-ms-flexbox;display:-webkit-flex;display:flex;-ms-flex-flow:row wrap;-webkit-flex-flow:row wrap;flex-flow:row wrap} +#header .details span:first-child{margin-left:-.125em} +#header .details span.email a{color:rgba(0,0,0,.85)} +#header .details br{display:none} +#header .details br+span:before{content:"\00a0\2013\00a0"} +#header .details br+span.author:before{content:"\00a0\22c5\00a0";color:rgba(0,0,0,.85)} +#header .details br+span#revremark:before{content:"\00a0|\00a0"} +#header #revnumber{text-transform:capitalize} +#header #revnumber:after{content:"\00a0"} +#content>h1:first-child:not([class]){color:rgba(0,0,0,.85);border-bottom:1px solid #ddddd8;padding-bottom:8px;margin-top:0;padding-top:1rem;margin-bottom:1.25rem} +#toc{border-bottom:1px solid #efefed;padding-bottom:.5em} +#toc>ul{margin-left:.125em} +#toc ul.sectlevel0>li>a{font-style:italic} +#toc ul.sectlevel0 ul.sectlevel1{margin:.5em 0} +#toc ul{font-family:"Open Sans","DejaVu Sans",sans-serif;list-style-type:none} +#toc a{text-decoration:none} +#toc a:active{text-decoration:underline} +#toctitle{color:#7a2518;font-size:1.2em} +@media only screen and (min-width:768px){#toctitle{font-size:1.375em} +body.toc2{padding-left:15em;padding-right:0} +#toc.toc2{margin-top:0!important;background-color:#f8f8f7;position:fixed;width:15em;left:0;top:0;border-right:1px solid #efefed;border-top-width:0!important;border-bottom-width:0!important;z-index:1000;padding:1.25em 1em;height:100%;overflow:auto} +#toc.toc2 #toctitle{margin-top:0;font-size:1.2em} +#toc.toc2>ul{font-size:.9em;margin-bottom:0} +#toc.toc2 ul ul{margin-left:0;padding-left:1em} +#toc.toc2 ul.sectlevel0 ul.sectlevel1{padding-left:0;margin-top:.5em;margin-bottom:.5em} +body.toc2.toc-right{padding-left:0;padding-right:15em} +body.toc2.toc-right #toc.toc2{border-right-width:0;border-left:1px solid #efefed;left:auto;right:0}}@media only screen and (min-width:1280px){body.toc2{padding-left:20em;padding-right:0} +#toc.toc2{width:20em} +#toc.toc2 #toctitle{font-size:1.375em} +#toc.toc2>ul{font-size:.95em} +#toc.toc2 ul ul{padding-left:1.25em} +body.toc2.toc-right{padding-left:0;padding-right:20em}}#content #toc{border-style:solid;border-width:1px;border-color:#e0e0dc;margin-bottom:1.25em;padding:1.25em;background:#f8f8f7;-webkit-border-radius:4px;border-radius:4px} +#content #toc>:first-child{margin-top:0} +#content #toc>:last-child{margin-bottom:0} +#footer{max-width:100%;background-color:rgba(0,0,0,.8);padding:1.25em} +#footer-text{color:rgba(255,255,255,.8);line-height:1.44} +.sect1{padding-bottom:.625em} +@media only screen and (min-width:768px){.sect1{padding-bottom:1.25em}}.sect1+.sect1{border-top:1px solid #efefed} +#content h1>a.anchor,h2>a.anchor,h3>a.anchor,#toctitle>a.anchor,.sidebarblock>.content>.title>a.anchor,h4>a.anchor,h5>a.anchor,h6>a.anchor{position:absolute;z-index:1001;width:1.5ex;margin-left:-1.5ex;display:block;text-decoration:none!important;visibility:hidden;text-align:center;font-weight:400} +#content h1>a.anchor:before,h2>a.anchor:before,h3>a.anchor:before,#toctitle>a.anchor:before,.sidebarblock>.content>.title>a.anchor:before,h4>a.anchor:before,h5>a.anchor:before,h6>a.anchor:before{content:"\00A7";font-size:.85em;display:block;padding-top:.1em} +#content h1:hover>a.anchor,#content h1>a.anchor:hover,h2:hover>a.anchor,h2>a.anchor:hover,h3:hover>a.anchor,#toctitle:hover>a.anchor,.sidebarblock>.content>.title:hover>a.anchor,h3>a.anchor:hover,#toctitle>a.anchor:hover,.sidebarblock>.content>.title>a.anchor:hover,h4:hover>a.anchor,h4>a.anchor:hover,h5:hover>a.anchor,h5>a.anchor:hover,h6:hover>a.anchor,h6>a.anchor:hover{visibility:visible} +#content h1>a.link,h2>a.link,h3>a.link,#toctitle>a.link,.sidebarblock>.content>.title>a.link,h4>a.link,h5>a.link,h6>a.link{color:#ba3925;text-decoration:none} +#content h1>a.link:hover,h2>a.link:hover,h3>a.link:hover,#toctitle>a.link:hover,.sidebarblock>.content>.title>a.link:hover,h4>a.link:hover,h5>a.link:hover,h6>a.link:hover{color:#a53221} +.audioblock,.imageblock,.literalblock,.listingblock,.stemblock,.videoblock{margin-bottom:1.25em} +.admonitionblock td.content>.title,.audioblock>.title,.exampleblock>.title,.imageblock>.title,.listingblock>.title,.literalblock>.title,.stemblock>.title,.openblock>.title,.paragraph>.title,.quoteblock>.title,table.tableblock>.title,.verseblock>.title,.videoblock>.title,.dlist>.title,.olist>.title,.ulist>.title,.qlist>.title,.hdlist>.title{text-rendering:optimizeLegibility;text-align:left;font-family:"Noto Serif","DejaVu Serif",serif;font-size:1rem;font-style:italic} +table.tableblock>caption.title{white-space:nowrap;overflow:visible;max-width:0} +.paragraph.lead>p,#preamble>.sectionbody>.paragraph:first-of-type p{color:rgba(0,0,0,.85)} +table.tableblock #preamble>.sectionbody>.paragraph:first-of-type p{font-size:inherit} +.admonitionblock>table{border-collapse:separate;border:0;background:none;width:100%} +.admonitionblock>table td.icon{text-align:center;width:80px} +.admonitionblock>table td.icon img{max-width:none} +.admonitionblock>table td.icon .title{font-weight:bold;font-family:"Open Sans","DejaVu Sans",sans-serif;text-transform:uppercase} +.admonitionblock>table td.content{padding-left:1.125em;padding-right:1.25em;border-left:1px solid #ddddd8;color:rgba(0,0,0,.6)} +.admonitionblock>table td.content>:last-child>:last-child{margin-bottom:0} +.exampleblock>.content{border-style:solid;border-width:1px;border-color:#e6e6e6;margin-bottom:1.25em;padding:1.25em;background:#fff;-webkit-border-radius:4px;border-radius:4px} +.exampleblock>.content>:first-child{margin-top:0} +.exampleblock>.content>:last-child{margin-bottom:0} +.sidebarblock{border-style:solid;border-width:1px;border-color:#e0e0dc;margin-bottom:1.25em;padding:1.25em;background:#f8f8f7;-webkit-border-radius:4px;border-radius:4px} +.sidebarblock>:first-child{margin-top:0} +.sidebarblock>:last-child{margin-bottom:0} +.sidebarblock>.content>.title{color:#7a2518;margin-top:0;text-align:center} +.exampleblock>.content>:last-child>:last-child,.exampleblock>.content .olist>ol>li:last-child>:last-child,.exampleblock>.content .ulist>ul>li:last-child>:last-child,.exampleblock>.content .qlist>ol>li:last-child>:last-child,.sidebarblock>.content>:last-child>:last-child,.sidebarblock>.content .olist>ol>li:last-child>:last-child,.sidebarblock>.content .ulist>ul>li:last-child>:last-child,.sidebarblock>.content .qlist>ol>li:last-child>:last-child{margin-bottom:0} +.literalblock pre,.listingblock pre:not(.highlight),.listingblock pre[class="highlight"],.listingblock pre[class^="highlight "],.listingblock pre.CodeRay,.listingblock pre.prettyprint{background:#f7f7f8} +.sidebarblock .literalblock pre,.sidebarblock .listingblock pre:not(.highlight),.sidebarblock .listingblock pre[class="highlight"],.sidebarblock .listingblock pre[class^="highlight "],.sidebarblock .listingblock pre.CodeRay,.sidebarblock .listingblock pre.prettyprint{background:#f2f1f1} +.literalblock pre,.literalblock pre[class],.listingblock pre,.listingblock pre[class]{-webkit-border-radius:4px;border-radius:4px;word-wrap:break-word;padding:1em;font-size:.8125em} +.literalblock pre.nowrap,.literalblock pre[class].nowrap,.listingblock pre.nowrap,.listingblock pre[class].nowrap{overflow-x:auto;white-space:pre;word-wrap:normal} +@media only screen and (min-width:768px){.literalblock pre,.literalblock pre[class],.listingblock pre,.listingblock pre[class]{font-size:.90625em}}@media only screen and (min-width:1280px){.literalblock pre,.literalblock pre[class],.listingblock pre,.listingblock pre[class]{font-size:1em}}.literalblock.output pre{color:#f7f7f8;background-color:rgba(0,0,0,.9)} +.listingblock pre.highlightjs{padding:0} +.listingblock pre.highlightjs>code{padding:1em;-webkit-border-radius:4px;border-radius:4px} +.listingblock pre.prettyprint{border-width:0} +.listingblock>.content{position:relative} +.listingblock code[data-lang]:before{display:none;content:attr(data-lang);position:absolute;font-size:.75em;top:.425rem;right:.5rem;line-height:1;text-transform:uppercase;color:#999} +.listingblock:hover code[data-lang]:before{display:block} +.listingblock.terminal pre .command:before{content:attr(data-prompt);padding-right:.5em;color:#999} +.listingblock.terminal pre .command:not([data-prompt]):before{content:"$"} +table.pyhltable{border-collapse:separate;border:0;margin-bottom:0;background:none} +table.pyhltable td{vertical-align:top;padding-top:0;padding-bottom:0} +table.pyhltable td.code{padding-left:.75em;padding-right:0} +pre.pygments .lineno,table.pyhltable td:not(.code){color:#999;padding-left:0;padding-right:.5em;border-right:1px solid #ddddd8} +pre.pygments .lineno{display:inline-block;margin-right:.25em} +table.pyhltable .linenodiv{background:none!important;padding-right:0!important} +.quoteblock{margin:0 1em 1.25em 1.5em;display:table} +.quoteblock>.title{margin-left:-1.5em;margin-bottom:.75em} +.quoteblock blockquote,.quoteblock blockquote p{color:rgba(0,0,0,.85);font-size:1.15rem;line-height:1.75;word-spacing:.1em;letter-spacing:0;font-style:italic;text-align:justify} +.quoteblock blockquote{margin:0;padding:0;border:0} +.quoteblock blockquote:before{content:"\201c";float:left;font-size:2.75em;font-weight:bold;line-height:.6em;margin-left:-.6em;color:#7a2518;text-shadow:0 1px 2px rgba(0,0,0,.1)} +.quoteblock blockquote>.paragraph:last-child p{margin-bottom:0} +.quoteblock .attribution{margin-top:.5em;margin-right:.5ex;text-align:right} +.quoteblock .quoteblock{margin-left:0;margin-right:0;padding:.5em 0;border-left:3px solid rgba(0,0,0,.6)} +.quoteblock .quoteblock blockquote{padding:0 0 0 .75em} +.quoteblock .quoteblock blockquote:before{display:none} +.verseblock{margin:0 1em 1.25em 1em} +.verseblock pre{font-family:"Open Sans","DejaVu Sans",sans;font-size:1.15rem;color:rgba(0,0,0,.85);font-weight:300;text-rendering:optimizeLegibility} +.verseblock pre strong{font-weight:400} +.verseblock .attribution{margin-top:1.25rem;margin-left:.5ex} +.quoteblock .attribution,.verseblock .attribution{font-size:.9375em;line-height:1.45;font-style:italic} +.quoteblock .attribution br,.verseblock .attribution br{display:none} +.quoteblock .attribution cite,.verseblock .attribution cite{display:block;letter-spacing:-.05em;color:rgba(0,0,0,.6)} +.quoteblock.abstract{margin:0 0 1.25em 0;display:block} +.quoteblock.abstract blockquote,.quoteblock.abstract blockquote p{text-align:left;word-spacing:0} +.quoteblock.abstract blockquote:before,.quoteblock.abstract blockquote p:first-of-type:before{display:none} +table.tableblock{max-width:100%;border-collapse:separate} +table.tableblock td>.paragraph:last-child p>p:last-child,table.tableblock th>p:last-child,table.tableblock td>p:last-child{margin-bottom:0} +table.spread{width:100%} +table.tableblock,th.tableblock,td.tableblock{border:0 solid #dedede} +table.grid-all th.tableblock,table.grid-all td.tableblock{border-width:0 1px 1px 0} +table.grid-all tfoot>tr>th.tableblock,table.grid-all tfoot>tr>td.tableblock{border-width:1px 1px 0 0} +table.grid-cols th.tableblock,table.grid-cols td.tableblock{border-width:0 1px 0 0} +table.grid-all *>tr>.tableblock:last-child,table.grid-cols *>tr>.tableblock:last-child{border-right-width:0} +table.grid-rows th.tableblock,table.grid-rows td.tableblock{border-width:0 0 1px 0} +table.grid-all tbody>tr:last-child>th.tableblock,table.grid-all tbody>tr:last-child>td.tableblock,table.grid-all thead:last-child>tr>th.tableblock,table.grid-rows tbody>tr:last-child>th.tableblock,table.grid-rows tbody>tr:last-child>td.tableblock,table.grid-rows thead:last-child>tr>th.tableblock{border-bottom-width:0} +table.grid-rows tfoot>tr>th.tableblock,table.grid-rows tfoot>tr>td.tableblock{border-width:1px 0 0 0} +table.frame-all{border-width:1px} +table.frame-sides{border-width:0 1px} +table.frame-topbot{border-width:1px 0} +th.halign-left,td.halign-left{text-align:left} +th.halign-right,td.halign-right{text-align:right} +th.halign-center,td.halign-center{text-align:center} +th.valign-top,td.valign-top{vertical-align:top} +th.valign-bottom,td.valign-bottom{vertical-align:bottom} +th.valign-middle,td.valign-middle{vertical-align:middle} +table thead th,table tfoot th{font-weight:bold} +tbody tr th{display:table-cell;line-height:1.6;background:#f7f8f7} +tbody tr th,tbody tr th p,tfoot tr th,tfoot tr th p{color:rgba(0,0,0,.8);font-weight:bold} +p.tableblock>code:only-child{background:none;padding:0} +p.tableblock{font-size:1em} +td>div.verse{white-space:pre} +ol{margin-left:1.75em} +ul li ol{margin-left:1.5em} +dl dd{margin-left:1.125em} +dl dd:last-child,dl dd:last-child>:last-child{margin-bottom:0} +ol>li p,ul>li p,ul dd,ol dd,.olist .olist,.ulist .ulist,.ulist .olist,.olist .ulist{margin-bottom:.625em} +ul.unstyled,ol.unnumbered,ul.checklist,ul.none{list-style-type:none} +ul.unstyled,ol.unnumbered,ul.checklist{margin-left:.625em} +ul.checklist li>p:first-child>.fa-square-o:first-child,ul.checklist li>p:first-child>.fa-check-square-o:first-child{width:1em;font-size:.85em} +ul.checklist li>p:first-child>input[type="checkbox"]:first-child{width:1em;position:relative;top:1px} +ul.inline{margin:0 auto .625em auto;margin-left:-1.375em;margin-right:0;padding:0;list-style:none;overflow:hidden} +ul.inline>li{list-style:none;float:left;margin-left:1.375em;display:block} +ul.inline>li>*{display:block} +.unstyled dl dt{font-weight:400;font-style:normal} +ol.arabic{list-style-type:decimal} +ol.decimal{list-style-type:decimal-leading-zero} +ol.loweralpha{list-style-type:lower-alpha} +ol.upperalpha{list-style-type:upper-alpha} +ol.lowerroman{list-style-type:lower-roman} +ol.upperroman{list-style-type:upper-roman} +ol.lowergreek{list-style-type:lower-greek} +.hdlist>table,.colist>table{border:0;background:none} +.hdlist>table>tbody>tr,.colist>table>tbody>tr{background:none} +td.hdlist1{padding-right:.75em;font-weight:bold} +td.hdlist1,td.hdlist2{vertical-align:top} +.literalblock+.colist,.listingblock+.colist{margin-top:-.5em} +.colist>table tr>td:first-of-type{padding:0 .75em;line-height:1} +.colist>table tr>td:last-of-type{padding:.25em 0} +.thumb,.th{line-height:0;display:inline-block;border:solid 4px #fff;-webkit-box-shadow:0 0 0 1px #ddd;box-shadow:0 0 0 1px #ddd} +.imageblock.left,.imageblock[style*="float: left"]{margin:.25em .625em 1.25em 0} +.imageblock.right,.imageblock[style*="float: right"]{margin:.25em 0 1.25em .625em} +.imageblock>.title{margin-bottom:0} +.imageblock.thumb,.imageblock.th{border-width:6px} +.imageblock.thumb>.title,.imageblock.th>.title{padding:0 .125em} +.image.left,.image.right{margin-top:.25em;margin-bottom:.25em;display:inline-block;line-height:0} +.image.left{margin-right:.625em} +.image.right{margin-left:.625em} +a.image{text-decoration:none} +span.footnote,span.footnoteref{vertical-align:super;font-size:.875em} +span.footnote a,span.footnoteref a{text-decoration:none} +span.footnote a:active,span.footnoteref a:active{text-decoration:underline} +#footnotes{padding-top:.75em;padding-bottom:.75em;margin-bottom:.625em} +#footnotes hr{width:20%;min-width:6.25em;margin:-.25em 0 .75em 0;border-width:1px 0 0 0} +#footnotes .footnote{padding:0 .375em;line-height:1.3;font-size:.875em;margin-left:1.2em;text-indent:-1.2em;margin-bottom:.2em} +#footnotes .footnote a:first-of-type{font-weight:bold;text-decoration:none} +#footnotes .footnote:last-of-type{margin-bottom:0} +#content #footnotes{margin-top:-.625em;margin-bottom:0;padding:.75em 0} +.gist .file-data>table{border:0;background:#fff;width:100%;margin-bottom:0} +.gist .file-data>table td.line-data{width:99%} +div.unbreakable{page-break-inside:avoid} +.big{font-size:larger} +.small{font-size:smaller} +.underline{text-decoration:underline} +.overline{text-decoration:overline} +.line-through{text-decoration:line-through} +.aqua{color:#00bfbf} +.aqua-background{background-color:#00fafa} +.black{color:#000} +.black-background{background-color:#000} +.blue{color:#0000bf} +.blue-background{background-color:#0000fa} +.fuchsia{color:#bf00bf} +.fuchsia-background{background-color:#fa00fa} +.gray{color:#606060} +.gray-background{background-color:#7d7d7d} +.green{color:#006000} +.green-background{background-color:#007d00} +.lime{color:#00bf00} +.lime-background{background-color:#00fa00} +.maroon{color:#600000} +.maroon-background{background-color:#7d0000} +.navy{color:#000060} +.navy-background{background-color:#00007d} +.olive{color:#606000} +.olive-background{background-color:#7d7d00} +.purple{color:#600060} +.purple-background{background-color:#7d007d} +.red{color:#bf0000} +.red-background{background-color:#fa0000} +.silver{color:#909090} +.silver-background{background-color:#bcbcbc} +.teal{color:#006060} +.teal-background{background-color:#007d7d} +.white{color:#bfbfbf} +.white-background{background-color:#fafafa} +.yellow{color:#bfbf00} +.yellow-background{background-color:#fafa00} +span.icon>.fa{cursor:default} +.admonitionblock td.icon [class^="fa icon-"]{font-size:2.5em;text-shadow:1px 1px 2px rgba(0,0,0,.5);cursor:default} +.admonitionblock td.icon .icon-note:before{content:"\f05a";color:#19407c} +.admonitionblock td.icon .icon-tip:before{content:"\f0eb";text-shadow:1px 1px 2px rgba(155,155,0,.8);color:#111} +.admonitionblock td.icon .icon-warning:before{content:"\f071";color:#bf6900} +.admonitionblock td.icon .icon-caution:before{content:"\f06d";color:#bf3400} +.admonitionblock td.icon .icon-important:before{content:"\f06a";color:#bf0000} +.conum[data-value]{display:inline-block;color:#fff!important;background-color:rgba(0,0,0,.8);-webkit-border-radius:100px;border-radius:100px;text-align:center;font-size:.75em;width:1.67em;height:1.67em;line-height:1.67em;font-family:"Open Sans","DejaVu Sans",sans-serif;font-style:normal;font-weight:bold} +.conum[data-value] *{color:#fff!important} +.conum[data-value]+b{display:none} +.conum[data-value]:after{content:attr(data-value)} +pre .conum[data-value]{position:relative;top:-.125em} +b.conum *{color:inherit!important} +.conum:not([data-value]):empty{display:none} +h1,h2{letter-spacing:-.01em} +dt,th.tableblock,td.content{text-rendering:optimizeLegibility} +p,td.content{letter-spacing:-.01em} +p strong,td.content strong{letter-spacing:-.005em} +p,blockquote,dt,td.content{font-size:1.0625rem} +p{margin-bottom:1.25rem} +.sidebarblock p,.sidebarblock dt,.sidebarblock td.content,p.tableblock{font-size:1em} +.exampleblock>.content{background-color:#fffef7;border-color:#e0e0dc;-webkit-box-shadow:0 1px 4px #e0e0dc;box-shadow:0 1px 4px #e0e0dc} +.print-only{display:none!important} +@media print{@page{margin:1.25cm .75cm} +*{-webkit-box-shadow:none!important;box-shadow:none!important;text-shadow:none!important} +a{color:inherit!important;text-decoration:underline!important} +a.bare,a[href^="#"],a[href^="mailto:"]{text-decoration:none!important} +a[href^="http:"]:not(.bare):after,a[href^="https:"]:not(.bare):after{content:"(" attr(href) ")";display:inline-block;font-size:.875em;padding-left:.25em} +abbr[title]:after{content:" (" attr(title) ")"} +pre,blockquote,tr,img{page-break-inside:avoid} +thead{display:table-header-group} +img{max-width:100%!important} +p,blockquote,dt,td.content{font-size:1em;orphans:3;widows:3} +h2,h3,#toctitle,.sidebarblock>.content>.title{page-break-after:avoid} +#toc,.sidebarblock,.exampleblock>.content{background:none!important} +#toc{border-bottom:1px solid #ddddd8!important;padding-bottom:0!important} +.sect1{padding-bottom:0!important} +.sect1+.sect1{border:0!important} +#header>h1:first-child{margin-top:1.25rem} +body.book #header{text-align:center} +body.book #header>h1:first-child{border:0!important;margin:2.5em 0 1em 0} +body.book #header .details{border:0!important;display:block;padding:0!important} +body.book #header .details span:first-child{margin-left:0!important} +body.book #header .details br{display:block} +body.book #header .details br+span:before{content:none!important} +body.book #toc{border:0!important;text-align:left!important;padding:0!important;margin:0!important} +body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-break-before:always} +.listingblock code[data-lang]:before{display:block} +#footer{background:none!important;padding:0 .9375em} +#footer-text{color:rgba(0,0,0,.6)!important;font-size:.9em} +.hide-on-print{display:none!important} +.print-only{display:block!important} +.hide-for-print{display:none!important} +.show-for-print{display:inherit!important}} \ No newline at end of file
