001 /*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements. See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership. The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License. You may obtain a copy of the License at
009 *
010 * http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018
019 package org.apache.hadoop.registry.client.api;
020
021 import org.apache.hadoop.classification.InterfaceAudience;
022 import org.apache.hadoop.classification.InterfaceStability;
023
024 /**
025 * Constants for the registry, including configuration keys and default
026 * values.
027 */
028 @InterfaceAudience.Public
029 @InterfaceStability.Evolving
030 public interface RegistryConstants {
031
032 /**
033 * prefix for registry configuration options: {@value}.
034 * Why <code>hadoop.</code> and not YARN? It can
035 * live outside YARN
036 */
037 String REGISTRY_PREFIX = "hadoop.registry.";
038
039 /**
040 * Prefix for zookeeper-specific options: {@value}
041 * <p>
042 * For clients using other protocols, these options are not supported.
043 */
044 String ZK_PREFIX = REGISTRY_PREFIX + "zk.";
045
046 /**
047 * flag to indicate whether or not the registry should
048 * be enabled in the RM: {@value}
049 */
050 String KEY_REGISTRY_ENABLED = REGISTRY_PREFIX + "rm.enabled";
051
052 /**
053 * Defaut value for enabling the registry in the RM: {@value}
054 */
055 boolean DEFAULT_REGISTRY_ENABLED = false;
056
057 /**
058 * Key to set if the registry is secure: {@value}.
059 * Turning it on changes the permissions policy from "open access"
060 * to restrictions on kerberos with the option of
061 * a user adding one or more auth key pairs down their
062 * own tree.
063 */
064 String KEY_REGISTRY_SECURE = REGISTRY_PREFIX + "secure";
065
066 /**
067 * Default registry security policy: {@value}.
068 */
069 boolean DEFAULT_REGISTRY_SECURE = false;
070
071 /**
072 * Root path in the ZK tree for the registry: {@value}
073 */
074 String KEY_REGISTRY_ZK_ROOT = ZK_PREFIX + "root";
075
076 /**
077 * Default root of the yarn registry: {@value}
078 */
079 String DEFAULT_ZK_REGISTRY_ROOT = "/registry";
080
081 /**
082 * Registry client authentication policy.
083 * <p>
084 * This is only used in secure clusters.
085 * <p>
086 * If the Factory methods of {@link RegistryOperationsFactory}
087 * are used, this key does not need to be set: it is set
088 * up based on the factory method used.
089 */
090 String KEY_REGISTRY_CLIENT_AUTH =
091 REGISTRY_PREFIX + "client.auth";
092
093 /**
094 * Registry client uses Kerberos: authentication is automatic from
095 * logged in user
096 */
097 String REGISTRY_CLIENT_AUTH_KERBEROS = "kerberos";
098
099 /**
100 * Username/password is the authentication mechanism.
101 * If set then both {@link #KEY_REGISTRY_CLIENT_AUTHENTICATION_ID}
102 * and {@link #KEY_REGISTRY_CLIENT_AUTHENTICATION_PASSWORD} must be set.
103 */
104 String REGISTRY_CLIENT_AUTH_DIGEST = "digest";
105
106 /**
107 * No authentication; client is anonymous
108 */
109 String REGISTRY_CLIENT_AUTH_ANONYMOUS = "";
110
111 /**
112 * Registry client authentication ID
113 * <p>
114 * This is only used in secure clusters with
115 * {@link #KEY_REGISTRY_CLIENT_AUTH} set to
116 * {@link #REGISTRY_CLIENT_AUTH_DIGEST}
117 *
118 */
119 String KEY_REGISTRY_CLIENT_AUTHENTICATION_ID =
120 KEY_REGISTRY_CLIENT_AUTH + ".id";
121
122 /**
123 * Registry client authentication password.
124 * <p>
125 * This is only used in secure clusters with the client set to
126 * use digest (not SASL or anonymouse) authentication.
127 * <p>
128 * Specifically, {@link #KEY_REGISTRY_CLIENT_AUTH} set to
129 * {@link #REGISTRY_CLIENT_AUTH_DIGEST}
130 *
131 */
132 String KEY_REGISTRY_CLIENT_AUTHENTICATION_PASSWORD =
133 KEY_REGISTRY_CLIENT_AUTH + ".password";
134
135 /**
136 * List of hostname:port pairs defining the
137 * zookeeper quorum binding for the registry {@value}
138 */
139 String KEY_REGISTRY_ZK_QUORUM = ZK_PREFIX + "quorum";
140
141 /**
142 * The default zookeeper quorum binding for the registry: {@value}
143 */
144 String DEFAULT_REGISTRY_ZK_QUORUM = "localhost:2181";
145
146 /**
147 * Zookeeper session timeout in milliseconds: {@value}
148 */
149 String KEY_REGISTRY_ZK_SESSION_TIMEOUT =
150 ZK_PREFIX + "session.timeout.ms";
151
152 /**
153 * The default ZK session timeout: {@value}.
154 */
155 int DEFAULT_ZK_SESSION_TIMEOUT = 60000;
156
157 /**
158 * Zookeeper connection timeout in milliseconds: {@value}.
159 */
160 String KEY_REGISTRY_ZK_CONNECTION_TIMEOUT =
161 ZK_PREFIX + "connection.timeout.ms";
162
163 /**
164 * The default ZK connection timeout: {@value}.
165 */
166 int DEFAULT_ZK_CONNECTION_TIMEOUT = 15000;
167
168 /**
169 * Zookeeper connection retry count before failing: {@value}.
170 */
171 String KEY_REGISTRY_ZK_RETRY_TIMES = ZK_PREFIX + "retry.times";
172
173 /**
174 * The default # of times to retry a ZK connection: {@value}.
175 */
176 int DEFAULT_ZK_RETRY_TIMES = 5;
177
178 /**
179 * Zookeeper connect interval in milliseconds: {@value}.
180 */
181 String KEY_REGISTRY_ZK_RETRY_INTERVAL =
182 ZK_PREFIX + "retry.interval.ms";
183
184 /**
185 * The default interval between connection retries: {@value}.
186 */
187 int DEFAULT_ZK_RETRY_INTERVAL = 1000;
188
189 /**
190 * Zookeeper retry limit in milliseconds, during
191 * exponential backoff: {@value}.
192 *
193 * This places a limit even
194 * if the retry times and interval limit, combined
195 * with the backoff policy, result in a long retry
196 * period
197 *
198 */
199 String KEY_REGISTRY_ZK_RETRY_CEILING =
200 ZK_PREFIX + "retry.ceiling.ms";
201
202 /**
203 * Default limit on retries: {@value}.
204 */
205 int DEFAULT_ZK_RETRY_CEILING = 60000;
206
207 /**
208 * A comma separated list of Zookeeper ACL identifiers with
209 * system access to the registry in a secure cluster: {@value}.
210 *
211 * These are given full access to all entries.
212 *
213 * If there is an "@" at the end of an entry it
214 * instructs the registry client to append the kerberos realm as
215 * derived from the login and {@link #KEY_REGISTRY_KERBEROS_REALM}.
216 */
217 String KEY_REGISTRY_SYSTEM_ACCOUNTS = REGISTRY_PREFIX + "system.accounts";
218
219 /**
220 * Default system accounts given global access to the registry: {@value}.
221 */
222 String DEFAULT_REGISTRY_SYSTEM_ACCOUNTS =
223 "sasl:yarn@, sasl:mapred@, sasl:hdfs@, sasl:hadoop@";
224
225 /**
226 * A comma separated list of Zookeeper ACL identifiers with
227 * system access to the registry in a secure cluster: {@value}.
228 *
229 * These are given full access to all entries.
230 *
231 * If there is an "@" at the end of an entry it
232 * instructs the registry client to append the default kerberos domain.
233 */
234 String KEY_REGISTRY_USER_ACCOUNTS = REGISTRY_PREFIX + "user.accounts";
235
236 /**
237 * Default system acls: {@value}.
238 */
239 String DEFAULT_REGISTRY_USER_ACCOUNTS = "";
240
241 /**
242 * The kerberos realm: {@value}.
243 *
244 * This is used to set the realm of
245 * system principals which do not declare their realm,
246 * and any other accounts that need the value.
247 *
248 * If empty, the default realm of the running process
249 * is used.
250 *
251 * If neither are known and the realm is needed, then the registry
252 * service/client will fail.
253 */
254 String KEY_REGISTRY_KERBEROS_REALM = REGISTRY_PREFIX + "kerberos.realm";
255
256 /**
257 * Key to define the JAAS context. Used in secure registries: {@value}.
258 */
259 String KEY_REGISTRY_CLIENT_JAAS_CONTEXT = REGISTRY_PREFIX + "jaas.context";
260
261 /**
262 * default client-side registry JAAS context: {@value}
263 */
264 String DEFAULT_REGISTRY_CLIENT_JAAS_CONTEXT = "Client";
265
266 /**
267 * path to users off the root: {@value}.
268 */
269 String PATH_USERS = "/users/";
270
271 /**
272 * path to system services off the root : {@value}.
273 */
274 String PATH_SYSTEM_SERVICES = "/services/";
275
276 /**
277 * path to system services under a user's home path : {@value}.
278 */
279 String PATH_USER_SERVICES = "/services/";
280
281 /**
282 * path under a service record to point to components of that service:
283 * {@value}.
284 */
285 String SUBPATH_COMPONENTS = "/components/";
286 }