001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018
019package org.apache.hadoop.registry.client.api;
020
021import org.apache.hadoop.classification.InterfaceAudience;
022import org.apache.hadoop.classification.InterfaceStability;
023
024/**
025 * Constants for the registry, including configuration keys and default
026 * values.
027 */
028@InterfaceAudience.Public
029@InterfaceStability.Evolving
030public interface RegistryConstants {
031
032  /**
033   * prefix for registry configuration options: {@value}.
034   * Why <code>hadoop.</code> and not YARN? It can
035   * live outside YARN
036   */
037  String REGISTRY_PREFIX = "hadoop.registry.";
038
039  /**
040   * Prefix for zookeeper-specific options: {@value}
041   *  <p>
042   * For clients using other protocols, these options are not supported.
043   */
044  String ZK_PREFIX = REGISTRY_PREFIX + "zk.";
045
046  /**
047   * flag to indicate whether or not the registry should
048   * be enabled in the RM: {@value}
049   */
050  String KEY_REGISTRY_ENABLED = REGISTRY_PREFIX + "rm.enabled";
051
052  /**
053   * Defaut value for enabling the registry in the RM: {@value}
054   */
055  boolean DEFAULT_REGISTRY_ENABLED = false;
056
057  /**
058   * Key to set if the registry is secure: {@value}.
059   * Turning it on changes the permissions policy from "open access"
060   * to restrictions on kerberos with the option of
061   * a user adding one or more auth key pairs down their
062   * own tree.
063   */
064  String KEY_REGISTRY_SECURE = REGISTRY_PREFIX + "secure";
065
066  /**
067   * Default registry security policy: {@value}.
068   */
069  boolean DEFAULT_REGISTRY_SECURE = false;
070
071  /**
072   * Root path in the ZK tree for the registry: {@value}
073   */
074  String KEY_REGISTRY_ZK_ROOT = ZK_PREFIX + "root";
075
076  /**
077   * Default root of the yarn registry: {@value}
078   */
079  String DEFAULT_ZK_REGISTRY_ROOT = "/registry";
080
081  /**
082   * Registry client authentication policy.
083   *  <p>
084   * This is only used in secure clusters.
085   *  <p>
086   * If the Factory methods of {@link RegistryOperationsFactory}
087   * are used, this key does not need to be set: it is set
088   * up based on the factory method used.
089   */
090  String KEY_REGISTRY_CLIENT_AUTH =
091      REGISTRY_PREFIX + "client.auth";
092
093  /**
094   * Registry client uses Kerberos: authentication is automatic from
095   * logged in user
096   */
097  String REGISTRY_CLIENT_AUTH_KERBEROS = "kerberos";
098
099  /**
100   * Username/password is the authentication mechanism.
101   * If set then both {@link #KEY_REGISTRY_CLIENT_AUTHENTICATION_ID}
102   * and {@link #KEY_REGISTRY_CLIENT_AUTHENTICATION_PASSWORD} must be set.
103   */
104  String REGISTRY_CLIENT_AUTH_DIGEST = "digest";
105
106  /**
107   * No authentication; client is anonymous
108   */
109  String REGISTRY_CLIENT_AUTH_ANONYMOUS = "";
110
111  /**
112   * Registry client authentication ID
113   * <p>
114   * This is only used in secure clusters with
115   * {@link #KEY_REGISTRY_CLIENT_AUTH} set to
116   * {@link #REGISTRY_CLIENT_AUTH_DIGEST}
117   *
118   */
119  String KEY_REGISTRY_CLIENT_AUTHENTICATION_ID =
120      KEY_REGISTRY_CLIENT_AUTH + ".id";
121
122  /**
123   * Registry client authentication password.
124   * <p>
125   * This is only used in secure clusters with the client set to
126   * use digest (not SASL or anonymouse) authentication.
127   *  <p>
128   * Specifically, {@link #KEY_REGISTRY_CLIENT_AUTH} set to
129   * {@link #REGISTRY_CLIENT_AUTH_DIGEST}
130   *
131   */
132  String KEY_REGISTRY_CLIENT_AUTHENTICATION_PASSWORD =
133      KEY_REGISTRY_CLIENT_AUTH + ".password";
134
135  /**
136   * List of hostname:port pairs defining the
137   * zookeeper quorum binding for the registry {@value}
138   */
139  String KEY_REGISTRY_ZK_QUORUM = ZK_PREFIX + "quorum";
140
141  /**
142   * The default zookeeper quorum binding for the registry: {@value}
143   */
144  String DEFAULT_REGISTRY_ZK_QUORUM = "localhost:2181";
145
146  /**
147   * Zookeeper session timeout in milliseconds: {@value}
148   */
149  String KEY_REGISTRY_ZK_SESSION_TIMEOUT =
150      ZK_PREFIX + "session.timeout.ms";
151
152  /**
153  * The default ZK session timeout: {@value}.
154  */
155  int DEFAULT_ZK_SESSION_TIMEOUT = 60000;
156
157  /**
158   * Zookeeper connection timeout in milliseconds: {@value}.
159   */
160  String KEY_REGISTRY_ZK_CONNECTION_TIMEOUT =
161      ZK_PREFIX + "connection.timeout.ms";
162
163  /**
164   * The default ZK connection timeout: {@value}.
165   */
166  int DEFAULT_ZK_CONNECTION_TIMEOUT = 15000;
167
168  /**
169   * Zookeeper connection retry count before failing: {@value}.
170   */
171  String KEY_REGISTRY_ZK_RETRY_TIMES = ZK_PREFIX + "retry.times";
172
173  /**
174   * The default # of times to retry a ZK connection: {@value}.
175   */
176  int DEFAULT_ZK_RETRY_TIMES = 5;
177
178  /**
179   * Zookeeper connect interval in milliseconds: {@value}.
180   */
181  String KEY_REGISTRY_ZK_RETRY_INTERVAL =
182      ZK_PREFIX + "retry.interval.ms";
183
184  /**
185   * The default interval between connection retries: {@value}.
186   */
187  int DEFAULT_ZK_RETRY_INTERVAL = 1000;
188
189  /**
190   * Zookeeper retry limit in milliseconds, during
191   * exponential backoff: {@value}.
192   *
193   * This places a limit even
194   * if the retry times and interval limit, combined
195   * with the backoff policy, result in a long retry
196   * period
197   *
198   */
199  String KEY_REGISTRY_ZK_RETRY_CEILING =
200      ZK_PREFIX + "retry.ceiling.ms";
201
202  /**
203   * Default limit on retries: {@value}.
204   */
205  int DEFAULT_ZK_RETRY_CEILING = 60000;
206
207  /**
208   * A comma separated list of Zookeeper ACL identifiers with
209   * system access to the registry in a secure cluster: {@value}.
210   *
211   * These are given full access to all entries.
212   *
213   * If there is an "@" at the end of an entry it
214   * instructs the registry client to append the kerberos realm as
215   * derived from the login and {@link #KEY_REGISTRY_KERBEROS_REALM}.
216   */
217  String KEY_REGISTRY_SYSTEM_ACCOUNTS = REGISTRY_PREFIX + "system.accounts";
218
219  /**
220   * Default system accounts given global access to the registry: {@value}.
221   */
222  String DEFAULT_REGISTRY_SYSTEM_ACCOUNTS =
223      "sasl:yarn@, sasl:mapred@, sasl:hdfs@, sasl:hadoop@";
224
225  /**
226   * A comma separated list of Zookeeper ACL identifiers with
227   * system access to the registry in a secure cluster: {@value}.
228   *
229   * These are given full access to all entries.
230   *
231   * If there is an "@" at the end of an entry it
232   * instructs the registry client to append the default kerberos domain.
233   */
234  String KEY_REGISTRY_USER_ACCOUNTS = REGISTRY_PREFIX + "user.accounts";
235
236  /**
237   * Default system acls: {@value}.
238   */
239  String DEFAULT_REGISTRY_USER_ACCOUNTS = "";
240
241  /**
242   * The kerberos realm: {@value}.
243   *
244   * This is used to set the realm of
245   * system principals which do not declare their realm,
246   * and any other accounts that need the value.
247   *
248   * If empty, the default realm of the running process
249   * is used.
250   *
251   * If neither are known and the realm is needed, then the registry
252   * service/client will fail.
253   */
254  String KEY_REGISTRY_KERBEROS_REALM = REGISTRY_PREFIX + "kerberos.realm";
255
256  /**
257   * Key to define the JAAS context. Used in secure registries: {@value}.
258   */
259  String KEY_REGISTRY_CLIENT_JAAS_CONTEXT = REGISTRY_PREFIX + "jaas.context";
260
261  /**
262   * default client-side registry JAAS context: {@value}
263   */
264  String DEFAULT_REGISTRY_CLIENT_JAAS_CONTEXT = "Client";
265
266  /**
267   *  path to users off the root: {@value}.
268   */
269  String PATH_USERS = "/users/";
270
271  /**
272   *  path to system services off the root : {@value}.
273   */
274  String PATH_SYSTEM_SERVICES = "/services/";
275
276  /**
277   *  path to system services under a user's home path : {@value}.
278   */
279  String PATH_USER_SERVICES = "/services/";
280
281  /**
282   *  path under a service record to point to components of that service:
283   *  {@value}.
284   */
285  String SUBPATH_COMPONENTS = "/components/";
286}