001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018 019package org.apache.hadoop.registry.client.api; 020 021import org.apache.hadoop.classification.InterfaceAudience; 022import org.apache.hadoop.classification.InterfaceStability; 023 024/** 025 * Constants for the registry, including configuration keys and default 026 * values. 027 */ 028@InterfaceAudience.Public 029@InterfaceStability.Evolving 030public interface RegistryConstants { 031 032 /** 033 * prefix for registry configuration options: {@value}. 034 * Why <code>hadoop.</code> and not YARN? It can 035 * live outside YARN 036 */ 037 String REGISTRY_PREFIX = "hadoop.registry."; 038 039 /** 040 * Prefix for zookeeper-specific options: {@value} 041 * <p> 042 * For clients using other protocols, these options are not supported. 043 */ 044 String ZK_PREFIX = REGISTRY_PREFIX + "zk."; 045 046 /** 047 * flag to indicate whether or not the registry should 048 * be enabled in the RM: {@value} 049 */ 050 String KEY_REGISTRY_ENABLED = REGISTRY_PREFIX + "rm.enabled"; 051 052 /** 053 * Defaut value for enabling the registry in the RM: {@value} 054 */ 055 boolean DEFAULT_REGISTRY_ENABLED = false; 056 057 /** 058 * Key to set if the registry is secure: {@value}. 059 * Turning it on changes the permissions policy from "open access" 060 * to restrictions on kerberos with the option of 061 * a user adding one or more auth key pairs down their 062 * own tree. 063 */ 064 String KEY_REGISTRY_SECURE = REGISTRY_PREFIX + "secure"; 065 066 /** 067 * Default registry security policy: {@value}. 068 */ 069 boolean DEFAULT_REGISTRY_SECURE = false; 070 071 /** 072 * Root path in the ZK tree for the registry: {@value} 073 */ 074 String KEY_REGISTRY_ZK_ROOT = ZK_PREFIX + "root"; 075 076 /** 077 * Default root of the yarn registry: {@value} 078 */ 079 String DEFAULT_ZK_REGISTRY_ROOT = "/registry"; 080 081 /** 082 * Registry client authentication policy. 083 * <p> 084 * This is only used in secure clusters. 085 * <p> 086 * If the Factory methods of {@link RegistryOperationsFactory} 087 * are used, this key does not need to be set: it is set 088 * up based on the factory method used. 089 */ 090 String KEY_REGISTRY_CLIENT_AUTH = 091 REGISTRY_PREFIX + "client.auth"; 092 093 /** 094 * Registry client uses Kerberos: authentication is automatic from 095 * logged in user 096 */ 097 String REGISTRY_CLIENT_AUTH_KERBEROS = "kerberos"; 098 099 /** 100 * Username/password is the authentication mechanism. 101 * If set then both {@link #KEY_REGISTRY_CLIENT_AUTHENTICATION_ID} 102 * and {@link #KEY_REGISTRY_CLIENT_AUTHENTICATION_PASSWORD} must be set. 103 */ 104 String REGISTRY_CLIENT_AUTH_DIGEST = "digest"; 105 106 /** 107 * No authentication; client is anonymous 108 */ 109 String REGISTRY_CLIENT_AUTH_ANONYMOUS = ""; 110 111 /** 112 * Registry client authentication ID 113 * <p> 114 * This is only used in secure clusters with 115 * {@link #KEY_REGISTRY_CLIENT_AUTH} set to 116 * {@link #REGISTRY_CLIENT_AUTH_DIGEST} 117 * 118 */ 119 String KEY_REGISTRY_CLIENT_AUTHENTICATION_ID = 120 KEY_REGISTRY_CLIENT_AUTH + ".id"; 121 122 /** 123 * Registry client authentication password. 124 * <p> 125 * This is only used in secure clusters with the client set to 126 * use digest (not SASL or anonymouse) authentication. 127 * <p> 128 * Specifically, {@link #KEY_REGISTRY_CLIENT_AUTH} set to 129 * {@link #REGISTRY_CLIENT_AUTH_DIGEST} 130 * 131 */ 132 String KEY_REGISTRY_CLIENT_AUTHENTICATION_PASSWORD = 133 KEY_REGISTRY_CLIENT_AUTH + ".password"; 134 135 /** 136 * List of hostname:port pairs defining the 137 * zookeeper quorum binding for the registry {@value} 138 */ 139 String KEY_REGISTRY_ZK_QUORUM = ZK_PREFIX + "quorum"; 140 141 /** 142 * The default zookeeper quorum binding for the registry: {@value} 143 */ 144 String DEFAULT_REGISTRY_ZK_QUORUM = "localhost:2181"; 145 146 /** 147 * Zookeeper session timeout in milliseconds: {@value} 148 */ 149 String KEY_REGISTRY_ZK_SESSION_TIMEOUT = 150 ZK_PREFIX + "session.timeout.ms"; 151 152 /** 153 * The default ZK session timeout: {@value}. 154 */ 155 int DEFAULT_ZK_SESSION_TIMEOUT = 60000; 156 157 /** 158 * Zookeeper connection timeout in milliseconds: {@value}. 159 */ 160 String KEY_REGISTRY_ZK_CONNECTION_TIMEOUT = 161 ZK_PREFIX + "connection.timeout.ms"; 162 163 /** 164 * The default ZK connection timeout: {@value}. 165 */ 166 int DEFAULT_ZK_CONNECTION_TIMEOUT = 15000; 167 168 /** 169 * Zookeeper connection retry count before failing: {@value}. 170 */ 171 String KEY_REGISTRY_ZK_RETRY_TIMES = ZK_PREFIX + "retry.times"; 172 173 /** 174 * The default # of times to retry a ZK connection: {@value}. 175 */ 176 int DEFAULT_ZK_RETRY_TIMES = 5; 177 178 /** 179 * Zookeeper connect interval in milliseconds: {@value}. 180 */ 181 String KEY_REGISTRY_ZK_RETRY_INTERVAL = 182 ZK_PREFIX + "retry.interval.ms"; 183 184 /** 185 * The default interval between connection retries: {@value}. 186 */ 187 int DEFAULT_ZK_RETRY_INTERVAL = 1000; 188 189 /** 190 * Zookeeper retry limit in milliseconds, during 191 * exponential backoff: {@value}. 192 * 193 * This places a limit even 194 * if the retry times and interval limit, combined 195 * with the backoff policy, result in a long retry 196 * period 197 * 198 */ 199 String KEY_REGISTRY_ZK_RETRY_CEILING = 200 ZK_PREFIX + "retry.ceiling.ms"; 201 202 /** 203 * Default limit on retries: {@value}. 204 */ 205 int DEFAULT_ZK_RETRY_CEILING = 60000; 206 207 /** 208 * A comma separated list of Zookeeper ACL identifiers with 209 * system access to the registry in a secure cluster: {@value}. 210 * 211 * These are given full access to all entries. 212 * 213 * If there is an "@" at the end of an entry it 214 * instructs the registry client to append the kerberos realm as 215 * derived from the login and {@link #KEY_REGISTRY_KERBEROS_REALM}. 216 */ 217 String KEY_REGISTRY_SYSTEM_ACCOUNTS = REGISTRY_PREFIX + "system.accounts"; 218 219 /** 220 * Default system accounts given global access to the registry: {@value}. 221 */ 222 String DEFAULT_REGISTRY_SYSTEM_ACCOUNTS = 223 "sasl:yarn@, sasl:mapred@, sasl:hdfs@, sasl:hadoop@"; 224 225 /** 226 * A comma separated list of Zookeeper ACL identifiers with 227 * system access to the registry in a secure cluster: {@value}. 228 * 229 * These are given full access to all entries. 230 * 231 * If there is an "@" at the end of an entry it 232 * instructs the registry client to append the default kerberos domain. 233 */ 234 String KEY_REGISTRY_USER_ACCOUNTS = REGISTRY_PREFIX + "user.accounts"; 235 236 /** 237 * Default system acls: {@value}. 238 */ 239 String DEFAULT_REGISTRY_USER_ACCOUNTS = ""; 240 241 /** 242 * The kerberos realm: {@value}. 243 * 244 * This is used to set the realm of 245 * system principals which do not declare their realm, 246 * and any other accounts that need the value. 247 * 248 * If empty, the default realm of the running process 249 * is used. 250 * 251 * If neither are known and the realm is needed, then the registry 252 * service/client will fail. 253 */ 254 String KEY_REGISTRY_KERBEROS_REALM = REGISTRY_PREFIX + "kerberos.realm"; 255 256 /** 257 * Key to define the JAAS context. Used in secure registries: {@value}. 258 */ 259 String KEY_REGISTRY_CLIENT_JAAS_CONTEXT = REGISTRY_PREFIX + "jaas.context"; 260 261 /** 262 * default client-side registry JAAS context: {@value} 263 */ 264 String DEFAULT_REGISTRY_CLIENT_JAAS_CONTEXT = "Client"; 265 266 /** 267 * path to users off the root: {@value}. 268 */ 269 String PATH_USERS = "/users/"; 270 271 /** 272 * path to system services off the root : {@value}. 273 */ 274 String PATH_SYSTEM_SERVICES = "/services/"; 275 276 /** 277 * path to system services under a user's home path : {@value}. 278 */ 279 String PATH_USER_SERVICES = "/services/"; 280 281 /** 282 * path under a service record to point to components of that service: 283 * {@value}. 284 */ 285 String SUBPATH_COMPONENTS = "/components/"; 286}