Author: pzampino
Date: Fri Jun 22 22:45:02 2018
New Revision: 1834170
URL: http://svn.apache.org/viewvc?rev=1834170&view=rev
Log:
Documented gateway-site config properties for default discovery address and
cluster values, forced read-only topologies, and allowing unauthenticated
remote regsitry reads
Modified:
knox/site/books/knox-1-1-0/user-guide.html
knox/trunk/books/1.1.0/config.md
Modified: knox/site/books/knox-1-1-0/user-guide.html
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-1-1-0/user-guide.html?rev=1834170&r1=1834169&r2=1834170&view=diff
==============================================================================
--- knox/site/books/knox-1-1-0/user-guide.html (original)
+++ knox/site/books/knox-1-1-0/user-guide.html Fri Jun 22 22:45:02 2018
@@ -721,6 +721,11 @@ https://{gateway-host}:{gateway-port}/{g
<td>null</td>
</tr>
<tr>
+ <td>gateway.remote.config.monitor.client.allowUnauthenticatedReadAccess
</td>
+ <td>When a remote registry client is configured to access a registry
securely, this property can be set to allow unauthenticated clients to continue
to read the content from that registry by setting the ACLs accordingly. </td>
+ <td>false</td>
+ </tr>
+ <tr>
<td>gateway.remote.config.registry.<b><name></b></td>
<td>A named <a href="#Remote+Configuration+Registry+Clients">remote
configuration registry client</a> definition</td>
<td>null</td>
@@ -740,6 +745,21 @@ https://{gateway-host}:{gateway-port}/{g
<td>Turn on/off Remote Alias Discovery, this will take effect only when
remote configuration monitor is enabled </td>
<td>true</td>
</tr>
+ <tr>
+ <td>gateway.read.only.override.topologies </td>
+ <td>A comma-delimited list of topology names which should be forcibly
treated as read-only. </td>
+ <td>none</td>
+ </tr>
+ <tr>
+ <td>gateway.discovery.default.address </td>
+ <td>The default discovery address, which is applied if no address is
specified in a descriptor. </td>
+ <td>null</td>
+ </tr>
+ <tr>
+ <td>gateway.discovery.default.cluster </td>
+ <td>The default discovery cluster name, which is applied if no cluster
name is specified in a descriptor. </td>
+ <td>null</td>
+ </tr>
</tbody>
</table><h4><a id="Topology+Descriptors">Topology Descriptors</a> <a
href="#Topology+Descriptors"><img
src="markbook-section-link.png"/></a></h4><p>The topology descriptor files
provide the gateway with per-cluster configuration information. This includes
configuration for both the providers within the gateway and the services within
the Hadoop cluster. These files are located in
<code>{GATEWAY_HOME}/conf/topologies</code>. The general outline of this
document looks like this.</p>
<pre><code><topology>
@@ -910,7 +930,7 @@ ip-10-39-107-209.ec2.internal
</tr>
<tr>
<td>discovery-address</td>
- <td>The endpoint address for the discovery source.</td>
+ <td>The endpoint address for the discovery source. If omitted, then Knox
will check for the gateway-site configuration property named
<em>gateway.discovery.default.address</em>, and use its value if defined.</td>
</tr>
<tr>
<td>discovery-user</td>
@@ -926,7 +946,7 @@ ip-10-39-107-209.ec2.internal
</tr>
<tr>
<td>cluster</td>
- <td>The name of the cluster from which the topology service endpoints
should be determined.</td>
+ <td>The name of the cluster from which the topology service endpoints
should be determined. If omitted, then Knox will check for the gateway-site
configuration property named <em>gateway.discovery.default.cluster</em>, and
use its value if defined.</td>
</tr>
<tr>
<td>services</td>
Modified: knox/trunk/books/1.1.0/config.md
URL:
http://svn.apache.org/viewvc/knox/trunk/books/1.1.0/config.md?rev=1834170&r1=1834169&r2=1834170&view=diff
==============================================================================
--- knox/trunk/books/1.1.0/config.md (original)
+++ knox/trunk/books/1.1.0/config.md Fri Jun 22 22:45:02 2018
@@ -143,10 +143,14 @@ ssl.include.ciphers|A comma separated li
ssl.exclude.ciphers|A comma separated list of ciphers to reject for SSL. See
the [JSSE Provider
docs](http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider)
for possible ciphers. These can also contain regular expressions as shown in
the [Jetty
documentation](http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html).|none|
ssl.exclude.protocols|Excludes a comma separated list of protocols to not
accept for SSL or "none"|SSLv3
gateway.remote.config.monitor.client|A reference to the [remote configuration
registry client](#Remote+Configuration+Registry+Clients) the remote
configuration monitor will employ.|null
+gateway.remote.config.monitor.client.allowUnauthenticatedReadAccess | When a
remote registry client is configured to access a registry securely, this
property can be set to allow unauthenticated clients to continue to read the
content from that registry by setting the ACLs accordingly. | false
gateway.remote.config.registry.<b><name></b>|A named [remote
configuration registry client](#Remote+Configuration+Registry+Clients)
definition|null
gateway.cluster.config.monitor.ambari.enabled | Indicates whether the cluster
monitoring and associated dynamic topology updating is enabled. | false
gateway.cluster.config.monitor.ambari.interval | The interval (in seconds) at
which the cluster monitor will poll Ambari for cluster configuration changes. |
60
gateway.remote.alias.service.enabled | Turn on/off Remote Alias Discovery,
this will take effect only when remote configuration monitor is enabled | true
+gateway.read.only.override.topologies | A comma-delimited list of topology
names which should be forcibly treated as read-only. | none
+gateway.discovery.default.address | The default discovery address, which is
applied if no address is specified in a descriptor. | null
+gateway.discovery.default.cluster | The default discovery cluster name, which
is applied if no cluster name is specified in a descriptor. | null
#### Topology Descriptors ####
@@ -467,11 +471,11 @@ topology descriptor.
property |
description
------------|-----------
discovery-type|The discovery source type. (Currently, the only supported type
is *AMBARI*).
-discovery-address|The endpoint address for the discovery source.
+discovery-address|The endpoint address for the discovery source. If omitted,
then Knox will check for the gateway-site configuration property named
*gateway.discovery.default.address*, and use its value if defined.
discovery-user|The username with permission to access the discovery source. If
omitted, then Knox will check for an alias named *ambari.discovery.user*, and
use its value if defined.
discovery-pwd-alias|The alias of the password for the user with permission to
access the discovery source. If omitted, then Knox will check for an alias
named *ambari.discovery.password*, and use its value if defined.
provider-config-ref|A reference to a provider configuration in
`{GATEWAY_HOME}/conf/shared-providers/`.
-cluster|The name of the cluster from which the topology service endpoints
should be determined.
+cluster|The name of the cluster from which the topology service endpoints
should be determined. If omitted, then Knox will check for the gateway-site
configuration property named *gateway.discovery.default.cluster*, and use its
value if defined.
services|The collection of services to be included in the topology.
applications|The collection of applications to be included in the topology.
