· 9 years ago · Jan 07, 2017, 02:48 AM
1#####################################
2# DEVELOPMENT EDITION
3#####################################
4
5# Hue configuration file
6# ===================================
7#
8# For complete documentation about the contents of this file, run
9# $ <hue_root>/build/env/bin/hue config_help
10#
11# All .ini files under the current directory are treated equally. Their
12# contents are merged to form the Hue configuration, which can
13# can be viewed on the Hue at
14# http://<hue_host>:<port>/dump_config
15
16
17###########################################################################
18# General configuration for core Desktop features (authentication, etc)
19###########################################################################
20
21[desktop]
22
23 # Set this to a random string, the longer the better.
24 # This is used for secure hashing in the session store.
25 secret_key=
26
27 # Execute this script to produce the Django secret key. This will be used when
28 # 'secret_key' is not set.
29 ## secret_key_script=
30
31 # Webserver listens on this address and port
32 http_host=0.0.0.0
33 http_port=8000
34
35 # Time zone name
36 time_zone=America/Los_Angeles
37
38 # Enable or disable Django debug mode.
39 ## django_debug_mode=true
40
41 # Enable or disable database debug mode.
42 ## database_logging=false
43
44 # Whether to send debug messages from JavaScript to the server logs.
45 send_dbug_messages=true
46
47 # Enable or disable backtrace for server error
48 ## http_500_debug_mode=true
49
50 # Enable or disable memory profiling.
51 ## memory_profiler=false
52
53 # Server email for internal error messages
54 ## django_server_email='hue@localhost.localdomain'
55
56 # Email backend
57 ## django_email_backend=django.core.mail.backends.smtp.EmailBackend
58
59 # Webserver runs as this user
60 server_user=hue
61 server_group=hue
62
63 # This should be the Hue admin and proxy user
64 default_user=hue
65
66 # This should be the hadoop cluster admin
67 # default_hdfs_superuser=
68
69 # If set to false, runcpserver will not actually start the web server.
70 # Used if Apache is being used as a WSGI container.
71 ## enable_server=yes
72
73 # Number of threads used by the CherryPy web server
74 ## cherrypy_server_threads=40
75
76 # This property specifies the maximum size of the receive buffer in bytes in thrift sasl communication.
77 ## sasl_max_buffer=2*1024*1024 # 2MB
78
79 # Filename of SSL Certificate
80 ## ssl_certificate=
81
82 # Filename of SSL RSA Private Key
83 ## ssl_private_key=
84
85 # Filename of SSL Certificate Chain
86 ## ssl_certificate_chain=
87
88 # SSL certificate password
89 ## ssl_password=
90
91 # Execute this script to produce the SSL password. This will be used when 'ssl_password' is not set.
92 ## ssl_password_script=
93
94 # X-Content-Type-Options: nosniff This is a HTTP response header feature that helps prevent attacks based on MIME-type confusion.
95 ## secure_content_type_nosniff=true
96
97 # X-Xss-Protection: \"1; mode=block\" This is a HTTP response header feature to force XSS protection.
98 ## secure_browser_xss_filter=true
99
100 # X-Content-Type-Options: nosniff This is a HTTP response header feature that helps prevent attacks based on MIME-type confusion.
101 ## secure_content_security_policy="script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.doubleclick.net *.mathjax.org data:;img-src 'self' *.google-analytics.com *.doubleclick.net http://*.tile.osm.org *.tile.osm.org *.gstatic.com data:;style-src 'self' 'unsafe-inline';connect-src 'self';child-src 'self' data:;object-src 'none'"
102
103 # Strict-Transport-Security HTTP Strict Transport Security(HSTS) is a policy which is communicated by the server to the user agent via HTTP response header field name “Strict-Transport-Securityâ€. HSTS policy specifies a period of time during which the user agent(browser) should only access the server in a secure fashion(https).
104 ## secure_ssl_redirect=False
105 ## secure_redirect_host=0.0.0.0
106 ## secure_redirect_exempt=[]
107 ## secure_hsts_seconds=31536000
108 ## secure_hsts_include_subdomains=true
109
110 # List of allowed and disallowed ciphers in cipher list format.
111 # See http://www.openssl.org/docs/apps/ciphers.html for more information on
112 # cipher list format. This list is from
113 # https://wiki.mozilla.org/Security/Server_Side_TLS v3.7 intermediate
114 # recommendation, which should be compatible with Firefox 1, Chrome 1, IE 7,
115 # Opera 5 and Safari 1.
116 ## ssl_cipher_list=ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS:!DH:!ADH
117
118 # Path to default Certificate Authority certificates.
119 ## ssl_cacerts=/etc/hue/cacerts.pem
120
121 # Choose whether Hue should validate certificates received from the server.
122 ## validate=true
123
124 # Default LDAP/PAM/.. username and password of the hue user used for authentications with other services.
125 # Inactive if password is empty.
126 # e.g. LDAP pass-through authentication for HiveServer2 or Impala. Apps can override them individually.
127 ## auth_username=hue
128 ## auth_password=
129
130 # Default encoding for site data
131 ## default_site_encoding=utf-8
132
133 # Help improve Hue with anonymous usage analytics.
134 # Use Google Analytics to see how many times an application or specific section of an application is used, nothing more.
135 ## collect_usage=true
136
137 # Tile layer server URL for the Leaflet map charts
138 # Read more on http://leafletjs.com/reference.html#tilelayer
139 # Make sure you add the tile domain to the img-src section of the 'secure_content_security_policy' configuration parameter as well.
140 ## leaflet_tile_layer=http://{s}.tile.osm.org/{z}/{x}/{y}.png
141
142 # The copyright message for the specified Leaflet maps Tile Layer
143 ## leaflet_tile_layer_attribution='© <a href="http://osm.org/copyright">OpenStreetMap</a> contributors'
144
145 # X-Frame-Options HTTP header value. Use 'DENY' to deny framing completely
146 ## http_x_frame_options=SAMEORIGIN
147
148 # Enable X-Forwarded-Host header if the load balancer requires it.
149 ## use_x_forwarded_host=false
150
151 # Support for HTTPS termination at the load-balancer level with SECURE_PROXY_SSL_HEADER.
152 ## secure_proxy_ssl_header=false
153
154 # Comma-separated list of Django middleware classes to use.
155 # See https://docs.djangoproject.com/en/1.4/ref/middleware/ for more details on middlewares in Django.
156 ## middleware=desktop.auth.backend.LdapSynchronizationBackend
157
158 # Comma-separated list of regular expressions, which match the redirect URL.
159 # For example, to restrict to your local domain and FQDN, the following value can be used:
160 # ^\/.*$,^http:\/\/www.mydomain.com\/.*$
161 ## redirect_whitelist=^(\/[a-zA-Z0-9]+.*|\/)$
162
163 # Comma separated list of apps to not load at server startup.
164 # e.g.: pig,zookeeper
165 ## app_blacklist=
166
167 # Choose whether to show the new SQL editor.
168 ## use_new_editor=true
169
170 # Choose whether to show the improved assist panel and the right context panel
171 ## use_new_side_panels=false
172
173 # Editor autocomplete timeout (ms) when fetching columns, fields, tables etc.
174 # To disable this type of autocompletion set the value to 0
175 ## editor_autocomplete_timeout=5000
176
177 # Enable saved default configurations for Hive, Impala, Spark, and Oozie.
178 ## use_default_configuration=false
179
180 # The directory where to store the auditing logs. Auditing is disable if the value is empty.
181 # e.g. /var/log/hue/audit.log
182 ## audit_event_log_dir=
183
184 # Size in KB/MB/GB for audit log to rollover.
185 ## audit_log_max_file_size=100MB
186
187 # A json file containing a list of log redaction rules for cleaning sensitive data
188 # from log files. It is defined as:
189 #
190 # {
191 # "version": 1,
192 # "rules": [
193 # {
194 # "description": "This is the first rule",
195 # "trigger": "triggerstring 1",
196 # "search": "regex 1",
197 # "replace": "replace 1"
198 # },
199 # {
200 # "description": "This is the second rule",
201 # "trigger": "triggerstring 2",
202 # "search": "regex 2",
203 # "replace": "replace 2"
204 # }
205 # ]
206 # }
207 #
208 # Redaction works by searching a string for the [TRIGGER] string. If found,
209 # the [REGEX] is used to replace sensitive information with the
210 # [REDACTION_MASK]. If specified with 'log_redaction_string', the
211 # 'log_redaction_string' rules will be executed after the
212 # 'log_redaction_file' rules.
213 #
214 # For example, here is a file that would redact passwords and social security numbers:
215
216 # {
217 # "version": 1,
218 # "rules": [
219 # {
220 # "description": "Redact passwords",
221 # "trigger": "password",
222 # "search": "password=\".*\"",
223 # "replace": "password=\"???\""
224 # },
225 # {
226 # "description": "Redact social security numbers",
227 # "trigger": "",
228 # "search": "\d{3}-\d{2}-\d{4}",
229 # "replace": "XXX-XX-XXXX"
230 # }
231 # ]
232 # }
233 ## log_redaction_file=
234
235 # Comma separated list of strings representing the host/domain names that the Hue server can serve.
236 # e.g.: localhost,domain1,*
237 ## allowed_hosts="host.domain1"
238
239 # Administrators
240 # ----------------
241 [[django_admins]]
242 ## [[[admin1]]]
243 ## name=john
244 ## email=john@doe.com
245
246 # UI customizations
247 # -------------------
248 [[custom]]
249
250 # Top banner HTML code
251 # e.g. <H4>Test Lab A2 Hue Services</H4>
252 ## banner_top_html=
253
254 # Login splash HTML code
255 # e.g. WARNING: You are required to have authorization before you proceed
256 ## login_splash_html=<h4>GetHue.com</h4><br/><br/>WARNING: You have accessed a computer managed by GetHue. You are required to have authorization from GetHue before you proceed.
257
258 # Cache timeout in milliseconds for the assist, autocomplete, etc.
259 # defaults to 86400000 (1 day), set to 0 to disable caching
260 ## cacheable_ttl=86400000
261
262 # Configuration options for user authentication into the web application
263 # ------------------------------------------------------------------------
264 [[auth]]
265
266 # Authentication backend. Common settings are:
267 # - django.contrib.auth.backends.ModelBackend (entirely Django backend)
268 # - desktop.auth.backend.AllowAllBackend (allows everyone)
269 # - desktop.auth.backend.AllowFirstUserDjangoBackend
270 # (Default. Relies on Django and user manager, after the first login)
271 # - desktop.auth.backend.LdapBackend
272 # - desktop.auth.backend.PamBackend
273 # - desktop.auth.backend.SpnegoDjangoBackend
274 # - desktop.auth.backend.RemoteUserDjangoBackend
275 # - libsaml.backend.SAML2Backend
276 # - libopenid.backend.OpenIDBackend
277 # - liboauth.backend.OAuthBackend
278 # (New oauth, support Twitter, Facebook, Google+ and Linkedin
279 # Multiple Authentication backends are supported by specifying a comma-separated list in order of priority.
280 # However, in order to enable OAuthBackend, it must be the ONLY backend configured.
281 ## backend=desktop.auth.backend.AllowFirstUserDjangoBackend
282
283 # Class which defines extra accessor methods for User objects.
284 ## user_aug=desktop.auth.backend.DefaultUserAugmentor
285
286 # The service to use when querying PAM.
287 ## pam_service=login
288
289 # When using the desktop.auth.backend.RemoteUserDjangoBackend, this sets
290 # the normalized name of the header that contains the remote user.
291 # The HTTP header in the request is converted to a key by converting
292 # all characters to uppercase, replacing any hyphens with underscores
293 # and adding an HTTP_ prefix to the name. So, for example, if the header
294 # is called Remote-User that would be configured as HTTP_REMOTE_USER
295 #
296 # Defaults to HTTP_REMOTE_USER
297 ## remote_user_header=HTTP_REMOTE_USER
298
299 # Ignore the case of usernames when searching for existing users.
300 # Supported in remoteUserDjangoBackend and SpnegoDjangoBackend
301 ## ignore_username_case=true
302
303 # Forcibly cast usernames to lowercase, takes precedence over force_username_uppercase
304 # Supported in remoteUserDjangoBackend and SpnegoDjangoBackend
305 ## force_username_lowercase=true
306
307 # Forcibly cast usernames to uppercase, cannot be combined with force_username_lowercase
308 ## force_username_uppercase=false
309
310 # Users will expire after they have not logged in for 'n' amount of seconds.
311 # A negative number means that users will never expire.
312 ## expires_after=-1
313
314 # Apply 'expires_after' to superusers.
315 ## expire_superusers=true
316
317 # Users will automatically be logged out after 'n' seconds of inactivity.
318 # A negative number means that idle sessions will not be timed out.
319 idle_session_timeout=-1
320
321 # Force users to change password on first login with desktop.auth.backend.AllowFirstUserDjangoBackend
322 ## change_default_password=false
323
324 # Number of login attempts allowed before a record is created for failed logins
325 ## login_failure_limit=3
326
327 # After number of allowed login attempts are exceeded, do we lock out this IP and optionally user agent?
328 ## login_lock_out_at_failure=false
329
330 # If set, defines period of inactivity in seconds after which failed logins will be forgotten
331 ## login_cooloff_time=60
332
333 # If True, lock out based on an IP address AND a user agent.
334 # This means requests from different user agents but from the same IP are treated differently.
335 ## login_lock_out_use_user_agent=false
336
337 # If True, lock out based on IP and user
338 ## login_lock_out_by_combination_user_and_ip=false
339
340 # If True, it will look for the IP address from the header defined at reverse_proxy_header.
341 ## behind_reverse_proxy=false
342
343 # If behind_reverse_proxy is True, it will look for the IP address from this header. Default: HTTP_X_FORWARDED_FOR
344 ## reverse_proxy_header=HTTP_X_FORWARDED_FOR
345
346 # Configuration options for connecting to LDAP and Active Directory
347 # -------------------------------------------------------------------
348 [[ldap]]
349
350 # The search base for finding users and groups
351 ## base_dn="DC=mycompany,DC=com"
352
353 # URL of the LDAP server
354 ## ldap_url=ldap://auth.mycompany.com
355
356 # The NT domain used for LDAP authentication
357 ## nt_domain=mycompany.com
358
359 # A PEM-format file containing certificates for the CA's that
360 # Hue will trust for authentication over TLS.
361 # The certificate for the CA that signed the
362 # LDAP server certificate must be included among these certificates.
363 # See more here http://www.openldap.org/doc/admin24/tls.html.
364 ## ldap_cert=
365 ## use_start_tls=true
366
367 # Distinguished name of the user to bind as -- not necessary if the LDAP server
368 # supports anonymous searches
369 ## bind_dn="CN=ServiceAccount,DC=mycompany,DC=com"
370
371 # Password of the bind user -- not necessary if the LDAP server supports
372 # anonymous searches
373 ## bind_password=
374
375 # Execute this script to produce the bind user password. This will be used
376 # when 'bind_password' is not set.
377 ## bind_password_script=
378
379 # Pattern for searching for usernames -- Use <username> for the parameter
380 # For use when using LdapBackend for Hue authentication
381 ## ldap_username_pattern="uid=<username>,ou=People,dc=mycompany,dc=com"
382
383 # Create users in Hue when they try to login with their LDAP credentials
384 # For use when using LdapBackend for Hue authentication
385 ## create_users_on_login = true
386
387 # Synchronize a users groups when they login
388 ## sync_groups_on_login=false
389
390 # Ignore the case of usernames when searching for existing users in Hue.
391 ## ignore_username_case=true
392
393 # Force usernames to lowercase when creating new users from LDAP.
394 # Takes precedence over force_username_uppercase
395 ## force_username_lowercase=true
396
397 # Force usernames to uppercase, cannot be combined with force_username_lowercase
398 ## force_username_uppercase=false
399
400 # Use search bind authentication.
401 ## search_bind_authentication=true
402
403 # Choose which kind of subgrouping to use: nested or suboordinate (deprecated).
404 ## subgroups=suboordinate
405
406 # Define the number of levels to search for nested members.
407 ## nested_members_search_depth=10
408
409 # Whether or not to follow referrals
410 ## follow_referrals=false
411
412 # Enable python-ldap debugging.
413 ## debug=false
414
415 # Sets the debug level within the underlying LDAP C lib.
416 ## debug_level=255
417
418 # Possible values for trace_level are 0 for no logging, 1 for only logging the method calls with arguments,
419 # 2 for logging the method calls with arguments and the complete results and 9 for also logging the traceback of method calls.
420 ## trace_level=0
421
422 [[[users]]]
423
424 # Base filter for searching for users
425 ## user_filter="objectclass=*"
426
427 # The username attribute in the LDAP schema
428 ## user_name_attr=sAMAccountName
429
430 [[[groups]]]
431
432 # Base filter for searching for groups
433 ## group_filter="objectclass=*"
434
435 # The group name attribute in the LDAP schema
436 ## group_name_attr=cn
437
438 # The attribute of the group object which identifies the members of the group
439 ## group_member_attr=members
440
441 [[[ldap_servers]]]
442
443 ## [[[[mycompany]]]]
444
445 # The search base for finding users and groups
446 ## base_dn="DC=mycompany,DC=com"
447
448 # URL of the LDAP server
449 ## ldap_url=ldap://auth.mycompany.com
450
451 # The NT domain used for LDAP authentication
452 ## nt_domain=mycompany.com
453
454 # A PEM-format file containing certificates for the CA's that
455 # Hue will trust for authentication over TLS.
456 # The certificate for the CA that signed the
457 # LDAP server certificate must be included among these certificates.
458 # See more here http://www.openldap.org/doc/admin24/tls.html.
459 ## ldap_cert=
460 ## use_start_tls=true
461
462 # Distinguished name of the user to bind as -- not necessary if the LDAP server
463 # supports anonymous searches
464 ## bind_dn="CN=ServiceAccount,DC=mycompany,DC=com"
465
466 # Password of the bind user -- not necessary if the LDAP server supports
467 # anonymous searches
468 ## bind_password=
469
470 # Execute this script to produce the bind user password. This will be used
471 # when 'bind_password' is not set.
472 ## bind_password_script=
473
474 # Pattern for searching for usernames -- Use <username> for the parameter
475 # For use when using LdapBackend for Hue authentication
476 ## ldap_username_pattern="uid=<username>,ou=People,dc=mycompany,dc=com"
477
478 ## Use search bind authentication.
479 ## search_bind_authentication=true
480
481 # Whether or not to follow referrals
482 ## follow_referrals=false
483
484 # Enable python-ldap debugging.
485 ## debug=false
486
487 # Sets the debug level within the underlying LDAP C lib.
488 ## debug_level=255
489
490 # Possible values for trace_level are 0 for no logging, 1 for only logging the method calls with arguments,
491 # 2 for logging the method calls with arguments and the complete results and 9 for also logging the traceback of method calls.
492 ## trace_level=0
493
494 ## [[[[[users]]]]]
495
496 # Base filter for searching for users
497 ## user_filter="objectclass=Person"
498
499 # The username attribute in the LDAP schema
500 ## user_name_attr=sAMAccountName
501
502 ## [[[[[groups]]]]]
503
504 # Base filter for searching for groups
505 ## group_filter="objectclass=groupOfNames"
506
507 # The username attribute in the LDAP schema
508 ## group_name_attr=cn
509
510 # Configuration options for specifying the Desktop Database. For more info,
511 # see http://docs.djangoproject.com/en/1.4/ref/settings/#database-engine
512 # ------------------------------------------------------------------------
513 [[database]]
514 # Database engine is typically one of:
515 # postgresql_psycopg2, mysql, sqlite3 or oracle.
516 #
517 # Note that for sqlite3, 'name', below is a path to the filename. For other backends, it is the database name.
518 # Note for Oracle, options={"threaded":true} must be set in order to avoid crashes.
519 # Note for Oracle, you can use the Oracle Service Name by setting "host=" and "port=" and then "name=<host>:<port>/<service_name>".
520 # Note for MariaDB use the 'mysql' engine.
521 ## engine=sqlite3
522 ## host=
523 ## port=
524 ## user=
525 ## password=
526 # Execute this script to produce the database password. This will be used when 'password' is not set.
527 ## password_script=/path/script
528 ## name=desktop/desktop.db
529 ## options={}
530
531 # Configuration options for specifying the Desktop session.
532 # For more info, see https://docs.djangoproject.com/en/1.4/topics/http/sessions/
533 # ------------------------------------------------------------------------
534 [[session]]
535 # The cookie containing the users' session ID will expire after this amount of time in seconds.
536 # Default is 2 weeks.
537 ## ttl=1209600
538
539 # The cookie containing the users' session ID and csrf cookie will be secure.
540 # Should only be enabled with HTTPS.
541 ## secure=false
542
543 # The cookie containing the users' session ID and csrf cookie will use the HTTP only flag.
544 ## http_only=true
545
546 # Use session-length cookies. Logs out the user when she closes the browser window.
547 ## expire_at_browser_close=false
548
549
550 # Configuration options for connecting to an external SMTP server
551 # ------------------------------------------------------------------------
552 [[smtp]]
553
554 # The SMTP server information for email notification delivery
555 host=localhost
556 port=25
557 user=
558 password=
559
560 # Whether to use a TLS (secure) connection when talking to the SMTP server
561 tls=no
562
563 # Default email address to use for various automated notification from Hue
564 ## default_from_email=hue@localhost
565
566
567 # Configuration options for Kerberos integration for secured Hadoop clusters
568 # ------------------------------------------------------------------------
569 [[kerberos]]
570
571 # Path to Hue's Kerberos keytab file
572 ## hue_keytab=
573 # Kerberos principal name for Hue
574 ## hue_principal=hue/hostname.foo.com
575 # Path to kinit
576 ## kinit_path=/path/to/kinit
577
578
579 # Configuration options for using OAuthBackend (Core) login
580 # ------------------------------------------------------------------------
581 [[oauth]]
582 # The Consumer key of the application
583 ## consumer_key=XXXXXXXXXXXXXXXXXXXXX
584
585 # The Consumer secret of the application
586 ## consumer_secret=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
587
588 # The Request token URL
589 ## request_token_url=https://api.twitter.com/oauth/request_token
590
591 # The Access token URL
592 ## access_token_url=https://api.twitter.com/oauth/access_token
593
594 # The Authorize URL
595 ## authenticate_url=https://api.twitter.com/oauth/authorize
596
597 # Configuration options for Metrics
598 # ------------------------------------------------------------------------
599 [[metrics]]
600
601 # Enable the metrics URL "/desktop/metrics"
602 ## enable_web_metrics=True
603
604 # If specified, Hue will write metrics to this file.
605 ## location=/var/log/hue/metrics.json
606
607 # Time in milliseconds on how frequently to collect metrics
608 ## collection_interval=30000
609
610
611###########################################################################
612# Settings to configure the snippets available in the Notebook
613###########################################################################
614
615[notebook]
616
617 ## Show the notebook menu or not
618 # show_notebooks=true
619
620 ## Flag to enable the bulk submission of queries as a background task through Oozie.
621 # enable_batch_execute=true
622
623 ## Flag to enable the SQL query builder of the table assist.
624 # enable_query_builder=true
625
626 ## Flag to enable the creation of a coordinator for the current SQL query.
627 # enable_query_scheduling=false
628
629 ## Base URL to Remote GitHub Server
630 # github_remote_url=https://github.com
631
632 ## Base URL to GitHub API
633 # github_api_url=https://api.github.com
634
635 ## Client ID for Authorized GitHub Application
636 # github_client_id=
637
638 ## Client Secret for Authorized GitHub Application
639 # github_client_secret=
640
641 # One entry for each type of snippet. The first 5 will appear in the wheel.
642 [[interpreters]]
643 # Define the name and how to connect and execute the language.
644
645 [[[hive]]]
646 # The name of the snippet.
647 name=Hive
648 # The backend connection to use to communicate with the server.
649 interface=hiveserver2
650
651 [[[impala]]]
652 name=Impala
653 interface=hiveserver2
654
655 # [[[sparksql]]]
656 # name=SparkSql
657 # interface=hiveserver2
658
659 [[[spark]]]
660 name=Scala
661 interface=livy
662
663 [[[pyspark]]]
664 name=PySpark
665 interface=livy
666
667 [[[r]]]
668 name=R
669 interface=livy
670
671 [[[jar]]]
672 name=Spark Submit Jar
673 interface=livy-batch
674
675 [[[py]]]
676 name=Spark Submit Python
677 interface=livy-batch
678
679 [[[pig]]]
680 name=Pig
681 interface=oozie
682
683 [[[text]]]
684 name=Text
685 interface=text
686
687 [[[markdown]]]
688 name=Markdown
689 interface=text
690
691 [[[mysql]]]
692 name = MySQL
693 interface=rdbms
694
695 [[[sqlite]]]
696 name = SQLite
697 interface=rdbms
698
699 [[[postgresql]]]
700 name = PostgreSQL
701 interface=rdbms
702
703 [[[oracle]]]
704 name = Oracle
705 interface=rdbms
706
707 [[[solr]]]
708 name = Solr SQL
709 interface=solr
710 ## Name of the collection handler
711 # options='{"collection": "default"}'
712
713 [[[java]]]
714 name=Java
715 interface=oozie
716
717 [[[spark2]]]
718 name=Spark
719 interface=oozie
720
721 [[[mapreduce]]]
722 name=MapReduce
723 interface=oozie
724
725 [[[sqoop1]]]
726 name=Sqoop1
727 interface=oozie
728
729 [[[distcp]]]
730 name=Distcp
731 interface=oozie
732
733 [[[shell]]]
734 name=Shell
735 interface=oozie
736
737 # [[[mysql]]]
738 # name=MySql JDBC
739 # interface=jdbc
740 # ## Specific options for connecting to the server.
741 # ## The JDBC connectors, e.g. mysql.jar, need to be in the CLASSPATH environment variable.
742 # ## If 'user' and 'password' are omitted, they will be prompted in the UI.
743 # options='{"url": "jdbc:mysql://localhost:3306/hue", "driver": "com.mysql.jdbc.Driver", "user": "root", "password": "root"}'
744
745 ## Main flag to override the automatic starting of the DBProxy server.
746 # enable_dbproxy_server=true
747
748
749###########################################################################
750# Settings to configure your Hadoop cluster.
751###########################################################################
752
753[hadoop]
754
755 # Configuration for HDFS NameNode
756 # ------------------------------------------------------------------------
757 [[hdfs_clusters]]
758 # HA support by using HttpFs
759
760 [[[default]]]
761 # Enter the filesystem uri
762 fs_defaultfs=hdfs://169.55.26.44:9000
763
764 # NameNode logical name.
765 ## logical_name=
766
767 # Use WebHdfs/HttpFs as the communication mechanism.
768 # Domain should be the NameNode or HttpFs host.
769 # Default port is 14000 for HttpFs.
770 webhdfs_url=http://169.55.26.44:14000/webhdfs/v1
771
772 # Change this if your HDFS cluster is Kerberos-secured
773 ## security_enabled=false
774
775 # In secure mode (HTTPS), if SSL certificates from YARN Rest APIs
776 # have to be verified against certificate authority
777 ## ssl_cert_ca_verify=True
778
779 # Directory of the Hadoop configuration
780 ## hadoop_conf_dir=$HADOOP_CONF_DIR when set or '/etc/hadoop/conf'
781
782 # Configuration for YARN (MR2)
783 # ------------------------------------------------------------------------
784 [[yarn_clusters]]
785
786 [[[default]]]
787 # Enter the host on which you are running the ResourceManager
788 ## resourcemanager_host=localhost
789
790 # The port where the ResourceManager IPC listens on
791 ## resourcemanager_port=8032
792
793 # Whether to submit jobs to this cluster
794 submit_to=True
795
796 # Resource Manager logical name (required for HA)
797 ## logical_name=
798
799 # Change this if your YARN cluster is Kerberos-secured
800 ## security_enabled=false
801
802 # URL of the ResourceManager API
803 ## resourcemanager_api_url=http://localhost:8088
804
805 # URL of the ProxyServer API
806 ## proxy_api_url=http://localhost:8088
807
808 # URL of the HistoryServer API
809 ## history_server_api_url=http://localhost:19888
810
811 # URL of the Spark History Server
812 ## spark_history_server_url=http://localhost:18088
813
814 # In secure mode (HTTPS), if SSL certificates from YARN Rest APIs
815 # have to be verified against certificate authority
816 ## ssl_cert_ca_verify=True
817
818 # HA support by specifying multiple clusters.
819 # Redefine different properties there.
820 # e.g.
821
822 # [[[ha]]]
823 # Resource Manager logical name (required for HA)
824 ## logical_name=my-rm-name
825
826 # Un-comment to enable
827 ## submit_to=True
828
829 # URL of the ResourceManager API
830 ## resourcemanager_api_url=http://localhost:8088
831
832 # ...
833
834 # Configuration for MapReduce (MR1)
835 # ------------------------------------------------------------------------
836 [[mapred_clusters]]
837
838 [[[default]]]
839 # Enter the host on which you are running the Hadoop JobTracker
840 ## jobtracker_host=localhost
841
842 # The port where the JobTracker IPC listens on
843 ## jobtracker_port=8021
844
845 # JobTracker logical name for HA
846 ## logical_name=
847
848 # Thrift plug-in port for the JobTracker
849 ## thrift_port=9290
850
851 # Whether to submit jobs to this cluster
852 submit_to=False
853
854 # Change this if your MapReduce cluster is Kerberos-secured
855 ## security_enabled=false
856
857 # HA support by specifying multiple clusters
858 # e.g.
859
860 # [[[ha]]]
861 # Enter the logical name of the JobTrackers
862 ## logical_name=my-jt-name
863
864
865###########################################################################
866# Settings to configure Beeswax with Hive
867###########################################################################
868
869[beeswax]
870
871 # Host where HiveServer2 is running.
872 # If Kerberos security is enabled, use fully-qualified domain name (FQDN).
873 ## hive_server_host=localhost
874
875 # Port where HiveServer2 Thrift server runs on.
876 ## hive_server_port=10000
877
878 # Hive configuration directory, where hive-site.xml is located
879 ## hive_conf_dir=/etc/hive/conf
880
881 # Timeout in seconds for thrift calls to Hive service
882 ## server_conn_timeout=120
883
884 # Choose whether to use the old GetLog() thrift call from before Hive 0.14 to retrieve the logs.
885 # If false, use the FetchResults() thrift call from Hive 1.0 or more instead.
886 ## use_get_log_api=false
887
888 # Limit the number of partitions that can be listed.
889 ## list_partitions_limit=10000
890
891 # The maximum number of partitions that will be included in the SELECT * LIMIT sample query for partitioned tables.
892 ## query_partitions_limit=10
893
894 # A limit to the number of cells (rows * columns) that can be downloaded from a query
895 # (e.g. - 10K rows * 1K columns = 10M cells.)
896 # A value of -1 means there will be no limit.
897 ## download_cell_limit=10000000
898
899 # Hue will try to close the Hive query when the user leaves the editor page.
900 # This will free all the query resources in HiveServer2, but also make its results inaccessible.
901 ## close_queries=false
902
903 # Hue will use at most this many HiveServer2 sessions per user at a time
904 ## max_number_of_sessions=1
905
906 # Thrift version to use when communicating with HiveServer2.
907 # New column format is from version 7.
908 ## thrift_version=7
909
910 # A comma-separated list of white-listed Hive configuration properties that users are authorized to set.
911 # config_whitelist=hive.map.aggr,hive.exec.compress.output,hive.exec.parallel,hive.execution.engine,mapreduce.job.queuename
912
913 # Override the default desktop username and password of the hue user used for authentications with other services.
914 # e.g. Used for LDAP/PAM pass-through authentication.
915 ## auth_username=hue
916 ## auth_password=
917
918 [[ssl]]
919 # Path to Certificate Authority certificates.
920 ## cacerts=/etc/hue/cacerts.pem
921
922 # Choose whether Hue should validate certificates received from the server.
923 ## validate=true
924
925
926###########################################################################
927# Settings to configure Impala
928###########################################################################
929
930[impala]
931 # Host of the Impala Server (one of the Impalad)
932 ## server_host=localhost
933
934 # Port of the Impala Server
935 ## server_port=21050
936
937 # Kerberos principal
938 ## impala_principal=impala/hostname.foo.com
939
940 # Turn on/off impersonation mechanism when talking to Impala
941 ## impersonation_enabled=False
942
943 # Number of initial rows of a result set to ask Impala to cache in order
944 # to support re-fetching them for downloading them.
945 # Set to 0 for disabling the option and backward compatibility.
946 ## querycache_rows=50000
947
948 # Timeout in seconds for thrift calls
949 ## server_conn_timeout=120
950
951 # Hue will try to close the Impala query when the user leaves the editor page.
952 # This will free all the query resources in Impala, but also make its results inaccessible.
953 ## close_queries=true
954
955 # If > 0, the query will be timed out (i.e. cancelled) if Impala does not do any work
956 # (compute or send back results) for that query within QUERY_TIMEOUT_S seconds.
957 ## query_timeout_s=600
958
959 # If > 0, the session will be timed out (i.e. cancelled) if Impala does not do any work
960 # (compute or send back results) for that session within QUERY_TIMEOUT_S seconds (default 1 hour).
961 ## session_timeout_s=3600
962
963 # Override the desktop default username and password of the hue user used for authentications with other services.
964 # e.g. Used for LDAP/PAM pass-through authentication.
965 ## auth_username=hue
966 ## auth_password=
967
968 # A comma-separated list of white-listed Impala configuration properties that users are authorized to set.
969 ## config_whitelist=debug_action,explain_level,mem_limit,optimize_partition_key_scans,query_timeout_s,request_pool
970
971 [[ssl]]
972 # SSL communication enabled for this server.
973 ## enabled=false
974
975 # Path to Certificate Authority certificates.
976 ## cacerts=/etc/hue/cacerts.pem
977
978 # Choose whether Hue should validate certificates received from the server.
979 ## validate=true
980
981
982###########################################################################
983# Settings to configure the Spark application.
984###########################################################################
985
986[spark]
987 # Host address of the Livy Server.
988 ## livy_server_host=localhost
989
990 # Port of the Livy Server.
991 ## livy_server_port=8998
992
993 # Configure Livy to start in local 'process' mode, or 'yarn' workers.
994 ## livy_server_session_kind=yarn
995
996 # Host of the Sql Server
997 ## sql_server_host=localhost
998
999 # Port of the Sql Server
1000 ## sql_server_port=10000
1001
1002
1003###########################################################################
1004# Settings to configure the Oozie app
1005###########################################################################
1006
1007[oozie]
1008 # Location on local FS where the examples are stored.
1009 ## local_data_dir=..../examples
1010
1011 # Location on local FS where the data for the examples is stored.
1012 ## sample_data_dir=...thirdparty/sample_data
1013
1014 # Location on HDFS where the oozie examples and workflows are stored.
1015 ## remote_data_dir=/user/hue/oozie/workspaces
1016
1017 # Maximum of Oozie workflows or coodinators to retrieve in one API call.
1018 ## oozie_jobs_count=50
1019
1020 # Use Cron format for defining the frequency of a Coordinator instead of the old frequency number/unit.
1021 ## enable_cron_scheduling=true
1022
1023 ## Flag to enable the saved Editor queries to be dragged and dropped into a workflow.
1024 # enable_document_action=false
1025
1026 ## Flag to enable Oozie backend filtering instead of doing it at the page level in Javascript. Requires Oozie 4.3+.
1027 # enable_oozie_backend_filtering=false
1028
1029
1030###########################################################################
1031# Settings to configure the Filebrowser app
1032###########################################################################
1033
1034[filebrowser]
1035 # Location on local filesystem where the uploaded archives are temporary stored.
1036 ## archive_upload_tempdir=/tmp
1037
1038 # Show Download Button for HDFS file browser.
1039 ## show_download_button=false
1040
1041 # Show Upload Button for HDFS file browser.
1042 ## show_upload_button=false
1043
1044 ## Flag to enable the extraction of a uploaded archive in HDFS.
1045 # enable_extract_uploaded_archive=false
1046
1047
1048###########################################################################
1049# Settings to configure Pig
1050###########################################################################
1051
1052[pig]
1053 # Location of piggybank.jar on local filesystem.
1054 ## local_sample_dir=/usr/share/hue/apps/pig/examples
1055
1056 # Location piggybank.jar will be copied to in HDFS.
1057 ## remote_data_dir=/user/hue/pig/examples
1058
1059
1060###########################################################################
1061# Settings to configure Sqoop2
1062###########################################################################
1063
1064[sqoop]
1065 # For autocompletion, fill out the librdbms section.
1066
1067 # Sqoop server URL
1068 ## server_url=http://localhost:12000/sqoop
1069
1070 # Path to configuration directory
1071 ## sqoop_conf_dir=/etc/sqoop2/conf
1072
1073
1074###########################################################################
1075# Settings to configure Proxy
1076###########################################################################
1077
1078[proxy]
1079 # Comma-separated list of regular expressions,
1080 # which match 'host:port' of requested proxy target.
1081 ## whitelist=(localhost|127\.0\.0\.1):(50030|50070|50060|50075)
1082
1083 # Comma-separated list of regular expressions,
1084 # which match any prefix of 'host:port/path' of requested proxy target.
1085 # This does not support matching GET parameters.
1086 ## blacklist=
1087
1088
1089###########################################################################
1090# Settings to configure HBase Browser
1091###########################################################################
1092
1093[hbase]
1094 # Comma-separated list of HBase Thrift servers for clusters in the format of '(name|host:port)'.
1095 # Use full hostname with security.
1096 # If using Kerberos we assume GSSAPI SASL, not PLAIN.
1097 ## hbase_clusters=(Cluster|localhost:9090)
1098
1099 # HBase configuration directory, where hbase-site.xml is located.
1100 ## hbase_conf_dir=/etc/hbase/conf
1101
1102 # Hard limit of rows or columns per row fetched before truncating.
1103 ## truncate_limit = 500
1104
1105 # 'buffered' is the default of the HBase Thrift Server and supports security.
1106 # 'framed' can be used to chunk up responses,
1107 # which is useful when used in conjunction with the nonblocking server in Thrift.
1108 ## thrift_transport=buffered
1109
1110
1111###########################################################################
1112# Settings to configure Solr Search
1113###########################################################################
1114
1115[search]
1116
1117 # URL of the Solr Server
1118 ## solr_url=http://localhost:8983/solr/
1119
1120 # Requires FQDN in solr_url if enabled
1121 ## security_enabled=false
1122
1123 ## Query sent when no term is entered
1124 ## empty_query=*:*
1125
1126 # Use latest Solr 5.2+ features.
1127 ## latest=false
1128
1129
1130###########################################################################
1131# Settings to configure Solr API lib
1132###########################################################################
1133
1134[libsolr]
1135
1136 # Choose whether Hue should validate certificates received from the server.
1137 ## ssl_cert_ca_verify=true
1138
1139 # Default path to Solr in ZooKeeper.
1140 ## solr_zk_path=/solr
1141
1142
1143###########################################################################
1144# Settings to configure Solr Indexer
1145###########################################################################
1146
1147[indexer]
1148
1149 # Location of the solrctl binary.
1150 ## solrctl_path=/usr/bin/solrctl
1151
1152 # Flag to turn on the morphline based Solr indexer.
1153 ## enable_new_indexer=false
1154
1155
1156###########################################################################
1157# Settings to configure Job Designer
1158###########################################################################
1159
1160[jobsub]
1161
1162 # Location on local FS where examples and template are stored.
1163 ## local_data_dir=..../data
1164
1165 # Location on local FS where sample data is stored
1166 ## sample_data_dir=...thirdparty/sample_data
1167
1168
1169###########################################################################
1170# Settings to configure Job Browser.
1171###########################################################################
1172
1173[jobbrowser]
1174 # Share submitted jobs information with all users. If set to false,
1175 # submitted jobs are visible only to the owner and administrators.
1176 ## share_jobs=true
1177
1178 # Whether to disalbe the job kill button for all users in the jobbrowser
1179 ## disable_killing_jobs=false
1180
1181 # Offset in bytes where a negative offset will fetch the last N bytes for the given log file (default 1MB).
1182 ## log_offset=-1000000
1183
1184 # Show the version 2 of app which unifies all the past browsers into one.
1185 ## enable_v2=false
1186
1187
1188###########################################################################
1189# Settings to configure Sentry / Security App.
1190###########################################################################
1191
1192[security]
1193
1194 # Use Sentry API V1 for Hive.
1195 ## hive_v1=true
1196
1197 # Use Sentry API V2 for Hive.
1198 ## hive_v2=false
1199
1200 # Use Sentry API V2 for Solr.
1201 ## solr_v2=true
1202
1203
1204###########################################################################
1205# Settings to configure the Zookeeper application.
1206###########################################################################
1207
1208[zookeeper]
1209
1210 [[clusters]]
1211
1212 [[[default]]]
1213 # Zookeeper ensemble. Comma separated list of Host/Port.
1214 # e.g. localhost:2181,localhost:2182,localhost:2183
1215 ## host_ports=localhost:2181
1216
1217 # The URL of the REST contrib service (required for znode browsing).
1218 ## rest_url=http://localhost:9998
1219
1220 # Name of Kerberos principal when using security.
1221 ## principal_name=zookeeper
1222
1223
1224###########################################################################
1225# Settings for the User Admin application
1226###########################################################################
1227
1228[useradmin]
1229 # Default home directory permissions
1230 ## home_dir_permissions=0755
1231
1232 # The name of the default user group that users will be a member of
1233 ## default_user_group=default
1234
1235 [[password_policy]]
1236 # Set password policy to all users. The default policy requires password to be at least 8 characters long,
1237 # and contain both uppercase and lowercase letters, numbers, and special characters.
1238
1239 ## is_enabled=false
1240 ## pwd_regex="^(?=.*?[A-Z])(?=(.*[a-z]){1,})(?=(.*[\d]){1,})(?=(.*[\W_]){1,}).{8,}$"
1241 ## pwd_hint="The password must be at least 8 characters long, and must contain both uppercase and lowercase letters, at least one number, and at least one special character."
1242 ## pwd_error_message="The password must be at least 8 characters long, and must contain both uppercase and lowercase letters, at least one number, and at least one special character."
1243
1244
1245###########################################################################
1246# Settings to configure liboozie
1247###########################################################################
1248
1249[liboozie]
1250 # The URL where the Oozie service runs on. This is required in order for
1251 # users to submit jobs. Empty value disables the config check.
1252 ## oozie_url=http://localhost:11000/oozie
1253
1254 # Requires FQDN in oozie_url if enabled
1255 ## security_enabled=false
1256
1257 # Location on HDFS where the workflows/coordinator are deployed when submitted.
1258 ## remote_deployement_dir=/user/hue/oozie/deployments
1259
1260
1261###########################################################################
1262# Settings for the AWS lib
1263###########################################################################
1264
1265[aws]
1266 [[aws_accounts]]
1267 # Default AWS account
1268 ## [[[default]]]
1269 # AWS credentials
1270 ## access_key_id=
1271 ## secret_access_key=
1272 ## security_token=
1273
1274 # Execute this script to produce the AWS access key ID.
1275 ## access_key_id_script=/path/access_key_id.sh
1276
1277 # Execute this script to produce the AWS secret access key.
1278 ## secret_access_key_script=/path/secret_access_key.sh
1279
1280 # Allow to use either environment variables or
1281 # EC2 InstanceProfile to retrieve AWS credentials.
1282 ## allow_environment_credentials=yes
1283
1284 # AWS region to use
1285 ## region=us-east-1
1286
1287 # Endpoint overrides
1288 ## proxy_address=
1289 ## proxy_port=
1290
1291 # Secure connections are the default, but this can be explicitly overridden:
1292 ## is_secure=true
1293
1294 # The default calling format uses https://<bucket-name>.s3.amazonaws.com but
1295 # this may not make sense if DNS is not configured in this way for custom endpoints.
1296 # e.g. Use boto.s3.connection.OrdinaryCallingFormat for https://s3.amazonaws.com/<bucket-name>
1297 ## calling_format=boto.s3.connection.S3Connection.DefaultCallingFormat
1298
1299
1300###########################################################################
1301# Settings for the Sentry lib
1302###########################################################################
1303
1304[libsentry]
1305 # Hostname or IP of server.
1306 ## hostname=localhost
1307
1308 # Port the sentry service is running on.
1309 ## port=8038
1310
1311 # Sentry configuration directory, where sentry-site.xml is located.
1312 ## sentry_conf_dir=/etc/sentry/conf
1313
1314
1315###########################################################################
1316# Settings to configure the ZooKeeper Lib
1317###########################################################################
1318
1319[libzookeeper]
1320 # ZooKeeper ensemble. Comma separated list of Host/Port.
1321 # e.g. localhost:2181,localhost:2182,localhost:2183
1322 ## ensemble=localhost:2181
1323
1324 # Name of Kerberos principal when using security.
1325 ## principal_name=zookeeper
1326
1327
1328###########################################################################
1329# Settings for the RDBMS application
1330###########################################################################
1331
1332[librdbms]
1333 # The RDBMS app can have any number of databases configured in the databases
1334 # section. A database is known by its section name
1335 # (IE sqlite, mysql, psql, and oracle in the list below).
1336
1337 [[databases]]
1338 # sqlite configuration.
1339 ## [[[sqlite]]]
1340 # Name to show in the UI.
1341 ## nice_name=SQLite
1342
1343 # For SQLite, name defines the path to the database.
1344 ## name=/tmp/sqlite.db
1345
1346 # Database backend to use.
1347 ## engine=sqlite
1348
1349 # Database options to send to the server when connecting.
1350 # https://docs.djangoproject.com/en/1.4/ref/databases/
1351 ## options={}
1352
1353 # mysql, oracle, or postgresql configuration.
1354 ## [[[mysql]]]
1355 # Name to show in the UI.
1356 ## nice_name="My SQL DB"
1357
1358 # For MySQL and PostgreSQL, name is the name of the database.
1359 # For Oracle, Name is instance of the Oracle server. For express edition
1360 # this is 'xe' by default.
1361 ## name=mysqldb
1362
1363 # Database backend to use. This can be:
1364 # 1. mysql
1365 # 2. postgresql
1366 # 3. oracle
1367 ## engine=mysql
1368
1369 # IP or hostname of the database to connect to.
1370 ## host=localhost
1371
1372 # Port the database server is listening to. Defaults are:
1373 # 1. MySQL: 3306
1374 # 2. PostgreSQL: 5432
1375 # 3. Oracle Express Edition: 1521
1376 ## port=3306
1377
1378 # Username to authenticate with when connecting to the database.
1379 ## user=example
1380
1381 # Password matching the username to authenticate with when
1382 # connecting to the database.
1383 ## password=example
1384
1385 # Database options to send to the server when connecting.
1386 # https://docs.djangoproject.com/en/1.4/ref/databases/
1387 ## options={}
1388
1389
1390###########################################################################
1391# Settings to configure SAML
1392###########################################################################
1393
1394[libsaml]
1395 # Xmlsec1 binary path. This program should be executable by the user running Hue.
1396 ## xmlsec_binary=/usr/local/bin/xmlsec1
1397
1398 # Entity ID for Hue acting as service provider.
1399 # Can also accept a pattern where '<base_url>' will be replaced with server URL base.
1400 ## entity_id="<base_url>/saml2/metadata/"
1401
1402 # Create users from SSO on login.
1403 ## create_users_on_login=true
1404
1405 # Required attributes to ask for from IdP.
1406 # This requires a comma separated list.
1407 ## required_attributes=uid
1408
1409 # Optional attributes to ask for from IdP.
1410 # This requires a comma separated list.
1411 ## optional_attributes=
1412
1413 # IdP metadata in the form of a file. This is generally an XML file containing metadata that the Identity Provider generates.
1414 ## metadata_file=
1415
1416 # Private key to encrypt metadata with.
1417 ## key_file=
1418
1419 # Signed certificate to send along with encrypted metadata.
1420 ## cert_file=
1421
1422 # Path to a file containing the password private key.
1423 ## key_file_password=/path/key
1424
1425 # Execute this script to produce the private key password. This will be used when 'key_file_password' is not set.
1426 ## key_file_password_script=/path/pwd.sh
1427
1428 # A mapping from attributes in the response from the IdP to django user attributes.
1429 ## user_attribute_mapping={'uid': ('username', )}
1430
1431 # Have Hue initiated authn requests be signed and provide a certificate.
1432 ## authn_requests_signed=false
1433
1434 # Have Hue initiated logout requests be signed and provide a certificate.
1435 ## logout_requests_signed=false
1436
1437 # Username can be sourced from 'attributes' or 'nameid'.
1438 ## username_source=attributes
1439
1440 # Performs the logout or not.
1441 ## logout_enabled=true
1442
1443
1444###########################################################################
1445# Settings to configure OpenID
1446###########################################################################
1447
1448[libopenid]
1449 # (Required) OpenId SSO endpoint url.
1450 ## server_endpoint_url=https://www.google.com/accounts/o8/id
1451
1452 # OpenId 1.1 identity url prefix to be used instead of SSO endpoint url
1453 # This is only supported if you are using an OpenId 1.1 endpoint
1454 ## identity_url_prefix=https://app.onelogin.com/openid/your_company.com/
1455
1456 # Create users from OPENID on login.
1457 ## create_users_on_login=true
1458
1459 # Use email for username
1460 ## use_email_for_username=true
1461
1462
1463###########################################################################
1464# Settings to configure OAuth
1465###########################################################################
1466
1467[liboauth]
1468 # NOTE:
1469 # To work, each of the active (i.e. uncommented) service must have
1470 # applications created on the social network.
1471 # Then the "consumer key" and "consumer secret" must be provided here.
1472 #
1473 # The addresses where to do so are:
1474 # Twitter: https://dev.twitter.com/apps
1475 # Google+ : https://cloud.google.com/
1476 # Facebook: https://developers.facebook.com/apps
1477 # Linkedin: https://www.linkedin.com/secure/developer
1478 #
1479 # Additionnaly, the following must be set in the application settings:
1480 # Twitter: Callback URL (aka Redirect URL) must be set to http://YOUR_HUE_IP_OR_DOMAIN_NAME/oauth/social_login/oauth_authenticated
1481 # Google+ : CONSENT SCREEN must have email address
1482 # Facebook: Sandbox Mode must be DISABLED
1483 # Linkedin: "In OAuth User Agreement", r_emailaddress is REQUIRED
1484
1485 # The Consumer key of the application
1486 ## consumer_key_twitter=
1487 ## consumer_key_google=
1488 ## consumer_key_facebook=
1489 ## consumer_key_linkedin=
1490
1491 # The Consumer secret of the application
1492 ## consumer_secret_twitter=
1493 ## consumer_secret_google=
1494 ## consumer_secret_facebook=
1495 ## consumer_secret_linkedin=
1496
1497 # The Request token URL
1498 ## request_token_url_twitter=https://api.twitter.com/oauth/request_token
1499 ## request_token_url_google=https://accounts.google.com/o/oauth2/auth
1500 ## request_token_url_linkedin=https://www.linkedin.com/uas/oauth2/authorization
1501 ## request_token_url_facebook=https://graph.facebook.com/oauth/authorize
1502
1503 # The Access token URL
1504 ## access_token_url_twitter=https://api.twitter.com/oauth/access_token
1505 ## access_token_url_google=https://accounts.google.com/o/oauth2/token
1506 ## access_token_url_facebook=https://graph.facebook.com/oauth/access_token
1507 ## access_token_url_linkedin=https://api.linkedin.com/uas/oauth2/accessToken
1508
1509 # The Authenticate URL
1510 ## authenticate_url_twitter=https://api.twitter.com/oauth/authorize
1511 ## authenticate_url_google=https://www.googleapis.com/oauth2/v1/userinfo?access_token=
1512 ## authenticate_url_facebook=https://graph.facebook.com/me?access_token=
1513 ## authenticate_url_linkedin=https://api.linkedin.com/v1/people/~:(email-address)?format=json&oauth2_access_token=
1514
1515 # Username Map. Json Hash format.
1516 # Replaces username parts in order to simplify usernames obtained
1517 # Example: {"@sub1.domain.com":"_S1", "@sub2.domain.com":"_S2"}
1518 # converts 'email@sub1.domain.com' to 'email_S1'
1519 ## username_map={}
1520
1521 # Whitelisted domains (only applies to Google OAuth). CSV format.
1522 ## whitelisted_domains_google=
1523
1524
1525###########################################################################
1526# Settings to configure Metadata
1527###########################################################################
1528
1529[metadata]
1530 # For metadata tagging and enhancement features
1531
1532 [[optimizer]]
1533 # For SQL query and table analysis
1534 # Base URL to Optimizer API.
1535 ## api_url=https://alpha.optimizer.cloudera.com
1536 # The name of the product or group which will have API access to the emails associated with it.
1537 ## product_name=hue
1538 # A secret passphrase associated with the productName
1539 ## product_secret=hue
1540 # Execute this script to produce the product secret. This will be used when 'product_secret' is not set.
1541 ## product_secret_script=
1542
1543 # The email of the Optimizer account you want to associate with the Product.
1544 ## email=hue@gethue.com
1545 # The password associated with the Optimizer account you to associate with the Product.
1546 ## email_password=hue
1547 # Execute this script to produce the email password. This will be used when 'email_password' is not set.
1548 ## password_script=
1549
1550 # In secure mode (HTTPS), if Optimizer SSL certificates have to be verified against certificate authority.
1551 ## ssl_cert_ca_verify=True
1552
1553 [[navigator]]
1554 # For tagging tables, files and getting lineage of data.
1555 # Navigator API URL (without version suffix)
1556 ## api_url=http://localhost:7187/api
1557
1558 # Navigator API HTTP authentication username and password
1559 # Override the desktop default username and password of the hue user used for authentications with other services.
1560 # e.g. Used for LDAP/PAM pass-through authentication.
1561 ## auth_username=hue
1562 ## auth_password=
1563
1564 # Execute this script to produce the auth password. This will be used when `auth_password` is not set.
1565 ## auth_password_script=
1566
1567 # Perform Sentry privilege filtering.
1568 ## apply_sentry_permissions=False