· 8 years ago · Nov 08, 2017, 06:06 PM
1# Hue configuration file
2# ===================================
3#
4# For complete documentation about the contents of this file, run
5# $ <hue_root>/build/env/bin/hue config_help
6#
7# All .ini files under the current directory are treated equally. Their
8# contents are merged to form the Hue configuration, which can
9# can be viewed on the Hue at
10# http://<hue_host>:<port>/dump_config
11
12
13###########################################################################
14# General configuration for core Desktop features (authentication, etc)
15###########################################################################
16
17[desktop]
18
19 # Set this to a random string, the longer the better.
20 # This is used for secure hashing in the session store.
21 secret_key=
22
23 # Execute this script to produce the Django secret key. This will be used when
24 # 'secret_key' is not set.
25 ## secret_key_script=
26
27 # Webserver listens on this address and port
28 http_host=0.0.0.0
29 http_port=8888
30
31 # A comma-separated list of available Hue load balancers
32 ## hue_load_balancer=
33
34 # Time zone name
35 time_zone=America/Los_Angeles
36
37 # Enable or disable Django debug mode.
38 django_debug_mode=false
39
40 # Enable or disable database debug mode.
41 ## database_logging=false
42
43 # Whether to send debug messages from JavaScript to the server logs.
44 ## send_dbug_messages=false
45
46 # Enable or disable backtrace for server error
47 http_500_debug_mode=false
48
49 # Enable or disable memory profiling.
50 ## memory_profiler=false
51
52 # Server email for internal error messages
53 ## django_server_email='hue@localhost.localdomain'
54
55 # Email backend
56 ## django_email_backend=django.core.mail.backends.smtp.EmailBackend
57
58 # Webserver runs as this user
59 ## server_user=hue
60 ## server_group=hue
61
62 # This should be the Hue admin and proxy user
63 ## default_user=hue
64
65 # This should be the hadoop cluster admin
66 ## default_hdfs_superuser=hdfs
67
68 # If set to false, runcpserver will not actually start the web server.
69 # Used if Apache is being used as a WSGI container.
70 ## enable_server=yes
71
72 # Number of threads used by the CherryPy web server
73 ## cherrypy_server_threads=40
74
75 # This property specifies the maximum size of the receive buffer in bytes in thrift sasl communication (default 2 MB).
76 ## sasl_max_buffer=2 * 1024 * 1024
77
78 # Filename of SSL Certificate
79 ## ssl_certificate=
80
81 # Filename of SSL RSA Private Key
82 ## ssl_private_key=
83
84 # Filename of SSL Certificate Chain
85 ## ssl_certificate_chain=
86
87 # SSL certificate password
88 ## ssl_password=
89
90 # Execute this script to produce the SSL password. This will be used when 'ssl_password' is not set.
91 ## ssl_password_script=
92
93 # X-Content-Type-Options: nosniff This is a HTTP response header feature that helps prevent attacks based on MIME-type confusion.
94 ## secure_content_type_nosniff=true
95
96 # X-Xss-Protection: \"1; mode=block\" This is a HTTP response header feature to force XSS protection.
97 ## secure_browser_xss_filter=true
98
99 # X-Content-Type-Options: nosniff This is a HTTP response header feature that helps prevent attacks based on MIME-type confusion.
100 ## secure_content_security_policy="script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.doubleclick.net data:;img-src 'self' *.google-analytics.com *.doubleclick.net http://*.tile.osm.org *.tile.osm.org *.gstatic.com data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com;connect-src 'self';child-src 'self' data: *.vimeo.com;object-src 'none'"
101
102 # Strict-Transport-Security HTTP Strict Transport Security(HSTS) is a policy which is communicated by the server to the user agent via HTTP response header field name “Strict-Transport-Securityâ€. HSTS policy specifies a period of time during which the user agent(browser) should only access the server in a secure fashion(https).
103 ## secure_ssl_redirect=False
104 ## secure_redirect_host=0.0.0.0
105 ## secure_redirect_exempt=[]
106 ## secure_hsts_seconds=31536000
107 ## secure_hsts_include_subdomains=true
108
109 # List of allowed and disallowed ciphers in cipher list format.
110 # See http://www.openssl.org/docs/apps/ciphers.html for more information on
111 # cipher list format. This list is from
112 # https://wiki.mozilla.org/Security/Server_Side_TLS v3.7 intermediate
113 # recommendation, which should be compatible with Firefox 1, Chrome 1, IE 7,
114 # Opera 5 and Safari 1.
115 ## ssl_cipher_list=ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS:!DH:!ADH
116
117 # Path to default Certificate Authority certificates.
118 ## ssl_cacerts=/etc/hue/cacerts.pem
119
120 # Choose whether Hue should validate certificates received from the server.
121 ## validate=true
122
123 # Default LDAP/PAM/.. username and password of the hue user used for authentications with other services.
124 # Inactive if password is empty.
125 # e.g. LDAP pass-through authentication for HiveServer2 or Impala. Apps can override them individually.
126 ## auth_username=hue
127 ## auth_password=
128
129 # Default encoding for site data
130 ## default_site_encoding=utf-8
131
132 # Help improve Hue with anonymous usage analytics.
133 # Use Google Analytics to see how many times an application or specific section of an application is used, nothing more.
134 ## collect_usage=true
135
136 # Tile layer server URL for the Leaflet map charts
137 # Read more on http://leafletjs.com/reference.html#tilelayer
138 # Make sure you add the tile domain to the img-src section of the 'secure_content_security_policy' configuration parameter as well.
139 ## leaflet_tile_layer=http://{s}.tile.osm.org/{z}/{x}/{y}.png
140
141 # The copyright message for the specified Leaflet maps Tile Layer
142 ## leaflet_tile_layer_attribution='© <a href="http://osm.org/copyright">OpenStreetMap</a> contributors'
143
144 # X-Frame-Options HTTP header value. Use 'DENY' to deny framing completely
145 ## http_x_frame_options=SAMEORIGIN
146
147 # Enable X-Forwarded-Host header if the load balancer requires it.
148 ## use_x_forwarded_host=false
149
150 # Support for HTTPS termination at the load-balancer level with SECURE_PROXY_SSL_HEADER.
151 ## secure_proxy_ssl_header=false
152
153 # Comma-separated list of Django middleware classes to use.
154 # See https://docs.djangoproject.com/en/1.4/ref/middleware/ for more details on middlewares in Django.
155 ## middleware=desktop.auth.backend.LdapSynchronizationBackend
156
157 # Comma-separated list of regular expressions, which match the redirect URL.
158 # For example, to restrict to your local domain and FQDN, the following value can be used:
159 # ^\/.*$,^http:\/\/www.mydomain.com\/.*$
160 ## redirect_whitelist=^(\/[a-zA-Z0-9]+.*|\/)$
161
162 # Comma separated list of apps to not load at server startup.
163 # e.g.: pig,zookeeper
164 ## app_blacklist=
165
166 # Choose whether to show the new SQL editor.
167 ## use_new_editor=true
168
169 # Choose whether to show the improved assist panel and the right context panel
170 ## use_new_side_panels=false
171
172 # Editor autocomplete timeout (ms) when fetching columns, fields, tables etc.
173 # To disable this type of autocompletion set the value to 0
174 ## editor_autocomplete_timeout=10000
175
176 # Enable saved default configurations for Hive, Impala, Spark, and Oozie.
177 ## use_default_configuration=false
178
179 # The directory where to store the auditing logs. Auditing is disable if the value is empty.
180 # e.g. /var/log/hue/audit.log
181 ## audit_event_log_dir=
182
183 # Size in KB/MB/GB for audit log to rollover.
184 ## audit_log_max_file_size=100MB
185
186 # A json file containing a list of log redaction rules for cleaning sensitive data
187 # from log files. It is defined as:
188 #
189 # {
190 # "version": 1,
191 # "rules": [
192 # {
193 # "description": "This is the first rule",
194 # "trigger": "triggerstring 1",
195 # "search": "regex 1",
196 # "replace": "replace 1"
197 # },
198 # {
199 # "description": "This is the second rule",
200 # "trigger": "triggerstring 2",
201 # "search": "regex 2",
202 # "replace": "replace 2"
203 # }
204 # ]
205 # }
206 #
207 # Redaction works by searching a string for the [TRIGGER] string. If found,
208 # the [REGEX] is used to replace sensitive information with the
209 # [REDACTION_MASK]. If specified with 'log_redaction_string', the
210 # 'log_redaction_string' rules will be executed after the
211 # 'log_redaction_file' rules.
212 #
213 # For example, here is a file that would redact passwords and social security numbers:
214
215 # {
216 # "version": 1,
217 # "rules": [
218 # {
219 # "description": "Redact passwords",
220 # "trigger": "password",
221 # "search": "password=\".*\"",
222 # "replace": "password=\"???\""
223 # },
224 # {
225 # "description": "Redact social security numbers",
226 # "trigger": "",
227 # "search": "\d{3}-\d{2}-\d{4}",
228 # "replace": "XXX-XX-XXXX"
229 # }
230 # ]
231 # }
232 ## log_redaction_file=
233
234 # Comma separated list of strings representing the host/domain names that the Hue server can serve.
235 # e.g.: localhost,domain1,*
236 ## allowed_hosts="*"
237
238 # Administrators
239 # ----------------
240 [[django_admins]]
241 ## [[[admin1]]]
242 ## name=john
243 ## email=john@doe.com
244
245 # UI customizations
246 # -------------------
247 [[custom]]
248
249 # Top banner HTML code
250 # e.g. <H4>Test Lab A2 Hue Services</H4>
251 ## banner_top_html=
252
253 # Login splash HTML code
254 # e.g. WARNING: You are required to have authorization before you proceed
255 ## login_splash_html=<h4>GetHue.com</h4><br/><br/>WARNING: You have accessed a computer managed by GetHue. You are required to have authorization from GetHue before you proceed.
256
257 # Cache timeout in milliseconds for the assist, autocomplete, etc.
258 # defaults to 86400000 (1 day), set to 0 to disable caching
259 ## cacheable_ttl=86400000
260
261 # SVG code to replace the default Hue logo in the top bar and sign in screen
262 # e.g. <image xlink:href="/static/desktop/art/hue-logo-mini-white.png" x="0" y="0" height="40" width="160" />
263 ## logo_svg=
264
265 # Configuration options for user authentication into the web application
266 # ------------------------------------------------------------------------
267 [[auth]]
268
269 # Authentication backend. Common settings are:
270 # - django.contrib.auth.backends.ModelBackend (entirely Django backend)
271 # - desktop.auth.backend.AllowAllBackend (allows everyone)
272 # - desktop.auth.backend.AllowFirstUserDjangoBackend
273 # (Default. Relies on Django and user manager, after the first login)
274 # - desktop.auth.backend.LdapBackend
275 # - desktop.auth.backend.PamBackend
276 # - desktop.auth.backend.SpnegoDjangoBackend
277 # - desktop.auth.backend.RemoteUserDjangoBackend
278 # - libsaml.backend.SAML2Backend
279 # - libopenid.backend.OpenIDBackend
280 # - liboauth.backend.OAuthBackend
281 # (New oauth, support Twitter, Facebook, Google+ and Linkedin
282 # Multiple Authentication backends are supported by specifying a comma-separated list in order of priority.
283 # However, in order to enable OAuthBackend, it must be the ONLY backend configured.
284 ## backend=desktop.auth.backend.AllowFirstUserDjangoBackend
285
286 # Class which defines extra accessor methods for User objects.
287 ## user_aug=desktop.auth.backend.DefaultUserAugmentor
288
289 # The service to use when querying PAM.
290 ## pam_service=login
291
292 # When using the desktop.auth.backend.RemoteUserDjangoBackend, this sets
293 # the normalized name of the header that contains the remote user.
294 # The HTTP header in the request is converted to a key by converting
295 # all characters to uppercase, replacing any hyphens with underscores
296 # and adding an HTTP_ prefix to the name. So, for example, if the header
297 # is called Remote-User that would be configured as HTTP_REMOTE_USER
298 #
299 # Defaults to HTTP_REMOTE_USER
300 ## remote_user_header=HTTP_REMOTE_USER
301
302 # Ignore the case of usernames when searching for existing users.
303 # Supported in remoteUserDjangoBackend and SpnegoDjangoBackend
304 ## ignore_username_case=true
305
306 # Forcibly cast usernames to lowercase, takes precedence over force_username_uppercase
307 # Supported in remoteUserDjangoBackend and SpnegoDjangoBackend
308 ## force_username_lowercase=true
309
310 # Forcibly cast usernames to uppercase, cannot be combined with force_username_lowercase
311 ## force_username_uppercase=false
312
313 # Users will expire after they have not logged in for 'n' amount of seconds.
314 # A negative number means that users will never expire.
315 ## expires_after=-1
316
317 # Apply 'expires_after' to superusers.
318 ## expire_superusers=true
319
320 # Users will automatically be logged out after 'n' seconds of inactivity.
321 # A negative number means that idle sessions will not be timed out.
322 idle_session_timeout=-1
323
324 # Force users to change password on first login with desktop.auth.backend.AllowFirstUserDjangoBackend
325 ## change_default_password=false
326
327 # Number of login attempts allowed before a record is created for failed logins
328 ## login_failure_limit=3
329
330 # After number of allowed login attempts are exceeded, do we lock out this IP and optionally user agent?
331 ## login_lock_out_at_failure=false
332
333 # If set, defines period of inactivity in seconds after which failed logins will be forgotten
334 ## login_cooloff_time=60
335
336 # If True, lock out based on an IP address AND a user agent.
337 # This means requests from different user agents but from the same IP are treated differently.
338 ## login_lock_out_use_user_agent=false
339
340 # If True, lock out based on IP and user
341 ## login_lock_out_by_combination_user_and_ip=false
342
343 # If True, it will look for the IP address from the header defined at reverse_proxy_header.
344 ## behind_reverse_proxy=false
345
346 # If behind_reverse_proxy is True, it will look for the IP address from this header. Default: HTTP_X_FORWARDED_FOR
347 ## reverse_proxy_header=HTTP_X_FORWARDED_FOR
348
349 # Configuration options for connecting to LDAP and Active Directory
350 # -------------------------------------------------------------------
351 [[ldap]]
352
353 # The search base for finding users and groups
354 ## base_dn="DC=mycompany,DC=com"
355
356 # URL of the LDAP server
357 ## ldap_url=ldap://auth.mycompany.com
358
359 # The NT domain used for LDAP authentication
360 ## nt_domain=mycompany.com
361
362 # A PEM-format file containing certificates for the CA's that
363 # Hue will trust for authentication over TLS.
364 # The certificate for the CA that signed the
365 # LDAP server certificate must be included among these certificates.
366 # See more here http://www.openldap.org/doc/admin24/tls.html.
367 ## ldap_cert=
368 ## use_start_tls=true
369
370 # Distinguished name of the user to bind as -- not necessary if the LDAP server
371 # supports anonymous searches
372 ## bind_dn="CN=ServiceAccount,DC=mycompany,DC=com"
373
374 # Password of the bind user -- not necessary if the LDAP server supports
375 # anonymous searches
376 ## bind_password=
377
378 # Execute this script to produce the bind user password. This will be used
379 # when 'bind_password' is not set.
380 ## bind_password_script=
381
382 # Pattern for searching for usernames -- Use <username> for the parameter
383 # For use when using LdapBackend for Hue authentication
384 ## ldap_username_pattern="uid=<username>,ou=People,dc=mycompany,dc=com"
385
386 # Create users in Hue when they try to login with their LDAP credentials
387 # For use when using LdapBackend for Hue authentication
388 ## create_users_on_login = true
389
390 # Synchronize a users groups when they login
391 ## sync_groups_on_login=false
392
393 # Ignore the case of usernames when searching for existing users in Hue.
394 ## ignore_username_case=true
395
396 # Force usernames to lowercase when creating new users from LDAP.
397 # Takes precedence over force_username_uppercase
398 ## force_username_lowercase=true
399
400 # Force usernames to uppercase, cannot be combined with force_username_lowercase
401 ## force_username_uppercase=false
402
403 # Use search bind authentication.
404 ## search_bind_authentication=true
405
406 # Choose which kind of subgrouping to use: nested or suboordinate (deprecated).
407 ## subgroups=suboordinate
408
409 # Define the number of levels to search for nested members.
410 ## nested_members_search_depth=10
411
412 # Whether or not to follow referrals
413 ## follow_referrals=false
414
415 # Enable python-ldap debugging.
416 ## debug=false
417
418 # Sets the debug level within the underlying LDAP C lib.
419 ## debug_level=255
420
421 # Possible values for trace_level are 0 for no logging, 1 for only logging the method calls with arguments,
422 # 2 for logging the method calls with arguments and the complete results and 9 for also logging the traceback of method calls.
423 ## trace_level=0
424
425 [[[users]]]
426
427 # Base filter for searching for users
428 ## user_filter="objectclass=*"
429
430 # The username attribute in the LDAP schema
431 ## user_name_attr=sAMAccountName
432
433 [[[groups]]]
434
435 # Base filter for searching for groups
436 ## group_filter="objectclass=*"
437
438 # The group name attribute in the LDAP schema
439 ## group_name_attr=cn
440
441 # The attribute of the group object which identifies the members of the group
442 ## group_member_attr=members
443
444 [[[ldap_servers]]]
445
446 ## [[[[mycompany]]]]
447
448 # The search base for finding users and groups
449 ## base_dn="DC=mycompany,DC=com"
450
451 # URL of the LDAP server
452 ## ldap_url=ldap://auth.mycompany.com
453
454 # The NT domain used for LDAP authentication
455 ## nt_domain=mycompany.com
456
457 # A PEM-format file containing certificates for the CA's that
458 # Hue will trust for authentication over TLS.
459 # The certificate for the CA that signed the
460 # LDAP server certificate must be included among these certificates.
461 # See more here http://www.openldap.org/doc/admin24/tls.html.
462 ## ldap_cert=
463 ## use_start_tls=true
464
465 # Distinguished name of the user to bind as -- not necessary if the LDAP server
466 # supports anonymous searches
467 ## bind_dn="CN=ServiceAccount,DC=mycompany,DC=com"
468
469 # Password of the bind user -- not necessary if the LDAP server supports
470 # anonymous searches
471 ## bind_password=
472
473 # Execute this script to produce the bind user password. This will be used
474 # when 'bind_password' is not set.
475 ## bind_password_script=
476
477 # Pattern for searching for usernames -- Use <username> for the parameter
478 # For use when using LdapBackend for Hue authentication
479 ## ldap_username_pattern="uid=<username>,ou=People,dc=mycompany,dc=com"
480
481 ## Use search bind authentication.
482 ## search_bind_authentication=true
483
484 # Whether or not to follow referrals
485 ## follow_referrals=false
486
487 # Enable python-ldap debugging.
488 ## debug=false
489
490 # Sets the debug level within the underlying LDAP C lib.
491 ## debug_level=255
492
493 # Possible values for trace_level are 0 for no logging, 1 for only logging the method calls with arguments,
494 # 2 for logging the method calls with arguments and the complete results and 9 for also logging the traceback of method calls.
495 ## trace_level=0
496
497 ## [[[[[users]]]]]
498
499 # Base filter for searching for users
500 ## user_filter="objectclass=Person"
501
502 # The username attribute in the LDAP schema
503 ## user_name_attr=sAMAccountName
504
505 ## [[[[[groups]]]]]
506
507 # Base filter for searching for groups
508 ## group_filter="objectclass=groupOfNames"
509
510 # The username attribute in the LDAP schema
511 ## group_name_attr=cn
512
513 # Configuration options for specifying the Source Version Control.
514 # ----------------------------------------------------------------
515 [[vcs]]
516
517 ## [[[git-read-only]]]
518 ## Base URL to Remote Server
519 # remote_url=https://github.com/cloudera/hue/tree/master
520
521 ## Base URL to Version Control API
522 # api_url=https://api.github.com
523 ## [[[github]]]
524
525 ## Base URL to Remote Server
526 # remote_url=https://github.com/cloudera/hue/tree/master
527
528 ## Base URL to Version Control API
529 # api_url=https://api.github.com
530
531 # These will be necessary when you want to write back to the repository.
532 ## Client ID for Authorized Application
533 # client_id=
534
535 ## Client Secret for Authorized Application
536 # client_secret=
537 ## [[[svn]]
538 ## Base URL to Remote Server
539 # remote_url=https://github.com/cloudera/hue/tree/master
540
541 ## Base URL to Version Control API
542 # api_url=https://api.github.com
543
544 # These will be necessary when you want to write back to the repository.
545 ## Client ID for Authorized Application
546 # client_id=
547
548 ## Client Secret for Authorized Application
549 # client_secret=
550
551 # Configuration options for specifying the Desktop Database. For more info,
552 # see http://docs.djangoproject.com/en/1.4/ref/settings/#database-engine
553 # ------------------------------------------------------------------------
554 [[database]]
555 # Database engine is typically one of:
556 # postgresql_psycopg2, mysql, sqlite3 or oracle.
557 #
558 # Note that for sqlite3, 'name', below is a path to the filename. For other backends, it is the database name
559 # Note for Oracle, options={"threaded":true} must be set in order to avoid crashes.
560 # Note for Oracle, you can use the Oracle Service Name by setting "host=" and "port=" and then "name=<host>:<port>/<service_name>".
561 # Note for MariaDB use the 'mysql' engine.
562 ## engine=sqlite3
563 ## host=
564 ## port=
565 ## user=
566 ## password=
567 # conn_max_age option to make database connection persistent value in seconds
568 # https://docs.djangoproject.com/en/1.9/ref/databases/#persistent-connections
569 ## conn_max_age=0
570 # Execute this script to produce the database password. This will be used when 'password' is not set.
571 ## password_script=/path/script
572 ## name=desktop/desktop.db
573 ## options={}
574 # Database schema, to be used only when public schema is revoked in postgres
575 ## schema=public
576
577 # Configuration options for specifying the Desktop session.
578 # For more info, see https://docs.djangoproject.com/en/1.4/topics/http/sessions/
579 # ------------------------------------------------------------------------
580 [[session]]
581 # The cookie containing the users' session ID will expire after this amount of time in seconds.
582 # Default is 2 weeks.
583 ## ttl=1209600
584
585 # The cookie containing the users' session ID and csrf cookie will be secure.
586 # Should only be enabled with HTTPS.
587 ## secure=false
588
589 # The cookie containing the users' session ID and csrf cookie will use the HTTP only flag.
590 ## http_only=true
591
592 # Use session-length cookies. Logs out the user when she closes the browser window.
593 ## expire_at_browser_close=false
594
595
596 # Configuration options for connecting to an external SMTP server
597 # ------------------------------------------------------------------------
598 [[smtp]]
599
600 # The SMTP server information for email notification delivery
601 host=localhost
602 port=25
603 user=
604 password=
605
606 # Whether to use a TLS (secure) connection when talking to the SMTP server
607 tls=no
608
609 # Default email address to use for various automated notification from Hue
610 ## default_from_email=hue@localhost
611
612
613 # Configuration options for Kerberos integration for secured Hadoop clusters
614 # ------------------------------------------------------------------------
615 [[kerberos]]
616
617 # Path to Hue's Kerberos keytab file
618 ## hue_keytab=
619 # Kerberos principal name for Hue
620 ## hue_principal=hue/hostname.foo.com
621 # Path to kinit
622 ## kinit_path=/path/to/kinit
623
624
625 # Configuration options for using OAuthBackend (Core) login
626 # ------------------------------------------------------------------------
627 [[oauth]]
628 # The Consumer key of the application
629 ## consumer_key=XXXXXXXXXXXXXXXXXXXXX
630
631 # The Consumer secret of the application
632 ## consumer_secret=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
633
634 # The Request token URL
635 ## request_token_url=https://api.twitter.com/oauth/request_token
636
637 # The Access token URL
638 ## access_token_url=https://api.twitter.com/oauth/access_token
639
640 # The Authorize URL
641 ## authenticate_url=https://api.twitter.com/oauth/authorize
642
643 # Configuration options for Metrics
644 # ------------------------------------------------------------------------
645 [[metrics]]
646
647 # Enable the metrics URL "/desktop/metrics"
648 ## enable_web_metrics=True
649
650 # If specified, Hue will write metrics to this file.
651 ## location=/var/log/hue/metrics.json
652
653 # Time in milliseconds on how frequently to collect metrics
654 ## collection_interval=30000
655
656
657###########################################################################
658# Settings to configure the snippets available in the Notebook
659###########################################################################
660
661[notebook]
662
663 ## Show the notebook menu or not
664 # show_notebooks=true
665
666 ## Flag to enable the bulk submission of queries as a background task through Oozie.
667 # enable_batch_execute=true
668
669 ## Flag to enable the SQL query builder of the table assist.
670 # enable_query_builder=true
671
672 ## Flag to enable the creation of a coordinator for the current SQL query.
673 # enable_query_scheduling=false
674
675 ## Main flag to override the automatic starting of the DBProxy server.
676 enable_dbproxy_server=true
677
678 ## Classpath to be appended to the default DBProxy server classpath.
679 dbproxy_extra_classpath=/opt/presto/presto-jdbc42-1.0.14.1022.jar
680
681 ## Comma separated list of interpreters that should be shown on the wheel. This list takes precedence over the
682 ## order in which the interpreter entries appear. Only the first 5 interpreters will appear on the wheel.
683 # interpreters_shown_on_wheel=
684
685 # One entry for each type of snippet.
686 [[interpreters]]
687 # Define the name and how to connect and execute the language.
688
689 [[[presto]]]
690 name=Presto
691 interface=jdbc
692 options='{"url": "jdbc:presto://phwxedwhddp001.datawarehouse.expecn.com:8285/hive/default", "driver": "com.teradata.presto.jdbc42.Driver", "user": "", "password": ""}'
693
694 [[[hive]]]
695 # The name of the snippet.
696 name=Hive
697 # The backend connection to use to communicate with the server.
698 interface=hiveserver2
699
700 [[[impala]]]
701 name=Impala
702 interface=hiveserver2
703
704 # [[[sparksql]]]
705 # name=SparkSql
706 # interface=hiveserver2
707
708 [[[spark]]]
709 name=Scala
710 interface=livy
711
712 [[[pyspark]]]
713 name=PySpark
714 interface=livy
715
716 [[[r]]]
717 name=R
718 interface=livy
719
720 [[[jar]]]
721 name=Spark Submit Jar
722 interface=livy-batch
723
724 [[[py]]]
725 name=Spark Submit Python
726 interface=livy-batch
727
728 [[[pig]]]
729 name=Pig
730 interface=oozie
731
732 [[[text]]]
733 name=Text
734 interface=text
735
736 [[[markdown]]]
737 name=Markdown
738 interface=text
739
740 [[[mysql]]]
741 name = MySQL
742 interface=rdbms
743
744 [[[sqlite]]]
745 name = SQLite
746 interface=rdbms
747
748 [[[postgresql]]]
749 name = PostgreSQL
750 interface=rdbms
751
752 [[[oracle]]]
753 name = Oracle
754 interface=rdbms
755
756 [[[solr]]]
757 name = Solr SQL
758 interface=solr
759 ## Name of the collection handler
760 # options='{"collection": "default"}'
761
762 [[[java]]]
763 name=Java
764 interface=oozie
765
766 [[[spark2]]]
767 name=Spark
768 interface=oozie
769
770 [[[mapreduce]]]
771 name=MapReduce
772 interface=oozie
773
774 [[[sqoop1]]]
775 name=Sqoop1
776 interface=oozie
777
778 [[[distcp]]]
779 name=Distcp
780 interface=oozie
781
782 [[[shell]]]
783 name=Shell
784 interface=oozie
785
786 # [[[mysql]]]
787 # name=MySql JDBC
788 # interface=jdbc
789 # ## Specific options for connecting to the server.
790 # ## The JDBC connectors, e.g. mysql.jar, need to be in the CLASSPATH environment variable.
791 # ## If 'user' and 'password' are omitted, they will be prompted in the UI.
792 # options='{"url": "jdbc:mysql://localhost:3306/hue", "driver": "com.mysql.jdbc.Driver", "user": "root", "password": "root"}'
793
794
795###########################################################################
796# Settings to configure your Analytics Dashboards
797###########################################################################
798
799[dashboard]
800
801 ## Activate the Dashboard link in the menu.
802 # is_enabled=true
803
804 ## Activate the SQL Dashboard (beta).
805 # has_sql_enabled=false
806
807 [[engines]]
808
809 # [[[solr]]]
810 ## Requires Solr 6+
811 # analytics=false
812 # nesting=false
813
814 # [[[sql]]]
815 # analytics=true
816 # nesting=false
817
818
819###########################################################################
820# Settings to configure your Hadoop cluster.
821###########################################################################
822
823[hadoop]
824
825 # Configuration for HDFS NameNode
826 # ------------------------------------------------------------------------
827 [[hdfs_clusters]]
828 # HA support by using HttpFs
829
830 [[[default]]]
831 # Enter the filesystem uri
832 fs_defaultfs=hdfs://localhost:8020
833
834 # NameNode logical name.
835 ## logical_name=
836
837 # Use WebHdfs/HttpFs as the communication mechanism.
838 # Domain should be the NameNode or HttpFs host.
839 # Default port is 14000 for HttpFs.
840 ## webhdfs_url=http://localhost:50070/webhdfs/v1
841
842 # Change this if your HDFS cluster is Kerberos-secured
843 ## security_enabled=false
844
845 # In secure mode (HTTPS), if SSL certificates from YARN Rest APIs
846 # have to be verified against certificate authority
847 ## ssl_cert_ca_verify=True
848
849 # Directory of the Hadoop configuration
850 ## hadoop_conf_dir=$HADOOP_CONF_DIR when set or '/etc/hadoop/conf'
851
852 # Configuration for YARN (MR2)
853 # ------------------------------------------------------------------------
854 [[yarn_clusters]]
855
856 [[[default]]]
857 # Enter the host on which you are running the ResourceManager
858 ## resourcemanager_host=localhost
859
860 # The port where the ResourceManager IPC listens on
861 ## resourcemanager_port=8032
862
863 # Whether to submit jobs to this cluster
864 submit_to=True
865
866 # Resource Manager logical name (required for HA)
867 ## logical_name=
868
869 # Change this if your YARN cluster is Kerberos-secured
870 ## security_enabled=false
871
872 # URL of the ResourceManager API
873 ## resourcemanager_api_url=http://localhost:8088
874
875 # URL of the ProxyServer API
876 ## proxy_api_url=http://localhost:8088
877
878 # URL of the HistoryServer API
879 ## history_server_api_url=http://localhost:19888
880
881 # URL of the Spark History Server
882 ## spark_history_server_url=http://localhost:18088
883
884 # In secure mode (HTTPS), if SSL certificates from YARN Rest APIs
885 # have to be verified against certificate authority
886 ## ssl_cert_ca_verify=True
887
888 # HA support by specifying multiple clusters.
889 # Redefine different properties there.
890 # e.g.
891
892 # [[[ha]]]
893 # Resource Manager logical name (required for HA)
894 ## logical_name=my-rm-name
895
896 # Un-comment to enable
897 ## submit_to=True
898
899 # URL of the ResourceManager API
900 ## resourcemanager_api_url=http://localhost:8088
901
902 # ...
903
904 # Configuration for MapReduce (MR1)
905 # ------------------------------------------------------------------------
906 [[mapred_clusters]]
907
908 [[[default]]]
909 # Enter the host on which you are running the Hadoop JobTracker
910 ## jobtracker_host=localhost
911
912 # The port where the JobTracker IPC listens on
913 ## jobtracker_port=8021
914
915 # JobTracker logical name for HA
916 ## logical_name=
917
918 # Thrift plug-in port for the JobTracker
919 ## thrift_port=9290
920
921 # Whether to submit jobs to this cluster
922 submit_to=False
923
924 # Change this if your MapReduce cluster is Kerberos-secured
925 ## security_enabled=false
926
927 # HA support by specifying multiple clusters
928 # e.g.
929
930 # [[[ha]]]
931 # Enter the logical name of the JobTrackers
932 ## logical_name=my-jt-name
933
934
935###########################################################################
936# Settings to configure Beeswax with Hive
937###########################################################################
938
939[beeswax]
940
941 # Host where HiveServer2 is running.
942 # If Kerberos security is enabled, use fully-qualified domain name (FQDN).
943 hive_server_host=phwxedwhdu007.bigdata.expecn.com
944
945 # Port where HiveServer2 Thrift server runs on.
946 hive_server_port=10001
947
948 # Hive configuration directory, where hive-site.xml is located
949 ## hive_conf_dir=/etc/hive/conf
950
951 # Timeout in seconds for thrift calls to Hive service
952 ## server_conn_timeout=120
953
954 # Choose whether to use the old GetLog() thrift call from before Hive 0.14 to retrieve the logs.
955 # If false, use the FetchResults() thrift call from Hive 1.0 or more instead.
956 ## use_get_log_api=false
957
958 # Limit the number of partitions that can be listed.
959 ## list_partitions_limit=10000
960
961 # The maximum number of partitions that will be included in the SELECT * LIMIT sample query for partitioned tables.
962 ## query_partitions_limit=10
963
964 # A limit to the number of rows that can be downloaded from a query before it is truncated.
965 # A value of -1 means there will be no limit.
966 ## download_row_limit=100000
967
968 # Hue will try to close the Hive query when the user leaves the editor page.
969 # This will free all the query resources in HiveServer2, but also make its results inaccessible.
970 ## close_queries=false
971
972 # Hue will use at most this many HiveServer2 sessions per user at a time.
973 ## max_number_of_sessions=1
974
975 # Thrift version to use when communicating with HiveServer2.
976 # New column format is from version 7.
977 ## thrift_version=7
978
979 # A comma-separated list of white-listed Hive configuration properties that users are authorized to set.
980 ## config_whitelist=hive.map.aggr,hive.exec.compress.output,hive.exec.parallel,hive.execution.engine,mapreduce.job.queuename
981
982 # Override the default desktop username and password of the hue user used for authentications with other services.
983 # e.g. Used for LDAP/PAM pass-through authentication.
984 ## auth_username=hue
985 ## auth_password=
986
987 [[ssl]]
988 # Path to Certificate Authority certificates.
989 ## cacerts=/etc/hue/cacerts.pem
990
991 # Choose whether Hue should validate certificates received from the server.
992 ## validate=true
993
994
995###########################################################################
996# Settings to configure Metastore
997###########################################################################
998
999[metastore]
1000 # Flag to turn on the new version of the create table wizard.
1001 ## enable_new_create_table=true
1002
1003
1004###########################################################################
1005# Settings to configure Impala
1006###########################################################################
1007
1008[impala]
1009 # Host of the Impala Server (one of the Impalad)
1010 ## server_host=localhost
1011
1012 # Port of the Impala Server
1013 ## server_port=21050
1014
1015 # Kerberos principal
1016 ## impala_principal=impala/hostname.foo.com
1017
1018 # Turn on/off impersonation mechanism when talking to Impala
1019 ## impersonation_enabled=False
1020
1021 # Number of initial rows of a result set to ask Impala to cache in order
1022 # to support re-fetching them for downloading them.
1023 # Set to 0 for disabling the option and backward compatibility.
1024 ## querycache_rows=50000
1025
1026 # Timeout in seconds for thrift calls
1027 ## server_conn_timeout=120
1028
1029 # Hue will try to close the Impala query when the user leaves the editor page.
1030 # This will free all the query resources in Impala, but also make its results inaccessible.
1031 ## close_queries=true
1032
1033 # If > 0, the query will be timed out (i.e. cancelled) if Impala does not do any work
1034 # (compute or send back results) for that query within QUERY_TIMEOUT_S seconds.
1035 ## query_timeout_s=600
1036
1037 # If > 0, the session will be timed out (i.e. cancelled) if Impala does not do any work
1038 # (compute or send back results) for that session within QUERY_TIMEOUT_S seconds (default 1 hour).
1039 ## session_timeout_s=3600
1040
1041 # Override the desktop default username and password of the hue user used for authentications with other services.
1042 # e.g. Used for LDAP/PAM pass-through authentication.
1043 ## auth_username=hue
1044 ## auth_password=
1045
1046 # A comma-separated list of white-listed Impala configuration properties that users are authorized to set.
1047 # config_whitelist=debug_action,explain_level,mem_limit,optimize_partition_key_scans,query_timeout_s,request_pool
1048
1049 # Path to the impala configuration dir which has impalad_flags file
1050 ## impala_conf_dir=${HUE_CONF_DIR}/impala-conf
1051
1052 [[ssl]]
1053 # SSL communication enabled for this server.
1054 ## enabled=false
1055
1056 # Path to Certificate Authority certificates.
1057 ## cacerts=/etc/hue/cacerts.pem
1058
1059 # Choose whether Hue should validate certificates received from the server.
1060 ## validate=true
1061
1062
1063###########################################################################
1064# Settings to configure the Spark application.
1065###########################################################################
1066
1067[spark]
1068 # Host address of the Livy Server.
1069 ## livy_server_host=localhost
1070
1071 # Port of the Livy Server.
1072 ## livy_server_port=8998
1073
1074 # Configure Livy to start in local 'process' mode, or 'yarn' workers.
1075 ## livy_server_session_kind=yarn
1076
1077 # Whether Livy requires client to perform Kerberos authentication.
1078 ## security_enabled=false
1079
1080 # Host of the Sql Server
1081 ## sql_server_host=localhost
1082
1083 # Port of the Sql Server
1084 ## sql_server_port=10000
1085
1086
1087###########################################################################
1088# Settings to configure the Oozie app
1089###########################################################################
1090
1091[oozie]
1092 # Location on local FS where the examples are stored.
1093 ## local_data_dir=..../examples
1094
1095 # Location on local FS where the data for the examples is stored.
1096 ## sample_data_dir=...thirdparty/sample_data
1097
1098 # Location on HDFS where the oozie examples and workflows are stored.
1099 # Parameters are $TIME and $USER, e.g. /user/$USER/hue/workspaces/workflow-$TIME
1100 ## remote_data_dir=/user/hue/oozie/workspaces
1101
1102 # Maximum of Oozie workflows or coodinators to retrieve in one API call.
1103 ## oozie_jobs_count=50
1104
1105 # Use Cron format for defining the frequency of a Coordinator instead of the old frequency number/unit.
1106 ## enable_cron_scheduling=true
1107
1108 ## Flag to enable the saved Editor queries to be dragged and dropped into a workflow.
1109 # enable_document_action=false
1110
1111 ## Flag to enable Oozie backend filtering instead of doing it at the page level in Javascript. Requires Oozie 4.3+.
1112 # enable_oozie_backend_filtering=true
1113
1114 ## Flag to enable the Impala action.
1115 # enable_impala_action=false
1116
1117
1118###########################################################################
1119# Settings to configure the Filebrowser app
1120###########################################################################
1121
1122[filebrowser]
1123 # Location on local filesystem where the uploaded archives are temporary stored.
1124 ## archive_upload_tempdir=/tmp
1125
1126 # Show Download Button for HDFS file browser.
1127 ## show_download_button=false
1128
1129 # Show Upload Button for HDFS file browser.
1130 ## show_upload_button=false
1131
1132 # Flag to enable the extraction of a uploaded archive in HDFS.
1133 ## enable_extract_uploaded_archive=false
1134
1135
1136###########################################################################
1137# Settings to configure Pig
1138###########################################################################
1139
1140[pig]
1141 # Location of piggybank.jar on local filesystem.
1142 ## local_sample_dir=/usr/share/hue/apps/pig/examples
1143
1144 # Location piggybank.jar will be copied to in HDFS.
1145 ## remote_data_dir=/user/hue/pig/examples
1146
1147
1148###########################################################################
1149# Settings to configure Sqoop2
1150###########################################################################
1151
1152[sqoop]
1153 # For autocompletion, fill out the librdbms section.
1154
1155 # Sqoop server URL
1156 ## server_url=http://localhost:12000/sqoop
1157
1158 # Path to configuration directory
1159 ## sqoop_conf_dir=/etc/sqoop2/conf
1160
1161
1162###########################################################################
1163# Settings to configure Proxy
1164###########################################################################
1165
1166[proxy]
1167 # Comma-separated list of regular expressions,
1168 # which match 'host:port' of requested proxy target.
1169 ## whitelist=(localhost|127\.0\.0\.1):(50030|50070|50060|50075)
1170
1171 # Comma-separated list of regular expressions,
1172 # which match any prefix of 'host:port/path' of requested proxy target.
1173 # This does not support matching GET parameters.
1174 ## blacklist=
1175
1176
1177###########################################################################
1178# Settings to configure HBase Browser
1179###########################################################################
1180
1181[hbase]
1182 # Comma-separated list of HBase Thrift servers for clusters in the format of '(name|host:port)'.
1183 # Use full hostname with security.
1184 # If using Kerberos we assume GSSAPI SASL, not PLAIN.
1185 ## hbase_clusters=(Cluster|localhost:9090)
1186
1187 # HBase configuration directory, where hbase-site.xml is located.
1188 ## hbase_conf_dir=/etc/hbase/conf
1189
1190 # Hard limit of rows or columns per row fetched before truncating.
1191 ## truncate_limit = 500
1192
1193 # 'buffered' is the default of the HBase Thrift Server and supports security.
1194 # 'framed' can be used to chunk up responses,
1195 # which is useful when used in conjunction with the nonblocking server in Thrift.
1196 ## thrift_transport=buffered
1197
1198
1199###########################################################################
1200# Settings to configure Solr Search
1201###########################################################################
1202
1203[search]
1204
1205 # URL of the Solr Server
1206 ## solr_url=http://localhost:8983/solr/
1207
1208 # Requires FQDN in solr_url if enabled
1209 ## security_enabled=false
1210
1211 ## Query sent when no term is entered
1212 ## empty_query=*:*
1213
1214
1215###########################################################################
1216# Settings to configure Solr API lib
1217###########################################################################
1218
1219[libsolr]
1220
1221 # Choose whether Hue should validate certificates received from the server.
1222 ## ssl_cert_ca_verify=true
1223
1224 # Default path to Solr in ZooKeeper.
1225 ## solr_zk_path=/solr
1226
1227
1228###########################################################################
1229# Settings to configure Solr Indexer
1230###########################################################################
1231
1232[indexer]
1233
1234 # Location of the solrctl binary.
1235 ## solrctl_path=/usr/bin/solrctl
1236
1237 # Flag to turn on the morphline based Solr indexer.
1238 ## enable_new_indexer=false
1239
1240 # Oozie workspace template for indexing.
1241 ## config_indexer_libs_path=/tmp/smart_indexer_lib
1242
1243 # Flag to turn on the new metadata importer.
1244 ## enable_new_importer=false
1245
1246
1247###########################################################################
1248# Settings to configure Job Designer
1249###########################################################################
1250
1251[jobsub]
1252
1253 # Location on local FS where examples and template are stored.
1254 ## local_data_dir=..../data
1255
1256 # Location on local FS where sample data is stored
1257 ## sample_data_dir=...thirdparty/sample_data
1258
1259
1260###########################################################################
1261# Settings to configure Job Browser.
1262###########################################################################
1263
1264[jobbrowser]
1265 # Share submitted jobs information with all users. If set to false,
1266 # submitted jobs are visible only to the owner and administrators.
1267 ## share_jobs=true
1268
1269 # Whether to disalbe the job kill button for all users in the jobbrowser
1270 ## disable_killing_jobs=false
1271
1272 # Offset in bytes where a negative offset will fetch the last N bytes for the given log file (default 1MB).
1273 ## log_offset=-1000000
1274
1275 # Show the version 2 of app which unifies all the past browsers into one.
1276 ## enable_v2=false
1277
1278
1279###########################################################################
1280# Settings to configure Sentry / Security App.
1281###########################################################################
1282
1283[security]
1284
1285 # Use Sentry API V1 for Hive.
1286 ## hive_v1=true
1287
1288 # Use Sentry API V2 for Hive.
1289 ## hive_v2=false
1290
1291 # Use Sentry API V2 for Solr.
1292 ## solr_v2=true
1293
1294
1295###########################################################################
1296# Settings to configure the Zookeeper application.
1297###########################################################################
1298
1299[zookeeper]
1300
1301 [[clusters]]
1302
1303 [[[default]]]
1304 # Zookeeper ensemble. Comma separated list of Host/Port.
1305 # e.g. localhost:2181,localhost:2182,localhost:2183
1306 ## host_ports=localhost:2181
1307
1308 # The URL of the REST contrib service (required for znode browsing).
1309 ## rest_url=http://localhost:9998
1310
1311 # Name of Kerberos principal when using security.
1312 ## principal_name=zookeeper
1313
1314
1315###########################################################################
1316# Settings for the User Admin application
1317###########################################################################
1318
1319[useradmin]
1320 # Default home directory permissions
1321 ## home_dir_permissions=0755
1322
1323 # The name of the default user group that users will be a member of
1324 ## default_user_group=default
1325
1326 [[password_policy]]
1327 # Set password policy to all users. The default policy requires password to be at least 8 characters long,
1328 # and contain both uppercase and lowercase letters, numbers, and special characters.
1329
1330 ## is_enabled=false
1331 ## pwd_regex="^(?=.*?[A-Z])(?=(.*[a-z]){1,})(?=(.*[\d]){1,})(?=(.*[\W_]){1,}).{8,}$"
1332 ## pwd_hint="The password must be at least 8 characters long, and must contain both uppercase and lowercase letters, at least one number, and at least one special character."
1333 ## pwd_error_message="The password must be at least 8 characters long, and must contain both uppercase and lowercase letters, at least one number, and at least one special character."
1334
1335
1336###########################################################################
1337# Settings to configure liboozie
1338###########################################################################
1339
1340[liboozie]
1341 # The URL where the Oozie service runs on. This is required in order for
1342 # users to submit jobs. Empty value disables the config check.
1343 ## oozie_url=http://localhost:11000/oozie
1344
1345 # Requires FQDN in oozie_url if enabled
1346 ## security_enabled=false
1347
1348 # Location on HDFS where the workflows/coordinator are deployed when submitted.
1349 ## remote_deployement_dir=/user/hue/oozie/deployments
1350
1351
1352###########################################################################
1353# Settings for the AWS lib
1354###########################################################################
1355
1356[aws]
1357 [[aws_accounts]]
1358 # Default AWS account
1359 ## [[[default]]]
1360 # AWS credentials
1361 ## access_key_id=
1362 ## secret_access_key=
1363 ## security_token=
1364
1365 # Execute this script to produce the AWS access key ID.
1366 ## access_key_id_script=/path/access_key_id.sh
1367
1368 # Execute this script to produce the AWS secret access key.
1369 ## secret_access_key_script=/path/secret_access_key.sh
1370
1371 # Allow to use either environment variables or
1372 # EC2 InstanceProfile to retrieve AWS credentials.
1373 ## allow_environment_credentials=yes
1374
1375 # AWS region to use
1376 ## region=us-east-1
1377
1378 # Endpoint overrides
1379 ## proxy_address=
1380 ## proxy_port=
1381
1382 # Secure connections are the default, but this can be explicitly overridden:
1383 ## is_secure=true
1384
1385 # The default calling format uses https://<bucket-name>.s3.amazonaws.com but
1386 # this may not make sense if DNS is not configured in this way for custom endpoints.
1387 # e.g. Use boto.s3.connection.OrdinaryCallingFormat for https://s3.amazonaws.com/<bucket-name>
1388 ## calling_format=boto.s3.connection.S3Connection.DefaultCallingFormat
1389
1390
1391###########################################################################
1392# Settings for the Sentry lib
1393###########################################################################
1394
1395[libsentry]
1396 # Hostname or IP of server.
1397 ## hostname=localhost
1398
1399 # Port the sentry service is running on.
1400 ## port=8038
1401
1402 # Sentry configuration directory, where sentry-site.xml is located.
1403 ## sentry_conf_dir=/etc/sentry/conf
1404
1405 # Number of seconds when the privilege list of a user is cached.
1406 ## privilege_checker_caching=30
1407
1408
1409###########################################################################
1410# Settings to configure the ZooKeeper Lib
1411###########################################################################
1412
1413[libzookeeper]
1414 # ZooKeeper ensemble. Comma separated list of Host/Port.
1415 # e.g. localhost:2181,localhost:2182,localhost:2183
1416 ## ensemble=localhost:2181
1417
1418 # Name of Kerberos principal when using security.
1419 ## principal_name=zookeeper
1420
1421
1422###########################################################################
1423# Settings for the RDBMS application
1424###########################################################################
1425
1426[librdbms]
1427 # The RDBMS app can have any number of databases configured in the databases
1428 # section. A database is known by its section name
1429 # (IE sqlite, mysql, psql, and oracle in the list below).
1430
1431 [[databases]]
1432 # sqlite configuration.
1433 ## [[[sqlite]]]
1434 # Name to show in the UI.
1435 ## nice_name=SQLite
1436
1437 # For SQLite, name defines the path to the database.
1438 ## name=/tmp/sqlite.db
1439
1440 # Database backend to use.
1441 ## engine=sqlite
1442
1443 # Database options to send to the server when connecting.
1444 # https://docs.djangoproject.com/en/1.4/ref/databases/
1445 ## options={}
1446
1447 # mysql, oracle, or postgresql configuration.
1448 ## [[[mysql]]]
1449 # Name to show in the UI.
1450 ## nice_name="My SQL DB"
1451
1452 # For MySQL and PostgreSQL, name is the name of the database.
1453 # For Oracle, Name is instance of the Oracle server. For express edition
1454 # this is 'xe' by default.
1455 ## name=mysqldb
1456
1457 # Database backend to use. This can be:
1458 # 1. mysql
1459 # 2. postgresql
1460 # 3. oracle
1461 ## engine=mysql
1462
1463 # IP or hostname of the database to connect to.
1464 ## host=localhost
1465
1466 # Port the database server is listening to. Defaults are:
1467 # 1. MySQL: 3306
1468 # 2. PostgreSQL: 5432
1469 # 3. Oracle Express Edition: 1521
1470 ## port=3306
1471
1472 # Username to authenticate with when connecting to the database.
1473 ## user=example
1474
1475 # Password matching the username to authenticate with when
1476 # connecting to the database.
1477 ## password=example
1478
1479 # Database options to send to the server when connecting.
1480 # https://docs.djangoproject.com/en/1.4/ref/databases/
1481 ## options={}
1482
1483
1484###########################################################################
1485# Settings to configure SAML
1486###########################################################################
1487
1488[libsaml]
1489 # Xmlsec1 binary path. This program should be executable by the user running Hue.
1490 ## xmlsec_binary=/usr/local/bin/xmlsec1
1491
1492 # Entity ID for Hue acting as service provider.
1493 # Can also accept a pattern where '<base_url>' will be replaced with server URL base.
1494 ## entity_id="<base_url>/saml2/metadata/"
1495
1496 # Create users from SSO on login.
1497 ## create_users_on_login=true
1498
1499 # Required attributes to ask for from IdP.
1500 # This requires a comma separated list.
1501 ## required_attributes=uid
1502
1503 # Optional attributes to ask for from IdP.
1504 # This requires a comma separated list.
1505 ## optional_attributes=
1506
1507 # IdP metadata in the form of a file. This is generally an XML file containing metadata that the Identity Provider generates.
1508 ## metadata_file=
1509
1510 # Private key to encrypt metadata with.
1511 ## key_file=
1512
1513 # Signed certificate to send along with encrypted metadata.
1514 ## cert_file=
1515
1516 # Path to a file containing the password private key.
1517 ## key_file_password=/path/key
1518
1519 # Execute this script to produce the private key password. This will be used when 'key_file_password' is not set.
1520 ## key_file_password_script=/path/pwd.sh
1521
1522 # A mapping from attributes in the response from the IdP to django user attributes.
1523 ## user_attribute_mapping={'uid': ('username', )}
1524
1525 # Have Hue initiated authn requests be signed and provide a certificate.
1526 ## authn_requests_signed=false
1527
1528 # Have Hue initiated logout requests be signed and provide a certificate.
1529 ## logout_requests_signed=false
1530
1531 # Username can be sourced from 'attributes' or 'nameid'.
1532 ## username_source=attributes
1533
1534 # Performs the logout or not.
1535 ## logout_enabled=true
1536
1537
1538###########################################################################
1539# Settings to configure OpenID
1540###########################################################################
1541
1542[libopenid]
1543 # (Required) OpenId SSO endpoint url.
1544 ## server_endpoint_url=https://www.google.com/accounts/o8/id
1545
1546 # OpenId 1.1 identity url prefix to be used instead of SSO endpoint url
1547 # This is only supported if you are using an OpenId 1.1 endpoint
1548 ## identity_url_prefix=https://app.onelogin.com/openid/your_company.com/
1549
1550 # Create users from OPENID on login.
1551 ## create_users_on_login=true
1552
1553 # Use email for username
1554 ## use_email_for_username=true
1555
1556
1557###########################################################################
1558# Settings to configure OAuth
1559###########################################################################
1560
1561[liboauth]
1562 # NOTE:
1563 # To work, each of the active (i.e. uncommented) service must have
1564 # applications created on the social network.
1565 # Then the "consumer key" and "consumer secret" must be provided here.
1566 #
1567 # The addresses where to do so are:
1568 # Twitter: https://dev.twitter.com/apps
1569 # Google+ : https://cloud.google.com/
1570 # Facebook: https://developers.facebook.com/apps
1571 # Linkedin: https://www.linkedin.com/secure/developer
1572 #
1573 # Additionnaly, the following must be set in the application settings:
1574 # Twitter: Callback URL (aka Redirect URL) must be set to http://YOUR_HUE_IP_OR_DOMAIN_NAME/oauth/social_login/oauth_authenticated
1575 # Google+ : CONSENT SCREEN must have email address
1576 # Facebook: Sandbox Mode must be DISABLED
1577 # Linkedin: "In OAuth User Agreement", r_emailaddress is REQUIRED
1578
1579 # The Consumer key of the application
1580 ## consumer_key_twitter=
1581 ## consumer_key_google=
1582 ## consumer_key_facebook=
1583 ## consumer_key_linkedin=
1584
1585 # The Consumer secret of the application
1586 ## consumer_secret_twitter=
1587 ## consumer_secret_google=
1588 ## consumer_secret_facebook=
1589 ## consumer_secret_linkedin=
1590
1591 # The Request token URL
1592 ## request_token_url_twitter=https://api.twitter.com/oauth/request_token
1593 ## request_token_url_google=https://accounts.google.com/o/oauth2/auth
1594 ## request_token_url_linkedin=https://www.linkedin.com/uas/oauth2/authorization
1595 ## request_token_url_facebook=https://graph.facebook.com/oauth/authorize
1596
1597 # The Access token URL
1598 ## access_token_url_twitter=https://api.twitter.com/oauth/access_token
1599 ## access_token_url_google=https://accounts.google.com/o/oauth2/token
1600 ## access_token_url_facebook=https://graph.facebook.com/oauth/access_token
1601 ## access_token_url_linkedin=https://api.linkedin.com/uas/oauth2/accessToken
1602
1603 # The Authenticate URL
1604 ## authenticate_url_twitter=https://api.twitter.com/oauth/authorize
1605 ## authenticate_url_google=https://www.googleapis.com/oauth2/v1/userinfo?access_token=
1606 ## authenticate_url_facebook=https://graph.facebook.com/me?access_token=
1607 ## authenticate_url_linkedin=https://api.linkedin.com/v1/people/~:(email-address)?format=json&oauth2_access_token=
1608
1609 # Username Map. Json Hash format.
1610 # Replaces username parts in order to simplify usernames obtained
1611 # Example: {"@sub1.domain.com":"_S1", "@sub2.domain.com":"_S2"}
1612 # converts 'email@sub1.domain.com' to 'email_S1'
1613 ## username_map={}
1614
1615 # Whitelisted domains (only applies to Google OAuth). CSV format.
1616 ## whitelisted_domains_google=
1617
1618
1619###########################################################################
1620# Settings to configure Metadata
1621###########################################################################
1622
1623[metadata]
1624
1625 [[optimizer]]
1626 # Cache timeout in milliseconds for the Optimizer metadata used in assist, autocomplete, etc.
1627 # defaults to 432000000 (5 days), set to 0 to disable caching
1628 # cacheable_ttl=432000000
1629
1630 # Base URL to Optimizer API.
1631 ## api_url=https://optimizer.cloudera.com
1632
1633 # Aka workload or tenant id, keep commented and it will be guessed from the email.
1634 ## product_name=e0819f3a-1e6f-4904-be69-5b704bacd1244
1635
1636 # A secret passphrase associated with the account.
1637 ## product_secret=e0819f3a-1e6f-4904-be69-5b704bacd1245
1638
1639 # A secret key passphrase associated with the account.
1640 ## product_auth_secret='-----BEGIN PRIVATE KEY....'
1641
1642 # The email of the Optimizer account you want to associate with the Product.
1643 ## email=hue@gethue.com
1644
1645 # Perform Sentry privilege filtering.
1646 # Default to true automatically if the cluster is secure.
1647 ## apply_sentry_permissions=False
1648
1649 # Automatically upload queries after their execution in order to improve recommendations.
1650 ## auto_upload_queries=true
1651
1652 # Allow admins to upload the last N executed queries in the quick start wizard. Use 0 to disable.
1653 ## query_history_upload_limit=10000
1654
1655 # In secure mode (HTTPS), if Optimizer SSL certificates have to be verified against certificate authority.
1656 ## ssl_cert_ca_verify=True
1657
1658 [[navigator]]
1659 # Navigator API URL (without version suffix).
1660 ## api_url=http://localhost:7187/api
1661
1662 # Which authentication to use: CM or external via LDAP or SAML.
1663 ## navmetadataserver_auth_type=CMDB
1664
1665 # Username of the CM user used for authentication.
1666 ## navmetadataserver_cmdb_user=hue
1667 # CM password of the user used for authentication.
1668 ## navmetadataserver_cmdb_password=
1669 # Execute this script to produce the CM password. This will be used when the plain password is not set.
1670 # navmetadataserver_cmdb_password_script=
1671
1672 # Username of the LDAP user used for authentication.
1673 ## navmetadataserver_ldap_user=hue
1674 # LDAP password of the user used for authentication.
1675 ## navmetadataserver_ldap_ppassword=
1676 # Execute this script to produce the LDAP password. This will be used when the plain password is not set.
1677 ## navmetadataserver_ldap_password_script=
1678
1679 # Username of the SAML user used for authentication.
1680 ## navmetadataserver_saml_user=hue
1681 ## SAML password of the user used for authentication.
1682 # navmetadataserver_saml_password=
1683 # Execute this script to produce the SAML password. This will be used when the plain password is not set.
1684 ## navmetadataserver_saml_password_script=
1685
1686 # Perform Sentry privilege filtering.
1687 # Default to true automatically if the cluster is secure.
1688 ## apply_sentry_permissions=False
1689
1690 # Max number of items to fetch in one call in object search.
1691 ## fetch_size_search=450
1692
1693 # Max number of items to fetch in one call in object search autocomplete.
1694 ## fetch_size_search_interactive=450
1695
1696 # If metadata search is enabled, also show the search box in the left assist.
1697 ## enable_file_search=false