默认配置文件 core-default.xml










<configuration>

  

  <property>
    <name>hadoop.common.configuration.versionname>
    <value>3.0.0value>
    <description>version of this configuration filedescription>
  property>

  <property>
    <name>hadoop.tmp.dirname>
    <value>/tmp/hadoop-${user.name}value>
    <description>A base for other temporary directories.description>
  property>

  <property>
    <name>hadoop.http.filter.initializersname>
    <value>org.apache.hadoop.http.lib.StaticUserWebFiltervalue>
    <description>A comma separated list of class names. Each class in the list
    must extend org.apache.hadoop.http.FilterInitializer. The corresponding
    Filter will be initialized. Then, the Filter will be applied to all user
    facing jsp and servlet web pages.  The ordering of the list defines the
    ordering of the filters.description>
  property>

  

  <property>
    <name>hadoop.security.authorizationname>
    <value>falsevalue>
    <description>Is service-level authorization enabled?description>
  property>

  <property>
    <name>hadoop.security.instrumentation.requires.adminname>
    <value>falsevalue>
    <description>
      Indicates if administrator ACLs are required to access
      instrumentation servlets (JMX, METRICS, CONF, STACKS).
    description>
  property>

  <property>
    <name>hadoop.security.authenticationname>
    <value>simplevalue>
    <description>Possible values are simple (no authentication), and kerberos
    description>
  property>

  <property>
    <name>hadoop.security.group.mappingname>
    <value>org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallbackvalue>
    <description>
      Class for user to group mapping (get groups for a given user) for ACL.
      The default implementation,
      org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback,
      will determine if the Java Native Interface (JNI) is available. If JNI is
      available the implementation will use the API within hadoop to resolve a
      list of groups for a user. If JNI is not available then the shell
      implementation, ShellBasedUnixGroupsMapping, is used.  This implementation
      shells out to the Linux/Unix environment with the
      <code>bash -c groupscode> command to resolve a list of groups for a user.
    description>
  property>

  <property>
    <name>hadoop.security.dns.interfacename>
    <description>
      The name of the Network Interface from which the service should determine
      its host name for Kerberos login. e.g. eth2. In a multi-homed environment,
      the setting can be used to affect the _HOST substitution in the service
      Kerberos principal. If this configuration value is not set, the service
      will use its default hostname as returned by
      InetAddress.getLocalHost().getCanonicalHostName().

      Most clusters will not require this setting.
    description>
  property>

  <property>
    <name>hadoop.security.dns.nameservername>
    <description>
      The host name or IP address of the name server (DNS) which a service Node
      should use to determine its own host name for Kerberos Login. Requires
      hadoop.security.dns.interface.

      Most clusters will not require this setting.
    description>
  property>

  <property>
    <name>hadoop.security.dns.log-slow-lookups.enabledname>
    <value>falsevalue>
    <description>
      Time name lookups (via SecurityUtil) and log them if they exceed the
      configured threshold.
    description>
  property>

  <property>
    <name>hadoop.security.dns.log-slow-lookups.threshold.msname>
    <value>1000value>
    <description>
      If slow lookup logging is enabled, this threshold is used to decide if a
      lookup is considered slow enough to be logged.
    description>
  property>

  <property>
    <name>hadoop.security.groups.cache.secsname>
    <value>300value>
    <description>
      This is the config controlling the validity of the entries in the cache
      containing the user->group mapping. When this duration has expired,
      then the implementation of the group mapping provider is invoked to get
      the groups of the user and then cached back.
    description>
  property>

  <property>
    <name>hadoop.security.groups.negative-cache.secsname>
    <value>30value>
    <description>
      Expiration time for entries in the the negative user-to-group mapping
      caching, in seconds. This is useful when invalid users are retrying
      frequently. It is suggested to set a small value for this expiration, since
      a transient error in group lookup could temporarily lock out a legitimate
      user.

      Set this to zero or negative value to disable negative user-to-group caching.
    description>
  property>

  <property>
    <name>hadoop.security.groups.cache.warn.after.msname>
    <value>5000value>
    <description>
      If looking up a single user to group takes longer than this amount of
      milliseconds, we will log a warning message.
    description>
  property>

  <property>
    <name>hadoop.security.groups.cache.background.reloadname>
    <value>falsevalue>
    <description>
      Whether to reload expired user->group mappings using a background thread
      pool. If set to true, a pool of
      hadoop.security.groups.cache.background.reload.threads is created to
      update the cache in the background.
    description>
  property>

  <property>
    <name>hadoop.security.groups.cache.background.reload.threadsname>
    <value>3value>
    <description>
      Only relevant if hadoop.security.groups.cache.background.reload is true.
      Controls the number of concurrent background user->group cache entry
      refreshes. Pending refresh requests beyond this value are queued and
      processed when a thread is free.
    description>
  property>

  <property>
    <name>hadoop.security.groups.shell.command.timeoutname>
    <value>0svalue>
    <description>
      Used by the ShellBasedUnixGroupsMapping class, this property controls how
      long to wait for the underlying shell command that is run to fetch groups.
      Expressed in seconds (e.g. 10s, 1m, etc.), if the running command takes
      longer than the value configured, the command is aborted and the groups
      resolver would return a result of no groups found. A value of 0s (default)
      would mean an infinite wait (i.e. wait until the command exits on its own).
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.connection.timeout.msname>
    <value>60000value>
    <description>
      This property is the connection timeout (in milliseconds) for LDAP
      operations. If the LDAP provider doesn't establish a connection within the
      specified period, it will abort the connect attempt. Non-positive value
      means no LDAP connection timeout is specified in which case it waits for the
      connection to establish until the underlying network times out.
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.read.timeout.msname>
    <value>60000value>
    <description>
      This property is the read timeout (in milliseconds) for LDAP
      operations. If the LDAP provider doesn't get a LDAP response within the
      specified period, it will abort the read attempt. Non-positive value
      means no read timeout is specified in which case it waits for the response
      infinitely.
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.num.attemptsname>
    <value>3value>
    <description>
      This property is the number of attempts to be made for LDAP operations.
      If this limit is exceeded, LdapGroupsMapping will return an empty
      group list.
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.num.attempts.before.failovername>
    <value>3value>
    <description>
      This property is the number of attempts to be made for LDAP operations
      using a single LDAP instance. If multiple LDAP servers are configured
      and this number of failed operations is reached, we will switch to the
      next LDAP server. The configuration for the overall number of attempts
      will still be respected, failover will thus be performed only if this
      property is less than hadoop.security.group.mapping.ldap.num.attempts.
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.urlname>
    <value>value>
    <description>
      The URL of the LDAP server(s) to use for resolving user groups when using
      the LdapGroupsMapping user to group mapping. Supports configuring multiple
      LDAP servers via a comma-separated list.
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.sslname>
    <value>falsevalue>
    <description>
      Whether or not to use SSL when connecting to the LDAP server.
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.ssl.keystorename>
    <value>value>
    <description>
      File path to the SSL keystore that contains the SSL certificate required
      by the LDAP server.
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.ssl.keystore.password.filename>
    <value>value>
    <description>
      The path to a file containing the password of the LDAP SSL keystore. If
      the password is not configured in credential providers and the property
      hadoop.security.group.mapping.ldap.ssl.keystore.password is not set,
      LDAPGroupsMapping reads password from the file.

      IMPORTANT: This file should be readable only by the Unix user running
      the daemons and should be a local file.
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.ssl.keystore.passwordname>
    <value>value>
    <description>
      The password of the LDAP SSL keystore. this property name is used as an
      alias to get the password from credential providers. If the password can
      not be found and hadoop.security.credential.clear-text-fallback is true
      LDAPGroupsMapping uses the value of this property for password.
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.conversion.rulename>
    <value>nonevalue>
    <description>
      The rule is applied on the group names received from LDAP when
      RuleBasedLdapGroupsMapping is configured.
      Supported rules are "to_upper", "to_lower" and "none".
      to_upper: This will convert all the group names to uppercase.
      to_lower: This will convert all the group names to lowercase.
      none: This will retain the source formatting, this is default value.
    description>
  property>

  <property>
    <name>hadoop.security.credential.clear-text-fallbackname>
    <value>truevalue>
    <description>
      true or false to indicate whether or not to fall back to storing credential
      password as clear text. The default value is true. This property only works
      when the password can't not be found from credential providers.
    description>
  property>

  <property>
    <name>hadoop.security.credential.provider.pathname>
    <value>value>
    <description>
      A comma-separated list of URLs that indicates the type and
      location of a list of providers that should be consulted.
    description>
  property>

  <property>
    <name>hadoop.security.credstore.java-keystore-provider.password-filename>
    <value>value>
    <description>
      The path to a file containing the custom password for all keystores
      that may be configured in the provider path.
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.ssl.truststorename>
    <value>value>
    <description>
      File path to the SSL truststore that contains the root certificate used to
      sign the LDAP server's certificate. Specify this if the LDAP server's
      certificate is not signed by a well known certificate authority.
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.ssl.truststore.password.filename>
    <value>value>
    <description>
      The path to a file containing the password of the LDAP SSL truststore.

      IMPORTANT: This file should be readable only by the Unix user running
      the daemons.
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.bind.username>
    <value>value>
    <description>
      The distinguished name of the user to bind as when connecting to the LDAP
      server. This may be left blank if the LDAP server supports anonymous binds.
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.bind.password.filename>
    <value>value>
    <description>
      The path to a file containing the password of the bind user. If
      the password is not configured in credential providers and the property
      hadoop.security.group.mapping.ldap.bind.password is not set,
      LDAPGroupsMapping reads password from the file.

      IMPORTANT: This file should be readable only by the Unix user running
      the daemons and should be a local file.
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.bind.passwordname>
    <value>value>
    <description>
      The password of the bind user. this property name is used as an
      alias to get the password from credential providers. If the password can
      not be found and hadoop.security.credential.clear-text-fallback is true
      LDAPGroupsMapping uses the value of this property for password.
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.basename>
    <value>value>
    <description>
      The search base for the LDAP connection. This is a distinguished name,
      and will typically be the root of the LDAP directory.
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.userbasename>
    <value>value>
    <description>
      The search base for the LDAP connection for user search query. This is a
      distinguished name, and its the root of the LDAP directory for users.
      If not set, hadoop.security.group.mapping.ldap.base is used.
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.groupbasename>
    <value>value>
    <description>
      The search base for the LDAP connection for group search . This is a
      distinguished name, and its the root of the LDAP directory for groups.
      If not set, hadoop.security.group.mapping.ldap.base is used.
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.search.filter.username>
    <value>(&(objectClass=user)(sAMAccountName={0}))value>
    <description>
      An additional filter to use when searching for LDAP users. The default will
      usually be appropriate for Active Directory installations. If connecting to
      an LDAP server with a non-AD schema, this should be replaced with
      (&(objectClass=inetOrgPerson)(uid={0}). {0} is a special string used to
      denote where the username fits into the filter.

      If the LDAP server supports posixGroups, Hadoop can enable the feature by
      setting the value of this property to "posixAccount" and the value of
      the hadoop.security.group.mapping.ldap.search.filter.group property to
      "posixGroup".
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.search.filter.groupname>
    <value>(objectClass=group)value>
    <description>
      An additional filter to use when searching for LDAP groups. This should be
      changed when resolving groups against a non-Active Directory installation.

      See the description of hadoop.security.group.mapping.ldap.search.filter.user
      to enable posixGroups support.
    description>
  property>

  <property>
      <name>hadoop.security.group.mapping.ldap.search.attr.memberofname>
      <value>value>
      <description>
        The attribute of the user object that identifies its group objects. By
        default, Hadoop makes two LDAP queries per user if this value is empty. If
        set, Hadoop will attempt to resolve group names from this attribute,
        instead of making the second LDAP query to get group objects. The value
        should be 'memberOf' for an MS AD installation.
      description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.search.attr.membername>
    <value>membervalue>
    <description>
      The attribute of the group object that identifies the users that are
      members of the group. The default will usually be appropriate for
      any LDAP installation.
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.search.attr.group.namename>
    <value>cnvalue>
    <description>
      The attribute of the group object that identifies the group name. The
      default will usually be appropriate for all LDAP systems.
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.search.group.hierarchy.levelsname>
    <value>0value>
    <description>
      The number of levels to go up the group hierarchy when determining
      which groups a user is part of. 0 Will represent checking just the
      group that the user belongs to.  Each additional level will raise the
      time it takes to execute a query by at most
      hadoop.security.group.mapping.ldap.directory.search.timeout.
      The default will usually be appropriate for all LDAP systems.
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.posix.attr.uid.namename>
    <value>uidNumbervalue>
    <description>
      The attribute of posixAccount to use when groups for membership.
      Mostly useful for schemas wherein groups have memberUids that use an
      attribute other than uidNumber.
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.posix.attr.gid.namename>
    <value>gidNumbervalue>
    <description>
      The attribute of posixAccount indicating the group id.
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.ldap.directory.search.timeoutname>
    <value>10000value>
    <description>
      The attribute applied to the LDAP SearchControl properties to set a
      maximum time limit when searching and awaiting a result.
      Set to 0 if infinite wait period is desired.
      Default is 10 seconds. Units in milliseconds.
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.providersname>
    <value>value>
    <description>
      Comma separated of names of other providers to provide user to group
      mapping. Used by CompositeGroupsMapping.
    description>
  property>

  <property>
    <name>hadoop.security.group.mapping.providers.combinedname>
    <value>truevalue>
    <description>
      true or false to indicate whether groups from the providers are combined or
      not. The default value is true. If true, then all the providers will be
      tried to get groups and all the groups are combined to return as the final
      results. Otherwise, providers are tried one by one in the configured list
      order, and if any groups are retrieved from any provider, then the groups
      will be returned without trying the left ones.
    description>
  property>

  <property>
    <name>hadoop.security.service.user.name.keyname>
    <value>value>
    <description>
      For those cases where the same RPC protocol is implemented by multiple
      servers, this configuration is required for specifying the principal
      name to use for the service when the client wishes to make an RPC call.
    description>
  property>
    <property>
      <name>fs.azure.user.agent.prefixname>
      <value>unknownvalue>
      <description>
        WASB passes User-Agent header to the Azure back-end. The default value
        contains WASB version, Java Runtime version, Azure Client library version,
        and the value of the configuration option fs.azure.user.agent.prefix.
      description>
    property>

  <property>
      <name>hadoop.security.uid.cache.secsname>
      <value>14400value>
      <description>
          This is the config controlling the validity of the entries in the cache
          containing the userId to userName and groupId to groupName used by
          NativeIO getFstat().
      description>
  property>

    <property>
      <name>hadoop.service.shutdown.timeoutname>
      <value>30svalue>
      <description>
        Timeout to wait for each shutdown operation to complete.
        If a hook takes longer than this time to complete, it will be interrupted,
        so the service will shutdown. This allows the service shutdown
        to recover from a blocked operation.
        Some shutdown hooks may need more time than this, for example when
        a large amount of data needs to be uploaded to an object store.
        In this situation: increase the timeout.

        The minimum duration of the timeout is 1 second, "1s".
      description>
  property>

  <property>
    <name>hadoop.rpc.protectionname>
    <value>authenticationvalue>
    <description>A comma-separated list of protection values for secured sasl
        connections. Possible values are authentication, integrity and privacy.
        authentication means authentication only and no integrity or privacy;
        integrity implies authentication and integrity are enabled; and privacy
        implies all of authentication, integrity and privacy are enabled.
        hadoop.security.saslproperties.resolver.class can be used to override
        the hadoop.rpc.protection for a connection at the server side.
    description>
  property>

  <property>
    <name>hadoop.security.saslproperties.resolver.classname>
    <value>value>
    <description>SaslPropertiesResolver used to resolve the QOP used for a
        connection. If not specified, the full set of values specified in
        hadoop.rpc.protection is used while determining the QOP used for the
        connection. If a class is specified, then the QOP values returned by
        the class will be used while determining the QOP used for the connection.
    description>
  property>

  <property>
    <name>hadoop.security.sensitive-config-keysname>
    <value>
        secret$
        password$
        ssl.keystore.pass$
        fs.s3a.server-side-encryption.key
        fs.s3a.*.server-side-encryption.key
        fs.s3a.secret.key
        fs.s3a.*.secret.key
        fs.s3a.session.key
        fs.s3a.*.session.key
        fs.s3a.session.token
        fs.s3a.*.session.token
        fs.azure.account.key.*
        fs.azure.oauth2.*
        fs.adl.oauth2.*
        credential$
        oauth.*token$
        hadoop.security.sensitive-config-keys
    value>
    <description>A comma-separated or multi-line list of regular expressions to
        match configuration keys that should be redacted where appropriate, for
        example, when logging modified properties during a reconfiguration,
        private credentials should not be logged.
    description>
  property>

  <property>
    <name>hadoop.workaround.non.threadsafe.getpwuidname>
    <value>truevalue>
    <description>Some operating systems or authentication modules are known to
    have broken implementations of getpwuid_r and getpwgid_r, such that these
    calls are not thread-safe. Symptoms of this problem include JVM crashes
    with a stack trace inside these functions. If your system exhibits this
    issue, enable this configuration parameter to include a lock around the
    calls as a workaround.

    An incomplete list of some systems known to have this issue is available
    at http://wiki.apache.org/hadoop/KnownBrokenPwuidImplementations
    description>
  property>

  <property>
    <name>hadoop.kerberos.kinit.commandname>
    <value>kinitvalue>
    <description>Used to periodically renew Kerberos credentials when provided
    to Hadoop. The default setting assumes that kinit is in the PATH of users
    running the Hadoop client. Change this to the absolute path to kinit if this
    is not the case.
    description>
  property>

  <property>
      <name>hadoop.kerberos.min.seconds.before.reloginname>
      <value>60value>
      <description>The minimum time between relogin attempts for Kerberos, in
      seconds.
      description>
  property>

  <property>
    <name>hadoop.security.auth_to_localname>
    <value>value>
    <description>Maps kerberos principals to local user namesdescription>
  property>

  <property>
    <name>hadoop.security.auth_to_local.mechanismname>
    <value>hadoopvalue>
    <description>The mechanism by which auth_to_local rules are evaluated.
      If set to 'hadoop' it will not allow resulting local user names to have
      either '@' or '/'. If set to 'MIT' it will follow MIT evaluation rules
      and the restrictions of 'hadoop' do not apply.description>
  property>

  <property>
    <name>hadoop.token.filesname>
    <value>value>
    <description>List of token cache files that have delegation tokens for hadoop servicedescription>
  property>

  
  <property>
    <name>io.file.buffer.sizename>
    <value>4096value>
    <description>The size of buffer for use in sequence files.
    The size of this buffer should probably be a multiple of hardware
    page size (4096 on Intel x86), and it determines how much data is
    buffered during read and write operations.description>
  property>

  <property>
    <name>io.bytes.per.checksumname>
    <value>512value>
    <description>The number of bytes per checksum.  Must not be larger than
    io.file.buffer.size.description>
  property>

  <property>
    <name>io.skip.checksum.errorsname>
    <value>falsevalue>
    <description>If true, when a checksum error is encountered while
    reading a sequence file, entries are skipped, instead of throwing an
    exception.description>
  property>

  <property>
    <name>io.compression.codecsname>
    <value>value>
    <description>A comma-separated list of the compression codec classes that can
    be used for compression/decompression. In addition to any classes specified
    with this property (which take precedence), codec classes on the classpath
    are discovered using a Java ServiceLoader.description>
  property>

  <property>
    <name>io.compression.codec.bzip2.libraryname>
    <value>system-nativevalue>
    <description>The native-code library to be used for compression and
    decompression by the bzip2 codec.  This library could be specified
    either by by name or the full pathname.  In the former case, the
    library is located by the dynamic linker, usually searching the
    directories specified in the environment variable LD_LIBRARY_PATH.

    The value of "system-native" indicates that the default system
    library should be used.  To indicate that the algorithm should
    operate entirely in Java, specify "java-builtin".description>
  property>

  <property>
    <name>io.serializationsname>
    <value>org.apache.hadoop.io.serializer.WritableSerialization, org.apache.hadoop.io.serializer.avro.AvroSpecificSerialization, org.apache.hadoop.io.serializer.avro.AvroReflectSerializationvalue>
    <description>A list of serialization classes that can be used for
    obtaining serializers and deserializers.description>
  property>

  <property>
    <name>io.seqfile.local.dirname>
    <value>${hadoop.tmp.dir}/io/localvalue>
    <description>The local directory where sequence file stores intermediate
    data files during merge.  May be a comma-separated list of
    directories on different devices in order to spread disk i/o.
    Directories that do not exist are ignored.
    description>
  property>

  <property>
    <name>io.map.index.skipname>
    <value>0value>
    <description>Number of index entries to skip between each entry.
    Zero by default. Setting this to values larger than zero can
    facilitate opening large MapFiles using less memory.description>
  property>

  <property>
    <name>io.map.index.intervalname>
    <value>128value>
    <description>
      MapFile consist of two files - data file (tuples) and index file
      (keys). For every io.map.index.interval records written in the
      data file, an entry (record-key, data-file-position) is written
      in the index file. This is to allow for doing binary search later
      within the index file to look up records by their keys and get their
      closest positions in the data file.
    description>
  property>

  <property>
    <name>io.erasurecode.codec.rs.rawcodersname>
    <value>rs_native,rs_javavalue>
    <description>
      Comma separated raw coder implementations for the rs codec. The earlier
      factory is prior to followings in case of failure of creating raw coders.
    description>
  property>

  <property>
    <name>io.erasurecode.codec.rs-legacy.rawcodersname>
    <value>rs-legacy_javavalue>
    <description>
      Comma separated raw coder implementations for the rs-legacy codec. The earlier
      factory is prior to followings in case of failure of creating raw coders.
    description>
  property>

  <property>
    <name>io.erasurecode.codec.xor.rawcodersname>
    <value>xor_native,xor_javavalue>
    <description>
      Comma separated raw coder implementations for the xor codec. The earlier
      factory is prior to followings in case of failure of creating raw coders.
    description>
  property>

    

  <property>
    <name>fs.defaultFSname>
    <value>file:///value>
    <description>The name of the default file system.  A URI whose
    scheme and authority determine the FileSystem implementation.  The
    uri's scheme determines the config property (fs.SCHEME.impl) naming
    the FileSystem implementation class.  The uri's authority is used to
    determine the host, port, etc. for a filesystem.description>
  property>

  <property>
    <name>fs.default.namename>
    <value>file:///value>
    <description>Deprecated. Use (fs.defaultFS) property
    insteaddescription>
  property>

  <property>
    <name>fs.trash.intervalname>
    <value>0value>
    <description>Number of minutes after which the checkpoint
    gets deleted.  If zero, the trash feature is disabled.
    This option may be configured both on the server and the
    client. If trash is disabled server side then the client
    side configuration is checked. If trash is enabled on the
    server side then the value configured on the server is
    used and the client configuration value is ignored.
    description>
  property>

  <property>
    <name>fs.trash.checkpoint.intervalname>
    <value>0value>
    <description>Number of minutes between trash checkpoints.
    Should be smaller or equal to fs.trash.interval. If zero,
    the value is set to the value of fs.trash.interval.
    Every time the checkpointer runs it creates a new checkpoint
    out of current and removes checkpoints created more than
    fs.trash.interval minutes ago.
    description>
  property>

  <property>
    <name>fs.protected.directoriesname>
    <value>value>
    <description>A comma-separated list of directories which cannot
      be deleted even by the superuser unless they are empty. This
      setting can be used to guard important system directories
      against accidental deletion due to administrator error.
    description>
  property>

  <property>
    <name>fs.AbstractFileSystem.file.implname>
    <value>org.apache.hadoop.fs.local.LocalFsvalue>
    <description>The AbstractFileSystem for file: uris.description>
  property>

  <property>
    <name>fs.AbstractFileSystem.har.implname>
    <value>org.apache.hadoop.fs.HarFsvalue>
    <description>The AbstractFileSystem for har: uris.description>
  property>

  <property>
    <name>fs.AbstractFileSystem.hdfs.implname>
    <value>org.apache.hadoop.fs.Hdfsvalue>
    <description>The FileSystem for hdfs: uris.description>
  property>

  <property>
    <name>fs.AbstractFileSystem.viewfs.implname>
    <value>org.apache.hadoop.fs.viewfs.ViewFsvalue>
    <description>The AbstractFileSystem for view file system for viewfs: uris
    (ie client side mount table:).description>
  property>

  <property>
    <name>fs.viewfs.rename.strategyname>
    <value>SAME_MOUNTPOINTvalue>
    <description>Allowed rename strategy to rename between multiple mountpoints.
      Allowed values are SAME_MOUNTPOINT,SAME_TARGET_URI_ACROSS_MOUNTPOINT and
      SAME_FILESYSTEM_ACROSS_MOUNTPOINT.
    description>
  property>

  <property>
    <name>fs.AbstractFileSystem.ftp.implname>
    <value>org.apache.hadoop.fs.ftp.FtpFsvalue>
    <description>The FileSystem for Ftp: uris.description>
  property>

  <property>
    <name>fs.ftp.implname>
    <value>org.apache.hadoop.fs.ftp.FTPFileSystemvalue>
    <description>The implementation class of the FTP FileSystemdescription>
  property>

  <property>
    <name>fs.AbstractFileSystem.webhdfs.implname>
    <value>org.apache.hadoop.fs.WebHdfsvalue>
    <description>The FileSystem for webhdfs: uris.description>
  property>

  <property>
    <name>fs.AbstractFileSystem.swebhdfs.implname>
    <value>org.apache.hadoop.fs.SWebHdfsvalue>
    <description>The FileSystem for swebhdfs: uris.description>
  property>

  <property>
    <name>fs.ftp.hostname>
    <value>0.0.0.0value>
    <description>FTP filesystem connects to this serverdescription>
  property>

  <property>
    <name>fs.ftp.host.portname>
    <value>21value>
    <description>
      FTP filesystem connects to fs.ftp.host on this port
    description>
  property>

  <property>
    <name>fs.ftp.data.connection.modename>
    <value>ACTIVE_LOCAL_DATA_CONNECTION_MODEvalue>
    <description>Set the FTPClient's data connection mode based on configuration.
      Valid values are ACTIVE_LOCAL_DATA_CONNECTION_MODE,
      PASSIVE_LOCAL_DATA_CONNECTION_MODE and PASSIVE_REMOTE_DATA_CONNECTION_MODE.
    description>
  property>

  <property>
    <name>fs.ftp.transfer.modename>
    <value>BLOCK_TRANSFER_MODEvalue>
    <description>
      Set FTP's transfer mode based on configuration. Valid values are
      STREAM_TRANSFER_MODE, BLOCK_TRANSFER_MODE and COMPRESSED_TRANSFER_MODE.
    description>
  property>

  <property>
    <name>fs.df.intervalname>
    <value>60000value>
    <description>Disk usage statistics refresh interval in msec.description>
  property>

  <property>
    <name>fs.du.intervalname>
    <value>600000value>
    <description>File space usage statistics refresh interval in msec.description>
  property>

  <property>
    <name>fs.swift.implname>
    <value>org.apache.hadoop.fs.swift.snative.SwiftNativeFileSystemvalue>
    <description>The implementation class of the OpenStack Swift Filesystemdescription>
  property>

  <property>
    <name>fs.automatic.closename>
    <value>truevalue>
    <description>By default, FileSystem instances are automatically closed at program
    exit using a JVM shutdown hook. Setting this property to false disables this
    behavior. This is an advanced option that should only be used by server applications
    requiring a more carefully orchestrated shutdown sequence.
    description>
  property>

  <property>
    <name>fs.s3a.access.keyname>
    <description>AWS access key ID used by S3A file system. Omit for IAM role-based or provider-based authentication.description>
  property>

  <property>
    <name>fs.s3a.secret.keyname>
    <description>AWS secret key used by S3A file system. Omit for IAM role-based or provider-based authentication.description>
  property>

  <property>
    <name>fs.s3a.aws.credentials.providername>
    <description>
      Comma-separated class names of credential provider classes which implement
      com.amazonaws.auth.AWSCredentialsProvider.

      These are loaded and queried in sequence for a valid set of credentials.
      Each listed class must implement one of the following means of
      construction, which are attempted in order:
      1. a public constructor accepting java.net.URI and
          org.apache.hadoop.conf.Configuration,
      2. a public static method named getInstance that accepts no
        arguments and returns an instance of
        com.amazonaws.auth.AWSCredentialsProvider, or
      3. a public default constructor.

      Specifying org.apache.hadoop.fs.s3a.AnonymousAWSCredentialsProvider allows
      anonymous access to a publicly accessible S3 bucket without any credentials.
      Please note that allowing anonymous access to an S3 bucket compromises
      security and therefore is unsuitable for most use cases. It can be useful
      for accessing public data sets without requiring AWS credentials.

      If unspecified, then the default list of credential provider classes,
      queried in sequence, is:
      1. org.apache.hadoop.fs.s3a.BasicAWSCredentialsProvider: supports static
          configuration of AWS access key ID and secret access key.  See also
          fs.s3a.access.key and fs.s3a.secret.key.
      2. com.amazonaws.auth.EnvironmentVariableCredentialsProvider: supports
          configuration of AWS access key ID and secret access key in
          environment variables named AWS_ACCESS_KEY_ID and
          AWS_SECRET_ACCESS_KEY, as documented in the AWS SDK.
      3. com.amazonaws.auth.InstanceProfileCredentialsProvider: supports use
          of instance profile credentials if running in an EC2 VM.
    description>
  property>

  <property>
    <name>fs.s3a.session.tokenname>
    <description>Session token, when using org.apache.hadoop.fs.s3a.TemporaryAWSCredentialsProvider
      as one of the providers.
    description>
  property>

  <property>
    <name>fs.s3a.security.credential.provider.pathname>
    <value />
    <description>
      Optional comma separated list of credential providers, a list
      which is prepended to that set in hadoop.security.credential.provider.path
    description>
  property>

  <property>
    <name>fs.s3a.assumed.role.arnname>
    <value />
    <description>
      AWS ARN for the role to be assumed.
      Required if the fs.s3a.aws.credentials.provider contains
      org.apache.hadoop.fs.s3a.AssumedRoleCredentialProvider
    description>
  property>

  <property>
    <name>fs.s3a.assumed.role.session.namename>
    <value />
    <description>
      Session name for the assumed role, must be valid characters according to
      the AWS APIs.
      Only used if AssumedRoleCredentialProvider is the AWS credential provider.
      If not set, one is generated from the current Hadoop/Kerberos username.
    description>
  property>

  <property>
    <name>fs.s3a.assumed.role.policyname>
    <value/>
    <description>
      JSON policy to apply to the role.
      Only used if AssumedRoleCredentialProvider is the AWS credential provider.
    description>
  property>

  <property>
    <name>fs.s3a.assumed.role.session.durationname>
    <value>30mvalue>
    <description>
      Duration of assumed roles before a refresh is attempted.
      Only used if AssumedRoleCredentialProvider is the AWS credential provider.
      Range: 15m to 1h
    description>
  property>

  <property>
    <name>fs.s3a.assumed.role.sts.endpointname>
    <value/>
    <description>
      AWS Simple Token Service Endpoint. If unset, uses the default endpoint.
      Only used if AssumedRoleCredentialProvider is the AWS credential provider.
    description>
  property>

  <property>
    <name>fs.s3a.assumed.role.credentials.providername>
    <value>org.apache.hadoop.fs.s3a.SimpleAWSCredentialsProvidervalue>
    <description>
      List of credential providers to authenticate with the STS endpoint and
      retrieve short-lived role credentials.
      Only used if AssumedRoleCredentialProvider is the AWS credential provider.
      If unset, uses "org.apache.hadoop.fs.s3a.SimpleAWSCredentialsProvider".
    description>
  property>

  <property>
    <name>fs.s3a.connection.maximumname>
    <value>15value>
    <description>Controls the maximum number of simultaneous connections to S3.description>
  property>

  <property>
    <name>fs.s3a.connection.ssl.enabledname>
    <value>truevalue>
    <description>Enables or disables SSL connections to S3.description>
  property>

  <property>
    <name>fs.s3a.endpointname>
    <description>AWS S3 endpoint to connect to. An up-to-date list is
      provided in the AWS Documentation: regions and endpoints. Without this
      property, the standard region (s3.amazonaws.com) is assumed.
    description>
  property>

  <property>
    <name>fs.s3a.path.style.accessname>
    <value>falsevalue>
    <description>Enable S3 path style access ie disabling the default virtual hosting behaviour.
      Useful for S3A-compliant storage providers as it removes the need to set up DNS for virtual hosting.
    description>
  property>

  <property>
    <name>fs.s3a.proxy.hostname>
    <description>Hostname of the (optional) proxy server for S3 connections.description>
  property>

  <property>
    <name>fs.s3a.proxy.portname>
    <description>Proxy server port. If this property is not set
      but fs.s3a.proxy.host is, port 80 or 443 is assumed (consistent with
      the value of fs.s3a.connection.ssl.enabled).description>
  property>

  <property>
    <name>fs.s3a.proxy.usernamename>
    <description>Username for authenticating with proxy server.description>
  property>

  <property>
    <name>fs.s3a.proxy.passwordname>
    <description>Password for authenticating with proxy server.description>
  property>

  <property>
    <name>fs.s3a.proxy.domainname>
    <description>Domain for authenticating with proxy server.description>
  property>

  <property>
    <name>fs.s3a.proxy.workstationname>
    <description>Workstation for authenticating with proxy server.description>
  property>

  <property>
    <name>fs.s3a.attempts.maximumname>
    <value>20value>
    <description>How many times we should retry commands on transient errors.description>
  property>

  <property>
    <name>fs.s3a.connection.establish.timeoutname>
    <value>5000value>
    <description>Socket connection setup timeout in milliseconds.description>
  property>

  <property>
    <name>fs.s3a.connection.timeoutname>
    <value>200000value>
    <description>Socket connection timeout in milliseconds.description>
  property>

  <property>
    <name>fs.s3a.socket.send.buffername>
    <value>8192value>
    <description>Socket send buffer hint to amazon connector. Represented in bytes.description>
  property>

  <property>
    <name>fs.s3a.socket.recv.buffername>
    <value>8192value>
    <description>Socket receive buffer hint to amazon connector. Represented in bytes.description>
  property>

  <property>
    <name>fs.s3a.paging.maximumname>
    <value>5000value>
    <description>How many keys to request from S3 when doing
      directory listings at a time.description>
  property>

  <property>
    <name>fs.s3a.threads.maxname>
    <value>10value>
    <description>The total number of threads available in the filesystem for data
      uploads *or any other queued filesystem operation*.description>
  property>

  <property>
    <name>fs.s3a.threads.keepalivetimename>
    <value>60value>
    <description>Number of seconds a thread can be idle before being
      terminated.description>
  property>

  <property>
    <name>fs.s3a.max.total.tasksname>
    <value>5value>
    <description>The number of operations which can be queued for executiondescription>
  property>

  <property>
    <name>fs.s3a.multipart.sizename>
    <value>100Mvalue>
    <description>How big (in bytes) to split upload or copy operations up into.
      A suffix from the set {K,M,G,T,P} may be used to scale the numeric value.
    description>
  property>

  <property>
    <name>fs.s3a.multipart.thresholdname>
    <value>2147483647value>
    <description>How big (in bytes) to split upload or copy operations up into.
      This also controls the partition size in renamed files, as rename() involves
      copying the source file(s).
      A suffix from the set {K,M,G,T,P} may be used to scale the numeric value.
    description>
  property>

  <property>
    <name>fs.s3a.multiobjectdelete.enablename>
    <value>truevalue>
    <description>When enabled, multiple single-object delete requests are replaced by
      a single 'delete multiple objects'-request, reducing the number of requests.
      Beware: legacy S3-compatible object stores might not support this request.
    description>
  property>

  <property>
    <name>fs.s3a.acl.defaultname>
    <description>Set a canned ACL for newly created and copied objects. Value may be Private,
        PublicRead, PublicReadWrite, AuthenticatedRead, LogDeliveryWrite, BucketOwnerRead,
        or BucketOwnerFullControl.description>
  property>

  <property>
    <name>fs.s3a.multipart.purgename>
    <value>falsevalue>
    <description>True if you want to purge existing multipart uploads that may not have been
      completed/aborted correctly. The corresponding purge age is defined in
      fs.s3a.multipart.purge.age.
      If set, when the filesystem is instantiated then all outstanding uploads
      older than the purge age will be terminated -across the entire bucket.
      This will impact multipart uploads by other applications and users. so should
      be used sparingly, with an age value chosen to stop failed uploads, without
      breaking ongoing operations.
    description>
  property>

  <property>
    <name>fs.s3a.multipart.purge.agename>
    <value>86400value>
    <description>Minimum age in seconds of multipart uploads to purge
      on startup if "fs.s3a.multipart.purge" is true
    description>
  property>

  <property>
    <name>fs.s3a.server-side-encryption-algorithmname>
    <description>Specify a server-side encryption algorithm for s3a: file system.
      Unset by default.  It supports the following values: 'AES256' (for SSE-S3),
      'SSE-KMS' and 'SSE-C'.
    description>
  property>

  <property>
    <name>fs.s3a.server-side-encryption.keyname>
    <description>Specific encryption key to use if fs.s3a.server-side-encryption-algorithm
      has been set to 'SSE-KMS' or 'SSE-C'. In the case of SSE-C, the value of this property
      should be the Base64 encoded key. If you are using SSE-KMS and leave this property empty,
      you'll be using your default's S3 KMS key, otherwise you should set this property to
      the specific KMS key id.
    description>
  property>

  <property>
    <name>fs.s3a.signing-algorithmname>
    <description>Override the default signing algorithm so legacy
      implementations can still be useddescription>
  property>

  <property>
    <name>fs.s3a.block.sizename>
    <value>32Mvalue>
    <description>Block size to use when reading files using s3a: file system.
      A suffix from the set {K,M,G,T,P} may be used to scale the numeric value.
    description>
  property>

  <property>
    <name>fs.s3a.buffer.dirname>
    <value>${hadoop.tmp.dir}/s3avalue>
    <description>Comma separated list of directories that will be used to buffer file
      uploads to.description>
  property>

  <property>
    <name>fs.s3a.fast.upload.buffername>
    <value>diskvalue>
    <description>
      The buffering mechanism to for data being written.
      Values: disk, array, bytebuffer.

      "disk" will use the directories listed in fs.s3a.buffer.dir as
      the location(s) to save data prior to being uploaded.

      "array" uses arrays in the JVM heap

      "bytebuffer" uses off-heap memory within the JVM.

      Both "array" and "bytebuffer" will consume memory in a single stream up to the number
      of blocks set by:

          fs.s3a.multipart.size * fs.s3a.fast.upload.active.blocks.

      If using either of these mechanisms, keep this value low

      The total number of threads performing work across all threads is set by
      fs.s3a.threads.max, with fs.s3a.max.total.tasks values setting the number of queued
      work items.
    description>
  property>

  <property>
    <name>fs.s3a.fast.upload.active.blocksname>
    <value>4value>
    <description>
      Maximum Number of blocks a single output stream can have
      active (uploading, or queued to the central FileSystem
      instance's pool of queued operations.

      This stops a single stream overloading the shared thread pool.
    description>
  property>

  <property>
    <name>fs.s3a.readahead.rangename>
    <value>64Kvalue>
    <description>Bytes to read ahead during a seek() before closing and
    re-opening the S3 HTTP connection. This option will be overridden if
    any call to setReadahead() is made to an open stream.
    A suffix from the set {K,M,G,T,P} may be used to scale the numeric value.
    description>
  property>

  <property>
    <name>fs.s3a.user.agent.prefixname>
    <value>value>
    <description>
      Sets a custom value that will be prepended to the User-Agent header sent in
      HTTP requests to the S3 back-end by S3AFileSystem.  The User-Agent header
      always includes the Hadoop version number followed by a string generated by
      the AWS SDK.  An example is "User-Agent: Hadoop 2.8.0, aws-sdk-java/1.10.6".
      If this optional property is set, then its value is prepended to create a
      customized User-Agent.  For example, if this configuration property was set
      to "MyApp", then an example of the resulting User-Agent would be
      "User-Agent: MyApp, Hadoop 2.8.0, aws-sdk-java/1.10.6".
    description>
  property>

  <property>
      <name>fs.s3a.metadatastore.authoritativename>
      <value>falsevalue>
      <description>
          When true, allow MetadataStore implementations to act as source of
          truth for getting file status and directory listings.  Even if this
          is set to true, MetadataStore implementations may choose not to
          return authoritative results.  If the configured MetadataStore does
          not support being authoritative, this setting will have no effect.
      description>
  property>

  <property>
      <name>fs.s3a.metadatastore.implname>
      <value>org.apache.hadoop.fs.s3a.s3guard.NullMetadataStorevalue>
      <description>
          Fully-qualified name of the class that implements the MetadataStore
          to be used by s3a.  The default class, NullMetadataStore, has no
          effect: s3a will continue to treat the backing S3 service as the one
          and only source of truth for file and directory metadata.
      description>
  property>

  <property>
      <name>fs.s3a.s3guard.cli.prune.agename>
      <value>86400000value>
      <description>
          Default age (in milliseconds) after which to prune metadata from the
          metadatastore when the prune command is run.  Can be overridden on the
          command-line.
      description>
  property>


  <property>
    <name>fs.s3a.implname>
    <value>org.apache.hadoop.fs.s3a.S3AFileSystemvalue>
    <description>The implementation class of the S3A Filesystemdescription>
  property>

  <property>
    <name>fs.s3a.s3guard.ddb.regionname>
    <value>value>
    <description>
      AWS DynamoDB region to connect to. An up-to-date list is
      provided in the AWS Documentation: regions and endpoints. Without this
      property, the S3Guard will operate table in the associated S3 bucket region.
    description>
  property>

  <property>
    <name>fs.s3a.s3guard.ddb.tablename>
    <value>value>
    <description>
      The DynamoDB table name to operate. Without this property, the respective
      S3 bucket name will be used.
    description>
  property>

  <property>
    <name>fs.s3a.s3guard.ddb.table.createname>
    <value>falsevalue>
    <description>
      If true, the S3A client will create the table if it does not already exist.
    description>
  property>

  <property>
    <name>fs.s3a.s3guard.ddb.table.capacity.readname>
    <value>500value>
    <description>
      Provisioned throughput requirements for read operations in terms of capacity
      units for the DynamoDB table.  This config value will only be used when
      creating a new DynamoDB table, though later you can manually provision by
      increasing or decreasing read capacity as needed for existing tables.
      See DynamoDB documents for more information.
    description>
  property>

  <property>
    <name>fs.s3a.s3guard.ddb.table.capacity.writename>
    <value>100value>
    <description>
      Provisioned throughput requirements for write operations in terms of
      capacity units for the DynamoDB table.  Refer to related config
      fs.s3a.s3guard.ddb.table.capacity.read before usage.
    description>
  property>

  <property>
    <name>fs.s3a.s3guard.ddb.max.retriesname>
    <value>9value>
      <description>
        Max retries on batched DynamoDB operations before giving up and
        throwing an IOException.  Each retry is delayed with an exponential
        backoff timer which starts at 100 milliseconds and approximately
        doubles each time.  The minimum wait before throwing an exception is
        sum(100, 200, 400, 800, .. 100*2^N-1 ) == 100 * ((2^N)-1)
        So N = 9 yields at least 51.1 seconds (51,100) milliseconds of blocking
        before throwing an IOException.
      description>
  property>

  <property>
    <name>fs.s3a.s3guard.ddb.background.sleepname>
    <value>25value>
    <description>
      Length (in milliseconds) of pause between each batch of deletes when
      pruning metadata.  Prevents prune operations (which can typically be low
      priority background operations) from overly interfering with other I/O
      operations.
    description>
  property>

  <property>
    <name>fs.s3a.retry.limitname>
    <value>${fs.s3a.attempts.maximum}value>
    <description>
      Number of times to retry any repeatable S3 client request on failure,
      excluding throttling requests.
    description>
  property>

  <property>
    <name>fs.s3a.retry.intervalname>
    <value>500msvalue>
    <description>
      Interval between attempts to retry operations for any reason other
      than S3 throttle errors.
    description>
  property>

  <property>
    <name>fs.s3a.retry.throttle.limitname>
    <value>${fs.s3a.attempts.maximum}value>
    <description>
      Number of times to retry any throttled request.
    description>
  property>

  <property>
    <name>fs.s3a.retry.throttle.intervalname>
    <value>1000msvalue>
    <description>
      Interval between retry attempts on throttled requests.
    description>
  property>

  <property>
    <name>fs.s3a.committer.namename>
    <value>filevalue>
    <description>
      Committer to create for output to S3A, one of:
      "file", "directory", "partitioned", "magic".
    description>
  property>

  <property>
    <name>fs.s3a.committer.magic.enabledname>
    <value>falsevalue>
    <description>
      Enable support in the filesystem for the S3 "Magic" committer.
      When working with AWS S3, S3Guard must be enabled for the destination
      bucket, as consistent metadata listings are required.
    description>
  property>

  <property>
    <name>fs.s3a.committer.threadsname>
    <value>8value>
    <description>
      Number of threads in committers for parallel operations on files
      (upload, commit, abort, delete...)
    description>
  property>

  <property>
    <name>fs.s3a.committer.staging.tmp.pathname>
    <value>tmp/stagingvalue>
    <description>
      Path in the cluster filesystem for temporary data.
      This is for HDFS, not the local filesystem.
      It is only for the summary data of each file, not the actual
      data being committed.
      Using an unqualified path guarantees that the full path will be
      generated relative to the home directory of the user creating the job,
      hence private (assuming home directory permissions are secure).
    description>
  property>

  <property>
    <name>fs.s3a.committer.staging.unique-filenamesname>
    <value>truevalue>
    <description>
      Option for final files to have a unique name through job attempt info,
      or the value of fs.s3a.committer.staging.uuid
      When writing data with the "append" conflict option, this guarantees
      that new data will not overwrite any existing data.
    description>
  property>

  <property>
    <name>fs.s3a.committer.staging.conflict-modename>
    <value>failvalue>
    <description>
      Staging committer conflict resolution policy.
      Supported: "fail", "append", "replace".
    description>
  property>

  <property>
    <name>fs.s3a.committer.staging.abort.pending.uploadsname>
    <value>truevalue>
    <description>
      Should the staging committers abort all pending uploads to the destination
      directory?

      Changing this if more than one partitioned committer is
      writing to the same destination tree simultaneously; otherwise
      the first job to complete will cancel all outstanding uploads from the
      others. However, it may lead to leaked outstanding uploads from failed
      tasks. If disabled, configure the bucket lifecycle to remove uploads
      after a time period, and/or set up a workflow to explicitly delete
      entries. Otherwise there is a risk that uncommitted uploads may run up
      bills.
    description>
  property>

  <property>
    <name>fs.AbstractFileSystem.s3a.implname>
    <value>org.apache.hadoop.fs.s3a.S3Avalue>
    <description>The implementation class of the S3A AbstractFileSystem.description>
  property>

  <property>
    <name>fs.s3a.list.versionname>
    <value>2value>
    <description>
      Select which version of the S3 SDK's List Objects API to use.  Currently
      support 2 (default) and 1 (older API).
    description>
  property>

  <property>
    <name>fs.s3a.etag.checksum.enabledname>
    <value>falsevalue>
    <description>
      Should calls to getFileChecksum() return the etag value of the remote
      object.
      WARNING: if enabled, distcp operations between HDFS and S3 will fail unless
      -skipcrccheck is set.
    description>
  property>

  
  <property>
    <name>fs.wasb.implname>
    <value>org.apache.hadoop.fs.azure.NativeAzureFileSystemvalue>
    <description>The implementation class of the Native Azure Filesystemdescription>
  property>

  <property>
    <name>fs.wasbs.implname>
    <value>org.apache.hadoop.fs.azure.NativeAzureFileSystem$Securevalue>
    <description>The implementation class of the Secure Native Azure Filesystemdescription>
  property>

  <property>
    <name>fs.azure.secure.modename>
    <value>falsevalue>
    <description>
      Config flag to identify the mode in which fs.azure.NativeAzureFileSystem needs
      to run under. Setting it "true" would make fs.azure.NativeAzureFileSystem use
      SAS keys to communicate with Azure storage.
    description>
  property>
  <property>
    <name>fs.azure.local.sas.key.modename>
    <value>falsevalue>
    <description>
      Works in conjuction with fs.azure.secure.mode. Setting this config to true
      results in fs.azure.NativeAzureFileSystem using the local SAS key generation
      where the SAS keys are generating in the same process as fs.azure.NativeAzureFileSystem.
      If fs.azure.secure.mode flag is set to false, this flag has no effect.
    description>
  property>
  <property>
    <name>fs.azure.sas.expiry.periodname>
    <value>90dvalue>
    <description>
      The default value to be used for expiration period for SAS keys generated.
      Can use the following suffix (case insensitive):
      ms(millis), s(sec), m(min), h(hour), d(day)
      to specify the time (such as 2s, 2m, 1h, etc.).
    description>
  property>
  <property>
    <name>fs.azure.authorizationname>
    <value>falsevalue>
    <description>
      Config flag to enable authorization support in WASB. Setting it to "true" enables
      authorization support to WASB. Currently WASB authorization requires a remote service
      to provide authorization that needs to be specified via fs.azure.authorization.remote.service.url
      configuration
    description>
  property>
  <property>
    <name>fs.azure.authorization.caching.enablename>
    <value>truevalue>
    <description>
      Config flag to enable caching of authorization results and saskeys in WASB.
      This flag is relevant only when fs.azure.authorization is enabled.
    description>
  property>
  <property>
    <name>fs.azure.saskey.usecontainersaskeyforallaccessname>
    <value>truevalue>
    <description>
      Use container saskey for access to all blobs within the container.
      Blob-specific saskeys are not used when this setting is enabled.
      This setting provides better performance compared to blob-specific saskeys.
    description>
  property>
  <property>
    <name>io.seqfile.compress.blocksizename>
    <value>1000000value>
    <description>The minimum block size for compression in block compressed
            SequenceFiles.
    description>
  property>

  <property>
    <name>io.mapfile.bloom.sizename>
    <value>1048576value>
    <description>The size of BloomFilter-s used in BloomMapFile. Each time this many
    keys is appended the next BloomFilter will be created (inside a DynamicBloomFilter).
    Larger values minimize the number of filters, which slightly increases the performance,
    but may waste too much space if the total number of keys is usually much smaller
    than this number.
    description>
  property>

  <property>
    <name>io.mapfile.bloom.error.ratename>
    <value>0.005value>
    <description>The rate of false positives in BloomFilter-s used in BloomMapFile.
    As this value decreases, the size of BloomFilter-s increases exponentially. This
    value is the probability of encountering false positives (default is 0.5%).
    description>
  property>

  <property>
    <name>hadoop.util.hash.typename>
    <value>murmurvalue>
    <description>The default implementation of Hash. Currently this can take one of the
    two values: 'murmur' to select MurmurHash and 'jenkins' to select JenkinsHash.
    description>
  property>


  

  <property>
    <name>ipc.client.idlethresholdname>
    <value>4000value>
    <description>Defines the threshold number of connections after which
                connections will be inspected for idleness.
    description>
  property>

  <property>
    <name>ipc.client.kill.maxname>
    <value>10value>
    <description>Defines the maximum number of clients to disconnect in one go.
    description>
  property>

  <property>
    <name>ipc.client.connection.maxidletimename>
    <value>10000value>
    <description>The maximum time in msec after which a client will bring down the
                connection to the server.
    description>
  property>

  <property>
    <name>ipc.client.connect.max.retriesname>
    <value>10value>
    <description>Indicates the number of retries a client will make to establish
                a server connection.
    description>
  property>

  <property>
    <name>ipc.client.connect.retry.intervalname>
    <value>1000value>
    <description>Indicates the number of milliseconds a client will wait for
      before retrying to establish a server connection.
    description>
  property>

  <property>
    <name>ipc.client.connect.timeoutname>
    <value>20000value>
    <description>Indicates the number of milliseconds a client will wait for the
                socket to establish a server connection.
    description>
  property>

  <property>
    <name>ipc.client.connect.max.retries.on.timeoutsname>
    <value>45value>
    <description>Indicates the number of retries a client will make on socket timeout
                to establish a server connection.
    description>
  property>

  <property>
    <name>ipc.client.tcpnodelayname>
    <value>truevalue>
    <description>Use TCP_NODELAY flag to bypass Nagle's algorithm transmission delays.
    description>
  property>

  <property>
    <name>ipc.client.low-latencyname>
    <value>falsevalue>
    <description>Use low-latency QoS markers for IPC connections.
    description>
  property>

  <property>
    <name>ipc.client.pingname>
    <value>truevalue>
    <description>Send a ping to the server when timeout on reading the response,
    if set to true. If no failure is detected, the client retries until at least
    a byte is read or the time given by ipc.client.rpc-timeout.ms is passed.
    description>
  property>

  <property>
    <name>ipc.ping.intervalname>
    <value>60000value>
    <description>Timeout on waiting response from server, in milliseconds.
    The client will send ping when the interval is passed without receiving bytes,
    if ipc.client.ping is set to true.
    description>
  property>

  <property>
    <name>ipc.client.rpc-timeout.msname>
    <value>0value>
    <description>Timeout on waiting response from server, in milliseconds.
    If ipc.client.ping is set to true and this rpc-timeout is greater than
    the value of ipc.ping.interval, the effective value of the rpc-timeout is
    rounded up to multiple of ipc.ping.interval.
    description>
  property>

  <property>
    <name>ipc.server.listen.queue.sizename>
    <value>128value>
    <description>Indicates the length of the listen queue for servers accepting
                client connections.
    description>
  property>

  <property>
      <name>ipc.server.log.slow.rpcname>
      <value>falsevalue>
      <description>This setting is useful to troubleshoot performance issues for
      various services. If this value is set to true then we log requests that
      fall into 99th percentile as well as increment RpcSlowCalls counter.
      description>
  property>

  <property>
    <name>ipc.maximum.data.lengthname>
    <value>67108864value>
    <description>This indicates the maximum IPC message length (bytes) that can be
      accepted by the server. Messages larger than this value are rejected by the
      immediately to avoid possible OOMs. This setting should rarely need to be
      changed.
    description>
  property>

  <property>
    <name>ipc.maximum.response.lengthname>
    <value>134217728value>
    <description>This indicates the maximum IPC message length (bytes) that can be
      accepted by the client. Messages larger than this value are rejected
      immediately to avoid possible OOMs. This setting should rarely need to be
      changed.  Set to 0 to disable.
    description>
  property>

  

  <property>
    <name>hadoop.security.impersonation.provider.classname>
    <value>value>
    <description>A class which implements ImpersonationProvider interface, used to
        authorize whether one user can impersonate a specific user.
        If not specified, the DefaultImpersonationProvider will be used.
        If a class is specified, then that class will be used to determine
        the impersonation capability.
    description>
  property>

  <property>
    <name>hadoop.rpc.socket.factory.class.defaultname>
    <value>org.apache.hadoop.net.StandardSocketFactoryvalue>
    <description> Default SocketFactory to use. This parameter is expected to be
      formatted as "package.FactoryClassName".
    description>
  property>

  <property>
    <name>hadoop.rpc.socket.factory.class.ClientProtocolname>
    <value>value>
    <description> SocketFactory to use to connect to a DFS. If null or empty, use
      hadoop.rpc.socket.class.default. This socket factory is also used by
      DFSClient to create sockets to DataNodes.
    description>
  property>



  <property>
    <name>hadoop.socks.servername>
    <value>value>
    <description> Address (host:port) of the SOCKS server to be used by the
      SocksSocketFactory.
    description>
  property>

  
  <property>
    <name>net.topology.node.switch.mapping.implname>
    <value>org.apache.hadoop.net.ScriptBasedMappingvalue>
    <description> The default implementation of the DNSToSwitchMapping. It
      invokes a script specified in net.topology.script.file.name to resolve
      node names. If the value for net.topology.script.file.name is not set, the
      default value of DEFAULT_RACK is returned for all node names.
    description>
  property>

  <property>
    <name>net.topology.implname>
    <value>org.apache.hadoop.net.NetworkTopologyvalue>
    <description> The default implementation of NetworkTopology which is classic three layer one.
    description>
  property>

  <property>
    <name>net.topology.script.file.namename>
    <value>value>
    <description> The script name that should be invoked to resolve DNS names to
      NetworkTopology names. Example: the script would take host.foo.bar as an
      argument, and return /rack1 as the output.
    description>
  property>

  <property>
    <name>net.topology.script.number.argsname>
    <value>100value>
    <description> The max number of args that the script configured with
      net.topology.script.file.name should be run with. Each arg is an
      IP address.
    description>
  property>

  <property>
    <name>net.topology.table.file.namename>
    <value>value>
    <description> The file name for a topology file, which is used when the
      net.topology.node.switch.mapping.impl property is set to
      org.apache.hadoop.net.TableMapping. The file format is a two column text
      file, with columns separated by whitespace. The first column is a DNS or
      IP address and the second column specifies the rack where the address maps.
      If no entry corresponding to a host in the cluster is found, then
      /default-rack is assumed.
    description>
  property>

  
  <property>
    <name>file.stream-buffer-sizename>
    <value>4096value>
    <description>The size of buffer to stream files.
    The size of this buffer should probably be a multiple of hardware
    page size (4096 on Intel x86), and it determines how much data is
    buffered during read and write operations.description>
  property>

  <property>
    <name>file.bytes-per-checksumname>
    <value>512value>
    <description>The number of bytes per checksum.  Must not be larger than
    file.stream-buffer-sizedescription>
  property>

  <property>
    <name>file.client-write-packet-sizename>
    <value>65536value>
    <description>Packet size for clients to writedescription>
  property>

  <property>
    <name>file.blocksizename>
    <value>67108864value>
    <description>Block sizedescription>
  property>

  <property>
    <name>file.replicationname>
    <value>1value>
    <description>Replication factordescription>
  property>

  
  <property>
    <name>ftp.stream-buffer-sizename>
    <value>4096value>
    <description>The size of buffer to stream files.
    The size of this buffer should probably be a multiple of hardware
    page size (4096 on Intel x86), and it determines how much data is
    buffered during read and write operations.description>
  property>

  <property>
    <name>ftp.bytes-per-checksumname>
    <value>512value>
    <description>The number of bytes per checksum.  Must not be larger than
    ftp.stream-buffer-sizedescription>
  property>

  <property>
    <name>ftp.client-write-packet-sizename>
    <value>65536value>
    <description>Packet size for clients to writedescription>
  property>

  <property>
    <name>ftp.blocksizename>
    <value>67108864value>
    <description>Block sizedescription>
  property>

  <property>
    <name>ftp.replicationname>
    <value>3value>
    <description>Replication factordescription>
  property>

  

  <property>
    <name>tfile.io.chunk.sizename>
    <value>1048576value>
    <description>
      Value chunk size in bytes. Default  to
      1MB. Values of the length less than the chunk size is
      guaranteed to have known value length in read time (See also
      TFile.Reader.Scanner.Entry.isValueLengthKnown()).
    description>
  property>

  <property>
    <name>tfile.fs.output.buffer.sizename>
    <value>262144value>
    <description>
      Buffer size used for FSDataOutputStream in bytes.
    description>
  property>

  <property>
    <name>tfile.fs.input.buffer.sizename>
    <value>262144value>
    <description>
      Buffer size used for FSDataInputStream in bytes.
    description>
  property>

  

  <property>
    <name>hadoop.http.authentication.typename>
    <value>simplevalue>
    <description>
      Defines authentication used for Oozie HTTP endpoint.
      Supported values are: simple | kerberos | #AUTHENTICATION_HANDLER_CLASSNAME#
    description>
  property>

  <property>
    <name>hadoop.http.authentication.token.validityname>
    <value>36000value>
    <description>
      Indicates how long (in seconds) an authentication token is valid before it has
      to be renewed.
    description>
  property>

  <property>
    <name>hadoop.http.authentication.signature.secret.filename>
    <value>${user.home}/hadoop-http-auth-signature-secretvalue>
    <description>
      The signature secret for signing the authentication tokens.
      The same secret should be used for JT/NN/DN/TT configurations.
    description>
  property>

  <property>
    <name>hadoop.http.authentication.cookie.domainname>
    <value>value>
    <description>
      The domain to use for the HTTP cookie that stores the authentication token.
      In order to authentiation to work correctly across all Hadoop nodes web-consoles
      the domain must be correctly set.
      IMPORTANT: when using IP addresses, browsers ignore cookies with domain settings.
      For this setting to work properly all nodes in the cluster must be configured
      to generate URLs with hostname.domain names on it.
    description>
  property>

  <property>
    <name>hadoop.http.authentication.simple.anonymous.allowedname>
    <value>truevalue>
    <description>
      Indicates if anonymous requests are allowed when using 'simple' authentication.
    description>
  property>

  <property>
    <name>hadoop.http.authentication.kerberos.principalname>
    <value>HTTP/_HOST@LOCALHOSTvalue>
    <description>
      Indicates the Kerberos principal to be used for HTTP endpoint.
      The principal MUST start with 'HTTP/' as per Kerberos HTTP SPNEGO specification.
    description>
  property>

  <property>
    <name>hadoop.http.authentication.kerberos.keytabname>
    <value>${user.home}/hadoop.keytabvalue>
    <description>
      Location of the keytab file with the credentials for the principal.
      Referring to the same keytab file Oozie uses for its Kerberos credentials for Hadoop.
    description>
  property>

  
  <property>
    <name>hadoop.http.cross-origin.enabledname>
    <value>falsevalue>
    <description>Enable/disable the cross-origin (CORS) filter.description>
  property>

  <property>
    <name>hadoop.http.cross-origin.allowed-originsname>
    <value>*value>
    <description>Comma separated list of origins that are allowed for web services
      needing cross-origin (CORS) support. If a value in the list contains an
      asterix (*), a regex pattern, escaping any dots ('.' -> '\.') and replacing
      the asterix such that it captures any characters ('*' -> '.*'), is generated.
      Values prefixed with 'regex:' are interpreted directly as regular expressions,
      e.g. use the expression 'regex:https?:\/\/foo\.bar:([0-9]+)?' to allow any
      origin using the 'http' or 'https' protocol in the domain 'foo.bar' on any
      port. The use of simple wildcards ('*') is discouraged, and only available for
      backward compatibility.description>
  property>

  <property>
    <name>hadoop.http.cross-origin.allowed-methodsname>
    <value>GET,POST,HEADvalue>
    <description>Comma separated list of methods that are allowed for web
      services needing cross-origin (CORS) support.description>
  property>

  <property>
    <name>hadoop.http.cross-origin.allowed-headersname>
    <value>X-Requested-With,Content-Type,Accept,Originvalue>
    <description>Comma separated list of headers that are allowed for web
      services needing cross-origin (CORS) support.description>
  property>

  <property>
    <name>hadoop.http.cross-origin.max-agename>
    <value>1800value>
    <description>The number of seconds a pre-flighted request can be cached
      for web services needing cross-origin (CORS) support.description>
  property>

  <property>
    <name>dfs.ha.fencing.methodsname>
    <value>value>
    <description>
      List of fencing methods to use for service fencing. May contain
      builtin methods (eg shell and sshfence) or user-defined method.
    description>
  property>

  <property>
    <name>dfs.ha.fencing.ssh.connect-timeoutname>
    <value>30000value>
    <description>
      SSH connection timeout, in milliseconds, to use with the builtin
      sshfence fencer.
    description>
  property>

  <property>
    <name>dfs.ha.fencing.ssh.private-key-filesname>
    <value>value>
    <description>
      The SSH private key files to use with the builtin sshfence fencer.
    description>
  property>

  <property>
    <name>ha.zookeeper.quorumname>
    <description>
      A list of ZooKeeper server addresses, separated by commas, that are
      to be used by the ZKFailoverController in automatic failover.
    description>
  property>

  <property>
    <name>ha.zookeeper.session-timeout.msname>
    <value>10000value>
    <description>
      The session timeout to use when the ZKFC connects to ZooKeeper.
      Setting this value to a lower value implies that server crashes
      will be detected more quickly, but risks triggering failover too
      aggressively in the case of a transient error or network blip.
    description>
  property>

  <property>
    <name>ha.zookeeper.parent-znodename>
    <value>/hadoop-havalue>
    <description>
      The ZooKeeper znode under which the ZK failover controller stores
      its information. Note that the nameservice ID is automatically
      appended to this znode, so it is not normally necessary to
      configure this, even in a federated environment.
    description>
  property>

  <property>
    <name>ha.zookeeper.aclname>
    <value>world:anyone:rwcdavalue>
    <description>
      A comma-separated list of ZooKeeper ACLs to apply to the znodes
      used by automatic failover. These ACLs are specified in the same
      format as used by the ZooKeeper CLI.

      If the ACL itself contains secrets, you may instead specify a
      path to a file, prefixed with the '@' symbol, and the value of
      this configuration will be loaded from within.
    description>
  property>

  <property>
    <name>ha.zookeeper.authname>
    <value>value>
    <description>
      A comma-separated list of ZooKeeper authentications to add when
      connecting to ZooKeeper. These are specified in the same format
      as used by the "addauth" command in the ZK CLI. It is
      important that the authentications specified here are sufficient
      to access znodes with the ACL specified in ha.zookeeper.acl.

      If the auths contain secrets, you may instead specify a
      path to a file, prefixed with the '@' symbol, and the value of
      this configuration will be loaded from within.
    description>
  property>

  
  <property>
    <name>hadoop.http.staticuser.username>
    <value>dr.whovalue>
    <description>
      The user name to filter as, on static web filters
      while rendering content. An example use is the HDFS
      web UI (user to be used for browsing files).
    description>
  property>

  

  <property>
    <name>hadoop.ssl.keystores.factory.classname>
    <value>org.apache.hadoop.security.ssl.FileBasedKeyStoresFactoryvalue>
    <description>
      The keystores factory to use for retrieving certificates.
    description>
  property>

  <property>
    <name>hadoop.ssl.require.client.certname>
    <value>falsevalue>
    <description>Whether client certificates are requireddescription>
  property>

  <property>
    <name>hadoop.ssl.hostname.verifiername>
    <value>DEFAULTvalue>
    <description>
      The hostname verifier to provide for HttpsURLConnections.
      Valid values are: DEFAULT, STRICT, STRICT_IE6, DEFAULT_AND_LOCALHOST and
      ALLOW_ALL
    description>
  property>

  <property>
    <name>hadoop.ssl.server.confname>
    <value>ssl-server.xmlvalue>
    <description>
      Resource file from which ssl server keystore information will be extracted.
      This file is looked up in the classpath, typically it should be in Hadoop
      conf/ directory.
    description>
  property>

  <property>
    <name>hadoop.ssl.client.confname>
    <value>ssl-client.xmlvalue>
    <description>
      Resource file from which ssl client keystore information will be extracted
      This file is looked up in the classpath, typically it should be in Hadoop
      conf/ directory.
    description>
  property>

  <property>
    <name>hadoop.ssl.enabledname>
    <value>falsevalue>
    <description>
      Deprecated. Use dfs.http.policy and yarn.http.policy instead.
    description>
  property>

  <property>
    <name>hadoop.ssl.enabled.protocolsname>
    <value>TLSv1,SSLv2Hello,TLSv1.1,TLSv1.2value>
    <description>
      The supported SSL protocols.
    description>
  property>

  <property>
    <name>hadoop.jetty.logs.serve.aliasesname>
    <value>truevalue>
    <description>
      Enable/Disable aliases serving from jetty
    description>
  property>

  <property>
    <name>fs.permissions.umask-modename>
    <value>022value>
    <description>
      The umask used when creating files and directories.
      Can be in octal or in symbolic. Examples are:
      "022" (octal for u=rwx,g=r-x,o=r-x in symbolic),
      or "u=rwx,g=rwx,o=" (symbolic for 007 in octal).
    description>
  property>

  

  <property>
    <name>ha.health-monitor.connect-retry-interval.msname>
    <value>1000value>
    <description>
      How often to retry connecting to the service.
    description>
  property>

  <property>
    <name>ha.health-monitor.check-interval.msname>
    <value>1000value>
    <description>
      How often to check the service.
    description>
  property>

  <property>
    <name>ha.health-monitor.sleep-after-disconnect.msname>
    <value>1000value>
    <description>
      How long to sleep after an unexpected RPC error.
    description>
  property>

  <property>
    <name>ha.health-monitor.rpc-timeout.msname>
    <value>45000value>
    <description>
      Timeout for the actual monitorHealth() calls.
    description>
  property>

  <property>
    <name>ha.failover-controller.new-active.rpc-timeout.msname>
    <value>60000value>
    <description>
      Timeout that the FC waits for the new active to become active
    description>
  property>

  <property>
    <name>ha.failover-controller.graceful-fence.rpc-timeout.msname>
    <value>5000value>
    <description>
      Timeout that the FC waits for the old active to go to standby
    description>
  property>

  <property>
    <name>ha.failover-controller.graceful-fence.connection.retriesname>
    <value>1value>
    <description>
      FC connection retries for graceful fencing
    description>
  property>

  <property>
    <name>ha.failover-controller.cli-check.rpc-timeout.msname>
    <value>20000value>
    <description>
      Timeout that the CLI (manual) FC waits for monitorHealth, getServiceState
    description>
  property>

  <property>
    <name>ipc.client.fallback-to-simple-auth-allowedname>
    <value>falsevalue>
    <description>
      When a client is configured to attempt a secure connection, but attempts to
      connect to an insecure server, that server may instruct the client to
      switch to SASL SIMPLE (unsecure) authentication. This setting controls
      whether or not the client will accept this instruction from the server.
      When false (the default), the client will not allow the fallback to SIMPLE
      authentication, and will abort the connection.
    description>
  property>

  <property>
    <name>fs.client.resolve.remote.symlinksname>
    <value>truevalue>
    <description>
        Whether to resolve symlinks when accessing a remote Hadoop filesystem.
        Setting this to false causes an exception to be thrown upon encountering
        a symlink. This setting does not apply to local filesystems, which
        automatically resolve local symlinks.
    description>
  property>

  <property>
    <name>nfs.exports.allowed.hostsname>
    <value>* rwvalue>
    <description>
      By default, the export can be mounted by any client. The value string
      contains machine name and access privilege, separated by whitespace
      characters. The machine name format can be a single host, a Java regular
      expression, or an IPv4 address. The access privilege uses rw or ro to
      specify read/write or read-only access of the machines to exports. If the
      access privilege is not provided, the default is read-only. Entries are separated by ";".
      For example: "192.168.0.0/22 rw ; host.*\.example\.com ; host1.test.org ro;".
      Only the NFS gateway needs to restart after this property is updated.
    description>
  property>

  <property>
    <name>hadoop.user.group.static.mapping.overridesname>
    <value>dr.who=;value>
    <description>
      Static mapping of user to groups. This will override the groups if
      available in the system for the specified user. In other words, groups
      look-up will not happen for these users, instead groups mapped in this
      configuration will be used.
      Mapping should be in this format.
      user1=group1,group2;user2=;user3=group2;
      Default, "dr.who=;" will consider "dr.who" as user without groups.
    description>
  property>

  <property>
    <name>rpc.metrics.quantile.enablename>
    <value>falsevalue>
    <description>
      Setting this property to true and rpc.metrics.percentiles.intervals
      to a comma-separated list of the granularity in seconds, the
      50/75/90/95/99th percentile latency for rpc queue/processing time in
      milliseconds are added to rpc metrics.
    description>
  property>

  <property>
    <name>rpc.metrics.percentiles.intervalsname>
    <value>value>
    <description>
      A comma-separated list of the granularity in seconds for the metrics which
      describe the 50/75/90/95/99th percentile latency for rpc queue/processing
      time. The metrics are outputted if rpc.metrics.quantile.enable is set to
      true.
    description>
  property>

  <property>
    <name>hadoop.security.crypto.codec.classes.EXAMPLECIPHERSUITEname>
    <value>value>
    <description>
      The prefix for a given crypto codec, contains a comma-separated
      list of implementation classes for a given crypto codec (eg EXAMPLECIPHERSUITE).
      The first implementation will be used if available, others are fallbacks.
    description>
  property>

  <property>
    <name>hadoop.security.crypto.codec.classes.aes.ctr.nopaddingname>
    <value>org.apache.hadoop.crypto.OpensslAesCtrCryptoCodec, org.apache.hadoop.crypto.JceAesCtrCryptoCodecvalue>
    <description>
      Comma-separated list of crypto codec implementations for AES/CTR/NoPadding.
      The first implementation will be used if available, others are fallbacks.
    description>
  property>

  <property>
    <name>hadoop.security.crypto.cipher.suitename>
    <value>AES/CTR/NoPaddingvalue>
    <description>
      Cipher suite for crypto codec.
    description>
  property>

  <property>
    <name>hadoop.security.crypto.jce.providername>
    <value>value>
    <description>
      The JCE provider name used in CryptoCodec.
    description>
  property>

  <property>
    <name>hadoop.security.crypto.jceks.key.serialfiltername>
    <description>
      Enhanced KeyStore Mechanisms in JDK 8u171 introduced jceks.key.serialFilter.
      If jceks.key.serialFilter is configured, the JCEKS KeyStore uses it during
      the deserialization of the encrypted Key object stored inside a
      SecretKeyEntry.
      If jceks.key.serialFilter is not configured it will cause an error when
      recovering keystore file in KeyProviderFactory when recovering key from
      keystore file using JDK 8u171 or newer. The filter pattern uses the same
      format as jdk.serialFilter.

      The value of this property will be used as the following:
      1. The value of jceks.key.serialFilter system property takes precedence
      over the value of this property.
      2. In the absence of jceks.key.serialFilter system property the value of
      this property will be set as the value of jceks.key.serialFilter.
      3. If the value of this property and jceks.key.serialFilter system
      property has not been set, org.apache.hadoop.crypto.key.KeyProvider
      sets a default value for jceks.key.serialFilter.
    description>
  property>

  <property>
    <name>hadoop.security.crypto.buffer.sizename>
    <value>8192value>
    <description>
      The buffer size used by CryptoInputStream and CryptoOutputStream.
    description>
  property>

  <property>
    <name>hadoop.security.java.secure.random.algorithmname>
    <value>SHA1PRNGvalue>
    <description>
      The java secure random algorithm.
    description>
  property>

  <property>
    <name>hadoop.security.secure.random.implname>
    <value>value>
    <description>
      Implementation of secure random.
    description>
  property>

  <property>
    <name>hadoop.security.random.device.file.pathname>
    <value>/dev/urandomvalue>
    <description>
      OS security random device file path.
    description>
  property>

  <property>
    <name>hadoop.security.key.provider.pathname>
    <description>
      The KeyProvider to use when managing zone keys, and interacting with
      encryption keys when reading and writing to an encryption zone.
      For hdfs clients, the provider path will be same as namenode's
      provider path.
    description>
  property>

  <property>
    <name>hadoop.security.key.default.bitlengthname>
    <value>128value>
    <description>
      The length (bits) of keys we want the KeyProvider to produce. Key length
      defines the upper-bound on an algorithm's security, ideally, it would
      coincide with the lower-bound on an algorithm's security.
    description>
  property>

  <property>
    <name>hadoop.security.key.default.ciphername>
    <value>AES/CTR/NoPaddingvalue>
    <description>
      This indicates the algorithm that be used by KeyProvider for generating
      key, and will be converted to CipherSuite when creating encryption zone.
    description>
  property>

  <property>
    <name>fs.har.impl.disable.cachename>
    <value>truevalue>
    <description>Don't cache 'har' filesystem instances.description>
  property>

  
  <property>
    <name>hadoop.security.kms.client.authentication.retry-countname>
    <value>1value>
    <description>
      Number of time to retry connecting to KMS on authentication failure
    description>
  property>
  <property>
    <name>hadoop.security.kms.client.encrypted.key.cache.sizename>
    <value>500value>
    <description>
      Size of the EncryptedKeyVersion cache Queue for each key
    description>
  property>
  <property>
    <name>hadoop.security.kms.client.encrypted.key.cache.low-watermarkname>
    <value>0.3fvalue>
    <description>
      If size of the EncryptedKeyVersion cache Queue falls below the
      low watermark, this cache queue will be scheduled for a refill
    description>
  property>
  <property>
    <name>hadoop.security.kms.client.encrypted.key.cache.num.refill.threadsname>
    <value>2value>
    <description>
      Number of threads to use for refilling depleted EncryptedKeyVersion
      cache Queues
    description>
  property>
  <property>
    <name>hadoop.security.kms.client.encrypted.key.cache.expiryname>
    <value>43200000value>
    <description>
      Cache expiry time for a Key, after which the cache Queue for this
      key will be dropped. Default = 12hrs
    description>
  property>
  <property>
    <name>hadoop.security.kms.client.timeoutname>
    <value>60value>
    <description>
      Sets value for KMS client connection timeout, and the read timeout
      to KMS servers.
    description>
  property>

  <property>
    <name>hadoop.security.kms.client.failover.sleep.base.millisname>
    <value>100value>
    <description>
      Expert only. The time to wait, in milliseconds, between failover
      attempts increases exponentially as a function of the number of
      attempts made so far, with a random factor of +/- 50%. This option
      specifies the base value used in the failover calculation. The
      first failover will retry immediately. The 2nd failover attempt
      will delay at least hadoop.security.client.failover.sleep.base.millis
      milliseconds. And so on.
    description>
  property>

  <property>
    <name>hadoop.security.kms.client.failover.sleep.max.millisname>
    <value>2000value>
    <description>
      Expert only. The time to wait, in milliseconds, between failover
      attempts increases exponentially as a function of the number of
      attempts made so far, with a random factor of +/- 50%. This option
      specifies the maximum value to wait between failovers.
      Specifically, the time between two failover attempts will not
      exceed +/- 50% of hadoop.security.client.failover.sleep.max.millis
      milliseconds.
    description>
  property>

  <property>
    <name>ipc.server.max.connectionsname>
    <value>0value>
    <description>The maximum number of concurrent connections a server is allowed
      to accept. If this limit is exceeded, incoming connections will first fill
      the listen queue and then may go to an OS-specific listen overflow queue.
      The client may fail or timeout, but the server can avoid running out of file
      descriptors using this feature. 0 means no limit.
    description>
  property>


  

  <property>
    <name>hadoop.registry.zk.rootname>
    <value>/registryvalue>
    <description>
      The root zookeeper node for the registry
    description>
  property>

  <property>
    <name>hadoop.registry.zk.session.timeout.msname>
    <value>60000value>
    <description>
      Zookeeper session timeout in milliseconds
    description>
  property>

  <property>
    <name>hadoop.registry.zk.connection.timeout.msname>
    <value>15000value>
    <description>
      Zookeeper connection timeout in milliseconds
    description>
  property>

  <property>
    <name>hadoop.registry.zk.retry.timesname>
    <value>5value>
    <description>
      Zookeeper connection retry count before failing
    description>
  property>

  <property>
    <name>hadoop.registry.zk.retry.interval.msname>
    <value>1000value>
    <description>
    description>
  property>

  <property>
    <name>hadoop.registry.zk.retry.ceiling.msname>
    <value>60000value>
    <description>
      Zookeeper retry limit in milliseconds, during
      exponential backoff.

      This places a limit even
      if the retry times and interval limit, combined
      with the backoff policy, result in a long retry
      period
    description>
  property>

  <property>
    <name>hadoop.registry.zk.quorumname>
    <value>localhost:2181value>
    <description>
      List of hostname:port pairs defining the
      zookeeper quorum binding for the registry
    description>
  property>

  <property>
    <name>hadoop.registry.securename>
    <value>falsevalue>
    <description>
      Key to set if the registry is secure. Turning it on
      changes the permissions policy from "open access"
      to restrictions on kerberos with the option of
      a user adding one or more auth key pairs down their
      own tree.
    description>
  property>

  <property>
    <name>hadoop.registry.system.aclsname>
    <value>sasl:yarn@, sasl:mapred@, sasl:hdfs@value>
    <description>
      A comma separated list of Zookeeper ACL identifiers with
      system access to the registry in a secure cluster.

      These are given full access to all entries.

      If there is an "@" at the end of a SASL entry it
      instructs the registry client to append the default kerberos domain.
    description>
  property>

  <property>
    <name>hadoop.registry.kerberos.realmname>
    <value>value>
    <description>
      The kerberos realm: used to set the realm of
      system principals which do not declare their realm,
      and any other accounts that need the value.

      If empty, the default realm of the running process
      is used.

      If neither are known and the realm is needed, then the registry
      service/client will fail.
    description>
  property>

  <property>
    <name>hadoop.registry.jaas.contextname>
    <value>Clientvalue>
    <description>
      Key to define the JAAS context. Used in secure
      mode
    description>
  property>

  <property>
    <name>hadoop.shell.missing.defaultFs.warningname>
    <value>falsevalue>
    <description>
      Enable hdfs shell commands to display warnings if (fs.defaultFS) property
      is not set.
    description>
  property>

  <property>
    <name>hadoop.shell.safely.delete.limit.num.filesname>
    <value>100value>
    <description>Used by -safely option of hadoop fs shell -rm command to avoid
      accidental deletion of large directories. When enabled, the -rm command
      requires confirmation if the number of files to be deleted is greater than
      this limit.  The default limit is 100 files. The warning is disabled if
      the limit is 0 or the -safely is not specified in -rm command.
    description>
  property>

  <property>
    <name>fs.client.htrace.sampler.classesname>
    <value>value>
    <description>The class names of the HTrace Samplers to use for Hadoop
      filesystem clients.
    description>
  property>

  <property>
    <name>hadoop.htrace.span.receiver.classesname>
    <value>value>
    <description>The class names of the Span Receivers to use for Hadoop.
    description>
  property>

  <property>
    <name>hadoop.http.logs.enabledname>
    <value>truevalue>
    <description>
      Enable the "/logs" endpoint on all Hadoop daemons, which serves local
      logs, but may be considered a security risk due to it listing the contents
      of a directory.
    description>
  property>

  <property>
    <name>fs.client.resolve.topology.enabledname>
    <value>falsevalue>
    <description>Whether the client machine will use the class specified by
      property net.topology.node.switch.mapping.impl to compute the network
      distance between itself and remote machines of the FileSystem. Additional
      properties might need to be configured depending on the class specified
      in net.topology.node.switch.mapping.impl. For example, if
      org.apache.hadoop.net.ScriptBasedMapping is used, a valid script file
      needs to be specified in net.topology.script.file.name.
    description>
  property>


  

  <property>
    <name>fs.adl.implname>
    <value>org.apache.hadoop.fs.adl.AdlFileSystemvalue>
  property>

  <property>
    <name>fs.AbstractFileSystem.adl.implname>
    <value>org.apache.hadoop.fs.adl.Adlvalue>
  property>

  <property>
    <name>adl.feature.ownerandgroup.enableupnname>
    <value>falsevalue>
    <description>
      When true : User and Group in FileStatus/AclStatus response is
      represented as user friendly name as per Azure AD profile.

      When false (default) : User and Group in FileStatus/AclStatus
      response is represented by the unique identifier from Azure AD
      profile (Object ID as GUID).

      For optimal performance, false is recommended.
    description>
  property>

  <property>
    <name>fs.adl.oauth2.access.token.provider.typename>
    <value>ClientCredentialvalue>
    <description>
      Defines Azure Active Directory OAuth2 access token provider type.
      Supported types are ClientCredential, RefreshToken, MSI, DeviceCode,
      and Custom.
      The ClientCredential type requires property fs.adl.oauth2.client.id,
      fs.adl.oauth2.credential, and fs.adl.oauth2.refresh.url.
      The RefreshToken type requires property fs.adl.oauth2.client.id and
      fs.adl.oauth2.refresh.token.
      The MSI type reads optional property fs.adl.oauth2.msi.port, if specified.
      The DeviceCode type requires property
      fs.adl.oauth2.devicecode.clientapp.id.
      The Custom type requires property fs.adl.oauth2.access.token.provider.
    description>
  property>

  <property>
    <name>fs.adl.oauth2.client.idname>
    <value>value>
    <description>The OAuth2 client id.description>
  property>

  <property>
    <name>fs.adl.oauth2.credentialname>
    <value>value>
    <description>The OAuth2 access key.description>
  property>

  <property>
    <name>fs.adl.oauth2.refresh.urlname>
    <value>value>
    <description>The OAuth2 token endpoint.description>
  property>

  <property>
    <name>fs.adl.oauth2.refresh.tokenname>
    <value>value>
    <description>The OAuth2 refresh token.description>
  property>

  <property>
    <name>fs.adl.oauth2.access.token.providername>
    <value>value>
    <description>
      The class name of the OAuth2 access token provider.
    description>
  property>

  <property>
    <name>fs.adl.oauth2.msi.portname>
    <value>value>
    <description>
      The localhost port for the MSI token service. This is the port specified
      when creating the Azure VM. The default, if this setting is not specified,
      is 50342.
      Used by MSI token provider.
    description>
  property>

  <property>
    <name>fs.adl.oauth2.devicecode.clientapp.idname>
    <value>value>
    <description>
      The app id of the AAD native app in whose context the auth request
      should be made.
      Used by DeviceCode token provider.
    description>
  property>

  

  <property>
    <name>hadoop.caller.context.enabledname>
    <value>falsevalue>
    <description>When the feature is enabled, additional fields are written into
      name-node audit log records for auditing coarse granularity operations.
    description>
  property>
  <property>
    <name>hadoop.caller.context.max.sizename>
    <value>128value>
    <description>The maximum bytes a caller context string can have. If the
      passed caller context is longer than this maximum bytes, client will
      truncate it before sending to server. Note that the server may have a
      different maximum size, and will truncate the caller context to the
      maximum size it allows.
    description>
  property>
  <property>
    <name>hadoop.caller.context.signature.max.sizename>
    <value>40value>
    <description>
      The caller's signature (optional) is for offline validation. If the
      signature exceeds the maximum allowed bytes in server, the caller context
      will be abandoned, in which case the caller context will not be recorded
      in audit logs.
    description>
  property>

  <property>
    <name>seq.io.sort.mbname>
    <value>100value>
    <description>
      The total amount of buffer memory to use while sorting files,
      while using SequenceFile.Sorter, in megabytes. By default,
      gives each merge stream 1MB, which should minimize seeks.
    description>
  property>
  <property>
    <name>seq.io.sort.factorname>
    <value>100value>
    <description>
      The number of streams to merge at once while sorting
      files using SequenceFile.Sorter.
      This determines the number of open file handles.
    description>
  property>

  <property>
    <name>hadoop.zk.addressname>
    
    <description>Host:Port of the ZooKeeper server to be used.
    description>
  property>

  <property>
    <name>hadoop.zk.num-retriesname>
    <value>1000value>
    <description>Number of tries to connect to ZooKeeper.description>
  property>

  <property>
    <name>hadoop.zk.retry-interval-msname>
    <value>1000value>
    <description>Retry interval in milliseconds when connecting to ZooKeeper.
    description>
  property>

  <property>
    <name>hadoop.zk.timeout-msname>
    <value>10000value>
    <description>ZooKeeper session timeout in milliseconds. Session expiration
    is managed by the ZooKeeper cluster itself, not by the client. This value is
    used by the cluster to determine when the client's session expires.
    Expirations happens when the cluster does not hear from the client within
    the specified session timeout period (i.e. no heartbeat).description>
  property>

  <property>
    <name>hadoop.zk.aclname>
    <value>world:anyone:rwcdavalue>
    <description>ACL's to be used for ZooKeeper znodes.description>
  property>

  <property>
    <name>hadoop.zk.authname>
    <description>
        Specify the auths to be used for the ACL's specified in hadoop.zk.acl.
        This takes a comma-separated list of authentication mechanisms, each of the
        form 'scheme:auth' (the same syntax used for the 'addAuth' command in
        the ZK CLI).
    description>
  property>
  <property>
    <name>hadoop.system.tagsname>
    <value>YARN,HDFS,NAMENODE,DATANODE,REQUIRED,SECURITY,KERBEROS,PERFORMANCE,CLIENT
      ,SERVER,DEBUG,DEPRICATED,COMMON,OPTIONALvalue>
    <description>
      System tags to group related properties together.
    description>
  property>

  <property>
    <name>ipc.client.bind.wildcard.addrname>
    <value>falsevalue>
    <description>When set to true Clients will bind socket to wildcard
      address. (i.e 0.0.0.0)
    description>
  property>
configuration>

你可能感兴趣的:(Hadoop,xml,apache,hadoop,分布式,hdfs)