Skip to content

Latest commit

 

History

History
361 lines (281 loc) · 16.1 KB

pravega-security-configurations.md

File metadata and controls

361 lines (281 loc) · 16.1 KB
Raw

Pravega Security Configurations

This document describes the security configuration parameters of Pravega, in both distributed and standalone modes.

Table of Contents:

Security Configuration Parameters in Distributed Mode

In the distributed mode, Controllers and Segment Stores are configured via separate sets of parameters.

These parameters may be specified via configuration files or Java system properties. Alternatively, you may use environment variables to configure them.

The following sub-sections describe their Transport Layer Security (TLS) and auth (short for authentication and authorization) parameters.

Controller TLS Configuration Parameters

  • controller.security.tls.enable

    Property Value
    Description: Whether to enable TLS for client-server communication.
    Type: boolean
    Default: false
    Valid values: {true, false}
    Old name: controller.auth.tlsEnabled (deprecated)

  • controller.security.tls.server.certificate.location

    Property Value
    Description: Path of the PEM-encoded file that contains a TLS certificate to use for securing the server's gRPC interface. The TLS certificate contains the public key of the server.
    Type: string
    Default: None
    Sample value: /path/to/server/server1-cert.crt
    Old name: controller.auth.tlsCertFile (deprecated)

  • controller.security.tls.server.privateKey.location

    Property Value
    Description: Path of the PEM-encoded file that contains the private key associated with the server's public key bound in its TLS certificate. This file must be kept private and secured to avoid compromise of TLS security.
    Type: string
    Default: None
    Sample value: /path/to/server/server1-privateKey.key
    Old name: controller.auth.tlsKeyFile (deprecated)

  • controller.security.tls.server.keyStore.location

    Property Value
    Description: Path of the .jks file that contains the TLS material used for securing the Controller's REST interface. It contains the server's public key certificate and the associated pivate key, as well as the CA's certificate.
    Type: string
    Default: None
    Sample value: /path/to/server/server1-keystore.jks
    Old name: controller.rest.tlsKeyStoreFile (deprecated)

  • controller.security.tls.server.keyStore.pwd.location

    Property Value
    Description: Path of the file containing the password for the keystore specified via controller.security.tls.server.keyStore.location.
    Type: string
    Default: None
    Sample value: /path/to/server/server1-keystore.pwd
    Old name: controller.rest.tlsKeyStorePasswordFile (deprecated)

  • controller.security.tls.trustStore.location

    Property Value
    Description: Path of the PEM-encoded file that contains the certificates that the server should trust, when connecting to other services like Segment Store and instances. Typically, it contains the public key certificate of the CA that has signed the services' certificates. It may alternatively contain the service's certificates directly.
    Type: string
    Default: None
    Sample value: /path/to/client/truststore.crt
    Old name: controller.auth.tlsTrustStore (deprecated)

  • controller.segmentstore.connect.channel.tls

    Property Value
    Description: Whether to enable TLS for communications with Segment Store, even if TLS is disabled for the Controller. This is useful in cases where the Controller has TLS disabled, but the Segment Store has it enabled.
    Type: string
    Default: Same as that of controller.security.tls.enable
    Valid values: {true, false, ``}
    Old name: controller.auth.segmentStoreTlsEnabled (deprecated)

  • controller.zk.connect.security.enable

    Property Value
    Description: Whether to enable security for communications with Apache Zookeeper.
    Type: boolean
    Default: false
    Valid values: {true, false}
    Old name: controller.zk.secureConnection (deprecated)

  • controller.zk.connect.security.tls.trustStore.location

    Property Value
    Description: Path of the truststore file in .jks format for TLS connections with Apache Zookeeer.
    Type: string
    Default: None
    Sample value: /path/to/client/zookeeper.truststore.crt
    Old name: controller.zk.tlsTrustStoreFile (deprecated)

  • controller.zk.connect.security.tls.trustStore.pwd.location

    Property Value
    Description: Path of the file containing the password of the truststore specified via controller.zk.connect.security.tls.trustStore.location.
    Type: string
    Default: None
    Sample value: /path/to/client/zookeeper.truststore.pwd
    Old name: controller.zk.tlsTrustStoreFile (deprecated)

Controller Authentication and Authorization Configuration Parameters

  • controller.security.auth.enable

    Property Value
    Description: Whether to enable authentication and authorization (Auth) for clients.
    Type: boolean
    Default: false
    Valid values: {true, false}
    Old name: controller.auth.enabled (deprecated)

  • controller.security.auth.delegationToken.signingKey.basis

    Property Value
    Description: String used to generate the key used for signing delegation tokens.
    Type: string
    Default: None
    Sample value: super-secret-key
    Old name: controller.auth.tokenSigningKey (deprecated)

  • controller.security.pwdAuthHandler.accountsDb.location

    Property Value
    Description: Path of the file containing a listing of user accounts and their permissions. This file is used by the Password Auth Handler (the built-in Auth Handler implementation).
    Type: string
    Default: None
    Sample value: ``/path/to/accountsDB`
    Old name: ``controller.auth.userPasswordFile` (deprecated)

Segment Store TLS Configuration Parameters

  • pravegaservice.security.tls.enable

    Property Value
    Description: Whether to enable TLS for client-server communication.
    Type: boolean
    Default: false
    Valid values: {true, false}
    Old name: pravegaservice.enableTls (deprecated)

  • pravegaservice.security.tls.certificate.autoReload.enable

    Property Value
    Description: Whether to automatically reload SSL/TLS context if the server certificate file is updated.
    Type: boolean
    Default: false
    Valid values: {true, false}
    Old name: pravegaservice.enableTlsReload (deprecated)

  • pravegaservice.security.tls.server.certificate.location

    Property Value
    Description: Path of the PEM-encoded file that contains a TLS certificate to use for securing the server's interface. The TLS certificate contains the public key of the server.
    Type: string
    Default: None
    Sample value: /path/to/server/server-cert.crt
    Old name: pravegaservice.certFile (deprecated)

  • pravegaservice.security.tls.server.privateKey.location

    Property Value
    Description: Path of the PEM-encoded file that contains the private key associated with the server's public key bound in its TLS certificate. This file must be kept private and secured to avoid compromise of TLS security.
    Type: string
    Default: None
    Sample value: /path/to/server/server-privateKey.key
    Old name: pravegaservice.keyFile (deprecated)

  • autoScale.controller.connect.security.tls.enable

    Property Value
    Description: Whether to enable TLS for internal communication with the Controllers.
    Type: boolean
    Default: false
    Valid values: {true, false}
    Old name: autoScale.tlsEnabled (deprecated)

  • autoScale.controller.connect.security.tls.truststore.location

    Property Value
    Description: Path of the PEM-encoded file that contains the certificates that the server should trust, when connecting to other services like Controller and other instances. Typically, it contains the public key certificate of the CA that has signed the services' certificates. It may alternatively contain the service's certificates directly.
    Type: string
    Default: None
    Sample value: /path/to/client/truststore.crt
    Old name: autoScale.tlsCertFile (deprecated)

  • autoScale.controller.connect.security.tls.validateHostName.enable

    Property Value
    Description: Whether to enable hostname verification for TLS connections with the Controllers.
    Type: boolean
    Default: false
    Valid values: {true, false}
    Old name: autoScale.validateHostName (deprecated)

  • pravegaservice.zk.connect.security.enable

    Property Value
    Description: Whether to enable security for communications with Apache Zookeeper instances.
    Type: boolean
    Default: false
    Valid values: {true, false}
    Old name: pravegaservice.secureZK (deprecated)

  • pravegaservice.zk.connect.security.tls.trustStore.location

    Property Value
    Description: Path of the truststore file in .jks format for TLS connections with Apache Zookeeer instances.
    Type: string
    Default: None
    Sample value: /path/to/client/zookeeper.truststore.crt
    Old name: pravegaservice.zkTrustStore (deprecated)

  • pravegaservice.zk.connect.security.tls.trustStore.pwd.location

    Property Value
    Description: Path of the file containing the password of the truststore specified via pravegaservice.zk.connect.security.tls.trustStore.location.
    Type: string
    Default: None
    Sample value: /path/to/client/zookeeper.truststore.pwd
    Old name: pravegaservice.zkTrustStorePasswordPath (deprecated)

  • pravegaservice.bookkeeper.connect.security.enable

    Property Value
    Description: Whether to enable security for communications with Apache Bookkeeper instances.
    Type: boolean
    Default: false
    Valid values: {true, false}
    Old name: bookkeeper.tlsEnabled (deprecated)

  • bookkeeper.connect.security.tls.trustStore.location

    Property Value
    Description: Path of the truststore file in .jks format for TLS connections with Apache Bookkeeper instances.
    Type: string
    Default: None
    Sample value: /path/to/client/zookeeper.truststore.crt
    Old name: bookkeeper.tlsTrustStorePath (deprecated)

Segment Store Authentication and Authorization Configuration Parameters

  • autoScale.controller.connect.security.auth.enable

    Property Value
    Description: Whether to enable authentication and authorization (Auth) for internal communications with the Controllers.
    Type: boolean
    Default: false
    Valid values: {true, false}
    Old name: autoScale.authEnabled (deprecated)

  • autoScale.security.auth.token.signingKey.basis

    Property Value
    Description: A string used to generate the key used for signing delegation tokens. This value must be the same that set in controller.security.auth.token.signingKey.basis for Controllers.
    Type: string
    Default: secret
    Sample value: super-secret-key
    Old name: autoScale.tokenSigningKey (deprecated)

  • pravega.client.auth.loadDynamic

    Property Value
    Description: Whether to load a credentials object dynamically from a class available in Classpath, for the Auto Scale Processor's authentication to the Controller.
    Type: boolean
    Default: {true, false}
    Sample value: super-secret-key
    Alternative method: pravega_client_auth_loadDynamic (environment variable)

  • pravega.client.auth.method

    Property Value
    Description: The auth method to use by the Auto Scale Processor when communicating with Controller.
    Type: string
    Default: None
    Sample value: Basic
    Alternative method: pravega_client_auth_token (environment variable)

  • pravega.client.auth.token

    Property Value
    Description: The token to used by the Auto Scale Processor for its authentication to the Controller. The format of the token depends on the pravega.client.auth.method. For Basic authentication method, the value is a Base 64 encoded string of the input string <username>:<password>.
    Type: string
    Default: None
    Sample value: YXV0b1NjYWxlclVzZXIxOnN1cGVyLXNlY3JldC1wYXNzd29yZA== (Base 64 encoded value of credentials in Basic format 'autoScalerUser1:super-secret-password')
    Alternative method: pravega_client_auth_token (environment variable)

Security Configurations in Standalone Mode

For ease of use, Pravega standalone mode abstracts away some of the configuration parameters of distributed mode. As a result, it has fewer security configuration parameters to configure.

Parameter Details Default Feature
singlenode.security.tls.enable Whether to enable TLS for client-server communications. false TLS
singlenode.security.tls.certificate.location Path of the X.509 PEM-encoded server certificate file for the server. None TLS
singlenode.security.tls.privateKey.location Path of the PEM-encoded private key file for the service. None TLS
singlenode.security.tls.keyStore.location Path of the keystore file in .jks for the REST interface. None TLS
singlenode.security.tls.keyStore.pwd.location Path of the file containing the keystore password for the REST interface. None TLS
singlenode.security.tls.trustStore.location Path of the truststore file for internal TLS connections. None TLS
singlenode.security.auth.enable Whether to enable authentication and authorization for clients. false Auth
singlenode.security.auth.credentials.username The default username used for internal communication between Segment Store and Controller. None Auth
singlenode.security.auth.credentials.pwd The default password used for internal communication between Segment Store and Controller. None Auth
singlenode.security.auth.pwdAuthHandler.accountsDb.location Path of the file containing user credentials and ACLs, for the PasswordAuthHandler. None Auth
singlenode.segmentStore.tls.certificate.autoReload.enable Whether to automatically reload SSL/TLS context if the server certificate is updated. false TLS