data_entitlement
Version information
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x
- Puppet >= 6.1.0 < 8.0.0
- , , , , ,
Tasks:
- get_service_status
- update_all_images
- use_updated_image
Start using this module
Add this module to your Puppetfile:
mod 'puppetlabs-data_entitlement', '0.2.0'Learn more about managing modules with a PuppetfileDocumentation
data_entitlement
This module will help you setup HDP's report processor on a PE Primary or Compiler. It will also help you setup a node to host the HDP application stack.
Description
There are two parts to getting started with HDP:
- Setting up a node to run HDP itself (
data_entitlement::app_stack) - Configuring your PE Master and any Compilers to send data to HDP (
data_entitlement::report_processor)
Setup
What data_entitlement affects
This module will modify the puppet.conf configuration of any master or compiler that it is applied to. Additionally, it will install and configure Docker on the node running HDP.
Setup Requirements
HDP only works with Puppet Enterprise.
Usage
See REFERENCE.md for example usage.
Reference
A custom fact named data_entitlement-health is included as part of this module. It is a structured fact that returns information about the currently running instance of HDP.
Also, if this module is installed on a node, an data_entitlement fact is included that will collect unmanaged resource information, but not land in PuppetDB.
This module is documented via pdk bundle exec puppet strings generate --format markdown. Please see REFERENCE.md for more info.
Changelog
CHANGELOG.md is generated prior to each release via pdk bundle exec rake changelog. This process relies on labels that are applied to each pull request.
Reference
Table of Contents
Classes
Public Classes
data_entitlement::app_stack: This class takes care of configuring a node to run HDP.data_entitlement::data_processor: Simple class to enable the HDP data processordata_entitlement::proxy: This class takes care of configuring a node to run an HDP Proxy/Gateway.data_entitlement::resource_collector: This class adds module to the node, which adds our custom facts. Without it, we don't have the ability to pull all ral resources
Private Classes
data_entitlement::app_stack::configdata_entitlement::app_stack::installdata_entitlement::app_stack::servicedata_entitlement::proxy::configdata_entitlement::proxy::installdata_entitlement::proxy::service
Data types
Data_entitlement::Url: Data_entitlement::Url is a metatype that supports both single and multiple urls
Tasks
get_service_status: Get the status of the HDP docker-compose servicesupdate_all_images: Automates the dance needed to get docker-compose to update the container for every serviceuse_updated_image: Automates the dance needed to get docker-compose to use an updated image
Classes
data_entitlement::app_stack
This class takes care of configuring a node to run HDP.
Examples
Configure via Hiera
include data_entitlement::app_stack
Manage the docker group elsewhere
realize(Group['docker'])
class { 'data_entitlement::app_stack':
dns_name => 'http://data_entitlement-app.example.com',
create_docker_group => false,
require => Group['docker'],
}
Enable TLS using puppet-managed certs on the frontend
class { 'data_entitlement::app_stack':
dns_name => 'http://data_entitlement-app.example.com',
ui_use_tls => true,
ui_cert_files_puppet_managed => true,
ui_key_file => $profile::ssl::data_entitlement_keyfile,
ui_cert_file => $profile::ssl::data_entitlement_full_chain,
}
Enable TLS using manually managed certs on the frontend
class { 'data_entitlement::app_stack':
dns_name => 'http://data_entitlement-app.example.com',
ui_use_tls => true,
ui_cert_files_puppet_managed => false,
ui_key_file => '/etc/pki/private/data_entitlement-app.key',
ui_cert_file => '/etc/pki/certs/full-chain.crt',
}
Parameters
The following parameters are available in the data_entitlement::app_stack class:
create_docker_groupmanage_dockerlog_driverdata_dirdata_entitlement_portdata_entitlement_query_portdata_entitlement_query_authdata_entitlement_query_usernamedata_entitlement_query_passworddata_entitlement_query_oidc_issuerdata_entitlement_query_oidc_client_iddata_entitlement_query_oidc_audiencedata_entitlement_query_pe_rbac_servicedata_entitlement_query_pe_rbac_role_iddata_entitlement_query_pe_rbac_ca_cert_filedata_entitlement_ui_http_portdata_entitlement_ui_https_portdata_entitlement_manage_esdata_entitlement_es_hostdata_entitlement_es_usernamedata_entitlement_es_passworddata_entitlement_manage_s3data_entitlement_s3_endpointdata_entitlement_s3_regiondata_entitlement_s3_access_keydata_entitlement_s3_secret_keydata_entitlement_s3_facts_bucketdata_entitlement_s3_force_path_styledata_entitlement_s3_disable_ssldata_entitlement_usercompose_versionimage_repositoryelasticsearch_imageredis_imageminio_imageimage_prefixca_serverca_cert_filekey_filecert_fileallow_trust_on_first_useui_use_tlsui_cert_files_puppet_managedui_key_fileui_cert_fileui_ca_cert_filedns_namedns_alt_namesversiondata_entitlement_versionui_versionfrontend_versiondocker_usersmax_es_memoryprometheus_namespaceaccess_log_leveldashboard_urlextra_hosts
create_docker_group
Data type: Boolean
Ensure the docker group is present.
Default value: true
manage_docker
Data type: Boolean
Install and manage docker as part of app_stack
Default value: true
log_driver
Data type: String[1]
The log driver Docker will use
Default value: 'journald'
data_dir
Data type: Optional[String[1]]
The data-root that docker will use to store volumes
Default value: undef
data_entitlement_port
Data type: Integer
Port to access HDP upload service
Default value: 9091
data_entitlement_query_port
Data type: Integer
Port to access HDP query service
Default value: 9092
data_entitlement_query_auth
Data type: Enum['basic_auth', 'oidc', 'pe_rbac', 'none']
What format to use for query authentication 'basic_auth' will use data_entitlement_query_username and data_entitlement_query_password to handle auth. 'oidc' will use data_entitlement_query_oidc_issuer and data_entitlement_query_oidc_client_id to handle auth. 'oidc' currently only supports Okta as an authn provider. 'pe_rbac' will cause the HDP to call out to a PE RBAC server to validate tokens from the UI. 'pe_rbac' is currently not supported by the UI, so only use this if you plan on making queries via the API directly. 'none' uses no auth for queries Defaults to 'none'
Default value: 'none'
data_entitlement_query_username
Data type: Optional[String[1]]
Username to add basic auth to query service
Default value: undef
data_entitlement_query_password
Data type: Optional[Sensitive[String[1]]]
Password to add basic auth to query service Can be a password string, but if it starts with a $, will be validated using Linux standards - $$$. Only algos of sha256 and sha512 are valid - $5$ and $6$. All other passwords will always be rejected.
Default value: undef
data_entitlement_query_oidc_issuer
Data type: Optional[String[1]]
The OIDC issuer. Currently only Okta URLs are supported.
Default value: undef
data_entitlement_query_oidc_client_id
Data type: Optional[String]
The client ID of the app in the OIDC issuer
Default value: undef
data_entitlement_query_oidc_audience
Data type: Optional[String]
The audience of the issued OIDC token
Default value: undef
data_entitlement_query_pe_rbac_service
Data type: Optional[Stdlib::HTTPUrl]
The URL of the pe_rbac_service Includes protocol, hostname, port, and rbac-api prefix if present, but no version number. Example: https://puppet:4433/rbac-api Required if data_entitlement_query_auth = 'pe_rbac'
Default value: undef
data_entitlement_query_pe_rbac_role_id
Data type: Integer
The role_id of the PE RBAC role allowed to query the HDP. Defaults to 1, which is the Administrator group by default. Superusers are allowed allowed to query the HDP.
Default value: 1
data_entitlement_query_pe_rbac_ca_cert_file
Data type: String
The CA Certfile to use for authenticate the RBAC Server Defaults to /etc/puppetlabs/puppet/ssl/certs/ca.pem Set to '-' to use system CAs
Default value: '/etc/puppetlabs/puppet/ssl/certs/ca.pem'
data_entitlement_ui_http_port
Data type: Integer
Port to access HDP UI via http
Default value: 80
data_entitlement_ui_https_port
Data type: Integer
Port to access HDP UI via https if ui_use_tls is true
Default value: 443
data_entitlement_manage_es
Data type: Boolean
= true Allow this module to manage elasticsearch If true, all other es parameters are ignored
Default value: true
data_entitlement_es_host
Data type: String[1]
Elasticsearch host to use
Default value: 'http://elasticsearch:9200/'
data_entitlement_es_username
Data type: Optional[String[1]]
Username to use to connect to elasticsearch
Default value: undef
data_entitlement_es_password
Data type: Optional[Sensitive[String[1]]]
Password to use to connect to elasticsearch
Default value: undef
data_entitlement_manage_s3
Data type: Boolean
Allow this module to manage S3 itself. If true, All other s3 parameters are ignored.
Default value: true
data_entitlement_s3_endpoint
Data type: String[1]
The S3 Endpoint to use
Default value: 'http://minio:9000/'
data_entitlement_s3_region
Data type: String[1]
The S3 Region to use
Default value: 'data_entitlement'
data_entitlement_s3_access_key
Data type: String[1]
The S3 Access Key to use
Default value: 'puppet'
data_entitlement_s3_secret_key
Data type: Sensitive[String[1]]
The S3 Secret Key to use
Default value: Sensitive('puppetpuppet')
data_entitlement_s3_facts_bucket
Data type: String[1]
The S3 Bucket to use for facts
Default value: 'facts'
data_entitlement_s3_force_path_style
Data type: Boolean
Disable AWS specific S3 Path Style
Default value: true
data_entitlement_s3_disable_ssl
Data type: Boolean
Disable SSL for the S3 backend
Default value: true
data_entitlement_user
Data type: String[1]
User to run HDP + all infra services as. Also owns mounted volumes Set to Puppet if certname == dns_name
Default value: '11223'
compose_version
Data type: String[1]
The version of docker-compose to install
Default value: '1.25.0'
image_repository
Data type: Optional[String[1]]
Image repository to pull images from - defaults to dockerhub. Can be used for airgapped environments/testing environments
Default value: undef
elasticsearch_image
Data type: String[1]
Elasticsearch image to use. Defaults to: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.1
Default value: 'docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.1'
redis_image
Data type: String[1]
Redis image to use. Defaults to: redis:6.2.4-buster
Default value: 'redis:6.2.4-buster'
minio_image
Data type: String[1]
Minio image to use. Defaults to: minio/minio:RELEASE.2021-04-22T15-44-28Z
Default value: 'minio/minio:RELEASE.2021-04-22T15-44-28Z'
image_prefix
Data type: String
Prefix that comes before each image Can be used for easy name spacing under the same repository
Default value: 'puppet/hdp-'
ca_server
Data type: Optional[String[1]]
URL of Puppet CA Server. If no keys/certs are provided, then HDP will attempt to provision its own certs and get them signed. Either this or ca_cert_file/key_file/cert_file can be specified. If autosign is not enabled, HDP will wait for the certificate to be signed by a puppet administrator
Default value: undef
ca_cert_file
Data type: Optional[String[1]]
CA certificate to validate connecting clients This or ca_server can be specified
Default value: undef
key_file
Data type: Optional[String[1]]
Private key for cert_file - pem encoded. This or ca_server can be specified
Default value: undef
cert_file
Data type: Optional[String[1]]
Puppet PKI cert file - pem encoded. This or ca_server can be specified
Default value: undef
allow_trust_on_first_use
Data type: Boolean
If true, then the HDP will download the CA and setup its certs and keys from the server if they haven't been provided. Since the HDP doesn't have any CA before starting this process, it will automatically trust the first server that appears as ca_server. If you don't explicitly set this value to true, then this module will not deploy an HDP installation without being given ca_cert_file, key_file, and cert_file.
Default value: true
ui_use_tls
Data type: Boolean
Use TLS for the UI and HDP Query endpoints
Default value: true
ui_cert_files_puppet_managed
Data type: Boolean
Indicate if the cert files used by the UI are managed by Puppet. If they
are then a relationship is created between these files and the
docker_compose resource so that containers are restarted when
the contents of the files change, such as when the certificate is renewed.
Default value: false
ui_key_file
Data type: Optional[String[1]]
Key file to use for UI - pem encoded. Your browser should trust this you set ui_use_tls
Default value: undef
ui_cert_file
Data type: Optional[String[1]]
Cert file to use for UI - pem encoded. Your browser should trust this you set ui_use_tls
Default value: undef
ui_ca_cert_file
Data type: Optional[String[1]]
CA Cert file to use for UI - pem encoded. Setting this to anything but undef will cause the HDP to validate clients with mTLS If you don't have access to a puppet cert and key in your browser, do not set this parameter. It is unlikely that you want this value set.
Default value: undef
dns_name
Data type: String[1]
Name that puppet server will find HDP at. Should match the names in cert_file if provided. If ca_server is used instead, this name will be used as certname.
dns_alt_names
Data type: Array[String[1]]
Extra dns names attached to the puppet cert, can be used to bypass certname collisions
Default value: []
version
Data type: Optional[String[1]]
The super version to use of the components. If this is set, sets all the sub-component versions to this.
Default value: undef
data_entitlement_version
Data type: String[1]
The version of the HDP Data container to use
Default value: '0.0.1'
ui_version
Data type: Optional[String[1]]
The version of the HDP UI container to use If undef, defaults to data_entitlement_version
Default value: undef
frontend_version
Data type: Optional[String[1]]
The version of the HDP UI TLS Frontend container to use If undef, defaults to data_entitlement_version
Default value: undef
docker_users
Data type: Optional[Array[String[1]]]
Users to be added to the docker group on the system
Default value: undef
max_es_memory
Data type: String[1]
Max memory for ES to use - in JVM -Xmx{$max_es_memory} format. Example: 4G, 1024M. Defaults to 4G.
Default value: '4G'
prometheus_namespace
Data type: String[1]
The HDP data service exposes some internal prometheus metrics. This variable can be used to change the HDP's prom metric namespace.
Default value: 'data_entitlement'
access_log_level
Data type: Enum['none', 'all', 'admin']
Specify which level of access log the HDP should use. Defaults to 'admin', where the HDP logs each administrative action taken and the user behind it. The option 'all' causes all data queries to be logged.
Default value: 'admin'
dashboard_url
Data type: Optional[Stdlib::HTTPUrl]
The URL of the dashboard, where you would visit the UI in your browser. This parameter is used to configure alerts, so if you plan on using Relay or another alert handler, you should set this option if you want your links in your alerts to point you to the right place.
Default value: undef
extra_hosts
Data type: Hash[String[1], String[1]]
This parameter can be used to set hostname mappings in docker-compose file. Can be used to mimic the /etc/hosts techniques commonly used in puppet.
Default value: {}
data_entitlement::data_processor
Simple class to enable the HDP data processor
Examples
Configuration in a manifest with default port
# Settings applied to both a primary and compilers
class { 'profile::primary_and_compilers':
class { 'data_entitlement::data_processor':
data_entitlement_url => 'https://data_entitlement.example.com:9091',
}
}
Configuration in a manifest with two HDP instances
# Settings applied to both a primary and compilers
class { 'profile::primary_and_compilers':
class { 'data_entitlement::data_processor':
data_entitlement_url =>
'https://data_entitlement-prod.example.com:9091',
'https://data_entitlement-staging.example.com:9091',
],
}
}
Configuration in a manifest using PupeptDB instead of a facts terminus
# Settings applied to both a primary and compilers
class { 'profile::primary_and_compilers':
class { 'data_entitlement::data_processor':
data_entitlement_url => 'https://data_entitlement.example.com:9091',
collection_method => 'pdb_submit_only_server_urls',
}
}
Configuration in a manifest using PupeptDB and an additional submit_only_server
# Settings applied to both a primary and compilers
class { 'profile::primary_and_compilers':
class { 'data_entitlement::data_processor':
data_entitlement_url => 'https://data_entitlement.example.com:9091',
collection_method => 'pdb_submit_only_server_urls',
pdb_submit_only_server_urls => [
'https://additional-destination.example.com',
],
}
}
Configuration via Hiera with default port
---
data_entitlement::data_processor::data_entitlement_url: 'https://data_entitlement.example.com:9091'
Configuration via Hiera sending data to two HDP servers
---
data_entitlement::data_processor::data_entitlement_url:
- 'https://data_entitlement-prod.example.com:9091'
- 'https://data_entitlement-staging.example.com:9091'
Parameters
The following parameters are available in the data_entitlement::data_processor class:
data_entitlement_urlenable_reportsmanage_routesmanage_pdb_submit_only_server_urlscollection_methodfacts_terminusfacts_cache_terminuscollect_resourceskeep_node_rereportspdb_submit_only_server_urls
data_entitlement_url
Data type: Data_entitlement::Url
The url to send data to.
enable_reports
Data type: Boolean
Enable sending reports to HDP
Default value: true
manage_routes
Data type: Boolean
Enable managing the HDP routes file
Default value: true
manage_pdb_submit_only_server_urls
Data type: Boolean
This setting will allow the submit_only_server_urls setting in
puppet.com to be set when
$collection_method = 'pdb_submit_only_server_urls' and will allow the
setting to be removed when $collection_method = 'facts_terminus'.
Default value: true
collection_method
Data type: Enum['facts_terminus', 'pdb_submit_only_server_urls']
Determine how the HDP will get its data. When set to facts_terminus, this
module will setup a new facts terminus to send data. This is the preferred
method. When set to pdb_submit_only_server_urls, this module will utlize
the submit_only_server_urls setting of PuppetDB to have it send data as
if the HDP server was another instance of PuppetDB. This method should only
be used when the facts terminus method cannot be.
Default value: 'pdb_submit_only_server_urls'
facts_terminus
Data type: String[1]
Default value: 'data_entitlement'
facts_cache_terminus
Data type: String[1]
Default value: 'data_entitlement'
collect_resources
Data type: Boolean
Default value: true
keep_node_re
Data type: String[1]
Default value: '.*'
reports
Data type: String[1]
A string containg the list of report processors to enable
Default value: 'puppetdb,data_entitlement'
pdb_submit_only_server_urls
Data type: Optional[Array[Stdlib::HTTPSUrl]]
An array of PuppetDB instance URLs, including port number, to which
commands should be sent, but which shouldn’t ever be queried for data
needed during a Puppet run. This setting will use the value of $data_entitlement_url
unless another value is provided.
Default value: undef
data_entitlement::proxy
This class takes care of configuring a node to run an HDP Proxy/Gateway.
Examples
Configure via Hiera
include data_entitlement::proxy
Parameters
The following parameters are available in the data_entitlement::proxy class:
portuserca_serverallow_trust_on_first_usessl_dirca_cert_filekey_filecert_filedns_namedns_alt_namesversionprometheus_namespacetokendata_entitlement_addresspackageserviceservice_statusservice_enabled
port
Data type: Integer
Port to run HDP upload service on Defaults to 9091
Default value: 9091
user
Data type: String[1]
User to run HDP proxy as. Defaults to hdp-proxy
Default value: 'hdp-proxy'
ca_server
Data type: String[1]
URL of Puppet CA Server. If no keys/certs are provided, then HDP will attempt to provision its own certs and get them signed. Either this or ca_cert_file/key_file/cert_file can be specified. If autosign is not enabled, HDP will wait for the certificate to be signed by a puppet administrator
Default value: 'puppet'
allow_trust_on_first_use
Data type: Boolean
If true, then the HDP will download the CA and setup its certs and keys from the server if they haven't been provided. Since the HDP doesn't have any CA before starting this process, it will automatically trust the first server that appears as ca_server. If you don't explicitly set this value to true, then this module will not deploy an HDP installation without being given ca_cert_file, key_file, and cert_file.
Default value: false
ssl_dir
Data type: String[1]
The ssl dir for certificates Defaults to /etc/puppetlabs/hdp-proxy/ssl
Default value: '/etc/puppetlabs/hdp-proxy/ssl'
ca_cert_file
Data type: String[1]
CA certificate to validate connecting clients This or ca_server can be specified
Default value: "${data_entitlement::proxy::ssl_dir}/ca.cert.pem"
key_file
Data type: String[1]
Private key for cert_file - pem encoded. This or ca_server can be specified
Default value: "${data_entitlement::proxy::ssl_dir}/data-ingestion.key.pem"
cert_file
Data type: String[1]
Puppet PKI cert file - pem encoded. This or ca_server can be specified
Default value: "${data_entitlement::proxy::ssl_dir}/data-ingestion.cert.pem"
dns_name
Data type: String[1]
Name that puppet server will find HDP at. Should match the names in cert_file if provided. If ca_server is used instead, this name will be used as certname.
Default value: 'hdp-proxy'
dns_alt_names
Data type: Array[String[1]]
Extra dns names attached to the puppet cert, can be used to bypass certname collisions
Default value: []
version
Data type: String[1]
The version to use of the HDP Proxy. Defaults to latest
Default value: 'latest'
prometheus_namespace
Data type: String[1]
The HDP data service exposes some internal prometheus metrics. This variable can be used to change the HDP's prom metric namespace.
Default value: 'hdp_proxy'
token
Data type: Sensitive[String[1]]
The HDP's access token. Gathered from the the HDP UI when creating this proxy.
data_entitlement_address
Data type: Stdlib::HTTPUrl
The URL of the HDP endpoint to send data to.
Default value: 'https://hdp-upload-staging.prod.paas.puppet.net'
package
Data type: String[1]
The HDP proxy package name Defaults to hdp-proxy
Default value: 'hdp-proxy'
service
Data type: String[1]
The name of the HDP proxy service. Defaults to hdp-proxy
Default value: 'hdp-proxy'
service_status
Data type: String[1]
Indicates whether the HDP proxy service should be running or stopped Defaults to running
Default value: 'running'
service_enabled
Data type: Boolean
Indicates whether the HDP proxy service should be enabled Defaults to true
Default value: true
data_entitlement::resource_collector
This class adds module to the node, which adds our custom facts. Without it, we don't have the ability to pull all ral resources
Data types
Data_entitlement::Url
Data_entitlement::Url is a metatype that supports both single and multiple urls
Alias of
Variant[Array[Stdlib::HTTPUrl], Stdlib::HTTPUrl]
Tasks
get_service_status
Get the status of the HDP docker-compose services
Supports noop? false
update_all_images
Automates the dance needed to get docker-compose to update the container for every service
Supports noop? false
use_updated_image
Automates the dance needed to get docker-compose to use an updated image
Supports noop? false
Parameters
service
Data type: Enum[frontdoor,identity,influxdb,ingest-queue,mongo,query,rabbitmq,ui]
The service you wish to update
What are tasks?
Modules can contain tasks that take action outside of a desired state managed by Puppet. It’s perfect for troubleshooting or deploying one-off changes, distributing scripts to run across your infrastructure, or automating changes that need to happen in a particular order as part of an application deployment.
Tasks in this module release
get_service_status
Get the status of the HDP docker-compose services
update_all_images
Automates the dance needed to get docker-compose to update the container for every service
Change log
All notable changes to this project will be documented in this file. The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
0.2.0 (2022-07-12)
Added
- Update stdlib and inifile dependencies #5 (austb)
- (SDP-56) Replace proxy docker install with package #3 (austb)
* This Changelog was automatically generated by github_changelog_generator
Dependencies
- puppetlabs/docker (>= 4.0.0 < 5.0.0)
- puppetlabs/inifile (>= 2.2.1 < 6.0.0)
- puppetlabs/stdlib (>= 7.0.0 < 9.0.0)
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.