Support Questions

Find answers, ask questions, and share your expertise

Ambari UI via Knox - Limited accessibility

avatar
Contributor

I have followed this guide to enable Knox for the Ambari cluster:

https://community.hortonworks.com/articles/78361/configure-knox-to-access-ambari-ui.html

While I am able to log into the Ambari UI via Knox. I cannot view the hosts nor am I able to access the preconfigured 'Views':

- Hive View

- Files View

- Smartsense View

- Tez View etc..

I have also noticed that alerts and warnings do not show either.

Why am I a limited user despite logging in with an admin account?

Thanks in advance

1 ACCEPTED SOLUTION

avatar
Master Mentor
@L V

Are you sure that you have added role "AMBARI" and "AMBARIUI" both the blocks inside your knox topology file and then restarted the knox?

<topology>
    <gateway>
        <provider>
            <role>authentication</role>
            <name>Anonymous</name>
            <enabled>true</enabled>
        </provider>
        <provider>
            <role>identity-assertion</role>
            <name>Default</name>
            <enabled>false</enabled>
        </provider>
    </gateway>
    <service>
        <role>AMBARI</role>
        <url>http://$AMBARI_HOST:8080</url>
    </service>
    <service>
        <role>AMBARIUI</role>
        <url>http://$AMBARI_HOST:8080</url>
    </service>
</topology>

.

Please add both the service blocks, as most of the Amabri Views uses ambari APIs to get the configuration details so we should add both the blocks.

View solution in original post

19 REPLIES 19

avatar

can you please which hdp release is this?

and what is the user you used for login ?

avatar
Contributor

HDP: 2.6.2.14-5

I used the default admin account - verified that it is still an admin with the correct priveleges

avatar
Contributor

Hi @Deepak Sharma did you have any advice regarding this issue?

avatar
Master Mentor
@L V

Are you sure that you have added role "AMBARI" and "AMBARIUI" both the blocks inside your knox topology file and then restarted the knox?

<topology>
    <gateway>
        <provider>
            <role>authentication</role>
            <name>Anonymous</name>
            <enabled>true</enabled>
        </provider>
        <provider>
            <role>identity-assertion</role>
            <name>Default</name>
            <enabled>false</enabled>
        </provider>
    </gateway>
    <service>
        <role>AMBARI</role>
        <url>http://$AMBARI_HOST:8080</url>
    </service>
    <service>
        <role>AMBARIUI</role>
        <url>http://$AMBARI_HOST:8080</url>
    </service>
</topology>

.

Please add both the service blocks, as most of the Amabri Views uses ambari APIs to get the configuration details so we should add both the blocks.

avatar

L V want to confirm are you able to view ambari home page or that also not visible ?

avatar

there were issues with accessing views via knox proxy but they are already fixed:

please make sure following:

1) entries are added in ui.xml as follows:

    <service>
        <role>AMBARI</role>
        <url>http://hostname:port</url>
    </service>
    <service>
        <role>AMBARIUI</role>
        <url>http://hostname:port</url>
    </service>

2) you should have .com appended in /etc/hosts file on the client and the cluster both as follows:

10.10.1.1 ab.test.site abc.test.site.com

3) while invoking the ambari ui through knox proxy also you should append .com the url eg:

https://abc.test.site.com:8443/gateway/ui/ranger

let Me know if you have all of the above and issue still presist.

avatar
Contributor

@Jay Kumar SenSharma - I did not have AMBARI added, only AMBARIUI. I have added that in now although I am now getting this error:

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

@Deepak Sharma

I was able to view the ambari homepage, there were just little things missing as I mentioned earlier.

avatar
Master Mentor

@L V

In which log do you see this error now? Can you please share the complete log snippet so that we will know what's wrong? When are you getting this error ?

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

In general this error indicates that the truststore is not configured and it does not have the imported certificate.

If you notice the above error on ambari server log then please check if you have configured truststore for ambari?

https://docs.hortonworks.com/HDPDocuments/Ambari-2.6.1.3/bk_ambari-security/content/set_up_truststor...

.

avatar
Master Mentor

@L V

Good to know that your current issue is resolved.

Keeping different issues to different threads helps improving the HCC better. So if this thread is answered then please mark the correct answer as "Answered" (by clicking the "Accept" link).

.

Your new query seems to be slightly different. So i will suggest you to please open a Separate HCC thread for the following issue:

When I go and access other services and try view their UI's it just diverts back to their original IP address.