Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

HTTPS access to Ranger via Knox ?

Labels:
avatar
author-rank geko
Guru

Created ‎01-08-2016 08:15 PM

Hi,

due to security concerns I need to provide Ranger WebUI via Https, and I thought accessing it through Knox would be a simple approach. But I can also imagine some wired conflicts while e.g. configuring Knox policies for Knox, in Ranger and thereby creating some Kind of 'deadlock'....

What do you think about that approach, is it possible at all and how would a topology in Knox look like?!?!

Thanks for any thoughts and Hints!

3,867 Views
0
1 ACCEPTED SOLUTION

avatar
author-rank kevin_minder
Guru

Created ‎01-12-2016 10:01 PM

Currently Knox does not currently support proxying the Ranger UI. If/when Knox does support proxying the Ranger UI you are correct that it may be impossible to access the Ranger UI via Knox if the Range/Knox agent is installed and if the required users have not already been granted access. Presumably setting up the required policies would be done before hand or from "within" the cluster and not via Knox.

View solution in original post

3,330 Views
0
6 REPLIES 6

avatar
author-rank nsabharwal
Master Mentor

Created ‎01-12-2016 05:30 PM

@Kevin Minder
3,330 Views
0 Kudos

avatar
author-rank kevin_minder
Guru

Created ‎01-12-2016 10:01 PM

Currently Knox does not currently support proxying the Ranger UI. If/when Knox does support proxying the Ranger UI you are correct that it may be impossible to access the Ranger UI via Knox if the Range/Knox agent is installed and if the required users have not already been granted access. Presumably setting up the required policies would be done before hand or from "within" the cluster and not via Knox.

3,331 Views
0

avatar
author-rank geko
Guru

Created ‎01-13-2016 06:43 PM

Thanks @Kevin Minder for your explanation.

Is it possible to proxy the NN / RM Webpage through Knox?....Just to put Access to those webuis behind HTTPS

3,330 Views

avatar
author-rank george_gittu
Explorer

Created ‎03-11-2016 07:27 PM

Hi Kevin Minder-

I am at a similar situation right now. Trying to enable SSL in ranger (Version 0.5). I could see some some config props in Ambari ranger, so i am guess SSL enabling is possible and changed following props,

- ranger.service.https.attrib.ssl.enabled : true

- ranger.service.https.port :6182

- HTTP enabled :false

- External URL : https://hostname:6182

After trying out above steps to enable ssl for ranger i end up getting an alert connection refused error to the url

https://hostname:6182 and the ranger UI doesn't show up. I wonder if enabling SSL is possible for ranger UI Ver 0.5 (

https://issues.apache.org/jira/browse/RANGER-795)

or is there any other configs that I missed ?

3,330 Views

avatar
author-rank dorio
Rising Star

Created ‎04-16-2016 09:06 PM

Right now I was able to enable SSL in Ranger 0.6.0 downloaded from the Apache Foundation but not in Ranger 0.5.0 included in HDP 2.4.0. Hope in the next release Hortonworks will upgrade Ranger to 0.6.0.

3,330 Views
0 Kudos

avatar
author-rank george_gittu
Explorer

Created ‎03-11-2016 07:29 PM

I couldn't enable ssl in ranger.

3,330 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements