Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

HTTPS access to Ranger via Knox ?

Labels:
avatar
author-rank geko
Guru

Created ‎01-08-2016 08:15 PM

Hi,

due to security concerns I need to provide Ranger WebUI via Https, and I thought accessing it through Knox would be a simple approach. But I can also imagine some wired conflicts while e.g. configuring Knox policies for Knox, in Ranger and thereby creating some Kind of 'deadlock'....

What do you think about that approach, is it possible at all and how would a topology in Knox look like?!?!

Thanks for any thoughts and Hints!

3,389 Views
1 ACCEPTED SOLUTION

avatar
author-rank kevin_minder
Guru

Created ‎01-12-2016 10:01 PM

Currently Knox does not currently support proxying the Ranger UI. If/when Knox does support proxying the Ranger UI you are correct that it may be impossible to access the Ranger UI via Knox if the Range/Knox agent is installed and if the required users have not already been granted access. Presumably setting up the required policies would be done before hand or from "within" the cluster and not via Knox.

View solution in original post

2,852 Views
6 REPLIES 6

avatar
author-rank nsabharwal
Master Mentor

Created ‎01-12-2016 05:30 PM

@Kevin Minder
2,852 Views
0 Kudos

avatar
author-rank kevin_minder
Guru

Created ‎01-12-2016 10:01 PM

Currently Knox does not currently support proxying the Ranger UI. If/when Knox does support proxying the Ranger UI you are correct that it may be impossible to access the Ranger UI via Knox if the Range/Knox agent is installed and if the required users have not already been granted access. Presumably setting up the required policies would be done before hand or from "within" the cluster and not via Knox.

2,853 Views

avatar
author-rank geko
Guru

Created ‎01-13-2016 06:43 PM

Thanks @Kevin Minder for your explanation.

Is it possible to proxy the NN / RM Webpage through Knox?....Just to put Access to those webuis behind HTTPS

2,852 Views

avatar
author-rank george_gittu
Explorer

Created ‎03-11-2016 07:27 PM

Hi Kevin Minder-

I am at a similar situation right now. Trying to enable SSL in ranger (Version 0.5). I could see some some config props in Ambari ranger, so i am guess SSL enabling is possible and changed following props,

- ranger.service.https.attrib.ssl.enabled : true

- ranger.service.https.port :6182

- HTTP enabled :false

- External URL : https://hostname:6182

After trying out above steps to enable ssl for ranger i end up getting an alert connection refused error to the url

https://hostname:6182 and the ranger UI doesn't show up. I wonder if enabling SSL is possible for ranger UI Ver 0.5 (

https://issues.apache.org/jira/browse/RANGER-795)

or is there any other configs that I missed ?

2,852 Views

avatar
author-rank dorio
Rising Star

Created ‎04-16-2016 09:06 PM

Right now I was able to enable SSL in Ranger 0.6.0 downloaded from the Apache Foundation but not in Ranger 0.5.0 included in HDP 2.4.0. Hope in the next release Hortonworks will upgrade Ranger to 0.6.0.

2,852 Views
0 Kudos

avatar
author-rank george_gittu
Explorer

Created ‎03-11-2016 07:29 PM

I couldn't enable ssl in ranger.

2,852 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements