Support Questions

ananthan_kathir · ‎06-08-2018

Hello,

I am new to security setting and we can setup knox as gateway and it will prevent some of the security risks. If we enable Knox where we need to configure edge node? Knox suppose to be front of edge node and any command we execute in edge node go through knox? How we suppose to design edgenode and knox togerther?

thank you

Shelton · ‎06-08-2018

Anpan K

I can understand the confusion that's brewing in your mind. In a kerberized production cluster, you'd usually have Edge node, Master and slave nodes. I will not go in the description and placement of every single component but the below distribution gives you a picture.

Note: The worker node usually MUST have at least 2 slave processes Datanode & NodeManager, all the client software goes on the Edge node and the Master node holds the other components notably NameNode,RM,Zookeeper HA's etc

Master (3x)

Namenode
YARN (RM)
Zookeeper
HS2
.....
.....
Hbase Master

Slave(worker nodes) n

DataNodes
NodeManager
Region Servers

Edge Node

Knox
ZK Client
HDFS Client
MR Cllient
...
...
YARN client

Below on the knowGateway is installed all the client software, the Hadoop services here represent the Master and Slaves nodes.

The Knox gateway should sit on the Edge node as should be the only access to the cluster as illustrated above.

HTH

View solution in original post

falbani · ‎06-08-2018

@Anpan K Yes, Knox should be accessible to external users, so it has to be installed on node which can be access from outside the cluster. Like an edge node. This node can be still be managed by ambari.

HTH

Shelton · ‎06-08-2018

Anpan K

I can understand the confusion that's brewing in your mind. In a kerberized production cluster, you'd usually have Edge node, Master and slave nodes. I will not go in the description and placement of every single component but the below distribution gives you a picture.

Note: The worker node usually MUST have at least 2 slave processes Datanode & NodeManager, all the client software goes on the Edge node and the Master node holds the other components notably NameNode,RM,Zookeeper HA's etc

Master (3x)

Namenode
YARN (RM)
Zookeeper
HS2
.....
.....
Hbase Master

Slave(worker nodes) n

DataNodes
NodeManager
Region Servers

Edge Node

Knox
ZK Client
HDFS Client
MR Cllient
...
...
YARN client

Below on the knowGateway is installed all the client software, the Hadoop services here represent the Master and Slaves nodes.

The Knox gateway should sit on the Edge node as should be the only access to the cluster as illustrated above.

HTH

allenjake · ‎08-16-2018

best article I have read on this blog. worth to read it thank you

Shelton · ‎06-10-2018

@Anpan K

Any updates?

If you found this answer addressed your question, please take a moment to log in and click the "Accept" link on the answer.

angelicamandy30 · ‎06-11-2018

Edge nodes are the interface between the Hardtop group and the outside system. Thus they're some of the time alluded to as entryway nodes. Most normally edge nodes are utilized to run customer applications and group organization apparatuses.

Cloudera Community

Support Questions

Know and Edgenode configuration

Spark 3 legacy configurations list ( Spark 2 behav...

Kafka 0.9 Configuration Best Practices

HiveServer2 configurations deep dive

How to make CN=Configuration branch visible in AD

REST API Configuration for NiFi 2.0

HDFS Balancer (2): Configurations & CLI Options

How to configure CML's Spark Connection

Automated Kerberos Installation and Configuration

Configuring Grafana for Datahub Clusters

Configuring Kerberos with OpenLDAP back-end