Support Questions
Find answers, ask questions, and share your expertise

Knox Random Authentication

Hi guys,

I have attempted to add the YARN service into Knox Gateway.

These are the settings in my advanced topology xml file:

            <service>
                  <role>YARN</role>
                  <url>http://<HOSTNAME>:8088</url>
             </service>
             <service>
                   <role>YARNUI</role>
                  <url>http://<HOSTNAME>:8088</url>
            </service>

- I'm not entirely sure those ports are correct. The configs show

8050 for yarn.resourcemanager.address

8141 for yarn.resourcemanager.admin.address

8088 for yarn.resourcemanager.webapp.address

8090 for yarn.resourcemanager.webapp.https.address

I have also updated the following quicklinks.json files on the Ambari Server Host:

/var/lib/ambari-server/resources/stacks/HDP/2.0.6/services/YARN/quicklinks/quicklinks.json
/var/lib/ambari-server/resources/stacks/HDP/2.3/services/YARN/quicklinks/quicklinks.json

The config change looks like this:

 {
        "name": "resourcemanager_ui",
        "label": "ResourceManager UI",
        "requires_user_name": "false",
        "component_name": "RESOURCEMANAGER",
        "url": "https://FQDN(KNOX HOST):8443/gateway/default/yarnui",
        "port":{
          "http_property": "yarn.resourcemanager.webapp.address",
          "http_default_port": "8088",
          "https_property": "yarn.resourcemanager.webapp.https.address",
          "https_default_port": "8090",
          "regex": "\\w*:(\\d+)",
          "site": "yarn-site"
        }

The problem is when I use the URL: https://<FQDN KNOX HOST>:8443/gateway/default/yarnui/

I get a page not found error, although when I use the URL: https://<FQDN KNOX HOST>:8443/gateway/default/yarn/

I get a popup asking me for a username and password - I have not set these anywhere. I have also tried admin/admin and admin/admin-password with no luck.

Am I missing something?

1 ACCEPTED SOLUTION

Mentor

@L V

To connect to YARN UI through knox default gateway port 8443, create a topology file in /etc/knox/conf/topologies directory and replace the YARN_HOSTNAME and YARN_PORT with relevant values. If your newly created topology is named ui.xml, you can access the YARN UI using Web URL: https://KNOX_HOST:KNOX_PORT/gateway/ui/yarn/

 <topology>
    <gateway>
        <provider>
            <role>authentication</role>
            <name>Anonymous</name>
            <enabled>true</enabled>
        </provider>
        <provider>
            <role>identity-assertion</role>
            <name>Default</name>
            <enabled>false</enabled>
        </provider>
    </gateway>
   <service>
        <role>YARN</role>
        <url>http://<YARN_HOSTNAME>:<YARN_PORT></url>
    </service>
    <service>
        <role>YARNUI</role>
        <url>http://<YARN_HOSTNAME>:<YARN_PORT></url>
    </service>
</topology>

Please revert

View solution in original post

5 REPLIES 5

Mentor

@L V

To connect to YARN UI through knox default gateway port 8443, create a topology file in /etc/knox/conf/topologies directory and replace the YARN_HOSTNAME and YARN_PORT with relevant values. If your newly created topology is named ui.xml, you can access the YARN UI using Web URL: https://KNOX_HOST:KNOX_PORT/gateway/ui/yarn/

 <topology>
    <gateway>
        <provider>
            <role>authentication</role>
            <name>Anonymous</name>
            <enabled>true</enabled>
        </provider>
        <provider>
            <role>identity-assertion</role>
            <name>Default</name>
            <enabled>false</enabled>
        </provider>
    </gateway>
   <service>
        <role>YARN</role>
        <url>http://<YARN_HOSTNAME>:<YARN_PORT></url>
    </service>
    <service>
        <role>YARNUI</role>
        <url>http://<YARN_HOSTNAME>:<YARN_PORT></url>
    </service>
</topology>

Please revert

Hi @Geoffrey Shelton Okot

I started up the Knox LDAP Demo and it immediately worked using:

user: guest

password: guest-password

I will try your method without the LDAP demo.

Thanks

@Geoffrey Shelton Okot

That worked perfectly! - If I wish to use LDAP authentication - Do I first need to setup Ambari with LDAP and then specify the following to use the LDAP auth?

    <gateway>        
	<provider>
            <role>authentication</role>
            <name>Anonymous</name>            
	    <enabled>true</enabled>

Mentor

@L V

Yes, you guessed it right, otherwise, Ambari will faile to authenticate your LDAP users.

Ambari_LDAP and Ambari_LDAPS
If my previous answer resolved your initial problem,please could you Accept the answer by Clicking on Accept button below, That would be great help to Community users to find solution quickly for these kind of errors.

Thank you @Geoffrey Shelton Okot,

What would then be the required changes for the settings below? Will Knox work with AD auth?

 <provider>
            <role>authentication</role>
            <name>Anonymous</name>
            <enabled>true</enabled>
        </provider>
        <provider>
            <role>identity-assertion</role>
            <name>Default</name>
            <enabled>false</enabled>
 </provider><br>
; ;