Support Questions

Find answers, ask questions, and share your expertise

Knox topology with alias for password not working

avatar
Contributor

I have followed link to create alias to store password. First I used plain-text in the topology for password it was working.However when I replaced the password with alias, I am running into 401 error.

Am I missing anything?

attached my topology xml.

./knoxcli.sh create-alias ldcSystemPassword --cluster MyCluster --value Password@123

1 ACCEPTED SOLUTION

avatar
Expert Contributor

I'm not sure if this will solve your problem, but let's take a look at the command here:

./knoxcli.sh create-alias ldcSystemPassword --cluster MyCluster --value Password@123

If we refer to the Knox User Guide (https://knox.apache.org/books/knox-0-9-0/user-guide.html#Special+note+on+parameter+main.ldapRealm.contextFactory.systemPassword) subsection on using ALIAS for the password you see the wording:

Assuming the plain text password is “hadoop”, and your topology file name is “hdp.xml”, you would use following command to create the right password alias in credential store.

./knoxcli.sh  create-alias ldcSystemPassword --cluster hdp --value hadoop

It looks as if you need to specifically name the cluster the same as the topology file name. It appears the file you've attached was 'default.xml' so instead you might want to try:

./knoxcli.sh create-alias ldcSystemPassword --cluster default --value Password@123

On the other hand you could also try renaming the file to "MyCluster" as well.

View solution in original post

4 REPLIES 4

avatar
Expert Contributor

I'm not sure if this will solve your problem, but let's take a look at the command here:

./knoxcli.sh create-alias ldcSystemPassword --cluster MyCluster --value Password@123

If we refer to the Knox User Guide (https://knox.apache.org/books/knox-0-9-0/user-guide.html#Special+note+on+parameter+main.ldapRealm.contextFactory.systemPassword) subsection on using ALIAS for the password you see the wording:

Assuming the plain text password is “hadoop”, and your topology file name is “hdp.xml”, you would use following command to create the right password alias in credential store.

./knoxcli.sh  create-alias ldcSystemPassword --cluster hdp --value hadoop

It looks as if you need to specifically name the cluster the same as the topology file name. It appears the file you've attached was 'default.xml' so instead you might want to try:

./knoxcli.sh create-alias ldcSystemPassword --cluster default --value Password@123

On the other hand you could also try renaming the file to "MyCluster" as well.

avatar
Contributor

Thanks zblanco.

I executed ./knoxcli.sh create-alias ldcSystemPassword --cluster default--value Password@123

and restarted Knox. It is working

avatar
Expert Contributor

Zac is correct. The topologies have always been considered to be cluster definitions thus the cluster name is the topology name. Unfortunately, this sometimes gets confused when folks are using Ambari where you name you cluster as well. They are different things.

avatar
Explorer

I've noticed the following

This works:

<param>
	<name>main.ldapRealm.contextFactory.systemPassword</name>
	<value>${ALIAS=ldcSystemPassword}</value>
</param>

This does not:

<param name="main.ldapRealm.contextFactory.systemPassword" value=${ALIAS=ldcSystemPassword}/>