Support Questions
Find answers, ask questions, and share your expertise

Not able to connect to the namenode UI by the Knox Portal

Not able to connect to the namenode UI by the Knox Portal

Contributor

hi,

On Ambari, i am trying to access the namenode UI through the KNOX portal using my credentials:

Sans titre_2021_02_04.png

 

After entering my valid user and password i get the Knox portal again:

Sans titre_2021_02_04.png

knox logs:

21/02/04 18:25:48 ||aa72c68a-11yf-10ae-b720-c01b2b456pcq|audit|00.0.00.00|KNOXSSO||||access|uri|/gateway/knoxsso/api/v1/websso?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|unavailable|Request method: POST
21/02/04 18:25:49 ||aa72c68a-11yf-10ae-b720-c01b2b456pcq|audit|00.0.00.00|KNOXSSO|user1|||authentication|uri|/gateway/knoxsso/api/v1/websso?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|success|
21/02/04 18:25:49 ||aa72c68a-11yf-10ae-b720-c01b2b456pcq|audit|00.0.00.00|KNOXSSO|user1|||authentication|uri|/gateway/knoxsso/api/v1/websso?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|success|Groups: [CN=HDP_DEV_ADMIN_HDP,OU=HDP,OU=Applications,OU=Groups,OU=Cal,DC=corp,DC=cal,DC=ca, CN=HDP_USERS,OU=HDP,OU=Applications,OU=Groups,OU=Cal,DC=corp,DC=cal,DC=ca, CN=HDP_PRD_CG_SS_STOR_ANY_RW,OU=HDP,OU=Applications,OU=Groups,OU=Cal,DC=corp,DC=cal,DC=ca, CN=HDP_USERS,OU=HDP,OU=Applications,OU=Groups,OU=Cal,DC=corp,DC=cal,DC=ca, CN=HDP_PRD_ADMIN_HDP,OU=HDP,OU=Applications,OU=Groups,OU=Cal,DC=corp,DC=cal,DC=ca]
21/02/04 18:25:49 |||audit|00.0.00.00|KNOXSSO|user1|||access|uri|/gateway/knoxsso/api/v1/websso?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|success|Response status: 303
21/02/04 18:25:49 ||d111c112-1c11-1ec1-bc1b-1116039111dq|audit|00.0.00.00|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/redirecting.html?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|unavailable|Request method: GET
21/02/04 18:25:49 ||d111c112-1c11-1ec1-bc1b-1116039111dq|audit|00.0.00.00|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/redirecting.html?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|success|
21/02/04 18:25:49 |||audit|00.0.00.00|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/redirecting.html?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|success|Response status: 200
21/02/04 18:25:49 ||d221c112-1c12-1ec1-bc1b-2212039121dq|audit|00.0.00.00|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/styles/bootstrap.min.css|unavailable|Request method: GET
21/02/04 18:25:49 ||d221c112-1c12-1ec1-bc1b-2212039121dq|audit|00.0.00.00|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/styles/bootstrap.min.css|success|
21/02/04 18:25:49 |||audit|00.0.00.00|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/styles/bootstrap.min.css|success|Response status: 200
21/02/04 18:25:49 ||d331j332-4u44-3ec3-bc3b-3333034444dq|audit|00.0.00.00|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/styles/knox.css|unavailable|Request method: GET
21/02/04 18:25:49 ||d331j332-4u44-3ec3-bc3b-3333034444dq|audit|00.0.00.00|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/styles/knox.css|success|
21/02/04 18:25:49 |||audit|00.0.00.00|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/styles/knox.css|success|Response status: 200
21/02/04 18:25:50 ||11d9410d-8181-861c-7145-8418b134c177|audit|00.0.00.00|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/images/loading.gif|unavailable|Request method: GET
21/02/04 18:25:50 ||11d9410d-8181-861c-7145-8418b134c177|audit|00.0.00.00|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/images/loading.gif|success|
21/02/04 18:25:50 |||audit|00.0.00.00|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/images/loading.gif|success|Response status: 200
21/02/04 18:25:50 ||5bb8b899-b412-4105-bd56-ab7i1ea7auab|audit|00.0.00.00|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/redirecting.jsp?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|unavailable|Request method: GET
21/02/04 18:25:50 ||5bb8b899-b412-4105-bd56-ab7i1ea7auab|audit|00.0.00.00|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/redirecting.jsp?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|success|
21/02/04 18:25:50 |||audit|00.0.00.00|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/redirecting.jsp?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|success|Response status: 200
21/02/04 18:25:50 ||aeb1ce2a-1147-4d3a-9cd8-722623b9d349|audit|00.0.00.00|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/images/loading.gif|unavailable|Request method: GET
21/02/04 18:25:50 ||aeb1ce2a-1147-4d3a-9cd8-722623b9d349|audit|00.0.00.00|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/images/loading.gif|success|
21/02/04 18:25:50 |||audit|00.0.00.00|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/images/loading.gif|success|Response status: 200
21/02/04 18:25:50 ||25cdb2ea-8dcf-44ae-919b-b7a5a58c26b7|audit|00.0.00.00|KNOXSSO||||access|uri|/gateway/knoxsso/api/v1/websso?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|unavailable|Request method: GET
21/02/04 18:25:50 |||audit|00.0.00.00|KNOXSSO||||access|uri|/gateway/knoxsso/api/v1/websso?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|success|Response status: 401
21/02/04 18:25:50 ||5856cc3a-0fa2-4a1b-8429-921fcfb370b7|audit|00.0.00.00|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/login.html?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|unavailable|Request method: GET
21/02/04 18:25:50 ||5856cc3a-0fa2-4a1b-8429-921fcfb370b7|audit|00.0.00.00|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/login.html?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|success|
21/02/04 18:25:50 |||audit|00.0.00.00|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/login.html?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|success|Response status: 200
21/02/04 18:25:50 ||42901bbb-i0f3-4964-b41e-a0d85bc3b247|audit|00.0.00.00|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/styles/hwx-login.css|unavailable|Request method: GET
21/02/04 18:25:50 ||42901bbb-i0f3-4964-b41e-a0d85bc3b247|audit|00.0.00.00|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/styles/hwx-login.css|success|
21/02/04 18:25:50 |||audit|00.0.00.00|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/styles/hwx-login.css|success|Response status: 200


However If i enter the wrong credentials, i get the following message:

Sans titre_2021_02_042.png

 

knox logs:

Koffi_0-1612483195331.png

3 REPLIES 3

Re: Not able to connect to the namenode UI by the Knox Portal

Explorer

You can't access Namenode or any other service from Knox portal. However, a reverse proxy can be configured to connect to namenode Ui via knox. 
You will have to configure the Advanced topology file as per your cluster configuration in Ambari -> Knox -> Configs -> Advanced topology

Refer below article for correct configuration. Your HDP and ambari version might differ but steps would remain the same, make sure you see appropriate version in the file path according to your cluster configuartion.

https://community.cloudera.com/t5/Community-Articles/Configure-Knox-to-access-HDFS-UI/ta-p/249388

 

Please accept this answer if it help you resolve your query

Re: Not able to connect to the namenode UI by the Knox Portal

Contributor

Hi @AmirMirza ,

Thank you for message. I am able to access others services(UI) such as the ranger UI, Yarn UI, zeppelin notebook after using my credential on the KNOX portal. It seems that only the namenode UI has this weird behavior. The namenode use to work couple days aga and we did not change any settings since...

 

 

Re: Not able to connect to the namenode UI by the Knox Portal

Explorer

Hi @Koffi 

Can you share gateway.log and audit.log during the timeframe when you are accessing  namenode ui.

If namenode ui was accessible earlier, can you check if there was a failover done during the time from when it is not accessible. 

Please share advanced topology file to check your configuration.