Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Not able to connect to the namenode UI by the Knox Portal

avatar
author-rank Koffi
Contributor

Created ‎02-04-2021 04:09 PM

hi,

On Ambari, i am trying to access the namenode UI through the KNOX portal using my credentials:

Sans titre_2021_02_04.png

 

After entering my valid user and password i get the Knox portal again:

Sans titre_2021_02_04.png

knox logs:

21/02/04 18:25:48 ||aa72c68a-11yf-10ae-b720-c01b2b456pcq|audit|00.0.00.00|KNOXSSO||||access|uri|/gateway/knoxsso/api/v1/websso?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|unavailable|Request method: POST
21/02/04 18:25:49 ||aa72c68a-11yf-10ae-b720-c01b2b456pcq|audit|00.0.00.00|KNOXSSO|user1|||authentication|uri|/gateway/knoxsso/api/v1/websso?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|success|
21/02/04 18:25:49 ||aa72c68a-11yf-10ae-b720-c01b2b456pcq|audit|00.0.00.00|KNOXSSO|user1|||authentication|uri|/gateway/knoxsso/api/v1/websso?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|success|Groups: [CN=HDP_DEV_ADMIN_HDP,OU=HDP,OU=Applications,OU=Groups,OU=Cal,DC=corp,DC=cal,DC=ca, CN=HDP_USERS,OU=HDP,OU=Applications,OU=Groups,OU=Cal,DC=corp,DC=cal,DC=ca, CN=HDP_PRD_CG_SS_STOR_ANY_RW,OU=HDP,OU=Applications,OU=Groups,OU=Cal,DC=corp,DC=cal,DC=ca, CN=HDP_USERS,OU=HDP,OU=Applications,OU=Groups,OU=Cal,DC=corp,DC=cal,DC=ca, CN=HDP_PRD_ADMIN_HDP,OU=HDP,OU=Applications,OU=Groups,OU=Cal,DC=corp,DC=cal,DC=ca]
21/02/04 18:25:49 |||audit|00.0.00.00|KNOXSSO|user1|||access|uri|/gateway/knoxsso/api/v1/websso?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|success|Response status: 303
21/02/04 18:25:49 ||d111c112-1c11-1ec1-bc1b-1116039111dq|audit|00.0.00.00|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/redirecting.html?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|unavailable|Request method: GET
21/02/04 18:25:49 ||d111c112-1c11-1ec1-bc1b-1116039111dq|audit|00.0.00.00|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/redirecting.html?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|success|
21/02/04 18:25:49 |||audit|00.0.00.00|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/redirecting.html?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|success|Response status: 200
21/02/04 18:25:49 ||d221c112-1c12-1ec1-bc1b-2212039121dq|audit|00.0.00.00|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/styles/bootstrap.min.css|unavailable|Request method: GET
21/02/04 18:25:49 ||d221c112-1c12-1ec1-bc1b-2212039121dq|audit|00.0.00.00|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/styles/bootstrap.min.css|success|
21/02/04 18:25:49 |||audit|00.0.00.00|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/styles/bootstrap.min.css|success|Response status: 200
21/02/04 18:25:49 ||d331j332-4u44-3ec3-bc3b-3333034444dq|audit|00.0.00.00|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/styles/knox.css|unavailable|Request method: GET
21/02/04 18:25:49 ||d331j332-4u44-3ec3-bc3b-3333034444dq|audit|00.0.00.00|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/styles/knox.css|success|
21/02/04 18:25:49 |||audit|00.0.00.00|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/styles/knox.css|success|Response status: 200
21/02/04 18:25:50 ||11d9410d-8181-861c-7145-8418b134c177|audit|00.0.00.00|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/images/loading.gif|unavailable|Request method: GET
21/02/04 18:25:50 ||11d9410d-8181-861c-7145-8418b134c177|audit|00.0.00.00|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/images/loading.gif|success|
21/02/04 18:25:50 |||audit|00.0.00.00|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/images/loading.gif|success|Response status: 200
21/02/04 18:25:50 ||5bb8b899-b412-4105-bd56-ab7i1ea7auab|audit|00.0.00.00|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/redirecting.jsp?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|unavailable|Request method: GET
21/02/04 18:25:50 ||5bb8b899-b412-4105-bd56-ab7i1ea7auab|audit|00.0.00.00|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/redirecting.jsp?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|success|
21/02/04 18:25:50 |||audit|00.0.00.00|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/redirecting.jsp?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|success|Response status: 200
21/02/04 18:25:50 ||aeb1ce2a-1147-4d3a-9cd8-722623b9d349|audit|00.0.00.00|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/images/loading.gif|unavailable|Request method: GET
21/02/04 18:25:50 ||aeb1ce2a-1147-4d3a-9cd8-722623b9d349|audit|00.0.00.00|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/images/loading.gif|success|
21/02/04 18:25:50 |||audit|00.0.00.00|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/images/loading.gif|success|Response status: 200
21/02/04 18:25:50 ||25cdb2ea-8dcf-44ae-919b-b7a5a58c26b7|audit|00.0.00.00|KNOXSSO||||access|uri|/gateway/knoxsso/api/v1/websso?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|unavailable|Request method: GET
21/02/04 18:25:50 |||audit|00.0.00.00|KNOXSSO||||access|uri|/gateway/knoxsso/api/v1/websso?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|success|Response status: 401
21/02/04 18:25:50 ||5856cc3a-0fa2-4a1b-8429-921fcfb370b7|audit|00.0.00.00|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/login.html?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|unavailable|Request method: GET
21/02/04 18:25:50 ||5856cc3a-0fa2-4a1b-8429-921fcfb370b7|audit|00.0.00.00|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/login.html?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|success|
21/02/04 18:25:50 |||audit|00.0.00.00|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/login.html?originalUrl=https://Hdp-server-ms01.cal.com:50470/index.html|success|Response status: 200
21/02/04 18:25:50 ||42901bbb-i0f3-4964-b41e-a0d85bc3b247|audit|00.0.00.00|knoxauth||||access|uri|/gateway/knoxsso/knoxauth/styles/hwx-login.css|unavailable|Request method: GET
21/02/04 18:25:50 ||42901bbb-i0f3-4964-b41e-a0d85bc3b247|audit|00.0.00.00|knoxauth|anonymous|||authentication|uri|/gateway/knoxsso/knoxauth/styles/hwx-login.css|success|
21/02/04 18:25:50 |||audit|00.0.00.00|knoxauth|anonymous|||access|uri|/gateway/knoxsso/knoxauth/styles/hwx-login.css|success|Response status: 200


However If i enter the wrong credentials, i get the following message:

Sans titre_2021_02_042.png

 

knox logs:

Koffi_0-1612483195331.png

1,902 Views
0 Kudos
3 REPLIES 3

avatar
author-rank AmirMirza
Contributor

Created ‎02-05-2021 02:13 AM

You can't access Namenode or any other service from Knox portal. However, a reverse proxy can be configured to connect to namenode Ui via knox. 
You will have to configure the Advanced topology file as per your cluster configuration in Ambari -> Knox -> Configs -> Advanced topology

Refer below article for correct configuration. Your HDP and ambari version might differ but steps would remain the same, make sure you see appropriate version in the file path according to your cluster configuartion.

https://community.cloudera.com/t5/Community-Articles/Configure-Knox-to-access-HDFS-UI/ta-p/249388

 

Please accept this answer if it help you resolve your query

1,879 Views
0 Kudos

avatar
author-rank Koffi
Contributor

Created ‎02-08-2021 10:33 AM

Hi @AmirMirza ,

Thank you for message. I am able to access others services(UI) such as the ranger UI, Yarn UI, zeppelin notebook after using my credential on the KNOX portal. It seems that only the namenode UI has this weird behavior. The namenode use to work couple days aga and we did not change any settings since...

 

 

1,862 Views
0 Kudos

avatar
author-rank AmirMirza
Contributor

Created ‎02-09-2021 01:15 AM

Hi @Koffi 

Can you share gateway.log and audit.log during the timeframe when you are accessing  namenode ui.

If namenode ui was accessible earlier, can you check if there was a failover done during the time from when it is not accessible. 

Please share advanced topology file to check your configuration.

1,845 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
View More Announcements