Does anyone have experience setting up the SmartSense gateway using a proxy server with NTLM authentication?
I know the proxy works for curl since the following command works fine (that's the static.smartsense.hortonworks.com IP 10.92.160.111):
curl --proxy-ntlm --proxy-user user --proxy myproxyserver.net:8080 10.92.160.111
When I try to upload the bundle to HWX, I get the following error:
2018-03-22 11:32:15,505 INFO [qtp765284253-19] HTTPSProvider:107 - Executing request :POSThttps://smartsense.hortonworks.com:443/gateway/api/v1/upload/bundleHTTP/1.1 to targethttps://smartsense.hortonworks.com:443
2018-03-22 11:32:15,617 WARN [qtp765284253-19] HttpAuthenticator:207 - NEGOTIATE authentication error: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt))
2018-03-22 11:32:15,617 WARN [qtp765284253-19] HttpAuthenticator:207 - NTLM authentication error: Credentials cannot be used for NTLM authentication: org.apache.http.auth.UsernamePasswordCredentials
2018-03-22 11:32:15,621 INFO [qtp765284253-19] HTTPSProvider:110 - ----------------------------------------
2018-03-22 11:32:15,621 INFO [qtp765284253-19] HTTPSProvider:111 - HTTP/1.1 407 authenticationrequired
2018-03-22 11:32:15,623 WARN [qtp765284253-19] ServletHandler:514 - /api/v1/upload/bundle
com.google.gson.JsonSyntaxException: java.lang.IllegalStateException: Expected BEGIN_OBJECT but was STRING at line 1 column 10
I'm thinking I have hst-gateway.ini configured incorrectly and not using NTLM, but not sure how to do that.
Here is my hst-gateway.ini:
# Copyright (c) 2011-2017, Hortonworks Inc. All rights reserved.
# Except as expressly permitted in a written agreement between you
# or your company and Hortonworks, Inc, any use, reproduction,
# modification, redistribution, sharing, lending or other exploitation
# of all or any part of the contents of this file is strictly prohibited. language governing permissions and
# limitations under the License
[security]
; supported digest commands are md2,md5,mdc2,rmd160,sha,sha1,sha224,sha256,sha384,sha512
openssl.digest.algorithms=sha256,sha384,sha512,sha,sha1,md5
gateway.home.dir = /var/lib/smartsense/hst-gateway
; one way ssl enabled for registration
gateway.registration.port=9450
; two ssl enabled for accessing gateway api
gateway.port=9451
[java]
home=/usr/java/jdk1.8.0_121/jre/bin/
[gateway]
; Warning: The following details should be changed only if directed by documentation or Hortonworks Support
; Transfer protocol for SmartSense environment
smartsense.upload.provider.type=HTTPS
; Hosted SmartSense environment SFTP username
smartsense.sftp.username=upload
; Hosted SmartSense environment SFTP password
smartsense.sftp.password=password
; Hosted SmartSense environment SFTP host
smartsense.sftp.server.host=10.92.160.111
; Hosted SmartSense environment SFTP port
smartsense.sftp.server.port=2222
; remote landing directory for bundle upload. Please do not change this
smartsense.sftp.remotedir=landing/
; timeout for sftp session (milliseconds)
; default is 10 seconds or 10000 milliseconds
smartsense.sftp.timeout=10000
start.validation.enabled=false
; Hosted SmartSense environment HTTPS username
smartsense.https.username=upload
; Hosted SmartSense environment HTTPS password
smartsense.https.password=password
; Hosted SmartSense environment HTTPS host
smartsense.https.server.host=10.92.160.111
; Hosted SmartSense environment HTTPS port
smartsense.https.server.port=443
; All proxy configurations are applicable only for HTTPS provider type
; set to true to set up a proxy between gateway and SmartSense environment
provider.https.proxy.enabled=true
; fully qualified proxy hostname
provider.https.proxy.hostname=myproxyserver.net
; proxy port that will be used by gateway for outbound access
provider.https.proxy.port=8080
; supported proxy types : HTTP / HTTPS [default:HTTP]
provider.https.proxy.type=HTTP
; supported proxy authentication types : NONE / BASIC / DIGEST [default:NONE]
provider.https.proxy.auth.type=BASIC
; proxy username for identified auth.type
provider.https.proxy.auth.username=user
; proxy password for identified auth.type
provider.https.proxy.auth.password=password
; [optional] any additional proxy setup parameters
; use "|" to separate multiple parameters
; for example: digest requires parameters such as
; realm=default|nonce=12GHtqeZA!7Ke43
provider.https.proxy.auth.parameters=
; buffer size in bytes used for following transfers
; hst-server to gateway
; gateway to SmartSense
data.transfer.buffer.size=4096
; thread pool size for the gateway server's API endpoint
; if not provided then server automatically calculates based on cpu cores
;thread.pool.size=20
[ulimit]
; linux open-file limit
open.files=10000
