Member since
08-10-2016
170
Posts
14
Kudos Received
6
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
20321 | 01-31-2018 04:55 PM | |
4355 | 11-29-2017 03:28 PM | |
1937 | 09-27-2017 02:43 PM | |
2135 | 09-12-2016 06:36 PM | |
2029 | 09-02-2016 01:58 PM |
08-12-2019
05:03 PM
your blog link is a dead link.
... View more
04-08-2019
02:38 PM
Super helpful to know it can be done, but is this the ambari-server conf file you edit or the ambari-agent file? I assume it's ambari-server but it would be nice to have that as a clear call out in the article.
... View more
09-15-2018
08:10 PM
I setup knox to use LDAP [r00t@clu-s6 ~]$ sudo /usr/hdp/current/knox-server/bin/knoxcli.sh user-auth-test --cluster default --u [user] --p [password] --d
LDAP authentication successful!
But it's still letting anonymous users in: 18/09/15 19:49:22 |||audit|172.17.159.226|ZEPPELINUI|anonymous|||access|uri|/gateway/default/zeppelin/extensions/MathZoom.js?V=2.7.0|success|Response status: 200
How do I get knox to only allow authenticated users? I must have missed something simple Advanced topology: <topology>
<gateway>
<provider>
<role>authentication</role>
<name>ShiroProvider</name>
<enabled>true</enabled>
<param>
<name>sessionTimeout</name>
<value>30</value>
</param>
<param>
<name>main.ldapRealm</name>
<value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
</param>
<param>
<name>main.ldapRealm</name>
<value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
</param>
<param>
<name>main.ldapRealm.userDnTemplate</name>
<value>uid={0},ou=People,dc=cloud,dc=res,dc=bngf,dc=local</value>
</param>
<param>
<name>main.ldapRealm.contextFactory.systemUsername</name>
<value>cn=ldapadm,dc=cloud,dc=res,dc=bngf,dc=local</value>
</param>
<param>
<name>main.ldapRealm.contextFactory.systemPassword</name>
<value>********</value>
</param>
<param>
<name>main.ldapRealm.contextFactory.url</name>
<value>ldap://fqdn.host.com:389</value>
</param>
<param>
<name>main.ldapRealm.contextFactory.authenticationMechanism</name>
<value>simple</value>
</param>
<param>
<name>urls./**</name>
<value>authcBasic</value>
</param>
</provider>
<provider>
<role>identity-assertion</role>
<name>Default</name>
<enabled>true</enabled>
</provider>
<provider>
<role>authorization</role>
<name>XASecurePDPKnox</name>
<enabled>true</enabled>
</provider>
</gateway>
<service>
<role>NAMENODE</role>
<url>hdfs://{{namenode_host}}:{{namenode_rpc_port}}</url>
</service>
<service>
<role>ATLAS</role>
<url>http://{{ambari_server_hostname}}:8080</url>
</service>
<service>
<role>RANGER</role>
<url>http://this.host.com:6080</url>
</service>
<service>
<role>RANGERUI</role>
<url>http://clu-hgm3:6080</url>
</service>
<service>
<role>AMBARI</role>
<url>http://{{ambari_server_hostname}}:8080</url>
</service>
<service>
<role>AMBARIUI</role>
<url>http://{{ambari_server_hostname}}:8080</url>
</service>
<service>
<role>JOBTRACKER</role>
<url>rpc://{{rm_host}}:{{jt_rpc_port}}</url>
</service>
<service>
<role>WEBHDFS</role>
{{webhdfs_service_urls}}
</service>
<service>
<role>WEBHCAT</role>
<url>http://{{webhcat_server_host}}:{{templeton_port}}/templeton</url>
</service>
<service>
<role>OOZIE</role>
<url>http://{{oozie_server_host}}:{{oozie_server_port}}/oozie</url>
</service>
<service>
<role>WEBHBASE</role>
<url>http://{{hbase_master_host}}:{{hbase_master_port}}</url>
</service>
<service>
<role>HIVE</role>
<url>http://{{hive_server_host}}:{{hive_http_port}}/{{hive_http_path}}</url>
</service>
<service>
<role>RESOURCEMANAGER</role>
<url>http://{{rm_host}}:{{rm_port}}/ws</url>
</service>
<service>
<role>DRUID-COORDINATOR-UI</role>
{{druid_coordinator_urls}}
</service>
<service>
<role>DRUID-COORDINATOR</role>
{{druid_coordinator_urls}}
</service>
<service>
<role>DRUID-OVERLORD-UI</role>
{{druid_overlord_urls}}
</service>
<service>
<role>DRUID-OVERLORD</role>
{{druid_overlord_urls}}
</service>
<service>
<role>DRUID-ROUTER</role>
{{druid_router_urls}}
</service>
<service>
<role>DRUID-BROKER</role>
{{druid_broker_urls}}
</service>
<service>
<role>ZEPPELINUI</role>
{{zeppelin_ui_urls}}
</service>
<service>
<role>ZEPPELINWS</role>
{{zeppelin_ws_urls}}
</service>
</topology>
... View more
Labels:
- Labels:
-
Apache Knox
05-10-2018
08:14 PM
hdp 2.6.3 is missing this script. Any hints to where it was moved?
... View more
05-02-2018
05:02 PM
Did you ever figure it out. i"m facing the same issue.
... View more
04-18-2018
11:04 AM
1 Kudo
It's my understanding that the authentication for Jupyter is pluggable. Here's their documentation that explaines their security model. It's a little light on details. This seems to be the integration point you are looking for https://github.com/jupyterhub/ldapauthenticator
... View more
04-08-2018
04:50 PM
Interestingly I did try "use" but zeppelin's SQL interpreter doesn't seem to track 'use database' between statements. Maybe that's an issue I should report. @bkosaraju I really appreciate the thorough answer.
... View more
04-05-2018
02:56 PM
My question still stands... but I did fine a ranger work around. Ranger>Hive>default database policy. default database Allow create/select on table "tmp_*"
... View more