Cloudera Community
luka_vranjkovic
user rank
Contributor

Re: Knox Random Authentication

by Contributor in Support Questions
‎03-29-2018 01:03 AM
‎03-29-2018 01:03 AM
Thank you @Geoffrey Shelton Okot, What would then be the required changes for the settings below? Will Knox work with AD auth? <provider> <role>authentication</role> <name>Anonymous</name> <enabled>true</enabled> </provider> <provider> <role>identity-assertion</role> <name>Default</name> <enabled>false</enabled> </provider><br> ... View more

Re: Knox Random Authentication

by Contributor in Support Questions
‎03-28-2018 03:42 AM
‎03-28-2018 03:42 AM
@Geoffrey Shelton Okot That worked perfectly! - If I wish to use LDAP authentication - Do I first need to setup Ambari with LDAP and then specify the following to use the LDAP auth? <gateway> <provider> <role>authentication</role> <name>Anonymous</name> <enabled>true</enabled> ... View more

Re: Knox Random Authentication

by Contributor in Support Questions
‎03-28-2018 03:29 AM
‎03-28-2018 03:29 AM
Hi @Geoffrey Shelton Okot I started up the Knox LDAP Demo and it immediately worked using: user: guest password: guest-password I will try your method without the LDAP demo. Thanks ... View more

Knox Random Authentication

by Contributor in Support Questions
‎03-28-2018 02:18 AM
‎03-28-2018 02:18 AM
Hi guys, I have attempted to add the YARN service into Knox Gateway. These are the settings in my advanced topology xml file: <service> <role>YARN</role> <url>http://<HOSTNAME>:8088</url> </service> <service> <role>YARNUI</role> <url>http://<HOSTNAME>:8088</url> </service> - I'm not entirely sure those ports are correct. The configs show 8050 for yarn.resourcemanager.address 8141 for yarn.resourcemanager.admin.address 8088 for yarn.resourcemanager.webapp.address 8090 for yarn.resourcemanager.webapp.https.address I have also updated the following quicklinks.json files on the Ambari Server Host: /var/lib/ambari-server/resources/stacks/HDP/2.0.6/services/YARN/quicklinks/quicklinks.json /var/lib/ambari-server/resources/stacks/HDP/2.3/services/YARN/quicklinks/quicklinks.json The config change looks like this: { "name": "resourcemanager_ui", "label": "ResourceManager UI", "requires_user_name": "false", "component_name": "RESOURCEMANAGER", "url": "https://FQDN(KNOX HOST):8443/gateway/default/yarnui", "port":{ "http_property": "yarn.resourcemanager.webapp.address", "http_default_port": "8088", "https_property": "yarn.resourcemanager.webapp.https.address", "https_default_port": "8090", "regex": "\\w*:(\\d+)", "site": "yarn-site" } The problem is when I use the URL: https://<FQDN KNOX HOST>:8443/gateway/default/yarnui/ I get a page not found error, although when I use the URL: https://<FQDN KNOX HOST>:8443/gateway/default/yarn/ I get a popup asking me for a username and password - I have not set these anywhere. I have also tried admin/admin and admin/admin-password with no luck. Am I missing something? ... View more
Labels:

Re: Ambari UI via Knox - Limited accessibility

by Contributor in Support Questions
‎03-01-2018 06:10 AM
‎03-01-2018 06:10 AM
Hi @Jay Kumar SenSharma That worked, although when I go and access other services and try view their UI's it just diverts back to their original IP address. Lets take YARN as an example, this is the configuration I have currently entered into the topology: <service> <role>YARN</role> <url>http://192.168.XXX.XXX:8088</url> </service> <service> <role>YARNUI</role> <url>http://192.168.XXX.XXX:8088</url> </service> ... View more

Re: Ambari UI via Knox - Limited accessibility

by Contributor in Support Questions
‎02-27-2018 03:20 AM
‎02-27-2018 03:20 AM
@Jay Kumar SenSharma I have set the Ambari Server URL as follows: https://$AMBARI_HOST:8443 I am unable to import any certificates into the Knox keystore. Using the following command: keytool -importcert -file test.csr -keystore gateway.jks -alias "gateway-identity" along with the Knox Master Secret password although I get the error: keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect. Note I have created the alias with this command: knoxcli.sh create-alias gateway-identity-passphrase --value {value} I have even removed and re-installed Knox and reset the Master Secret password, again same error. ... View more

Re: Ambari UI via Knox - Limited accessibility

by Contributor in Support Questions
‎02-27-2018 02:26 AM
‎02-27-2018 02:26 AM
@Jay Kumar SenSharma I am unable to access Ambari UI at all when trying through Knox. I'm met with a HTTP 500 error ... View more

Re: Ambari UI via Knox - Limited accessibility

by Contributor in Support Questions
‎02-27-2018 02:17 AM
‎02-27-2018 02:17 AM
Hi @Jay Kumar SenSharma I have configured the truststore and enabled SSL for Ambari. It is currently listening on port 8443 and I am able to access Ambari UI normally (now via HTTPS). I am still receiving the same error when trying to access it via Knox. The log is from /var/log/knox/ (Not located on the ambari host server) Full Log: gateway.txt ... View more

Re: Ambari UI via Knox - Limited accessibility

by Contributor in Support Questions
‎02-27-2018 01:26 AM
‎02-27-2018 01:26 AM
@Jay Kumar SenSharma Snippet: Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) at sun.security.validator.Validator.validate(Validator.java:260) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) ... 76 more Its strange because originally it was working. I will give that guide a go now. Thanks! EDIT: This was from the Knox Gateway log /var/log/knox/gateway.log ... View more

Re: Ambari UI via Knox - Limited accessibility

by Contributor in Support Questions
‎02-27-2018 01:19 AM
‎02-27-2018 01:19 AM
@Jay Kumar SenSharma - I did not have AMBARI added, only AMBARIUI. I have added that in now although I am now getting this error: Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target @Deepak Sharma I was able to view the ambari homepage, there were just little things missing as I mentioned earlier. ... View more
Contact Me
Online
Offline
Last Visited
‎05-31-2018 08:53 AM
Community Statistics
Member Since ‎08-08-2017 01:16 AM
Last Visited ‎05-31-2018 08:53 AM
Posts 43
Kudos received 1