Cloudera Community
Announcements
We’ve updated our product names and community labels - click here for full details
douglasharley
user rank
New Member
My Accepted Solutions
Show All

Re: Knox + Zeppelin websocket problems

by New Member in Support Questions
‎01-11-2019 06:06 AM
‎01-11-2019 06:06 AM
You were exactly correct, thanks again! For others who might be using an NGINX proxy in front of Knox, the bolded below is what I had to add to me NGINX cfg for the proxy URL: server { listen 443 ssl; server_name PROXIED_URL; ssl on; ssl_protocols TLSv1.1 TLSv1.2; ssl_certificate /etc/ssl/private/CORPORATE_CERT.crt; ssl_certificate_key /etc/ssl/private/CORPORATE_CERT.key; location / { proxy_pass https://KNOX_HOST:8443; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_read_timeout 86400; } } ... View more

Re: Knox + Zeppelin websocket problems

by New Member in Support Questions
‎01-09-2019 06:38 PM
‎01-09-2019 06:38 PM
Aha, that might just be it... I do have NGINX in front of Knox, but just proxying it, not load-balancing. I bet you are right, and if I configure NGINX for web sockets it will work. I just got thrown-off my those Knox errors and didn't even think to check NGINX logs, herpderp! Yes, the role is ZEPPELINWS. I am in the middle of swapping-out the self-signed certs for corporate ones, but once I get that taken care of will do the NGINX cfg changes and if works will accept your answer. THANKS for the excellent reply!!! Cheers, Doug ... View more

Knox + Zeppelin websocket problems

by New Member in Support Questions
‎01-08-2019 11:01 PM
‎01-08-2019 11:01 PM
I am attempting to configure Zeppelin behind Knox gateway running within an HDP 3.1.0 cluster with HDF 3.3.1 installed, all administered by Ambari 2.7.3. I am following the docs here: https://docs.hortonworks.com/HDPDocuments/HDP3/HDP-3.1.0/configuring-proxy-knox/sec_configuring_proxy_knox.pdf. As per the docs, I have set gateway.websocket.feature.enabled=true in Ambari's Knox configs, and when I access Zeppelin at the proxied URL I get the UI, saying the websocket is disconnected, and in the knox logs I see this: 2019-01-08 20:26:46,217 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /zeppelin/ws 2019-01-08 20:26:46,217 DEBUG knox.gateway (UrlRewriteProcessor.java:rewrite(163)) - Rewrote URL: https://KNOXHOST:8443/gateway/CLUSTERNAME/zeppelin/ws, direction: IN via explicit rule: ZEPPELINWS/zeppelin/ws/inbound to URL: ws://ZEPPELINHOST:9995/ws/ws 2019-01-08 20:26:46,218 DEBUG knox.gateway (DefaultDispatch.java:executeOutboundRequest(121)) - Dispatch request: GET ws://ZEPPELINHOST:9995/ws/ws 2019-01-08 20:26:46,219 WARN knox.gateway (DefaultDispatch.java:executeOutboundRequest(147)) - Connection exception dispatching request: ws://ZEPPELINHOST:9995/ws/ws org.apache.http.conn.UnsupportedSchemeException: ws protocol is not supported Seeing the extra "ws" appended to the redirect URL, I add a pre-shortened URL to empty ZEPPELINWS service definition in the knox descriptor, to override the bad one: ws://ZEPPELINHOST:9995 Then save descriptor/redeploy the topology and also restart knox, then I see essentially the same error, but with the correct URL now in the knox logs: 2019-01-08 20:41:12,796 DEBUG knox.gateway (GatewayFilter.java:doFilter(119)) - Received request: GET /zeppelin/ws 2019-01-08 20:41:12,798 DEBUG knox.gateway (UrlRewriteProcessor.java:rewrite(163)) - Rewrote URL: https://KNOXHOST:8443/gateway/CLUSTERNAME/zeppelin/ws, direction: IN via explicit rule: ZEPPELINWS/zeppelin/ws/inbound to URL: ws://ZEPPELINHOST:9995/ws 2019-01-08 20:41:12,800 DEBUG knox.gateway (DefaultDispatch.java:executeOutboundRequest(121)) - Dispatch request: GET ws://ZEPPELINHOST:9995/ws 2019-01-08 20:41:12,802 WARN knox.gateway (DefaultDispatch.java:executeOutboundRequest(147)) - Connection exception dispatching request: ws://ZEPPELINHOST:9995/ws org.apache.http.conn.UnsupportedSchemeException: ws protocol is not supported Any ideas what my problem might be? I have been banging my head on this for almost a full day and not making any progress, so thanks in advance for any assistance... -Doug ... View more
Labels:

Re: Knox admin UI session length not respected wit...

by New Member in Support Questions
‎01-02-2019 04:56 PM
‎01-02-2019 04:56 PM
OK, I figured this out...the problem was with the default setting of knoxsso.token.ttl property, which was 30000 (30 seconds). I stopped the Knox service, updated the configuration in Ambari, restarted Knox, and now behavior is correct. ... View more

Knox admin UI session length not respected with de...

by New Member in Support Questions
‎01-02-2019 03:46 PM
‎01-02-2019 03:46 PM
Hello, I have used Ambari 2.7.3 to setup an HDP 3.1.0 + HDF 3.3.0 cluster, and am trying to configure Knox proxy functionality but am having problems...the Knox admin UI doesn't seem to respect the setting of 30 minute sessions with the ShiroProvider. I have verified that the configs in Ambari all specify sessionTimeout of 30, which is supposed to be 30 minutes, but I get logged-out almost immediately when trying to use the admin UI. If I click down into the default read-only topologies, and then try to navigate back into the providers, I have to re-login, even though it's on;y been like 30 seconds. Any idea what the problem might be? Thanks in advance, Doug ... View more
Labels:
Contact Me
Online
Offline
Last Visited
‎01-31-2019 02:39 AM
Community Statistics
Member Since ‎08-24-2018 02:20 PM
Last Visited ‎01-31-2019 02:39 AM
Posts 16
Kudos received 1