KNOX Services UI - stanislawbartkowski/hdpactivedirectory GitHub Wiki
In this article, I'm presenting how to configure Knox to access the Hadoop UIs using Knox gateway. The Knox gateway service allows public access to internal Hadoop services UI deployed in a private network.
YARN UI is not enabled out of the box.
Discover the hostname and port number for YARN UI. For instance: mdp1.sb.com:8088
Knox->Configs->Advanced topology. Enter the YARNUI service declaration in the default.xml template defined there.
<service>
<role>YARNUI</role>
<url>http://mdp1.sb.com:8088</url>
</service>
Restart Knox.
Open URL: https://:8443/gateway/default/yarn/
The authentication mechanism depends on the authentication provider specification.
More information on how to integrate Knox with LDAP/AD or SPNEGO authentication: https://github.com/stanislawbartkowski/hdpactivedirectory/wiki/Knox
As a default, the Demo LDAP demo is configured. Make sure that Demo LDAP is started: Knox->Actions->Start Demo LDAP. Use credentials defined in Knox->Configs->Advanced users-ldif. For instances: guest/guest-password
SSH tunnelling allows access to YARN UI using localhost hostname. It is useful when the cluster is protected by Kerberos and the personal desktop does not have access to AD KDC.
Example command:
ssh -i credentials.ppk [email protected] -L 127.0.0.1:8443:10.58.32.12:8443 -vvv
Make sure that local desktop can connect to Knox secure port and handshaking is enabled.
openssl s_client -connect localhost:8443
Because we are going to connect using localhost, the Knox is not recognizing it as trusted host.
Knox->Configs->Advanced gateway-site
Replace DEFAULT with regular expression .*
Restart Knox and open URL https://localhost:8443/gateway/default/yarn/
Discover Spark History hostname and port. For instance: mdp1.sb.com:18081
Knox->Configs->Advanced topology
Service definition:
<service>
<role>SPARKHISTORYUI</role>
<url>http://mdp1.sb.com:18081</url>
</service>
Open URL https://:8443/gateway/default/sparkhistory/