svn commit: r1526457 - in /incubator/knox/trunk/books/0.3.0: book.md config.md

[km...@apache.org]

Author: kminder
Date: Thu Sep 26 12:19:40 2013
New Revision: 1526457

URL: http://svn.apache.org/r1526457
Log:
Added section for hostmap configuration.

Modified:
    incubator/knox/trunk/books/0.3.0/book.md
    incubator/knox/trunk/books/0.3.0/config.md

Modified: incubator/knox/trunk/books/0.3.0/book.md
URL: http://svn.apache.org/viewvc/incubator/knox/trunk/books/0.3.0/book.md?rev=1526457&r1=1526456&r2=1526457&view=diff
==============================================================================
--- incubator/knox/trunk/books/0.3.0/book.md (original)
+++ incubator/knox/trunk/books/0.3.0/book.md Thu Sep 26 12:19:40 2013
@@ -44,8 +44,8 @@ Table Of Contents
     * [Hive](#Hive)
 * [Secure Clusters](#Secure+Clusters)
 * [Trouble Shooting](#Trouble+Shooting)
-* [Export Controls](#Export+Controls)
 * [Release Verification](#Release+Verification)
+* [Export Controls](#Export+Controls)
 
 
 {{Introduction}}
@@ -118,14 +118,17 @@ Only more recent versions of some Hadoop
 
 | Service           | Version    | Non-Secure  | Secure |
 | ----------------- | ---------- | ----------- | ------ |
-| WebHDFS           | 2.1.0      | ![y]        | ![y]   |
-| WebHCat/Templeton | 0.11.0     | ![y]        | ![n]   |
+| WebHDFS           | 2.1.0      | ![y]        | ![?]![y]   |
+| WebHCat/Templeton | 0.11.0     | ![y]        | ![?]![n]   |
 | Ozzie             | 4.0.0      | ![y]        | ![?]   |
 | HBase/Stargate    | 0.95.2     | ![y]        | ![?]   |
 | Hive/JDBC         | 0.11.0     | ![n]        | ![n]   |
 |                   | 0.12.0     | ![?]![y]    | ![?]   |
 | Hive/ODBC         | 0.12.0     | ![?]        | ![?]   |
 
+ProxyUser feature of WebHDFS, WebHCat and Oozie required for secure cluster support seem to work fine.
+Knox code seems to be broken for support of secure cluster at this time for WebHDFS, WebHCat and Oozie.
+
 
 <<sandbox.md>>
 
@@ -167,24 +170,6 @@ TODO
 <<trouble.md>>
 
 
-{{Export Controls}}
--------------------
-
-Apache Knox Gateway includes cryptographic software.
-The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software.
-BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted.
-See http://www.wassenaar.org for more information.
-
-The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms.
-The form and manner of this Apache Software Foundation distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.
-
-The following provides more details on the included cryptographic software:
-
-* Apache Knox Gateway uses the ApacheDS which in turn uses Bouncy Castle generic encryption libraries.
-* See http://www.bouncycastle.org for more details on Bouncy Castle.
-* See http://directory.apache.org/apacheds for more details on ApacheDS.
-
-
 {{Release Verification}}
 ------------------------
 
@@ -209,5 +194,24 @@ or
     % gpg --import KEYS
     % gpg --verify knox-incubating-0.3.0.zip.asc
 
+
+{{Export Controls}}
+-------------------
+
+Apache Knox Gateway includes cryptographic software.
+The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software.
+BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted.
+See http://www.wassenaar.org for more information.
+
+The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms.
+The form and manner of this Apache Software Foundation distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.
+
+The following provides more details on the included cryptographic software:
+
+* Apache Knox Gateway uses the ApacheDS which in turn uses Bouncy Castle generic encryption libraries.
+* See http://www.bouncycastle.org for more details on Bouncy Castle.
+* See http://directory.apache.org/apacheds for more details on ApacheDS.
+
+
 <<../common/footer.md>>
 

Modified: incubator/knox/trunk/books/0.3.0/config.md
URL: http://svn.apache.org/viewvc/incubator/knox/trunk/books/0.3.0/config.md?rev=1526457&r1=1526456&r2=1526457&view=diff
==============================================================================
--- incubator/knox/trunk/books/0.3.0/config.md (original)
+++ incubator/knox/trunk/books/0.3.0/config.md Thu Sep 26 12:19:40 2013
@@ -18,7 +18,21 @@
 {{Configuration}}
 -----------------
 
-### Enabling logging ###
+### Host Mapping ###
+
+TODO
+
+That really depends upon how you have your VM configured.
+If you can hit http://c6401.ambari.apache.org:1022/ directly from your client and knox host then you probably don't need the hostmap at all.
+The host map only exists for situations where a host in the hadoop cluster is known by one name externally and another internally.
+For example running hostname -q on sandbox returns sandbox.hortonworks.com but externally Sandbox is setup to be accesses using localhost via portmapping.
+The way the hostmap config works is that the <name/> element is what the hadoop cluster host is known as externally and the <value/> is how the hadoop cluster host identifies itself internally.
+<param><name>localhost</name><value>c6401,c6401.ambari.apache.org</value></param>
+You SHOULD be able to simply change <enabled>true</enabled> to false but I have a suspicion that that might not actually work.
+Please try it and file a jira if that doesn't work.
+If so, simply either remove the full provider config for hostmap or remove the <param/> that defines the mapping.
+
+### Logging ###
 
 If necessary you can enable additional logging by editing the `log4j.properties` file in the `conf` directory.
 Changing the rootLogger value from `ERROR` to `DEBUG` will generate a large amount of debug logging.