You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Benjamin Tan (JIRA)" <ji...@apache.org> on 2017/09/06 09:51:01 UTC

[jira] [Updated] (KNOX-1025) Topology Domain Mapping

     [ https://issues.apache.org/jira/browse/KNOX-1025?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Benjamin Tan updated KNOX-1025:
-------------------------------
    Description: 
h2. Motivation
In a multi-tenant doployment, end user need to access hadoop service in:
{code:java}
https://{gateway-host}:8443/gateway/eerie/webhdfs 
{code}
, even with [KIP-6 Topology Port Mapping|https://cwiki.apache.org/confluence/display/KNOX/KIP-6+Topology+Port+Mapping], end user need to access in:
{code:java}
https://{gateway-host}:5443/webhdfs
{code}
we can give more convenience for end user, let them access in:
{code:java}
https://{eerie-specific-domain}/webhdfs
or
https://eerie.{gateway-domain}/webhdfs
{code}

There are some deploy prerequisites:
1. Let tenant admin add CNAME {quote}{eerie-specific-domain}{quote} in their DNS server, point gateway host;
2. add CNAME {quote}eerie.{gateway-domain}{quote} in gateway domain DNS server, point geteway host;
3. add firewall rule in gateway host and redirect 443 to knox listening port 8443.


h2. Configuration
Configuration for this feature will be in gateway-site.xml config file.


{code:java}
<!-- Optional, true by default-->
<property>
    <name>gateway.domain.mapping.enabled</name>
    <value>true</value>
    <description>Enable/Disable gateway topology domain mapping feature.</description>
</property>
 
<!-- Multi Domain Gateway -->
<property>
    <name>gateway.domain.mapping.eerie</name>
    <value>{eerie-specific-domain}</value>
    <description>The domain for the Topology.</description>
</property>
{code}


  was:
h2. Motivation
In a multi-tenant doployment, end user need to access hadoop service in:
https://{gateway-host}:8443/gateway/eerie/webhdfs 

, even with [KIP-6 Topology Port Mapping|https://cwiki.apache.org/confluence/display/KNOX/KIP-6+Topology+Port+Mapping], end user need to access in:
https://{gateway-host}:5443/webhdfs

we can give more convenience for end user, let them access in:
https://{eerie-specific-domain}/webhdfs
or
https://eerie.{gateway-domain}/webhdfs

There are some deploy prerequisites:
1. Let tenant admin add CNAME {eerie-specific-domain} in their DNS server, point gateway host.
2. add CNAME eerie.{gateway-domain} in gateway domain DNS server, point geteway host.
3. add firewall rule in gateway host and redirect 443 to knox listening port 8443

h2. Configuration
Configuration for this feature will be in gateway-site.xml config file.
{code:xml}
<!-- Optional, true by default-->
<property>
    <name>gateway.domain.mapping.enabled</name>
    <value>true</value>
    <description>Enable/Disable gateway topology domain mapping feature.</description>
</property>
 
<!-- Multi Domain Gateway -->
<property>
    <name>gateway.domain.mapping.eerie</name>
    <value>{eerie-specific-domain}</value>
    <description>The domain for the Topology.</description>
</property>
{code}


> Topology Domain Mapping
> -----------------------
>
>                 Key: KNOX-1025
>                 URL: https://issues.apache.org/jira/browse/KNOX-1025
>             Project: Apache Knox
>          Issue Type: New Feature
>          Components: Server
>            Reporter: Benjamin Tan
>
> h2. Motivation
> In a multi-tenant doployment, end user need to access hadoop service in:
> {code:java}
> https://{gateway-host}:8443/gateway/eerie/webhdfs 
> {code}
> , even with [KIP-6 Topology Port Mapping|https://cwiki.apache.org/confluence/display/KNOX/KIP-6+Topology+Port+Mapping], end user need to access in:
> {code:java}
> https://{gateway-host}:5443/webhdfs
> {code}
> we can give more convenience for end user, let them access in:
> {code:java}
> https://{eerie-specific-domain}/webhdfs
> or
> https://eerie.{gateway-domain}/webhdfs
> {code}
> There are some deploy prerequisites:
> 1. Let tenant admin add CNAME {quote}{eerie-specific-domain}{quote} in their DNS server, point gateway host;
> 2. add CNAME {quote}eerie.{gateway-domain}{quote} in gateway domain DNS server, point geteway host;
> 3. add firewall rule in gateway host and redirect 443 to knox listening port 8443.
> h2. Configuration
> Configuration for this feature will be in gateway-site.xml config file.
> {code:java}
> <!-- Optional, true by default-->
> <property>
>     <name>gateway.domain.mapping.enabled</name>
>     <value>true</value>
>     <description>Enable/Disable gateway topology domain mapping feature.</description>
> </property>
>  
> <!-- Multi Domain Gateway -->
> <property>
>     <name>gateway.domain.mapping.eerie</name>
>     <value>{eerie-specific-domain}</value>
>     <description>The domain for the Topology.</description>
> </property>
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)