You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Jaimin D Jetly (JIRA)" <ji...@apache.org> on 2014/10/21 22:24:33 UTC

[jira] [Updated] (AMBARI-7890) Make changes in ambari-web code to support knox kerberization

     [ https://issues.apache.org/jira/browse/AMBARI-7890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jaimin D Jetly updated AMBARI-7890:
-----------------------------------
    Description: 
*1. Show knox section on Configure Services page with the {{knox_gateway_principal}} and {{knox_gateway_keytab}} properties. These properties will be added to knox-env.xml file*

*2. Edit core-site.xml if HDFS service is installed on the cluster*
{code}
<property>
    <name>webhcat.proxyuser.knox.groups</name>
    <value>users</value>
</property>
<property>
    <name>webhcat.proxyuser.knox.hosts</name>
    <value>FQDN_OF_KNOX_HOST</value>
</property>
{code}

*3. Edit webhcat-site.xml if Hive is installed*
{code}
<property>
    <name>hadoop.proxyuser.knox.groups</name>
    <value>users</value>
</property>
<property>
    <name>hadoop.proxyuser.knox.hosts</name>
    <value>FQDN_OF_KNOX_HOST</value>
</property>
{code}

*4. Edit oozie-site.xml if Oozie is installed*
{code}
<property>
   <name>oozie.service.ProxyUserService.proxyuser.knox.groups</name>
   <value>users</value>
</property>
<property>
   <name>oozie.service.ProxyUserService.proxyuser.knox.hosts</name>
   <value>FQDN_OF_KNOX_HOST</value>
</property>
{code}

*5. Edit hive-site.xml (Enable http transport mode and use substitution in Hive Server2.) This configs should show on Hive service page only if Knox is installed*

hive.server2.allow.user.substitution=true

hive.server2.transport.mode=http 

hive.server2.thrift.http.port=10001

hive.server2.thrift.http.path=cliservice

*6. Edit gateway-site.xml*

gateway.hadoop.kerberos.secured=true


  was:
*1. Show knox section on Configure Services page with the {{knox_gateway_principal}} and {{knox_gateway_keytab}} properties. These properties will be added to knox-env.xml file*

*2. Edit core-site.xml if HDFS service is installed on the cluster*
{code}
<property>
    <name>webhcat.proxyuser.knox.groups</name>
    <value>users</value>
</property>
<property>
    <name>webhcat.proxyuser.knox.hosts</name>
    <value>FQDN_OF_KNOX_HOST</value>
</property>
{code}

*3. Edit webhcat-site.xml if Hive is installed*
{code}
<property>
    <name>hadoop.proxyuser.knox.groups</name>
    <value>users</value>
</property>
<property>
    <name>hadoop.proxyuser.knox.hosts</name>
    <value>FQDN_OF_KNOX_HOST</value>
</property>
{code}

*4. Edit oozie-site.xml if Oozie is installed*
{code}
<property>
   <name>oozie.service.ProxyUserService.proxyuser.knox.groups</name>
   <value>users</value>
</property>
<property>
   <name>oozie.service.ProxyUserService.proxyuser.knox.hosts</name>
   <value>FQDN_OF_KNOX_HOST</value>
</property>
{code}

*5. Edit hive-site.xml (Enable http transport mode and use substitution in Hive Server2.) This configs should show on Hive service page only if Knox is installed*

hive.server2.allow.user.substitution=true

hive.server2.transport.mode=http 

hive.server2.thrift.http.port=10001

hive.server2.thrift.http.path=cliservice

*6. Update gateway-site.xml on Knox host on Knox host*

Update conf/gateway-site.xml in your Knox installation and set the value of gateway.hadoop.kerberos.secured to true.



> Make changes in ambari-web code to support knox kerberization
> -------------------------------------------------------------
>
>                 Key: AMBARI-7890
>                 URL: https://issues.apache.org/jira/browse/AMBARI-7890
>             Project: Ambari
>          Issue Type: Technical task
>          Components: ambari-web
>    Affects Versions: 1.7.0
>            Reporter: Jaimin D Jetly
>            Assignee: Jaimin D Jetly
>             Fix For: 1.7.0
>
>
> *1. Show knox section on Configure Services page with the {{knox_gateway_principal}} and {{knox_gateway_keytab}} properties. These properties will be added to knox-env.xml file*
> *2. Edit core-site.xml if HDFS service is installed on the cluster*
> {code}
> <property>
>     <name>webhcat.proxyuser.knox.groups</name>
>     <value>users</value>
> </property>
> <property>
>     <name>webhcat.proxyuser.knox.hosts</name>
>     <value>FQDN_OF_KNOX_HOST</value>
> </property>
> {code}
> *3. Edit webhcat-site.xml if Hive is installed*
> {code}
> <property>
>     <name>hadoop.proxyuser.knox.groups</name>
>     <value>users</value>
> </property>
> <property>
>     <name>hadoop.proxyuser.knox.hosts</name>
>     <value>FQDN_OF_KNOX_HOST</value>
> </property>
> {code}
> *4. Edit oozie-site.xml if Oozie is installed*
> {code}
> <property>
>    <name>oozie.service.ProxyUserService.proxyuser.knox.groups</name>
>    <value>users</value>
> </property>
> <property>
>    <name>oozie.service.ProxyUserService.proxyuser.knox.hosts</name>
>    <value>FQDN_OF_KNOX_HOST</value>
> </property>
> {code}
> *5. Edit hive-site.xml (Enable http transport mode and use substitution in Hive Server2.) This configs should show on Hive service page only if Knox is installed*
> hive.server2.allow.user.substitution=true
> hive.server2.transport.mode=http 
> hive.server2.thrift.http.port=10001
> hive.server2.thrift.http.path=cliservice
> *6. Edit gateway-site.xml*
> gateway.hadoop.kerberos.secured=true



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)