You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Jaimin D Jetly (JIRA)" <ji...@apache.org> on 2014/10/21 22:24:33 UTC
[jira] [Updated] (AMBARI-7890) Make changes in ambari-web code to
support knox kerberization
[ https://issues.apache.org/jira/browse/AMBARI-7890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jaimin D Jetly updated AMBARI-7890:
-----------------------------------
Description:
*1. Show knox section on Configure Services page with the {{knox_gateway_principal}} and {{knox_gateway_keytab}} properties. These properties will be added to knox-env.xml file*
*2. Edit core-site.xml if HDFS service is installed on the cluster*
{code}
<property>
<name>webhcat.proxyuser.knox.groups</name>
<value>users</value>
</property>
<property>
<name>webhcat.proxyuser.knox.hosts</name>
<value>FQDN_OF_KNOX_HOST</value>
</property>
{code}
*3. Edit webhcat-site.xml if Hive is installed*
{code}
<property>
<name>hadoop.proxyuser.knox.groups</name>
<value>users</value>
</property>
<property>
<name>hadoop.proxyuser.knox.hosts</name>
<value>FQDN_OF_KNOX_HOST</value>
</property>
{code}
*4. Edit oozie-site.xml if Oozie is installed*
{code}
<property>
<name>oozie.service.ProxyUserService.proxyuser.knox.groups</name>
<value>users</value>
</property>
<property>
<name>oozie.service.ProxyUserService.proxyuser.knox.hosts</name>
<value>FQDN_OF_KNOX_HOST</value>
</property>
{code}
*5. Edit hive-site.xml (Enable http transport mode and use substitution in Hive Server2.) This configs should show on Hive service page only if Knox is installed*
hive.server2.allow.user.substitution=true
hive.server2.transport.mode=http
hive.server2.thrift.http.port=10001
hive.server2.thrift.http.path=cliservice
*6. Edit gateway-site.xml*
gateway.hadoop.kerberos.secured=true
was:
*1. Show knox section on Configure Services page with the {{knox_gateway_principal}} and {{knox_gateway_keytab}} properties. These properties will be added to knox-env.xml file*
*2. Edit core-site.xml if HDFS service is installed on the cluster*
{code}
<property>
<name>webhcat.proxyuser.knox.groups</name>
<value>users</value>
</property>
<property>
<name>webhcat.proxyuser.knox.hosts</name>
<value>FQDN_OF_KNOX_HOST</value>
</property>
{code}
*3. Edit webhcat-site.xml if Hive is installed*
{code}
<property>
<name>hadoop.proxyuser.knox.groups</name>
<value>users</value>
</property>
<property>
<name>hadoop.proxyuser.knox.hosts</name>
<value>FQDN_OF_KNOX_HOST</value>
</property>
{code}
*4. Edit oozie-site.xml if Oozie is installed*
{code}
<property>
<name>oozie.service.ProxyUserService.proxyuser.knox.groups</name>
<value>users</value>
</property>
<property>
<name>oozie.service.ProxyUserService.proxyuser.knox.hosts</name>
<value>FQDN_OF_KNOX_HOST</value>
</property>
{code}
*5. Edit hive-site.xml (Enable http transport mode and use substitution in Hive Server2.) This configs should show on Hive service page only if Knox is installed*
hive.server2.allow.user.substitution=true
hive.server2.transport.mode=http
hive.server2.thrift.http.port=10001
hive.server2.thrift.http.path=cliservice
*6. Update gateway-site.xml on Knox host on Knox host*
Update conf/gateway-site.xml in your Knox installation and set the value of gateway.hadoop.kerberos.secured to true.
> Make changes in ambari-web code to support knox kerberization
> -------------------------------------------------------------
>
> Key: AMBARI-7890
> URL: https://issues.apache.org/jira/browse/AMBARI-7890
> Project: Ambari
> Issue Type: Technical task
> Components: ambari-web
> Affects Versions: 1.7.0
> Reporter: Jaimin D Jetly
> Assignee: Jaimin D Jetly
> Fix For: 1.7.0
>
>
> *1. Show knox section on Configure Services page with the {{knox_gateway_principal}} and {{knox_gateway_keytab}} properties. These properties will be added to knox-env.xml file*
> *2. Edit core-site.xml if HDFS service is installed on the cluster*
> {code}
> <property>
> <name>webhcat.proxyuser.knox.groups</name>
> <value>users</value>
> </property>
> <property>
> <name>webhcat.proxyuser.knox.hosts</name>
> <value>FQDN_OF_KNOX_HOST</value>
> </property>
> {code}
> *3. Edit webhcat-site.xml if Hive is installed*
> {code}
> <property>
> <name>hadoop.proxyuser.knox.groups</name>
> <value>users</value>
> </property>
> <property>
> <name>hadoop.proxyuser.knox.hosts</name>
> <value>FQDN_OF_KNOX_HOST</value>
> </property>
> {code}
> *4. Edit oozie-site.xml if Oozie is installed*
> {code}
> <property>
> <name>oozie.service.ProxyUserService.proxyuser.knox.groups</name>
> <value>users</value>
> </property>
> <property>
> <name>oozie.service.ProxyUserService.proxyuser.knox.hosts</name>
> <value>FQDN_OF_KNOX_HOST</value>
> </property>
> {code}
> *5. Edit hive-site.xml (Enable http transport mode and use substitution in Hive Server2.) This configs should show on Hive service page only if Knox is installed*
> hive.server2.allow.user.substitution=true
> hive.server2.transport.mode=http
> hive.server2.thrift.http.port=10001
> hive.server2.thrift.http.path=cliservice
> *6. Edit gateway-site.xml*
> gateway.hadoop.kerberos.secured=true
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)