Installing DataPlane
Also available as:
PDF

Configure Knox Gateway for DataPlane

DP Platform communicates with services on the cluster like DP Agents, Ambari, Atlas, Ranger, etc as well as DP Agents used by DP Apps (for example: DLM Engine for DLM and Profiler for DSS). To eliminate DataPlane communicating directly to all the cluster service endpoints, you can configure Knox Gateway as a proxy to your cluster services.

Note
Note
If you are using TLS wire encryption on your clusters, you must configure Knox Gateway to proxy requests to and from DP host.
This topic provides an overview of how to configure Knox Gateway proxy in your cluster services for DataPlane communication. If you configure Knox Gateway as the proxy for communication, be sure all DP services are configured through the gateway. Refer to the Hortonworks Data Platform or Hortonworks DataFlow documentation for details that might be applicable to your specific cluster configuration and setup. .
  • You will be configuring Knox Gateway proxy in your cluster to work with your DP instance.
  • You must have installed and configured DataPlane.
  • You must have configured Knox Gateway on your clusters.

Knox host FQDN must be DNS addressable and available from your DataPlane environment. If not, the Knox IP address must be in the /etc/hosts file on the DP environment. Refer to the DataPlane Administration guide for details on how to add Knox to the DataPlane environment hosts.

  1. On your cluster Knox host, navigate to the Knox topologies directory.
    cd /etc/knox/conf/topologies
  2. Create a DataPlane proxy topology file.
    vi dp-proxy.xml
  3. Add the host name for each of the services listed in the file, based on where that service is running in your cluster.
    Tip
    Tip
    At this point, you can add to the file the DP service agents that you plan to install, or you can add them later.
    Important
    Important
    • Do not modify the URL in the provider section of the file.
    • Be sure to keep this file updated if you move services or add services in your cluster.
    The <localhost> entry in the following example might be something like ctr-e138-1518143905142-369209-01-000005.hwx.site:20070.
    Topology dp-proxy.xml
    
    <?xml version="1.0" encoding="utf-8"?>
    <topology>
      <gateway>
        <provider>
            <role>federation</role>
            <name>SSOCookieProvider</name>
            <enabled>true</enabled>
            <param>
                <name>sso.authentication.provider.url</name>
                <value>https://localhost:8443/gateway/knoxsso/api/v1/websso</value>
            </param>
          </provider>
        <provider><role>identity-assertion</role>
          <name>Default</name>
          <enabled>true</enabled>
        </provider>
       </gateway>
    
        <service>
          <role>WEBHDFS</role>
          <url>http://<localhost>:20070/webhdfs</url>
      </service>
      <service>
          <role>WEBHCAT</role>
          <url>http://<localhost>:20111/templeton</url>
      </service>
      <service>
        <role>AMBARI</role>
        <url>http://<localhost>:8080</url>
      </service>
      <service>
        <role>AMBARIUI</role>
        <url>http://<localhost>:8080</url>
      </service>
      <service>
        <role>RANGER</role>
        <url>http://<localhost>:6080</url>
      </service>
      <service>
        <role>RANGERUI</role>
        <url>http://<localhost>:6080</url>
      </service>
      <service>
        <role>ATLAS</role>
        <url>http://<localhost>:21000</url>
      </service>
      <service>
        <role>ATLAS-API</role>
        <url>http://<localhost>:21000</url>
      </service>
      <service>
       <role>BEACON</role>    ##The DLM Engine
       <url>http://<localhost>:25968</url>
      </service>
      <service>
       <role>HIVE</role>
       <url>http://<localhost>:10001/cliservice</url>
      </service>
      <service>
       <role>RESOURCEMANAGER</role>
       <url>http://<localhost>:8088/ws</url>
      </service>
    
      <service>
       <role>PROFILER-AGENT</role>    ##The DSS Agent
       <url>http://<localhost>:21900</url>
      </service>
    
    </topology>