Installing DataPlane
Also available as:
PDF

Configure Knox Gateway for DataPlane

DP Platform communicates with services on the cluster like DP Agents, Ambari, Atlas, Ranger, etc as well as DP Agents used by DP Apps (for example: DLM Engine for DLM and Profiler for DSS). To eliminate DataPlane communicating directly to all the cluster service endpoints, you can configure Knox Gateway as a proxy to your cluster services.

Important
Important
If you are using TLS wire encryption on your clusters, you must configure Knox Gateway to proxy requests to and from DP host.

This topic provides an overview of how to configure Knox Gateway proxy in your cluster services for DataPlane communication. If you configure Knox Gateway as the proxy for communication, be sure all DP services are configured through the gateway. Refer to the Hortonworks Data Platform or Hortonworks DataFlow documentation for details that might be applicable to your specific cluster configuration and setup.

Knox host FQDN must be DNS addressable and available from your DataPlane environment. If not, the Knox IP address must be in the /etc/hosts file on the DP environment. Refer to the DataPlane Administration guide for details on how to add Knox to the DataPlane environment hosts.

  1. On your cluster Knox host, navigate to the Knox topologies directory.
    cd /etc/knox/conf/topologies
  2. Create a DataPlane proxy topology file.
    vi dp-proxy.xml
  3. Add the host name for each of the services listed in the file, based on where that service is running in your cluster.
    Tip
    Tip
    At this point, you can add to the file the DP service agents that you plan to install, or you can add them later.
    Important
    Important
    • Do not modify the URL in the provider section of the file.
    • Be sure to keep this file updated if you move services or add services in your cluster.
    The <localhost> entry in the following example might be something like ctr-exxxx-xxx-xxx.company.site:20070.
    Topology dp-proxy.xml
    
    <?xml version="1.0" encoding="utf-8"?>
    <topology>
      <gateway>
        <provider>
            <role>federation</role>
            <name>SSOCookieProvider</name>
            <enabled>true</enabled>
            <param>
                <name>sso.authentication.provider.url</name>
                <value>https://localhost:8443/gateway/knoxsso/api/v1/websso</value>
            </param>
          </provider>
        <provider><role>identity-assertion</role>
          <name>Default</name>
          <enabled>true</enabled>
        </provider>
       </gateway>
    
      <service>
        <role>AMBARI</role>
        <url>http://<localhost>:8080</url>
      </service>
      <service>
        <role>AMBARIUI</role>
        <url>http://<localhost>:8080</url>
      </service>
      <service>
        <role>RANGER</role>
        <url>http://<localhost>:6080</url>
      </service>
      <service>
        <role>RANGERUI</role>
        <url>http://<localhost>:6080</url>
      </service>
      <service>
        <role>ATLAS</role>
        <url>http://<localhost>:21000</url>
      </service>
      <service>
        <role>ATLAS-API</role>
        <url>http://<localhost>:21000</url>
      </service>
      <service>
       <role>BEACON</role>    ##The DLM Engine
       <url>http://<localhost>:25968</url>
      </service>
    
      <service>
       <role>PROFILER-AGENT</role>    <!-- The DSS Agent -->
       <url>http://<localhost>:21900</url>
      </service>
    
    </topology>
    
    Note
    Note
    If you plan to set up using Knox gateway, verify your URLs for registration.