2. Set up and Validate the Knox Gateway Installation

Setting up and validating the Knox Gateway installation requires a fully operational Hadoop Cluster that can be accessed from the gateway. This section explains how to get the gateway up and running and then test access to your existing cluster with the minimal configuration.


Use the setup in this section for initial gateway testing. For detailed configuration instructions, see the Knox Gateway Administrator Guide

To set up the gateway and test access:

  1. Set the master secret:

    su -l knox -c "$gateway_home/bin/gateway.sh setup"

    You are prompted for the master secret, enter the password at the prompts.

  2. Start the gateway:

    su -l knox -c "$gateway_home/bin/gateway.sh start"
    Starting Gateway succeeded with PID 1871. 

    The gateway starts and the PID is stored in /var/run/knox.

  3. Start the demo LDAP service that contains the guest user account for testing:

    su -l knox -c "$gateway_home/bin/ldap.sh start"
    Starting LDAP succeeded with PID 1965.

    In a production environment, we recommend using Active Directory or OpenLDAP for authentication. For detailed instructions on configuring Knox Gateway, see Configuring Authentication in the Knox Gateway Administrator Guide.

  4. Verify that the gateway and LDAP service are running:

    su -l knox -c "$gateway_home/bin/gateway.sh status"
    Gateway is running with PID 1871. 
    su -l knox -c "$gateway_home/bin/ldap.sh status"
    LDAP is running with PID 1965.
  5. Confirm access from gateway host to WebHDFS Service host using telnet:

    telnet $webhdfs_host $webhdfs_port

    You must successfully be able to reach the internal cluster service from the gateway before continuing.

  6. Update the WebHDFS host information:

    1. Open the $gateway_home/conf/topologies/sandbox.xml file in an editor, such as vi.

    2. Find service definition for WebHDFS and update it as follows:


      where $webhdfs_host and $webhdfs_port (default port is 50070) match your environment.

    3. (Optionally) Comment out the Sandbox specific hostmap information:

  7. (Optionally) Rename the Sandbox Topology Descriptor file to match the name of your cluster:

    mv $gateway_home/conf/topologies/sandbox.xml $gateway_home/conf/topologies/cluster-name.xml

    The gateway is now configured to allow access to WebHDFS.

  8. On an external client that has curl, enter the following command:

    curl  -k -ssl3 -u guest:guest-password -X GET "https://$gateway_host:8443/gateway/sandbox/webhdfs/v1/?op=LISTSTATUS" 


    • sandbox is the name of the cluster topology descriptor file that you created for testing. If you renamed it, then replace sandbox in the command above.

    • $gateway_host is the Knox Gateway hostname.

    The status is returned.

loading table of contents...