DocsHortonworks Data Platform

 

 2. Set up and Validate the Knox Gateway Installation

Setting up and validating the Knox Gateway installation requires a fully operational Hadoop Cluster that can be accessed from the gateway. This section explains how to get the gateway up and running, and how to test access to your existing cluster with the minimal configuration.

Use the steps in this section for initial gateway testing. For detailed configuration instructions, see the Knox Gateway Administrator Guide.

To set up the gateway and test access:

  1. Set the master secret:

    su -l knox -c "$gateway_home/bin/gateway.sh setup"

    You will be prompted for the master secret. Enter the password at the prompt.

  2. Start the gateway:

    su -l knox -c /usr/hdp/current/knox-server/bin/gateway.sh start

    Starting Gateway succeeded with PID 1871.

    The gateway starts. The PID is stored in /var/run/knox.

  3. Start the demo LDAP service that contains the guest user account for testing:

    su -l knox -c "/usr/hdp/current/knox-server/bin/ldap.sh start"

    Starting LDAP succeeded with PID 1965.

    In a production environment, use Active Directory or OpenLDAP for authentication. For detailed instructions on configuring the Knox Gateway, see Configuring Authentication in the Knox Gateway Administrator Guide.

  4. Verify that the gateway and LDAP service are running:

    su -l knox -c "$gateway_home/bin/gateway.sh status"

    Gateway is running with PID 1871.

    su -l knox -c "$gateway_home/bin/ldap.sh status"

    LDAP is running with PID 1965.

  5. Confirm access from the gateway host to the WebHDFS Service host using telnet:

    telnet $webhdfs_host $webhdfs_port

    [Important]Important

    You must be able to reach the internal cluster service from the gateway before continuing.

  6. Update the WebHDFS host information in the $gateway_home/conf/topologies/sandbox.xml file:

    1. Find the service definition for WebHDFS and update it as follows:

      <service>
     <role>WEBHDFS</role>
     <url>http://$webhdfs_host:$webhdfs_port/webhdfs</url>
</service>

      where $webhdfs_host and $webhdfs_port (default port is 50070) match your environment.

    2. (Optional) Comment out the Sandbox-specific hostmap information: 

      <!-- REMOVE SANDBOX HOSTMAP PROVIDER <provider>
     <role>hostmap</role>
     <name>static</name>
     <enabled>false</enabled>
     <param><name>localhost</name> 
     <value>sandbox,sandbox.hortonworks.com</value></param>
</provider>
-->

  7. (Optional) Rename the Sandbox Topology Descriptor file to match the name of your cluster:

    mv $gateway_home/conf/topologies/sandbox.xml $gateway_home/conf/ topologies/cluster-name.xml

    The gateway is now configured to allow access to WebHDFS.

  8. On an external client that has curl, enter the following command:

    curl-k -ssl3 -u guest:guest-password -X GET "https://$gateway_host:8443/ gateway/sandbox/webhdfs/v1/?op=LISTSTATUS"

    where sandbox is the name of the cluster topology descriptor file that you created for testing. If you renamed it, then replace sandbox in the command above.

    $gateway_host is the Knox Gateway hostname. The status is returned.

Legal notices
loading table of contents...