Configuring Proxy with Apache Knox
Also available as:
PDF
loading table of contents...

Example: Configure Knox Gateway for YARN UI

This example shows you how to set up a new custom Knox topology for YARN UI and installing services for YARN.

Setting up Topology File

  1. Login to Ambari and access Knox service page.

    Knox Admin UI link could be found on the right pane of the Ambari’s Knox page.

    Once this link is clicked, user will be asked to provide a username and password. This will be based on the ldap configured for the manager.

  2. Accessing Knox admin UI page for topology creation
    Once admin lands in to the Knox admin UI, there are fundamentally three steps more to create a topology of desired use case.
    1. Create a custom provider configuration
    2. Define Descriptors for the topology to auto-discover services from Ambari
    3. Save and verify the topology which is created
    Next steps will cover topology creation in detail.
  3. Creating a custom Provider Configuration

    Admin can click on the “Provider Configurations” in left panel to list all available providers. Click on the “+” button on the right side to create a new provider.

    Admin can select all the providers which are needed for defining “hdp_ui_provider”
    • Authentication (Anonymous)
    • Authorization (AclsAuthz/Access Control Lists)
    • HAProvider (Default)
    • Identity-assertion (Default)
    These 4 providers could be added by selecting each and giving values from the auto populated options. Detailed steps are given below.
    1. Add Authentication>Anonymous.
    2. Add Authorization>Access Control Lists.
    3. Add HAProvider>Default.
    4. Add Identity-Assertion>Default.
    5. Save the provider by clicking on save button at right bottom.
  4. Defining Descriptors for topology: Click on “+” button near to Descriptor to define a new custom descriptor.
    1. Add all details for a descriptor:
      • Define a name for the descriptor
      • Select YARNUI from the below list
      • Configure Ambari address in “Discovery - Address”
      • Configure Ambari cluster name in “Discovery - Cluster”
      • Provide Ambari user name in “Discovery - Username”
      • “Discovery Password Alias” could be left as it is as below manual step to be ran on knox machine to avoid configuring password.
    2. Creating password alias, e.g.,
      [root@ctr-e138-1518143905142-240189-01-046340 services]# /usr/$REPO/$VERSION/knox/bin/knoxcli.sh create-alias ambari.discovery.password
      Enter password:
      Enter password again:
      ambari.discovery.password has been successfully created.
      
    3. Select provider configuration as “hdp_ui_provider”.
    4. Press “Ok” to save the details.
    5. Select “hdp_ui” descriptor to add “YARNUIV2” service.

      Admin can add custom services which are see on the right pane under “Descriptor Detail”.

      Not all services listed are officially supported. See “Knox- Supported Services” for details on which services are supported.

  5. Verify topology:

    Topologies>Select one topology: This is read-only pane where all configuration which are done for “hdp_ui” could be verified.

Changing QuickLinks for YARN UIs

Admin need to paste below quicklink.json file in Ambari server machine to ensure that YARN UIs quick links are accessible only via proxy.
  1. Quick Link template
    {
      "name": "default",
      "description": "default quick links configuration",
      "configuration": {
        "protocol":
        {
          "type": "HTTPS_ONLY"
        },
        "links": [
          {
            "name": "resourcemanager_ui",
            "label": "ResourceManager UI",
            "requires_user_name": "false",
            "component_name": "KNOX_GATEWAY",
            "url": "%@://%@:%@/gateway/hdp_ui/yarnuiv2/",
            "port": {
              "https_property": "gateway.port",
              "https_default_port": "8443",
              "regex": "^(\\d+)$",
              "site": "gateway-site"
            }
          },
          {
            "name": "resourcemanager_logs",
            "label": "ResourceManager logs",
            "requires_user_name": "false",
            "component_name": "KNOX_GATEWAY",
            "url": "%@://%@:%@/gateway/hdp_ui/yarn/logs",
            "port": {
              "https_property": "gateway.port",
              "https_default_port": "8443",
              "regex": "^(\\d+)$",
              "site": "gateway-site"
            }
          },
          {
            "name": "resourcemanager_jmx",
            "label":"ResourceManager JMX",
            "requires_user_name": "false",
            "component_name": "KNOX_GATEWAY",
            "url":"%@://%@:%@/gateway/hdp_ui/yarn/jmx",
            "port": {
              "https_property": "gateway.port",
              "https_default_port": "8443",
              "regex": "^(\\d+)$",
              "site": "gateway-site"
            }
          },
          {
            "name": "thread_stacks",
            "label":"Thread Stacks",
            "requires_user_name": "false",
            "component_name": "KNOX_GATEWAY",
            "url":"%@://%@:%@/gateway/hdp_ui/yarn/stacks",
            "port": {
              "https_property": "gateway.port",
              "https_default_port": "8443",
              "regex": "^(\\d+)$",
              "site": "gateway-site"
            }
          }
        ]
      }
    }
    
  2. Place quicklinks.json in Ambari: In ambari-server host, at following path, place the quicklink file:
    /var/lib/ambari-server/resources/stacks/$REPO/$VERSION/services/YARN/quicklinks/quicklinks.json
    
    Please ensure that existing quicklinks.json in replaced with the attached json file from this document.
  3. Restart Ambari: ambari-server restart
  4. Verify QuickLinks.

    Post these steps, YARN Quick links will be accessible only via knox proxy.