Installing Apache Knox
This document provides instructions on how to install Apache Knox using the CDP Private Cloud Base installation process.
Apache Knox is an application gateway for interacting with the REST APIs and UIs. The Knox Gateway provides a single access point for all REST and HTTP interactions in your Cloudera Data Platform cluster.
When installing Knox, you must have Kerberos enabled on your cluster.
-
From your Cloudera Manager homepage, go to Status tab > $Cluster Name > ... > Add Service
- From the list of services, select Knox and click Continue.
-
On the Select Dependencies page, choose the dependencies
you want Knox to set up:
HDFS, Ranger, Solr, Zookeeper For users that require Apache Ranger for authorization. HDFS with Ranger. HDFS depends on Zookeeper, and Ranger depends on Solr. HDFS, Zookeeper HDFS depends on Zookeeper. No optional dependencies For users that do not wish to have Knox integrate with HDFS or Ranger. -
On the Assign Roles page, select role assignments for your
dependencies and click Continue:
* Note: KnoxIDBroker appears in the Assign Roles page, but it is not currently supported in CDP-DC.Knox service roles Description Required? Knox Gateway If Knox is installed, at least one instance of this role should be installed. This role represents the Knox Gateway which provides a single access point for all REST and HTTP interactions with Apache Hadoop clusters. Required KnoxIDBroker* It is strongly recommended that this role is installed on its own dedicated host. As its name suggests this role will allow you to take advantage of Knox’s Identity Broker capabilities, an identity federation solution that exchanges cluster authentication for temporary cloud credentials.* Optional* Gateway This role comes with the CSD framework. The gateway structure is used to describe the client configuration of the service on each host where the gateway role is installed. Optional -
On the Review Changes page, most of the default values are
acceptable, but you must Enable Kerberos Authentication and supply the Knox
Master Secret. There are additional parameters you can specify or change, listed
in
Knox Install Role Parameters
.-
Click Enable Kerberos Authentication
Kerberos is required where Knox is enabled.
- Supply the Knox Master Secret, e.g. knoxsecret.
- Click Continue.
-
Click Enable Kerberos Authentication
- The Command Details page shows the status of your operation. After completion, your system admin can view logs for your installation under stdout.