Apache Knox Install Role Parameters

Reference information on all the parameters available for Knox service roles.

Service-level parameters

Table 1. Required service-level parameters
Name In Wizard Type Default Value
kerberos.auth.enabled* Yes Boolean false
ranger_knox_plugin_hdfs_audit_directory No Text ${ranger_base_audit_url}/knox
autorestart_on_stop No Boolean false
knox_pam_realm_service No Text login
save_alias_command_input_password No Text -

Knox Gateway role parameters

Table 2. Required parameters for Knox Gateway role
Name In Wizard Type Default Value
gateway_master_secret Yes Password -
gateway_conf_dir Yes Path /var/lib/knox/gateway/conf
gateway_data_dir Yes Path /var/lib/knox/gateway/data
gateway_port No Port 8443
gateway_path No Text gateway
gateway_heap_size No Memory 1 GB (min = 256 MB; soft min = 512 MB)
gateway_ranger_knox_plugin_conf_path No Path /var/lib/knox/ranger-knox-plugin
gateway_ranger_knox_plugin_policy_cache_directory No Path /var/lib/ranger/knox/gateway/policy-cache
gateway_ranger_knox_plugin_hdfs_audit_spool_directory No Path /var/log/knox/gateway/audit/hdfs/spool
gateway_ranger_knox_plugin_solr_audit_spool_directory No Path /var/log/knox/gateway/audit/solr/spool
Table 3. Optional parameters for Knox Gateway role
Name Type Default Value
gateway_default_topology_name Text cdp-proxy
gateway_auto_discovery_enabled Boolean true
gateway_cluster_configuration_monitor_interval Time 60 seconds (minimum = 30 seconds)
gateway_auto_discovery_advanced_configuration_monitor_interval Time 10 seconds (minimum = 5 seconds)
gateway_cloudera_manager_descriptors_monitor_interval Time 10 seconds (minimum = 5 seconds)
gateway_auto_discovery_cdp_proxy_enabled_* Boolean true
gateway_auto_discovery_cdp_proxy_api_enabled_* Boolean true
gateway_descriptor_cdp_proxy Text Array Contains the required properties of cdp-proxy topology
gateway_descriptor_cdp_proxy_api Text Array Contains the required properties of cdp-proxy-api topology
gateway_sso_authentication_provider Text Array

Contains the required properties of the authentication provider used by the UIs using the Knox SSO capabilities (such as Home Page UI). Defaults to PAM authentication.

gateway_api_authentication_provider Text Array

Contains the required properties of the authentication provider used by pre-defined topologies such as admin, metadata or cdp-proxy-api. Defaults to PAM authentication.

Knox IDBroker role parameters

Table 4. Required parameters for Knox IDBroker role
Name In Wizard Type Default Value
idbroker_master_secret Yes Password -
idbroker_conf_dir Yes Path /var/lib/knox/idbroker/conf
idbroker_data_dir Yes Path /var/lib/knox/idbroker/data
idbroker_gateway_port No Port 8444
idbroker_gateway_path No Text gateway
idbroker_heap_size No Memory 1 GB (min = 256 MB; soft min = 512 MB)
Table 5. Optional parameters for Knox IDBroker role
Name Type Default Value
idbroker_aws_user_mapping Text -
idbroker_aws_group_mapping Text -
idbroker_aws_user_default_group_mapping Text -
idbroker_aws_credentials_key Password -
idbroker_aws_credentials_secret Password -
idbroker_gcp_user_mapping Text -
idbroker_gcp_group_mapping Text -
idbroker_gcp_user_default_group_mapping Text -
idbroker_gcp_credential_key Password -
idbroker_gcp_credential_secret Password -
idbroker_azure_user_mapping Text -
idbroker_azure_group_mapping Text -
idbroker_azure_user_default_group_mapping Text -
idbroker_azure_adls2_tenant_name Text -
idbroker_azure_vm_assumer_identity Text -
idbroker_relaodable_refresh_interval_ms Time 10 seconds (minimum = 1 second)
idbroker_kerberos_dt_proxyuser_block Text Array A comma-separated list of proxy user configuration used in Knox's dt topology in case Kerberos is enabled
idbroker_knox_token_ttl_ms Time 1 hour (minimum = 1 second)