In order to have Cloudera Manager proxied through Knox,
there are some steps you must complete.
-
Set the value for frontend_url: :
- Non-HA value:
https://$Knox_host:$knox_port
- HA value:
https://$Knox_loadbalancer_host:$Knox_loadbalancer_port
-
Set allowed groups, hosts, and users for Knox Proxy: :
- Allowed Groups for Knox Proxy:
*
- Allowed Hosts for Knox Proxy:
*
- Allowed Users for Knox Proxy:
*
-
Enable Kerberos/SPNEGO authentication for the Admin Console and API: : true
-
From , set Knox Proxy Principal:
knox.
External authentication must be set up correctly. Cloudera
Manager must be configured to use LDAP, following the standard procedure for setting up
LDAP. This LDAP server should be the same LDAP that populates local users on Knox hosts
(if using PAM authentication with Knox), or the same LDAP that Knox is configured to use
(if using LDAP authentication with Knox).