The Knox Gateway supports one or more Hadoop clusters. Each Hadoop cluster
configuration is defined in a topology deployment descriptor file in the
/etc/knox/conf/topologies
directory and is deployed to a corresponding WAR file in the
/var/lib/knox/data/deployments
directory. These files define how the gateway communicates with each Hadoop clusters.
The descriptor is an XML file contains the following sections:
gateway/provider
: Configuration settings enforced by the Knox Gateway while providing access to the Hadoop cluster.service
: Defines the Hadoop service URLs used by the gateway to proxy communications from external clients.
The following table provides an overview of the providers and services:
Table 3.1. Cluster Topology Provider and Service Roles
Type | Role | Description |
---|---|---|
gateway/provider | hostmap | Maps external to internal node hostnames, replacing the internal hostname with mapped external name when hostname is embedded in a response from the cluster, see Map Hadoop Cluster Host Names. |
authentication | Integrates an LDAP store to authenticate external requests accessing the cluster via the Knox Gateway, see Set up LDAP Authentication. | |
federation | Defines HTTP header authentication fields for an SSO or federation solution provider, see Set up HTTP Header Authentication for Federation/SSO. | |
identity-assertion | Maps external authenticated users to an internal cluster user that the gateway asserts as the current session user or group, see Configure Identity Assertion. | |
authorization | Service level authorization that restricts cluster access to specified users, groups and/or IP addresses, see Configure Service Level Authorization. | |
webappsec | Configures a web application security plug-in that provides protection filtering against Cross Site Request Forgery attacks, see Configure Web Application Security. | |
service | $service_name | Binds a Hadoop service with an internal URL that the gateway uses to proxy requests from external clients to the internal cluster services, see Configure Hadoop Service URLs. |
Note | |
---|---|
The gateway automatically redeploys the cluster when a new topology descriptor file or change is detected. |
Cluster topology descriptors have the following XML format:
<topology> <gateway> <provider> <role></role> <name></name> <enabled></enabled> <param> <name></name> <value></value> </param> </provider> </gateway> <service> </service> </topology>