Installing DPS
Also available as:
PDF

Configure Knox Gateway for DPS and HDP

DPS Platform communicates with services on the HDP cluster like DPS Agents, Ambari, Atlas, Ranger, etc. If you are using TLS wire encryption on your clusters, you must configure Knox Gateway to proxy requests to and from DPS Platform. If DPS uses proxying, then all DPS services need to use it to communicate with DPS.

This topic provides an overview of how to configure Knox Gateway proxy in your HDP cluster to work with DPS. Refer to the HDP documentation for details that might be applicable to your specific HDP configuration and setup.
  • You will be configuring Knox Gateway proxy in your HDP cluster to work with your DP instance.
  • You must have installed and configured DPS.
  • You must have configured Knox Gateway on your clusters.

    See Knox Gateway proxying with DPS for details.

Knox host FQDN must be DNS addressable and available from your DPS environment. If not, the Knox IP address must be in the /etc/hosts file on the DP environment. Refer to the DPS Administration guide for details on how to add Knox to the DPS environment hosts.

  1. On your HDP cluster Knox host, navigate to the Knox topologies directory.
    cd /etc/knox/conf/topologies
  2. Create a DPS proxy topology file.
    vi dp-proxy.xml
  3. Add the host name for each of the services listed in the file, based on where that service is running in your HDP cluster.
    Important
    Important
    • Do not modify the URL in the provider section of the file.
    • Be sure to keep this file updated if you move services around in your cluster.
    Topology dp-proxy.xml
    
    <?xml version="1.0" encoding="utf-8"?>
    <topology>
      <gateway>
        <provider>
            <role>federation</role>
            <name>SSOCookieProvider</name>
            <enabled>true</enabled>
            <param>
                <name>sso.authentication.provider.url</name>
                <value>https://localhost:8443/gateway/knoxsso/api/v1/websso</value>
            </param>
    
        </provider>
       </gateway>
        <service>
          <role>WEBHDFS</role>
          <url>http://<localhost>:20070/webhdfs</url>
    
      </service>
      <service>
          <role>WEBHCAT</role>
          <url>http://<localhost>:50111/templeton</url>
      </service>
      <service>
        <role>AMBARI</role>
        <url>http://<localhost>:8080</url>
      </service>
      <service>
        <role>RANGER</role>
        <url>http://<localhost>:6080</url>
      </service>
      <service>
        <role>ATLAS</role>
        <url>http://<localhost>:21000</url>
      </service>
      <service>
       <role>BEACON</role>
       <url>http://<localhost>:25968</url>
      </service>
      <service>
       <role>HIVE</role>
       <url>http://<localhost>:???</url>
      </service>
    
    </topology>