Command Line Installation
Also available as:
PDF
loading table of contents...

Set up and Validate the Knox Gateway Installation

Setting up and validating the Knox Gateway installation requires a fully operational Hadoop Cluster that can be accessed from the gateway. This section explains how to get the gateway up and running, and how to test access to your existing cluster with the minimal configuration.

Use the steps in this section for initial gateway testing. For detailed configuration instructions, see the Apache Know Gateway Overview in the Hadoop Security Guide.

To set up the gateway and test access:

  1. Set the master secret.

    su -l knox -c "$gateway_home/bin/gateway.sh setup"

    You are prompted for the master secret. Enter the password at the prompt.

  2. Start the gateway:

    su -l knox -c "/usr/hdp/current/knox-server/bin/gateway.sh start"

    Starting Gateway succeeded with PID 1871.

    The gateway starts. The PID is stored in /var/run/knox.

  3. Start the demo LDAP service that contains the guest user account for testing.

    su -l knox -c "/usr/hdp/current/knox-server/bin/ldap.sh start"

    Starting LDAP succeeded with PID 1965.

    In a production environment, use Active Directory or OpenLDAP for authentication. For detailed instructions on configuring the Knox Gateway, see Configuring Authentication in the Hadoop Security Guide.

  4. Verify that the gateway and LDAP service are running:

    su -l knox -c "$gateway_home/bin/gateway.sh status"

    Gateway is running with PID 1871.

    su -l knox -c "$gateway_home/bin/ldap.sh status"

    LDAP is running with PID 1965.

  5. Confirm access from the gateway host to the WebHDFS Service host using telnet:

    [Note]Note

    To enable telnet set dfs.webhdfs.enabled to true.

    telnet $webhdfs_host $webhdfs_port

    [Important]Important

    You must be able to reach the internal cluster service from the machine on which Knox is running before continuing.

  6. Update the WebHDFS host information and any other host and port in the topology to match your deployment.

    [Note]Note

    Your set up is not complete until all of the host:port information is updated.

    The WebHDFS host information is located in the $gateway_home/conf/topologies/sandbox.xml file.

    1. Find the service definition for WebHDFS and update it as follows:

      <service>
           <role>WEBHDFS</role>
           <url>http://$webhdfs_host:$webhdfs_port/webhdfs</url>
      </service>

      where $webhdfs_host and $webhdfs_port (default port is 50070) match your environment.

    2. (Optional) Comment out the Sandbox-specific hostmap information:

      <!-- REMOVE SANDBOX HOSTMAP PROVIDER <provider>
           <role>hostmap</role>
           <name>static</name>
           <enabled>false</enabled>
           <param><name>localhost</name>
           <value>sandbox,sandbox.hortonworks.com</value></param>
      </provider>
      -->
      
  7. (Optional) Rename the Sandbox Topology Descriptor file to match the name of your cluster:

    mv $gateway_home/conf/topologies/sandbox.xml $gateway_home/conf/topologies/cluster-name.xml

    The gateway is now configured to allow access to WebHDFS.

  8. On an external client that has curl, enter the following command:

    curl -k -u guest:guest-password -X GET "https://$gateway_host:8443/gateway/sandbox/webhdfs/v1/?op=LISTSTATUS"

    where sandbox is the name of the cluster topology descriptor file that you created for testing. If you renamed it, then replace sandbox in the command above.

    $gateway_host is the Knox Gateway hostname. The status is returned.