[jira] [Commented] (KNOX-563) Unable to validate knox topology service

Thu, 02 Jul 2015 13:49:36 -0700 

    [ 
https://issues.apache.org/jira/browse/KNOX-563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14612503#comment-14612503
 ] 

Aneela Saleem commented on KNOX-563:
------------------------------------

Here are the contents of cluster1.xml

<topology>
   <gateway>
        <provider>
            <role>authentication</role>
            <name>ShiroProvider</name>
            <enabled>true</enabled>
            <param>
                <!-- 
                session timeout in minutes,  this is really idle timeout,
                defaults to 30mins, if the property value is not defined,, 
                current client authentication would expire if client idles 
contiuosly for more than this value
                -->
                <name>sessionTimeout</name>
                <value>30</value>
            </param>
            <param>
                <name>main.ldapRealm</name>
                
<value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
            </param>
            <param>
                <name>main.ldapContextFactory</name>
                
<value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
            </param>
            <param>
                <name>main.ldapRealm.contextFactory</name>
                <value>$ldapContextFactory</value>
            </param>
            <param>
                <name>main.ldapRealm.userDnTemplate</name>
                <value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value>
            </param>
            <param>
                <name>main.ldapRealm.contextFactory.url</name>
                <value>ldap://localhost:33389</value>
            </param>
            <param>
                
<name>main.ldapRealm.contextFactory.authenticationMechanism</name>
                <value>simple</value>
            </param>
            <param>
                <name>urls./**</name>
                <value>authcBasic</value>
            </param>
        </provider>

        <provider>
            <role>authorization</role>
            <name>AclsAuthz</name>
            <enabled>true</enabled>
            <param>
                <name>knox.acl</name>
                <value>admin;*;*</value>
            </param>
        </provider>

        <provider>
            <role>identity-assertion</role>
            <name>Default</name>
            <enabled>true</enabled>
        </provider>

        <!--
        Defines rules for mapping host names internal to a Hadoop cluster to 
externally accessible host names.
        For example, a hadoop service running in AWS may return a response that 
includes URLs containing the
        some AWS internal host name.  If the client needs to make a subsequent 
request to the host identified
        in those URLs they need to be mapped to external host names that the 
client Knox can use to connect.

        If the external hostname and internal host names are same turn of this 
provider by setting the value of
        enabled parameter as false.

        The name parameter specifies the external host names in a comma 
separated list.
        The value parameter specifies corresponding internal host names in a 
comma separated list.

        Note that when you are using Sandbox, the external hostname needs to be 
localhost, as seen in out
        of box sandbox.xml.  This is because Sandbox uses port mapping to allow 
clients to connect to the
        Hadoop services using localhost.  In real clusters, external host names 
would almost never be localhost.
        -->
        <provider>
            <role>hostmap</role>
            <name>static</name>
            <enabled>true</enabled>
            <param><name>localhost</name><value>127.0.0.1</value></param>
        </provider>
   </gateway>  
  <service>
        <role>NAMENODE</role>
        <url>hdfs://localhost:8020</url>
    </service>

    <service>
        <role>JOBTRACKER</role>
        <url>rpc://localhost:8050</url>
    </service>

    <service>
         <role>RESOURCEMANAGER</role>
         <url>http://red3:8088/ws</url>
     </service>  

    <service>
        <role>WEBHDFS</role>
        <url>http://localhost:50070/webhdfs</url>
    </service>

    <service>
        <role>WEBHCAT</role>
        <url>http://webcat-host:50111/templeton</url>
    </service>

    <service>
        <role>OOZIE</role>
        <url>http://oozie-host :11000/oozie</url>
    </service>

    <service>
        <role>WEBHBASE</role>
        <url>http://webhbase-host :60080</url>
    </service>

    <service>
        <role>HIVE</role>
        <url>http://hive-host :10001/cliservice</url>
    </service>
</topology>

> Unable to validate knox topology service
> ----------------------------------------
>
>                 Key: KNOX-563
>                 URL: https://issues.apache.org/jira/browse/KNOX-563
>             Project: Apache Knox
>          Issue Type: Bug
>            Reporter: Aneela Saleem
>
> I'm using this command to validate 'webhdfs' service provided by knox:
> curl -vk 
> https://localhost:8443/gateway/cluster1/webhdfs/v1?op=GETHOMEDIRECTORY
> I get the foloowing response:
> > GET /gateway/cluster1/webhdfs/v1?op=GETHOMEDIRECTORY HTTP/1.1
> > User-Agent: curl/7.35.0
> > Host: localhost:8443
> > Accept: */*
> > 
> < HTTP/1.1 401 Unauthorized
> Attached is my topology descriptor file i.e., cluster1.xml
> How can i fix the issue?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to