[
https://issues.apache.org/jira/browse/KNOX-1025?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Benjamin Tan updated KNOX-1025:
-------------------------------
Description:
h2. Motivation
In a multi-tenant doployment, end user need to access hadoop service in:
{code:java}
https://{gateway-host}:8443/gateway/eerie/webhdfs
{code}
, even with [KIP-6 Topology Port
Mapping|https://cwiki.apache.org/confluence/display/KNOX/KIP-6+Topology+Port+Mapping],
end user need to access in:
{code:java}
https://{gateway-host}:5443/webhdfs
{code}
we can give more convenience for end user, let them access in:
{code:java}
https://{eerie-specific-domain}/webhdfs
or
https://eerie.{gateway-domain}/webhdfs
{code}
There are some deploy prerequisites:
# Let tenant admin add CNAME topology-specific-domain in their DNS server,
point gateway host;
# add CNAME eerie.gateway-domain in gateway domain DNS server, point geteway
host;
# add firewall rule in gateway host and redirect 443 to knox listening port
8443.
h2. Configuration
Configuration for this feature will be in gateway-site.xml config file.
{code:java}
<!-- Optional, true by default-->
<property>
<name>gateway.domain.mapping.enabled</name>
<value>true</value>
<description>Enable/Disable gateway topology domain mapping
feature.</description>
</property>
<!-- Multi Domain Gateway -->
<property>
<name>gateway.domain.mapping.eerie</name>
<value>{eerie-specific-domain}</value>
<description>The domain for the Topology.</description>
</property>
{code}
was:
h2. Motivation
In a multi-tenant doployment, end user need to access hadoop service in:
{code:java}
https://{gateway-host}:8443/gateway/eerie/webhdfs
{code}
, even with [KIP-6 Topology Port
Mapping|https://cwiki.apache.org/confluence/display/KNOX/KIP-6+Topology+Port+Mapping],
end user need to access in:
{code:java}
https://{gateway-host}:5443/webhdfs
{code}
we can give more convenience for end user, let them access in:
{code:java}
https://{eerie-specific-domain}/webhdfs
or
https://eerie.{gateway-domain}/webhdfs
{code}
There are some deploy prerequisites:
1. Let tenant admin add CNAME {quote}{eerie-specific-domain}{quote} in their
DNS server, point gateway host;
2. add CNAME {quote}eerie.{gateway-domain}{quote} in gateway domain DNS server,
point geteway host;
3. add firewall rule in gateway host and redirect 443 to knox listening port
8443.
h2. Configuration
Configuration for this feature will be in gateway-site.xml config file.
{code:java}
<!-- Optional, true by default-->
<property>
<name>gateway.domain.mapping.enabled</name>
<value>true</value>
<description>Enable/Disable gateway topology domain mapping
feature.</description>
</property>
<!-- Multi Domain Gateway -->
<property>
<name>gateway.domain.mapping.eerie</name>
<value>{eerie-specific-domain}</value>
<description>The domain for the Topology.</description>
</property>
{code}
> Topology Domain Mapping
> -----------------------
>
> Key: KNOX-1025
> URL: https://issues.apache.org/jira/browse/KNOX-1025
> Project: Apache Knox
> Issue Type: New Feature
> Components: Server
> Reporter: Benjamin Tan
>
> h2. Motivation
> In a multi-tenant doployment, end user need to access hadoop service in:
> {code:java}
> https://{gateway-host}:8443/gateway/eerie/webhdfs
> {code}
> , even with [KIP-6 Topology Port
> Mapping|https://cwiki.apache.org/confluence/display/KNOX/KIP-6+Topology+Port+Mapping],
> end user need to access in:
> {code:java}
> https://{gateway-host}:5443/webhdfs
> {code}
> we can give more convenience for end user, let them access in:
> {code:java}
> https://{eerie-specific-domain}/webhdfs
> or
> https://eerie.{gateway-domain}/webhdfs
> {code}
> There are some deploy prerequisites:
> # Let tenant admin add CNAME topology-specific-domain in their DNS server,
> point gateway host;
> # add CNAME eerie.gateway-domain in gateway domain DNS server, point geteway
> host;
> # add firewall rule in gateway host and redirect 443 to knox listening port
> 8443.
> h2. Configuration
> Configuration for this feature will be in gateway-site.xml config file.
> {code:java}
> <!-- Optional, true by default-->
> <property>
> <name>gateway.domain.mapping.enabled</name>
> <value>true</value>
> <description>Enable/Disable gateway topology domain mapping
> feature.</description>
> </property>
>
> <!-- Multi Domain Gateway -->
> <property>
> <name>gateway.domain.mapping.eerie</name>
> <value>{eerie-specific-domain}</value>
> <description>The domain for the Topology.</description>
> </property>
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
