That would work in a Ambari 2.X environment I believe, but an environment which is managed via Ambari 1.7 it becomes tricky I guess.
My cluster is a managed by Ambari 1.7. On Thu, Aug 20, 2015 at 2:55 PM, Hitesh Shah <[email protected]> wrote: > The other approach to this is to have an intermediate proxy that is > authenticated and can make calls to the ATS server. The Tez UI makes 2 > kind of calls to the backend services ( one set to YARN ResourceManager and > the other to Timeline server ) so both of these calls would need to be > proxied through a server/process that is kerberos authenticated. > > A simple option for this would be try using Ambari in standalone mode. In > this mode, the ambari-server acts as an authenticated proxy for the UI. > This involves installing the Ambari Server, setting it up to work in a > secure mode and instantiating the Tez View within it. All your users can > then use the Tez UI within Ambari without needing any kerberos auth. > Ambari-server would be started with kerberos auth and you need to configure > that user as a hadoop proxy user. To be clear, this does *not* require you > to set up your Hadoop cluster using Ambari. > > > http://docs.hortonworks.com/HDPDocuments/Ambari-2.1.0.0/bk_ambari_views_guide/content/ch_running_ambari_standalone.html > > http://docs.hortonworks.com/HDPDocuments/Ambari-2.1.0.0/bk_ambari_views_guide/content/ch_configuring_views_for_kerberos.html > > http://docs.hortonworks.com/HDPDocuments/Ambari-2.1.0.0/bk_ambari_views_guide/content/ch_using_tez_view.html > > thanks > — Hitesh > > > > On Aug 20, 2015, at 2:41 PM, Gagan Brahmi <[email protected]> wrote: > > > Thanks Hitesh, but I don't want the UI to be accessed through Kerberos. > > > > Client to Tez UI communication should be without kerberos and Tez UI to > ATS will be over Kerberos. > > > > Anyone accomplished this before? > > > > > > On Thu, Aug 20, 2015 at 1:57 PM, Hitesh Shah <[email protected]> wrote: > > You will first need to do a kinit and then start a new firefox session > with the following config “network.negotiate-auth.trusted-uris“ set up as > needed. > > > > Ref on setting up firefox: > > http://people.redhat.com/mikeb/negotiate/ > > > http://docs.oracle.com/cd/E41633_01/pt853pbh1/eng/pt/tsec/task_EnablingKerberosAuthenticationinFirefox-836673.html > > > > — Hitesh > > > > On Aug 20, 2015, at 1:00 PM, Gagan Brahmi <[email protected]> wrote: > > > > > Does anyone has an idea how to enable Tez UI in a kerberos enabled > environment? > > > > > > I am hosting tez UI on apache and the ATS is secured. I am getting > errors where Tez UI is not able to retrieve the data from Timeline server. > > > > > > Couldn't find any documentation which can provide help with this one. > > > > > > > > > Regards, > > > Gagan Brahmi > > > > > >
