knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmc...@apache.org
Subject svn commit: r1708642 - in /knox: site/books/knox-0-6-0/user-guide.html trunk/books/0.6.0/config.md
Date Wed, 14 Oct 2015 16:14:57 GMT
Author: lmccay
Date: Wed Oct 14 16:14:56 2015
New Revision: 1708642

URL: http://svn.apache.org/viewvc?rev=1708642&view=rev
Log:
added config info section to 0.6.0 book

Modified:
    knox/site/books/knox-0-6-0/user-guide.html
    knox/trunk/books/0.6.0/config.md

Modified: knox/site/books/knox-0-6-0/user-guide.html
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-6-0/user-guide.html?rev=1708642&r1=1708641&r2=1708642&view=diff
==============================================================================
--- knox/site/books/knox-0-6-0/user-guide.html (original)
+++ knox/site/books/knox-0-6-0/user-guide.html Wed Oct 14 16:14:56 2015
@@ -355,7 +355,12 @@ https://{gateway-host}:{gateway-port}/{g
     <li>Gateway: jdbc:hive2://{gateway-host}:{gateway-port}/;ssl=true;sslTrustStore={gateway-trust-store-path};trustStorePassword={gateway-trust-store-password}?hive.server2.transport.mode=http;hive.server2.thrift.http.path={gateway-path}/{cluster-name}/hive</li>
     <li>Cluster: <code>http://{hive-host}:10001/cliservice</code></li>
   </ul></li>
-</ul><p>The values for <code>{gateway-host}</code>, <code>{gateway-port}</code>,
<code>{gateway-path}</code> are provided via the gateway configuration file (i.e.
<code>{GATEWAY_HOME}/conf/gateway-site.xml</code>).</p><p>The value
for <code>{cluster-name}</code> is derived from the file name of the cluster topology
descriptor (e.g. <code>{GATEWAY_HOME}/deployments/{cluster-name}.xml</code>).</p><p>The
value for <code>{webhdfs-host}</code>, <code>{webhcat-host}</code>,
<code>{oozie-host}</code>, <code>{hbase-host}</code> and <code>{hive-host}</code>
are provided via the cluster topology descriptor (e.g. <code>{GATEWAY_HOME}/conf/topologies/{cluster-name}.xml</code>).</p><p>Note:
The ports 50070, 50111, 11000, 60080 (default 8080) and 10001 are the defaults for WebHDFS,
WebHCat, Oozie, Stargate/HBase and Hive respectively. Their values can also be provided via
the cluster topology descriptor if your Hadoop cluster uses different ports.</p><h3><a
id="Configuration"></a>Configuration</h
 3><h3><a id="Related+Cluster+Configuration"></a>Related Cluster Configuration</h3><p>The
following configuration changes must be made to your cluster to allow Apache Knox to dispatch
requests to the various service components on behalf of end users.</p><h4><a
id="Grant+Proxy+privileges+for+Knox+user+in+`core-site.xml`+on+Hadoop+master+nodes"></a>Grant
Proxy privileges for Knox user in <code>core-site.xml</code> on Hadoop master
nodes</h4><p>Update <code>core-site.xml</code> and add the following
lines towards the end of the file.</p><p>Replace FQDN_OF_KNOX_HOST with the fully
qualified domain name of the host running the gateway. You can usually find this by running
<code>hostname -f</code> on that host.</p><p>You could use * for local
developer testing if Knox host does not have static IP.</p>
+</ul><p>The values for <code>{gateway-host}</code>, <code>{gateway-port}</code>,
<code>{gateway-path}</code> are provided via the gateway configuration file (i.e.
<code>{GATEWAY_HOME}/conf/gateway-site.xml</code>).</p><p>The value
for <code>{cluster-name}</code> is derived from the file name of the cluster topology
descriptor (e.g. <code>{GATEWAY_HOME}/deployments/{cluster-name}.xml</code>).</p><p>The
value for <code>{webhdfs-host}</code>, <code>{webhcat-host}</code>,
<code>{oozie-host}</code>, <code>{hbase-host}</code> and <code>{hive-host}</code>
are provided via the cluster topology descriptor (e.g. <code>{GATEWAY_HOME}/conf/topologies/{cluster-name}.xml</code>).</p><p>Note:
The ports 50070, 50111, 11000, 60080 (default 8080) and 10001 are the defaults for WebHDFS,
WebHCat, Oozie, Stargate/HBase and Hive respectively. Their values can also be provided via
the cluster topology descriptor if your Hadoop cluster uses different ports.</p><h3><a
id="Configuration"></a>Configuration</h
 3><p>Configuration for Apache Knox includes:</p>
+<ol>
+  <li><a href="#Related+Cluster+Configuration">Related Cluster Configuration</a>
that must be done within the Hadoop cluster to allow Knox to communicate with various services</li>
+  <li><a href="#Gateway+Server+Configuration">Gateway Server Configuration</a>
- which is the configurable elements of the server itself which applies to behavior that spans
all topologies or managed Hadoop clusters</li>
+  <li><a href="#Topology+Descriptors">Topology Descriptors</a> which are
the descriptors for controlling access to Hadoop clusters in various ways</li>
+</ol><h3><a id="Related+Cluster+Configuration"></a>Related Cluster
Configuration</h3><p>The following configuration changes must be made to your
cluster to allow Apache Knox to dispatch requests to the various service components on behalf
of end users.</p><h4><a id="Grant+Proxy+privileges+for+Knox+user+in+`core-site.xml`+on+Hadoop+master+nodes"></a>Grant
Proxy privileges for Knox user in <code>core-site.xml</code> on Hadoop master
nodes</h4><p>Update <code>core-site.xml</code> and add the following
lines towards the end of the file.</p><p>Replace FQDN_OF_KNOX_HOST with the fully
qualified domain name of the host running the gateway. You can usually find this by running
<code>hostname -f</code> on that host.</p><p>You could use * for local
developer testing if Knox host does not have static IP.</p>
 <pre><code>&lt;property&gt;
     &lt;name&gt;hadoop.proxyuser.knox.groups&lt;/name&gt;
     &lt;value&gt;users&lt;/value&gt;
@@ -405,7 +410,93 @@ https://{gateway-host}:{gateway-port}/{g
     &lt;value&gt;cliservice&lt;/value&gt;
     &lt;description&gt;Path component of URL endpoint when in HTTP mode.&lt;/description&gt;
 &lt;/property&gt;
-</code></pre><h4><a id="Topology+Descriptors"></a>Topology
Descriptors</h4><p>The topology descriptor files provide the gateway with per-cluster
configuration information. This includes configuration for both the providers within the gateway
and the services within the Hadoop cluster. These files are located in <code>{GATEWAY_HOME}/conf/topologies</code>.
The general outline of this document looks like this.</p>
+</code></pre><h4><a id="Gateway+Server+Configuration"></a>Gateway
Server Configuration</h4><p>The following table illustrates the configurable elements
of the Apache Knox Gateway at the server level.</p>
+<table>
+  <thead>
+    <tr>
+      <th>property </th>
+      <th>description </th>
+      <th>default</th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>gateway.deployment.dir</td>
+      <td>The directory within GATEWAY_HOME that contains gateway topology deployments.</td>
+      <td>{GATEWAY_HOME}/data/deployments</td>
+    </tr>
+    <tr>
+      <td>gateway.security.dir</td>
+      <td>The directory within GATEWAY_HOME that contains the required security artifacts</td>
+      <td>{GATEWAY_HOME}/data/security</td>
+    </tr>
+    <tr>
+      <td>gateway.data.dir</td>
+      <td>The directory within GATEWAY_HOME that contains the gateway instance data</td>
+      <td>{GATEWAY_HOME}/data</td>
+    </tr>
+    <tr>
+      <td>gateway.services.dir</td>
+      <td>The directory within GATEWAY_HOME that contains the gateway services definitions.</td>
+      <td>{GATEWAY_HOME}/services</td>
+    </tr>
+    <tr>
+      <td>gateway.hadoop.conf.dir</td>
+      <td>The directory within GATEWAY_HOME that contains the gateway configuration</td>
+      <td>{GATEWAY_HOME}/conf</td>
+    </tr>
+    <tr>
+      <td>gateway.frontend.url</td>
+      <td>The URL that should be used during rewriting so that it can rewrite the URLs
with the correct &ldquo;frontend&rdquo; URL</td>
+      <td>none</td>
+    </tr>
+    <tr>
+      <td>gateway.xforwarded.enabled</td>
+      <td>Indicates whether support for some X-Forwarded-* headers is enabled</td>
+      <td>true</td>
+    </tr>
+    <tr>
+      <td>gateway.trust.all.certs</td>
+      <td>Indicates whether all presented client certs should establish trust</td>
+      <td>false</td>
+    </tr>
+    <tr>
+      <td>gateway.client.auth.needed</td>
+      <td>Indicates whether clients are required to establish a trust relationship
with client certificates</td>
+      <td>false</td>
+    </tr>
+    <tr>
+      <td>gateway.truststore.path</td>
+      <td>Location of the truststore for client certificates to be trusted</td>
+      <td>gateway.jks</td>
+    </tr>
+    <tr>
+      <td>gateway.truststore.type</td>
+      <td>Indicates the type of truststore</td>
+      <td>JKS</td>
+    </tr>
+    <tr>
+      <td>gateway.keystore.type</td>
+      <td>Indicates the type of keystore for the identity store</td>
+      <td>JKS</td>
+    </tr>
+    <tr>
+      <td>gateway.jdk.tls.ephemeralDHKeySize</td>
+      <td>jdk.tls.ephemeralDHKeySize, is defined to customize the ephemeral DH key
sizes. The minimum acceptable DH key size is 1024 bits, except for exportable cipher suites
or legacy mode (jdk.tls.ephemeralDHKeySize=legacy)</td>
+      <td>2048</td>
+    </tr>
+    <tr>
+      <td>ssl.enabled</td>
+      <td>Indicates whether SSL is enabled for the Gateway</td>
+      <td>true</td>
+    </tr>
+    <tr>
+      <td>ssl.exclude.protocols</td>
+      <td>Excludes a comma separated list of protocols to not accept for SSL or &ldquo;none&rdquo;</td>
+      <td>SSLv3</td>
+    </tr>
+  </tbody>
+</table><h4><a id="Topology+Descriptors"></a>Topology Descriptors</h4><p>The
topology descriptor files provide the gateway with per-cluster configuration information.
This includes configuration for both the providers within the gateway and the services within
the Hadoop cluster. These files are located in <code>{GATEWAY_HOME}/conf/topologies</code>.
The general outline of this document looks like this.</p>
 <pre><code>&lt;topology&gt;
     &lt;gateway&gt;
         &lt;provider&gt;

Modified: knox/trunk/books/0.6.0/config.md
URL: http://svn.apache.org/viewvc/knox/trunk/books/0.6.0/config.md?rev=1708642&r1=1708641&r2=1708642&view=diff
==============================================================================
--- knox/trunk/books/0.6.0/config.md (original)
+++ knox/trunk/books/0.6.0/config.md Wed Oct 14 16:14:56 2015
@@ -17,6 +17,12 @@
 
 ### Configuration ###
 
+Configuration for Apache Knox includes:
+
+1. #[Related Cluster Configuration] that must be done within the Hadoop cluster to allow
Knox to communicate with various services
+2. #[Gateway Server Configuration] - which is the configurable elements of the server itself
which applies to behavior that spans all topologies or managed Hadoop clusters
+3. #[Topology Descriptors] which are the descriptors for controlling access to Hadoop clusters
in various ways
+
 ### Related Cluster Configuration ###
 
 The following configuration changes must be made to your cluster to allow Apache Knox to
@@ -101,6 +107,29 @@ Ensure that the values match the ones be
 	    <description>Path component of URL endpoint when in HTTP mode.</description>
     </property>
 
+#### Gateway Server Configuration ####
+
+The following table illustrates the configurable elements of the Apache Knox Gateway at the
server level.
+
+property    | description | default
+------------|-----------|-----------
+gateway.deployment.dir|The directory within GATEWAY_HOME that contains gateway topology deployments.|{GATEWAY_HOME}/data/deployments
+gateway.security.dir|The directory within GATEWAY_HOME that contains the required security
artifacts|{GATEWAY_HOME}/data/security
+gateway.data.dir|The directory within GATEWAY_HOME that contains the gateway instance data|{GATEWAY_HOME}/data
+gateway.services.dir|The directory within GATEWAY_HOME that contains the gateway services
definitions.|{GATEWAY_HOME}/services
+gateway.hadoop.conf.dir|The directory within GATEWAY_HOME that contains the gateway configuration|{GATEWAY_HOME}/conf
+gateway.frontend.url|The URL that should be used during rewriting so that it can rewrite
the URLs with the correct "frontend" URL|none
+gateway.xforwarded.enabled|Indicates whether support for some X-Forwarded-* headers is enabled|true
+gateway.trust.all.certs|Indicates whether all presented client certs should establish trust|false
+gateway.client.auth.needed|Indicates whether clients are required to establish a trust relationship
with client certificates|false  
+gateway.truststore.path|Location of the truststore for client certificates to be trusted|gateway.jks

+gateway.truststore.type|Indicates the type of truststore|JKS
+gateway.keystore.type|Indicates the type of keystore for the identity store|JKS
+gateway.jdk.tls.ephemeralDHKeySize|jdk.tls.ephemeralDHKeySize, is defined to customize the
ephemeral DH key sizes. The minimum acceptable DH key size is 1024 bits, except for exportable
cipher suites or legacy mode (jdk.tls.ephemeralDHKeySize=legacy)|2048
+ssl.enabled|Indicates whether SSL is enabled for the Gateway|true
+ssl.exclude.protocols|Excludes a comma separated list of protocols to not accept for SSL
or "none"|SSLv3
+
+
 #### Topology Descriptors ####
 
 The topology descriptor files provide the gateway with per-cluster configuration information.



Mime
View raw message