knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmc...@apache.org
Subject svn commit: r1837074 - in /knox: site/books/knox-1-1-0/user-guide.html trunk/books/1.1.0/book_ui_service_details.md
Date Mon, 30 Jul 2018 17:22:08 GMT
Author: lmccay
Date: Mon Jul 30 17:22:08 2018
New Revision: 1837074

URL: http://svn.apache.org/viewvc?rev=1837074&view=rev
Log:
Added minimal missing documentation for Nifi

Modified:
    knox/site/books/knox-1-1-0/user-guide.html
    knox/trunk/books/1.1.0/book_ui_service_details.md

Modified: knox/site/books/knox-1-1-0/user-guide.html
URL: http://svn.apache.org/viewvc/knox/site/books/knox-1-1-0/user-guide.html?rev=1837074&r1=1837073&r2=1837074&view=diff
==============================================================================
--- knox/site/books/knox-1-1-0/user-guide.html (original)
+++ knox/site/books/knox-1-1-0/user-guide.html Mon Jul 30 17:22:08 2018
@@ -6912,6 +6912,7 @@ curl -i -k -u username:password -H &quot
   <li><a href="#Ranger+Admin+Console">Ranger Admin Console</a></li>
   <li><a href="#Atlas+UI">Atlas UI</a></li>
   <li><a href="#Zeppelin+UI">Zeppelin UI</a></li>
+  <li><a href="#Nifi+UI">Nifi UI</a></li>
 </ul><h3><a id="Assumptions">Assumptions</a> <a href="#Assumptions"><img
src="markbook-section-link.png"/></a></h3><p>This section assumes an
environment setup similar to the one in the REST services section <a href="#Service+Details">Service
Details</a></p><h3><a id="Name+Node+UI">Name Node UI</a> <a
href="#Name+Node+UI"><img src="markbook-section-link.png"/></a></h3><p>The
Name Node UI is available on the same host and port combination that WebHDFS is available
on. As mentioned in the WebHDFS REST service configuration section, the values for the host
and port can be obtained from the following properties in hdfs-site.xml</p>
 <pre><code>&lt;property&gt;
     &lt;name&gt;dfs.namenode.http-address&lt;/name&gt;
@@ -7222,7 +7223,13 @@ curl -i -k -u username:password -H &quot
     &lt;role&gt;ZEPPELINUI&lt;/role&gt;
     &lt;url&gt;http://&lt;ZEPPELIN_HOST&gt;:&lt;ZEPPELIN_PORT&gt;&lt;/url&gt;
 &lt;/service&gt;
-</code></pre><p>Knox also supports secure Zeppelin UIs, for secure UIs
one needs to provision Zeppelin certificate into Knox truststore. </p><h3><a
id="Admin+UI">Admin UI</a> <a href="#Admin+UI"><img src="markbook-section-link.png"/></a></h3><p>The
Admin UI is a web application hosted by Knox, which provides the ability to manage provider
configurations, descriptors, and topologies.</p><p>As an authoring facility, it
eliminates the need for ssh/scp access to the Knox host(s) to effect topology changes.<br>
Furthermore, using the Admin UI simplifies the management of topologies in Knox HA deployments
by eliminating the need to copy files to multiple Knox hosts.</p><h4><a id="Admin+UI+URL">Admin
UI URL</a> <a href="#Admin+UI+URL"><img src="markbook-section-link.png"/></a></h4><p>The
URL mapping for the Knox Admin UI is:</p>
+</code></pre><p>Knox also supports secure Zeppelin UIs, for secure UIs
one needs to provision Zeppelin certificate into Knox truststore. </p><h3><a
id="Nifi+UI">Nifi UI</a> <a href="#Nifi+UI"><img src="markbook-section-link.png"/></a></h3><p>You
can use the Apache Knox Gateway to provide authentication access security for your NiFi services.</p><p>The
Gateway can be configured for Nifi by modifying the topology XML file.</p><p>In
the topology XML file, add the following with the correct hostname and port:</p>
+<pre><code>&lt;service&gt;
+  &lt;role&gt;NIFI&lt;/role&gt;
+  &lt;url&gt;&lt;NIFI_HTTP_SCHEME&gt;://&lt;NIFI_HOST&gt;:&lt;NIFI_HTTP_SCHEME_PORT&gt;&lt;/url&gt;
+  &lt;param name=&quot;useTwoWaySsl&quot; value=&quot;true&quot;/&gt;
+&lt;/service&gt;
+</code></pre><p>Note the setting of the useTwoWaySsl param above. Nifi
requires mutual authentication via SSL and this param tells the dispatch to present a client
cert to the server.</p><p>The above is an example request body to be used to create
a Spark session via Livy server and illustrates the &ldquo;proxyUser&rdquo; that requires
rewrite.</p><h3><a id="Admin+UI">Admin UI</a> <a href="#Admin+UI"><img
src="markbook-section-link.png"/></a></h3><p>The Admin UI is a web application
hosted by Knox, which provides the ability to manage provider configurations, descriptors,
and topologies.</p><p>As an authoring facility, it eliminates the need for ssh/scp
access to the Knox host(s) to effect topology changes.<br> Furthermore, using the Admin
UI simplifies the management of topologies in Knox HA deployments by eliminating the need
to copy files to multiple Knox hosts.</p><h4><a id="Admin+UI+URL">Admin
UI URL</a> <a href="#Admin+UI+URL"><img src="markbook-section-link.png"/></a></h4><p>
 The URL mapping for the Knox Admin UI is:</p>
 <table>
   <tbody>
     <tr>

Modified: knox/trunk/books/1.1.0/book_ui_service_details.md
URL: http://svn.apache.org/viewvc/knox/trunk/books/1.1.0/book_ui_service_details.md?rev=1837074&r1=1837073&r2=1837074&view=diff
==============================================================================
--- knox/trunk/books/1.1.0/book_ui_service_details.md (original)
+++ knox/trunk/books/1.1.0/book_ui_service_details.md Mon Jul 30 17:22:08 2018
@@ -33,6 +33,7 @@ These are the current Hadoop services wi
 * #[Ranger Admin Console]
 * #[Atlas UI]
 * #[Zeppelin UI]
+* #[Nifi UI]
 
 ### Assumptions
 
@@ -448,3 +449,22 @@ Example service definition for Zeppelin
     </service>
 
 Knox also supports secure Zeppelin UIs, for secure UIs one needs to provision Zeppelin certificate
into Knox truststore.  
+
+### Nifi UI ###
+
+You can use the Apache Knox Gateway to provide authentication access security for your NiFi
services.
+
+The Gateway can be configured for Nifi by modifying the topology XML file.
+
+In the topology XML file, add the following with the correct hostname and port:
+
+    <service>
+      <role>NIFI</role>
+      <url><NIFI_HTTP_SCHEME>://<NIFI_HOST>:<NIFI_HTTP_SCHEME_PORT></url>
+      <param name="useTwoWaySsl" value="true"/>
+    </service>
+
+Note the setting of the useTwoWaySsl param above. Nifi requires mutual authentication
+via SSL and this param tells the dispatch to present a client cert to the server.
+
+The above is an example request body to be used to create a Spark session via Livy server
and illustrates the "proxyUser" that requires rewrite.
\ No newline at end of file



Mime
View raw message