Author: kminder Date: Sat Nov 1 16:55:48 2014 New Revision: 1635989 URL: http://svn.apache.org/r1635989 Log: Minor UG updates for v0.5.0
Modified: knox/site/books/knox-0-5-0/knox-0-5-0.html knox/site/index.html knox/site/issue-tracking.html knox/site/license.html knox/site/mail-lists.html knox/site/project-info.html knox/site/team-list.html knox/trunk/books/0.5.0/book_troubleshooting.md knox/trunk/books/0.5.0/quick_start.md knox/trunk/build.xml Modified: knox/site/books/knox-0-5-0/knox-0-5-0.html URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-5-0/knox-0-5-0.html?rev=1635989&r1=1635988&r2=1635989&view=diff ============================================================================== --- knox/site/books/knox-0-5-0/knox-0-5-0.html (original) +++ knox/site/books/knox-0-5-0/knox-0-5-0.html Sat Nov 1 16:55:48 2014 @@ -79,9 +79,9 @@ <pre><code>java -version </code></pre><h4><a id="Hadoop"></a>Hadoop</h4><p>Knox 0.5.0 supports Hadoop 2.x, the quick start instructions assume a Hadoop 2.x virtual machine based environment. </p><h3><a id="2+-+Download+Hadoop+2.x+VM"></a>2 - Download Hadoop 2.x VM</h3><p>The quick start provides a link to download Hadoop 2.0 based Hortonworks virtual machine <a href="http://hortonworks.com/products/hdp-2/#install">Sandbox</a>. Please note Knox supports other Hadoop distributions and is configurable against a full blown Hadoop cluster. Configuring Knox for Hadoop 2.x version, or Hadoop deployed in EC2 or a custom Hadoop cluster is documented in advance deployment guide.</p><h3><a id="3+-+Download+Apache+Knox+Gateway"></a>3 - Download Apache Knox Gateway</h3><p>Download one of the distributions below from the <a href="http://www.apache.org/dyn/closer.cgi/knox">Apache mirrors</a>.</p> <ul> - <li>Source archive: <a href="http://www.apache.org/dyn/closer.cgi/knox/0.5.0/knox-0.4.0-src.zip">knox-0.5.0-src.zip</a> (<a href="http://www.apache.org/dyn/closer.cgi/knox/0.5.0/knox-0.5.0-src.zip.asc">PGP signature</a>, <a href="http://www.apache.org/dyn/closer.cgi/knox/0.5.0/knox-0.5.0-src.zip.sha">SHA1 digest</a>, <a href="http://www.apache.org/dyn/closer.cgi/knox/0.5.0/knox-0.5.0-src.zip.md5">MD5 digest</a>)</li> + <li>Source archive: <a href="http://www.apache.org/dyn/closer.cgi/knox/0.5.0/knox-0.5.0-src.zip">knox-0.5.0-src.zip</a> (<a href="http://www.apache.org/dyn/closer.cgi/knox/0.5.0/knox-0.5.0-src.zip.asc">PGP signature</a>, <a href="http://www.apache.org/dyn/closer.cgi/knox/0.5.0/knox-0.5.0-src.zip.sha">SHA1 digest</a>, <a href="http://www.apache.org/dyn/closer.cgi/knox/0.5.0/knox-0.5.0-src.zip.md5">MD5 digest</a>)</li> <li>Binary archive: <a href="http://www.apache.org/dyn/closer.cgi/knox/0.5.0/knox-0.5.0.zip">knox-0.5.0.zip</a> (<a href="http://www.apache.org/dyn/closer.cgi/knox/0.5.0/knox-0.5.0.zip.asc">PGP signature</a>, <a href="http://www.apache.org/dyn/closer.cgi/knox/0.5.0/knox-0.5.0.zip.sha">SHA1 digest</a>, <a href="http://www.apache.org/dyn/closer.cgi/knox/0.5.0/knox-0.5.0.zip.md5">MD5 digest</a>)</li> -</ul><p>Apache Knox Gateway releases are available under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>. See the NOTICE file contained in each release artifact for applicable copyright attribution notices.</p><h3><a id="Verify"></a>Verify</h3><p>While recommended, verify is an optional step. You can verify the integrity of any downloaded files using the PGP signatures. Please read <a href="http://httpd.apache.org/dev/verification.html">Verifying Apache HTTP Server Releases</a> for more information on why you should verify our releases.</p><p>The PGP signatures can be verified using PGP or GPG. First download the KEYS file as well as the .asc signature files for the relevant release packages. Make sure you get these files from the main distribution directory linked above, rather than from a mirror. Then verify the signatures using one of the methods below.</p> +</ul><p>Apache Knox Gateway releases are available under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>. See the NOTICE file contained in each release artifact for applicable copyright attribution notices.</p><h3><a id="Verify"></a>Verify</h3><p>While recommended, verify is an optional step. You can verify the integrity of any downloaded files using the PGP signatures. Please read <a href="http://httpd.apache.org/dev/verification.html">Verifying Apache HTTP Server Releases</a> for more information on why you should verify our releases.</p><p>The PGP signatures can be verified using PGP or GPG. First download the <a href="https://dist.apache.org/repos/dist/release/knox/KEYS">KEYS</a> file as well as the .asc signature files for the relevant release packages. Make sure you get these files from the main distribution directory linked above, rather than from a mirror. Then verify the signatures using one of the methods below.</p> <pre><code>% pgpk -a KEYS % pgpv knox-0.5.0.zip.asc </code></pre><p>or</p> @@ -90,7 +90,7 @@ </code></pre><p>or</p> <pre><code>% gpg --import KEYS % gpg --verify knox-0.5.0.zip.asc -</code></pre><h3><a id="5+-+Start+Hadoop+virtual+machine"></a>5 - Start Hadoop virtual machine</h3><p>Start the Hadoop virtual machine.</p><h3><a id="5+-+Install+Knox"></a>5 - Install Knox</h3><p>The steps required to install the gateway will vary depending upon which distribution format (zip | rpm) was downloaded. In either case you will end up with a directory where the gateway is installed. This directory will be referred to as your <code>{GATEWAY_HOME}</code> throughout this document.</p><h4><a id="ZIP"></a>ZIP</h4><p>If you downloaded the Zip distribution you can simply extract the contents into a directory. The example below provides a command that can be executed to do this. Note the <code>{VERSION}</code> portion of the command must be replaced with an actual Apache Knox Gateway version number. This might be 0.4.0 for example and must patch the value in the file downloaded.</p> +</code></pre><h3><a id="4+-+Start+Hadoop+virtual+machine"></a>4 - Start Hadoop virtual machine</h3><p>Start the Hadoop virtual machine.</p><h3><a id="5+-+Install+Knox"></a>5 - Install Knox</h3><p>The steps required to install the gateway will vary depending upon which distribution format (zip | rpm) was downloaded. In either case you will end up with a directory where the gateway is installed. This directory will be referred to as your <code>{GATEWAY_HOME}</code> throughout this document.</p><h4><a id="ZIP"></a>ZIP</h4><p>If you downloaded the Zip distribution you can simply extract the contents into a directory. The example below provides a command that can be executed to do this. Note the <code>{VERSION}</code> portion of the command must be replaced with an actual Apache Knox Gateway version number. This might be 0.4.0 for example and must patch the value in the file downloaded.</p> <pre><code>jar xf knox-{VERSION}.zip </code></pre><p>This will create a directory <code>knox-{VERSION}</code> in your current directory. The directory <code>knox-{VERSION}</code> will considered your <code>{GATEWAY_HOME}</code></p><h3><a id="6+-+Start+LDAP+embedded+in+Knox"></a>6 - Start LDAP embedded in Knox</h3><p>Knox comes with an LDAP server for demonstration purposes.</p> <pre><code>cd {GATEWAY_HOME} @@ -3142,7 +3142,36 @@ WWW-Authenticate: BASIC realm="appl Content-Length: 0 Server: Jetty(8.1.12.v20130726) </code></pre><h4><a id="Using+ldapsearch+to+verify+ldap+connectivtiy+and+credentials"></a>Using ldapsearch to verify ldap connectivtiy and credentials</h4><p>If your authentication to knox fails and you believe your are using correct creedentilas, you could try to verify the connectivity and credentials usong ldapsearch, assuming you are using ldap directory for authentication.</p><p>Assuming you are using the default values that came out of box with knox, your ldapsearch command would be like the following</p> -<pre><p>ldapsearch -h localhost -p 33389 -D “uid=guest,ou=people,dc=hadoop,dc=apache,dc=org” -w guest-password -b “uid=guest,ou=people,dc=hadoop,dc=apache,dc=org” “objectclass=*”</p><p>This should produce output like the following</p><h1><a id="extended+LDIF"></a>extended LDIF</h1><p>LDAPv3 base <uid=guest,ou=people,dc=hadoop,dc=apache,dc=org> with scope subtree filter: objectclass=* requesting: ALL</p><h1><a id="guest,+people,+hadoop.apache.org"></a>guest, people, hadoop.apache.org</h1><p>dn: uid=guest,ou=people,dc=hadoop,dc=apache,dc=org objectClass: organizationalPerson objectClass: person objectClass: inetOrgPerson objectClass: top uid: guest cn: Guest sn: User userpassword:: Z3Vlc3QtcGFzc3dvcmQ=</p><h1><a id="search+result"></a>search result</h1><p>search: 2 result: 0 Success</p><h1><a id="numResponses:+2"></a>numResponses: 2</h1><h1><a id="numEntries:+1"></a>numEntries: 1</h1><p>In a more general form the ldapsearch command would be</p ><p>ldapsearch -h {HOST} -p {PORT} -D {DN of binding user} -w {bind password} >-b {DN of binding user} "objectclass=*}</p><h3><a >id="Hostname+Resolution+Issues"></a>Hostname Resolution Issues</h3><p>The >deployments/sandbox.xml topology file has the host mapping feature enabled. >This is required due to the way networking is setup in the Sandbox VM. >Specifically the VM’s internal hostname is sandbox.hortonworks.com. >Since this hostname cannot be resolved to the actual VM Knox needs to map >that hostname to something resolvable.</p><p>If for example host mapping is >disabled but the Sandbox VM is still used you will see an error in the >diagnostic output similar to the below.</p> +<pre><code>ldapsearch -h localhost -p 33389 -D "uid=guest,ou=people,dc=hadoop,dc=apache,dc=org" -w guest-password -b "uid=guest,ou=people,dc=hadoop,dc=apache,dc=org" "objectclass=*" +</code></pre><p>This should produce output like the following</p> +<pre><code># extended LDIF + +LDAPv3 +base <uid=guest,ou=people,dc=hadoop,dc=apache,dc=org> with scope subtree +filter: objectclass=* +requesting: ALL + + +# guest, people, hadoop.apache.org +dn: uid=guest,ou=people,dc=hadoop,dc=apache,dc=org +objectClass: organizationalPerson +objectClass: person +objectClass: inetOrgPerson +objectClass: top +uid: guest +cn: Guest +sn: User +userpassword:: Z3Vlc3QtcGFzc3dvcmQ= + +# search result +search: 2 +result: 0 Success + +# numResponses: 2 +# numEntries: 1 +</code></pre><p>In a more general form the ldapsearch command would be</p> +<pre><code>ldapsearch -h {HOST} -p {PORT} -D {DN of binding user} -w {bind password} -b {DN of binding user} "objectclass=*} +</code></pre><h3><a id="Hostname+Resolution+Issues"></a>Hostname Resolution Issues</h3><p>The deployments/sandbox.xml topology file has the host mapping feature enabled. This is required due to the way networking is setup in the Sandbox VM. Specifically the VM’s internal hostname is sandbox.hortonworks.com. Since this hostname cannot be resolved to the actual VM Knox needs to map that hostname to something resolvable.</p><p>If for example host mapping is disabled but the Sandbox VM is still used you will see an error in the diagnostic output similar to the below.</p> <pre><code>13/11/18 19:11:35 WARN hadoop.gateway: Connection exception dispatching request: http://sandbox.hortonworks.com:50075/webhdfs/v1/user/guest/example/README?op=CREATE&namenoderpcaddress=sandbox.hortonworks.com:8020&user.name=guest&overwrite=false java.net.UnknownHostException: sandbox.hortonworks.com java.net.UnknownHostException: sandbox.hortonworks.com at java.net.Inet6AddressImpl.lookupAllHostAddr(Native Method) @@ -3156,12 +3185,10 @@ java.net.UnknownHostException: sandbox.h </provider> .... </code></pre><h3><a id="Job+Submission+Issues+-+HDFS+Home+Directories"></a>Job Submission Issues - HDFS Home Directories</h3><p>If you see error like the following in your console while submitting a Job using groovy shell, it is likely that the authenticated user does not have a home directory on HDFS.</p> -<pre><code> -Caught: org.apache.hadoop.gateway.shell.HadoopException: org.apache.hadoop.gateway.shell.ErrorResponse: HTTP/1.1 403 Forbidden +<pre><code>Caught: org.apache.hadoop.gateway.shell.HadoopException: org.apache.hadoop.gateway.shell.ErrorResponse: HTTP/1.1 403 Forbidden org.apache.hadoop.gateway.shell.HadoopException: org.apache.hadoop.gateway.shell.ErrorResponse: HTTP/1.1 403 Forbidden </code></pre><p>You would also see this error if you try file operation on the home directory of the authenticating user.</p><p>The error would look a little different as shown below if you are attempting to the operation with cURL.</p> -<pre><code> -{"RemoteException":{"exception":"AccessControlException","javaClassName":"org.apache.hadoop.security.AccessControlException","message":"Permission denied: user=tom, access=WRITE, inode=\"/user\":hdfs:hdfs:drwxr-xr-x"}}* +<pre><code>{"RemoteException":{"exception":"AccessControlException","javaClassName":"org.apache.hadoop.security.AccessControlException","message":"Permission denied: user=tom, access=WRITE, inode=\"/user\":hdfs:hdfs:drwxr-xr-x"}}* </code></pre><h4><a id="Resolution"></a>Resolution</h4><p>Create the home directory for the user on HDFS. The home directory is typically of the form <code>/user/{userid}</code> and should be owned by the user. user ‘hdfs’ can create such a directory and make the user owner of the directory.</p><h3><a id="Job+Submission+Issues+-+OS+Accounts"></a>Job Submission Issues - OS Accounts</h3><p>If the hadoop cluster is not secured with Kerberos, the user submitting a job need not have an OS account on the hadoop nodemanagers.</p><p>If the hadoop cluster is secured with Kerberos, the user submitting the job should have an OS account on hadoop nodemanagers.</p><p>In either case if the user does not have such OS account, his file permissions are based on user ownership of files or “other” permission in “ugo” posix permission. The user does not get any file permission as a member of any group if you are using default hadoop.security.group.mapping.</p><p>TODO : add sample error message from running test on secure cluster with missing OS account</p><h3><a id="HBase+Issues"></a>HBase Issues</h3><p>If you experience problems running the HBase samples with the Sandbox VM it may be necessary to restart HBase and Stargate. This can sometimes occur with the Sandbox VM is restarted from a saved state. If the client hangs after emitting the last line in the sample output below you are most likely affected.</p> <pre><code>System version : {...} Cluster version : 0.96.0.2.0.6.0-76-hadoop2 Modified: knox/site/index.html URL: http://svn.apache.org/viewvc/knox/site/index.html?rev=1635989&r1=1635988&r2=1635989&view=diff ============================================================================== --- knox/site/index.html (original) +++ knox/site/index.html Sat Nov 1 16:55:48 2014 @@ -1,5 +1,5 @@ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<!-- Generated by Apache Maven Doxia Site Renderer 1.6 at 2014-10-30 --> +<!-- Generated by Apache Maven Doxia Site Renderer 1.6 at 2014-11-01 --> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> @@ -10,7 +10,7 @@ @import url("./css/site.css"); </style> <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" /> - <meta name="Date-Revision-yyyymmdd" content="20141030" /> + <meta name="Date-Revision-yyyymmdd" content="20141101" /> <meta http-equiv="Content-Language" content="en" /> <script type="text/javascript">var _gaq = _gaq || []; @@ -57,7 +57,7 @@ <a href="https://cwiki.apache.org/confluence/display/KNOX/Index" class="externalLink" title="Wiki">Wiki</a> - | <span id="publishDate">Last Published: 2014-10-30</span> + | <span id="publishDate">Last Published: 2014-11-01</span> | <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span> </div> <div class="clear"> Modified: knox/site/issue-tracking.html URL: http://svn.apache.org/viewvc/knox/site/issue-tracking.html?rev=1635989&r1=1635988&r2=1635989&view=diff ============================================================================== --- knox/site/issue-tracking.html (original) +++ knox/site/issue-tracking.html Sat Nov 1 16:55:48 2014 @@ -1,5 +1,5 @@ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<!-- Generated by Apache Maven Doxia Site Renderer 1.6 at 2014-10-30 --> +<!-- Generated by Apache Maven Doxia Site Renderer 1.6 at 2014-11-01 --> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> @@ -10,7 +10,7 @@ @import url("./css/site.css"); </style> <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" /> - <meta name="Date-Revision-yyyymmdd" content="20141030" /> + <meta name="Date-Revision-yyyymmdd" content="20141101" /> <meta http-equiv="Content-Language" content="en" /> <script type="text/javascript">var _gaq = _gaq || []; @@ -57,7 +57,7 @@ <a href="https://cwiki.apache.org/confluence/display/KNOX/Index" class="externalLink" title="Wiki">Wiki</a> - | <span id="publishDate">Last Published: 2014-10-30</span> + | <span id="publishDate">Last Published: 2014-11-01</span> | <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span> </div> <div class="clear"> Modified: knox/site/license.html URL: http://svn.apache.org/viewvc/knox/site/license.html?rev=1635989&r1=1635988&r2=1635989&view=diff ============================================================================== --- knox/site/license.html (original) +++ knox/site/license.html Sat Nov 1 16:55:48 2014 @@ -1,5 +1,5 @@ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<!-- Generated by Apache Maven Doxia Site Renderer 1.6 at 2014-10-30 --> +<!-- Generated by Apache Maven Doxia Site Renderer 1.6 at 2014-11-01 --> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> @@ -10,7 +10,7 @@ @import url("./css/site.css"); </style> <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" /> - <meta name="Date-Revision-yyyymmdd" content="20141030" /> + <meta name="Date-Revision-yyyymmdd" content="20141101" /> <meta http-equiv="Content-Language" content="en" /> <script type="text/javascript">var _gaq = _gaq || []; @@ -57,7 +57,7 @@ <a href="https://cwiki.apache.org/confluence/display/KNOX/Index" class="externalLink" title="Wiki">Wiki</a> - | <span id="publishDate">Last Published: 2014-10-30</span> + | <span id="publishDate">Last Published: 2014-11-01</span> | <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span> </div> <div class="clear"> Modified: knox/site/mail-lists.html URL: http://svn.apache.org/viewvc/knox/site/mail-lists.html?rev=1635989&r1=1635988&r2=1635989&view=diff ============================================================================== --- knox/site/mail-lists.html (original) +++ knox/site/mail-lists.html Sat Nov 1 16:55:48 2014 @@ -1,5 +1,5 @@ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<!-- Generated by Apache Maven Doxia Site Renderer 1.6 at 2014-10-30 --> +<!-- Generated by Apache Maven Doxia Site Renderer 1.6 at 2014-11-01 --> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> @@ -10,7 +10,7 @@ @import url("./css/site.css"); </style> <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" /> - <meta name="Date-Revision-yyyymmdd" content="20141030" /> + <meta name="Date-Revision-yyyymmdd" content="20141101" /> <meta http-equiv="Content-Language" content="en" /> <script type="text/javascript">var _gaq = _gaq || []; @@ -57,7 +57,7 @@ <a href="https://cwiki.apache.org/confluence/display/KNOX/Index" class="externalLink" title="Wiki">Wiki</a> - | <span id="publishDate">Last Published: 2014-10-30</span> + | <span id="publishDate">Last Published: 2014-11-01</span> | <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span> </div> <div class="clear"> Modified: knox/site/project-info.html URL: http://svn.apache.org/viewvc/knox/site/project-info.html?rev=1635989&r1=1635988&r2=1635989&view=diff ============================================================================== --- knox/site/project-info.html (original) +++ knox/site/project-info.html Sat Nov 1 16:55:48 2014 @@ -1,5 +1,5 @@ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<!-- Generated by Apache Maven Doxia Site Renderer 1.6 at 2014-10-30 --> +<!-- Generated by Apache Maven Doxia Site Renderer 1.6 at 2014-11-01 --> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> @@ -10,7 +10,7 @@ @import url("./css/site.css"); </style> <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" /> - <meta name="Date-Revision-yyyymmdd" content="20141030" /> + <meta name="Date-Revision-yyyymmdd" content="20141101" /> <meta http-equiv="Content-Language" content="en" /> <script type="text/javascript">var _gaq = _gaq || []; @@ -57,7 +57,7 @@ <a href="https://cwiki.apache.org/confluence/display/KNOX/Index" class="externalLink" title="Wiki">Wiki</a> - | <span id="publishDate">Last Published: 2014-10-30</span> + | <span id="publishDate">Last Published: 2014-11-01</span> | <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span> </div> <div class="clear"> Modified: knox/site/team-list.html URL: http://svn.apache.org/viewvc/knox/site/team-list.html?rev=1635989&r1=1635988&r2=1635989&view=diff ============================================================================== --- knox/site/team-list.html (original) +++ knox/site/team-list.html Sat Nov 1 16:55:48 2014 @@ -1,5 +1,5 @@ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<!-- Generated by Apache Maven Doxia Site Renderer 1.6 at 2014-10-30 --> +<!-- Generated by Apache Maven Doxia Site Renderer 1.6 at 2014-11-01 --> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> @@ -10,7 +10,7 @@ @import url("./css/site.css"); </style> <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" /> - <meta name="Date-Revision-yyyymmdd" content="20141030" /> + <meta name="Date-Revision-yyyymmdd" content="20141101" /> <meta http-equiv="Content-Language" content="en" /> <script type="text/javascript">var _gaq = _gaq || []; @@ -57,7 +57,7 @@ <a href="https://cwiki.apache.org/confluence/display/KNOX/Index" class="externalLink" title="Wiki">Wiki</a> - | <span id="publishDate">Last Published: 2014-10-30</span> + | <span id="publishDate">Last Published: 2014-11-01</span> | <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span> </div> <div class="clear"> Modified: knox/trunk/books/0.5.0/book_troubleshooting.md URL: http://svn.apache.org/viewvc/knox/trunk/books/0.5.0/book_troubleshooting.md?rev=1635989&r1=1635988&r2=1635989&view=diff ============================================================================== --- knox/trunk/books/0.5.0/book_troubleshooting.md (original) +++ knox/trunk/books/0.5.0/book_troubleshooting.md Sat Nov 1 16:55:48 2014 @@ -158,41 +158,39 @@ If your authentication to knox fails and Assuming you are using the default values that came out of box with knox, your ldapsearch command would be like the following -<pre> -ldapsearch -h localhost -p 33389 -D "uid=guest,ou=people,dc=hadoop,dc=apache,dc=org" -w guest-password -b "uid=guest,ou=people,dc=hadoop,dc=apache,dc=org" "objectclass=*" + ldapsearch -h localhost -p 33389 -D "uid=guest,ou=people,dc=hadoop,dc=apache,dc=org" -w guest-password -b "uid=guest,ou=people,dc=hadoop,dc=apache,dc=org" "objectclass=*" This should produce output like the following -# extended LDIF - -LDAPv3 -base <uid=guest,ou=people,dc=hadoop,dc=apache,dc=org> with scope subtree -filter: objectclass=* -requesting: ALL - - -# guest, people, hadoop.apache.org -dn: uid=guest,ou=people,dc=hadoop,dc=apache,dc=org -objectClass: organizationalPerson -objectClass: person -objectClass: inetOrgPerson -objectClass: top -uid: guest -cn: Guest -sn: User -userpassword:: Z3Vlc3QtcGFzc3dvcmQ= - -# search result -search: 2 -result: 0 Success - -# numResponses: 2 -# numEntries: 1 + # extended LDIF + + LDAPv3 + base <uid=guest,ou=people,dc=hadoop,dc=apache,dc=org> with scope subtree + filter: objectclass=* + requesting: ALL + + + # guest, people, hadoop.apache.org + dn: uid=guest,ou=people,dc=hadoop,dc=apache,dc=org + objectClass: organizationalPerson + objectClass: person + objectClass: inetOrgPerson + objectClass: top + uid: guest + cn: Guest + sn: User + userpassword:: Z3Vlc3QtcGFzc3dvcmQ= + + # search result + search: 2 + result: 0 Success + + # numResponses: 2 + # numEntries: 1 In a more general form the ldapsearch command would be -ldapsearch -h {HOST} -p {PORT} -D {DN of binding user} -w {bind password} -b {DN of binding user} "objectclass=*} - + ldapsearch -h {HOST} -p {PORT} -D {DN of binding user} -w {bind password} -b {DN of binding user} "objectclass=*} ### Hostname Resolution Issues ### @@ -225,18 +223,14 @@ This can be done by modifying the topolo If you see error like the following in your console while submitting a Job using groovy shell, it is likely that the authenticated user does not have a home directory on HDFS. -<pre><code> -Caught: org.apache.hadoop.gateway.shell.HadoopException: org.apache.hadoop.gateway.shell.ErrorResponse: HTTP/1.1 403 Forbidden -org.apache.hadoop.gateway.shell.HadoopException: org.apache.hadoop.gateway.shell.ErrorResponse: HTTP/1.1 403 Forbidden -</code></pre> + Caught: org.apache.hadoop.gateway.shell.HadoopException: org.apache.hadoop.gateway.shell.ErrorResponse: HTTP/1.1 403 Forbidden + org.apache.hadoop.gateway.shell.HadoopException: org.apache.hadoop.gateway.shell.ErrorResponse: HTTP/1.1 403 Forbidden You would also see this error if you try file operation on the home directory of the authenticating user. The error would look a little different as shown below if you are attempting to the operation with cURL. -<pre><code> -{"RemoteException":{"exception":"AccessControlException","javaClassName":"org.apache.hadoop.security.AccessControlException","message":"Permission denied: user=tom, access=WRITE, inode=\"/user\":hdfs:hdfs:drwxr-xr-x"}}* -</code></pre> + {"RemoteException":{"exception":"AccessControlException","javaClassName":"org.apache.hadoop.security.AccessControlException","message":"Permission denied: user=tom, access=WRITE, inode=\"/user\":hdfs:hdfs:drwxr-xr-x"}}* #### Resolution @@ -281,16 +275,16 @@ Clients that do not trust the certificat A browser will typically warn you of the inability to trust the receieved certificate and give you an opportunity to add an exception for the particular certificate. Curl will present you with the follow message and instructions for turning of certificate verification: - curl performs SSL certificate verification by default, using a "bundle" - of Certificate Authority (CA) public keys (CA certs). If the default - bundle file isn't adequate, you can specify an alternate file - using the --cacert option. - If this HTTPS server uses a certificate signed by a CA represented - the bundle, the certificate verification probably failed due to a - problem with the certificate (it might be expired, or the name might - not match the domain name in the URL). - If you'd like to turn off curl's verification of the certificate, use - the -k (or --insecure) option. + curl performs SSL certificate verification by default, using a "bundle" + of Certificate Authority (CA) public keys (CA certs). If the default + bundle file isn't adequate, you can specify an alternate file + using the --cacert option. + If this HTTPS server uses a certificate signed by a CA represented + the bundle, the certificate verification probably failed due to a + problem with the certificate (it might be expired, or the name might + not match the domain name in the URL). + If you'd like to turn off curl's verification of the certificate, use + the -k (or --insecure) option. ### SPNego Authentication Issues ### Modified: knox/trunk/books/0.5.0/quick_start.md URL: http://svn.apache.org/viewvc/knox/trunk/books/0.5.0/quick_start.md?rev=1635989&r1=1635988&r2=1635989&view=diff ============================================================================== --- knox/trunk/books/0.5.0/quick_start.md (original) +++ knox/trunk/books/0.5.0/quick_start.md Sat Nov 1 16:55:48 2014 @@ -56,7 +56,8 @@ Download one of the distributions below * Source archive: [knox-0.5.0-src.zip][src-zip] ([PGP signature][src-pgp], [SHA1 digest][src-sha], [MD5 digest][src-md5]) * Binary archive: [knox-0.5.0.zip][bin-zip] ([PGP signature][bin-pgp], [SHA1 digest][bin-sha], [MD5 digest][bin-md5]) -[src-zip]: http://www.apache.org/dyn/closer.cgi/knox/0.5.0/knox-0.4.0-src.zip +[keys]: https://dist.apache.org/repos/dist/release/knox/KEYS +[src-zip]: http://www.apache.org/dyn/closer.cgi/knox/0.5.0/knox-0.5.0-src.zip [src-sha]: http://www.apache.org/dyn/closer.cgi/knox/0.5.0/knox-0.5.0-src.zip.sha [src-pgp]: http://www.apache.org/dyn/closer.cgi/knox/0.5.0/knox-0.5.0-src.zip.asc [src-md5]: http://www.apache.org/dyn/closer.cgi/knox/0.5.0/knox-0.5.0-src.zip.md5 @@ -75,7 +76,7 @@ While recommended, verify is an optional Please read [Verifying Apache HTTP Server Releases](http://httpd.apache.org/dev/verification.html) for more information on why you should verify our releases. The PGP signatures can be verified using PGP or GPG. -First download the KEYS file as well as the .asc signature files for the relevant release packages. +First download the [KEYS][keys] file as well as the .asc signature files for the relevant release packages. Make sure you get these files from the main distribution directory linked above, rather than from a mirror. Then verify the signatures using one of the methods below. @@ -92,7 +93,7 @@ or % gpg --import KEYS % gpg --verify knox-0.5.0.zip.asc -### 5 - Start Hadoop virtual machine ### +### 4 - Start Hadoop virtual machine ### Start the Hadoop virtual machine. Modified: knox/trunk/build.xml URL: http://svn.apache.org/viewvc/knox/trunk/build.xml?rev=1635989&r1=1635988&r2=1635989&view=diff ============================================================================== --- knox/trunk/build.xml (original) +++ knox/trunk/build.xml Sat Nov 1 16:55:48 2014 @@ -127,7 +127,7 @@ <target name="review-book" depends="init" description="Open the default book in the default browser."> <exec executable="${browser.cmd}"> - <arg line="${book-0-4-0-file}" /> + <arg line="${book-0-5-0-file}" /> </exec> </target>