[
https://issues.apache.org/jira/browse/AMBARI-21325?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16137837#comment-16137837
]
Larry McCay commented on AMBARI-21325:
--------------------------------------
This patch is really interesting.
I am a bit concerned about a couple aspects of the implementation however and I
think we need to consider them carefully due to backward compatibility issues
if we decide that we need to evolve it.
One thing that stands out to me is that it seems to hardcode specific topology
names that it is generating for the deployment. While this may work in targeted
deployments, it may not suite others as well. I have also noticed that these
same topology names have bled into the service definitions that were recently
added to Knox itself. The rewrite rules are actually hardcoded for specific
names.
One of the things that makes that concerning to me is that it breaks the
namespace provided by topologies. In order for Knox to support multiple
clusters in the same gateway instance, we use topologies to represent each
cluster and the services, UIs that are to be proxied from the cluster. By
introducing a hbaseui.xml, an admin looking at that topology will not easily
know which cluster it belongs to. Moreover, you are limited to a single
hbaseui.xml for the gateway instance. Which means that our support for proxying
the HBase UI will be limited to one cluster even though Knox supports multiple
clusters.
I have been thinking about how this namespace can be preserved through a new
feature in Knox that will allow for simpler UI rewrite rules and a browser
redirect from a typical cluster topology like default.xml to a UI specific
topology for the default cluster.
Since I believe there is a good bit of work to get this provisioning work done
properly, fix the rewrite rules in the current service definitions and add the
new indirection for namespace preservation, I would suggest that we use what is
here as a source to inform what ends up being done and target it in a later
release.
In the meantime, I know folks do some similar things as part of a post
installation provisioning step.
Essentially, generate the needed topologies and update the quicklinks json file
to use Knox URLs instead of direct.
> Ability to switch Quick Links to use Service URL through Knox or given proxy
> ----------------------------------------------------------------------------
>
> Key: AMBARI-21325
> URL: https://issues.apache.org/jira/browse/AMBARI-21325
> Project: Ambari
> Issue Type: Improvement
> Affects Versions: trunk, 2.5.2, 2.5.3
> Reporter: Jeffrey E Rodriguez
> Assignee: Chandana Mirashi
> Attachments: 21325_test_results.zip, AMBARI-21325.patch
>
> Original Estimate: 336h
> Remaining Estimate: 336h
>
> Knox has the ability to proxy Hadoop user interfaces URL. Having the ability
> to setup Quicklinks through Knox so instead of for example going to "Hbase
> Master UI" directly we can proxy through Knox for example:
> http://hdpjeff1.fyre.ibm.com:16010/master-status
> can be instead go through:
> https://hdpjeff1.fyre.ibm.com:8443/gateway/default/hbase/hbaseui/master-status
> Here https://hdpjeff1.fyre.ibm.com:8443/gateway is the Knox gateway URL.
> This will bring authentication to the UI access and would secure the UI
> access.
> Ideally this behavior can be set as secure going through proxy by default or
> it can be turn off to go directly by Ambari Admin.
> Changes added:
> 1. Add new json properties knox_url, knox_path, supports_knox
> a. knox_url: template to be used for urls that are proxied through Knox
> b. knox_path: Knox gateway path that will be added to the proxy url.
> c. supports_knox: whether link will be redirected through Knox
> 2. Add above json properties to quicklinks.json
> 3. Add HDFSUI & DATANODE,YARNUI & NODEUI, JOBHISTORYUI, HBASEUI, OOZIEUI,
> SPARKUI services to Knox topology template.
> 4. Automate protocol and port added to Knox topology file. Based on whether
> SSL is enabled for the services listed above, the port and protocol in
> params_linux.py will be updated.
> 5. Update quick_view_link_view.js so that when Knox is installed and
> support_knox is true, quicklink url follows knox url template specified in
> the quicklinks.json for the service/component.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
