[ https://issues.apache.org/jira/browse/AMBARI-21325?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16137837#comment-16137837 ]
Larry McCay commented on AMBARI-21325: -------------------------------------- This patch is really interesting. I am a bit concerned about a couple aspects of the implementation however and I think we need to consider them carefully due to backward compatibility issues if we decide that we need to evolve it. One thing that stands out to me is that it seems to hardcode specific topology names that it is generating for the deployment. While this may work in targeted deployments, it may not suite others as well. I have also noticed that these same topology names have bled into the service definitions that were recently added to Knox itself. The rewrite rules are actually hardcoded for specific names. One of the things that makes that concerning to me is that it breaks the namespace provided by topologies. In order for Knox to support multiple clusters in the same gateway instance, we use topologies to represent each cluster and the services, UIs that are to be proxied from the cluster. By introducing a hbaseui.xml, an admin looking at that topology will not easily know which cluster it belongs to. Moreover, you are limited to a single hbaseui.xml for the gateway instance. Which means that our support for proxying the HBase UI will be limited to one cluster even though Knox supports multiple clusters. I have been thinking about how this namespace can be preserved through a new feature in Knox that will allow for simpler UI rewrite rules and a browser redirect from a typical cluster topology like default.xml to a UI specific topology for the default cluster. Since I believe there is a good bit of work to get this provisioning work done properly, fix the rewrite rules in the current service definitions and add the new indirection for namespace preservation, I would suggest that we use what is here as a source to inform what ends up being done and target it in a later release. In the meantime, I know folks do some similar things as part of a post installation provisioning step. Essentially, generate the needed topologies and update the quicklinks json file to use Knox URLs instead of direct. > Ability to switch Quick Links to use Service URL through Knox or given proxy > ---------------------------------------------------------------------------- > > Key: AMBARI-21325 > URL: https://issues.apache.org/jira/browse/AMBARI-21325 > Project: Ambari > Issue Type: Improvement > Affects Versions: trunk, 2.5.2, 2.5.3 > Reporter: Jeffrey E Rodriguez > Assignee: Chandana Mirashi > Attachments: 21325_test_results.zip, AMBARI-21325.patch > > Original Estimate: 336h > Remaining Estimate: 336h > > Knox has the ability to proxy Hadoop user interfaces URL. Having the ability > to setup Quicklinks through Knox so instead of for example going to "Hbase > Master UI" directly we can proxy through Knox for example: > http://hdpjeff1.fyre.ibm.com:16010/master-status > can be instead go through: > https://hdpjeff1.fyre.ibm.com:8443/gateway/default/hbase/hbaseui/master-status > Here https://hdpjeff1.fyre.ibm.com:8443/gateway is the Knox gateway URL. > This will bring authentication to the UI access and would secure the UI > access. > Ideally this behavior can be set as secure going through proxy by default or > it can be turn off to go directly by Ambari Admin. > Changes added: > 1. Add new json properties knox_url, knox_path, supports_knox > a. knox_url: template to be used for urls that are proxied through Knox > b. knox_path: Knox gateway path that will be added to the proxy url. > c. supports_knox: whether link will be redirected through Knox > 2. Add above json properties to quicklinks.json > 3. Add HDFSUI & DATANODE,YARNUI & NODEUI, JOBHISTORYUI, HBASEUI, OOZIEUI, > SPARKUI services to Knox topology template. > 4. Automate protocol and port added to Knox topology file. Based on whether > SSL is enabled for the services listed above, the port and protocol in > params_linux.py will be updated. > 5. Update quick_view_link_view.js so that when Knox is installed and > support_knox is true, quicklink url follows knox url template specified in > the quicklinks.json for the service/component. -- This message was sent by Atlassian JIRA (v6.4.14#64029)