[jira] [Commented] (KNOX-1207) Several url rewrite bugs in yarn ui and job history ui
[ https://issues.apache.org/jira/browse/KNOX-1207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16468027#comment-16468027 ] Guang Yang commented on KNOX-1207: -- [~sunilg] Can you take a look at this one? I really hope we can make this into the release 1.1.0 if everything looks good. > Several url rewrite bugs in yarn ui and job history ui > -- > > Key: KNOX-1207 > URL: https://issues.apache.org/jira/browse/KNOX-1207 > Project: Apache Knox > Issue Type: Bug >Affects Versions: Future, 0.14.0 >Reporter: Guang Yang >Priority: Major > Attachments: KNOX-1207.patch, KNOX-1207.patch > > > There are several url rewrite bugs in yarn ui and map/reduce job history ui. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (KNOX-1202) Admin UI Input Validation
[ https://issues.apache.org/jira/browse/KNOX-1202?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Phil Zampino resolved KNOX-1202. Resolution: Fixed > Admin UI Input Validation > - > > Key: KNOX-1202 > URL: https://issues.apache.org/jira/browse/KNOX-1202 > Project: Apache Knox > Issue Type: Bug > Components: AdminUI >Affects Versions: 1.0.0 >Reporter: Phil Zampino >Assignee: Phil Zampino >Priority: Major > Fix For: 1.1.0 > > > The Admin UI needs a comprehensive input validation treatment. There is > currently little to no validation being performed. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KNOX-1149) HBase High Availability Fails with Kerberos Secured Cluster
[ https://issues.apache.org/jira/browse/KNOX-1149?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467924#comment-16467924 ] Phil Zampino commented on KNOX-1149: [~rkellogg] Would you mind rebasing the patch such that the packages are consistent with 1.0.0+ ? > HBase High Availability Fails with Kerberos Secured Cluster > --- > > Key: KNOX-1149 > URL: https://issues.apache.org/jira/browse/KNOX-1149 > Project: Apache Knox > Issue Type: Bug > Components: Server >Affects Versions: 0.13.0, 0.14.0 >Reporter: Rick Kellogg >Assignee: Rick Kellogg >Priority: Major > Fix For: 1.1.0 > > Attachments: KNOX-1149.patch > > > When HBase is run on a Kerberos secured cluster, the registration of the > Region Servers is stored in ZooKeeper under a different path. The > HBaseZookeeperURLManager class used to support high availability in Knox > needs to be updated to look in both locations and then ping for availability. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KNOX-1164) bug fix on oozieui rewrite rul
[ https://issues.apache.org/jira/browse/KNOX-1164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467919#comment-16467919 ] Phil Zampino commented on KNOX-1164: [~weihan] Would you mind rebasing this patch? As it is, it's not applying cleanly. > bug fix on oozieui rewrite rul > -- > > Key: KNOX-1164 > URL: https://issues.apache.org/jira/browse/KNOX-1164 > Project: Apache Knox > Issue Type: Bug >Reporter: Wei Han >Priority: Major > Fix For: 1.1.0 > > Attachments: 0001-oozieUI-rewrite-rule-fix.patch > > > Fix a bug introduced in https://issues.apache.org/jira/browse/KNOX-1106. The > issue is that pattern is always required at the top level definition > otherwise the rule won't be effective: > https://github.com/apache/knox/blob/5515056406afd48a6b55f4188fe80816c2133744/gateway-provider-rewrite/src/main/java/org/apache/hadoop/gateway/filter/rewrite/api/UrlRewriteProcessor.java#L92 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KNOX-1160) Bug fixes to make spark history UI work
[ https://issues.apache.org/jira/browse/KNOX-1160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467906#comment-16467906 ] Phil Zampino commented on KNOX-1160: [~weihan] Thank you for this contribution. > Bug fixes to make spark history UI work > --- > > Key: KNOX-1160 > URL: https://issues.apache.org/jira/browse/KNOX-1160 > Project: Apache Knox > Issue Type: Bug >Reporter: Wei Han >Priority: Minor > Fix For: 1.1.0 > > Attachments: sparkhistoryui.patch > > > During my test of the spark history UI I found a couple of issues. The > attached patch fixes all of the issues I have seen -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (KNOX-1160) Bug fixes to make spark history UI work
[ https://issues.apache.org/jira/browse/KNOX-1160?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Phil Zampino resolved KNOX-1160. Resolution: Fixed > Bug fixes to make spark history UI work > --- > > Key: KNOX-1160 > URL: https://issues.apache.org/jira/browse/KNOX-1160 > Project: Apache Knox > Issue Type: Bug >Reporter: Wei Han >Priority: Minor > Fix For: 1.1.0 > > Attachments: sparkhistoryui.patch > > > During my test of the spark history UI I found a couple of issues. The > attached patch fixes all of the issues I have seen -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KNOX-1160) Bug fixes to make spark history UI work
[ https://issues.apache.org/jira/browse/KNOX-1160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467901#comment-16467901 ] ASF subversion and git services commented on KNOX-1160: --- Commit bf3fc5eb09cfb7db53f83f10b6dbbfdbe1dbe1f6 in knox's branch refs/heads/master from [~pzampino] [ https://git-wip-us.apache.org/repos/asf?p=knox.git;h=bf3fc5e ] KNOX-1160 - Bug fixes to make spark history UI work (Wei Han via pzampino) > Bug fixes to make spark history UI work > --- > > Key: KNOX-1160 > URL: https://issues.apache.org/jira/browse/KNOX-1160 > Project: Apache Knox > Issue Type: Bug >Reporter: Wei Han >Priority: Minor > Fix For: 1.1.0 > > Attachments: sparkhistoryui.patch > > > During my test of the spark history UI I found a couple of issues. The > attached patch fixes all of the issues I have seen -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KNOX-1152) Guard Against Missing Subject in Identity Assertion
[ https://issues.apache.org/jira/browse/KNOX-1152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467873#comment-16467873 ] Phil Zampino commented on KNOX-1152: [~rkellogg] Would you mind rebasing the patch such that the packages are consistent with 1.0.0+ ? > Guard Against Missing Subject in Identity Assertion > --- > > Key: KNOX-1152 > URL: https://issues.apache.org/jira/browse/KNOX-1152 > Project: Apache Knox > Issue Type: Bug > Components: Server >Affects Versions: 0.11.0, 0.12.0, 0.13.0, 0.14.0 >Reporter: Rick Kellogg >Assignee: Rick Kellogg >Priority: Minor > Fix For: 1.1.0 > > Attachments: KNOX-1152B.patch > > > Within the CommonIdentityAssertionFilter class, it is possible the evaluation > of the Subject can return null. A check should be added for this, error > logged and IllegalStateException exception thrown. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (KNOX-925) Configurable - Encryption Algorithm and it's key size, Salt and iteration count for PBKDF
[ https://issues.apache.org/jira/browse/KNOX-925?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Phil Zampino updated KNOX-925: -- Fix Version/s: (was: 1.1.0) 1.2.0 > Configurable - Encryption Algorithm and it's key size, Salt and iteration > count for PBKDF > - > > Key: KNOX-925 > URL: https://issues.apache.org/jira/browse/KNOX-925 > Project: Apache Knox > Issue Type: Improvement > Components: Server >Affects Versions: 0.11.0 >Reporter: Krishna Pandey >Priority: Minor > Fix For: 1.2.0 > > > We can make key length configurable to be used with the RSA algorithm, so > that Users can set the value as per current cryptography guidelines. > Also, in a password-based key derivation function, the base key is a password > and the other parameters are a salt value and an iteration count. An > iteration count has traditionally served the purpose of increasing the cost > of generating keys from a password. We can keep the Scheme, Salt and > Iteration Count configurable for Users to fine tune as per their requirements. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KNOX-1237) Knox DSL should support HBase Stateless Scanner
[ https://issues.apache.org/jira/browse/KNOX-1237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467868#comment-16467868 ] Phil Zampino commented on KNOX-1237: [~risdenk] Since you won't be able to provide a patch in this timeframe, I'm pushing this out to 1.2.0 > Knox DSL should support HBase Stateless Scanner > --- > > Key: KNOX-1237 > URL: https://issues.apache.org/jira/browse/KNOX-1237 > Project: Apache Knox > Issue Type: Improvement > Components: ClientDSL >Reporter: Kevin Risden >Priority: Minor > Fix For: 1.2.0 > > > KNOX-8 added support for HBase REST apis via Knox. The Knox DSL supports > stateful scanners as shown in the documentation > (https://knox.apache.org/books/knox-1-0-0/user-guide.html#table(String+tableName).scanner().create()+-+Scanner+Creation). > HBase REST supports stateless scanners > ([https://hbase.apache.org/1.2/apidocs/org/apache/hadoop/hbase/rest/package-summary.html#operation_stateless_scanner]) > which can be easily load balanced. The feature is not well documented in > HBase REST. > Currently if using stateful scanners and Knox or HBase REST is being load > balanced, there will be an issue using that scanner. The stateless scanners > avoid this since they have all the information necessary. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (KNOX-1237) Knox DSL should support HBase Stateless Scanner
[ https://issues.apache.org/jira/browse/KNOX-1237?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Phil Zampino updated KNOX-1237: --- Fix Version/s: (was: 1.1.0) 1.2.0 > Knox DSL should support HBase Stateless Scanner > --- > > Key: KNOX-1237 > URL: https://issues.apache.org/jira/browse/KNOX-1237 > Project: Apache Knox > Issue Type: Improvement > Components: ClientDSL >Reporter: Kevin Risden >Priority: Minor > Fix For: 1.2.0 > > > KNOX-8 added support for HBase REST apis via Knox. The Knox DSL supports > stateful scanners as shown in the documentation > (https://knox.apache.org/books/knox-1-0-0/user-guide.html#table(String+tableName).scanner().create()+-+Scanner+Creation). > HBase REST supports stateless scanners > ([https://hbase.apache.org/1.2/apidocs/org/apache/hadoop/hbase/rest/package-summary.html#operation_stateless_scanner]) > which can be easily load balanced. The feature is not well documented in > HBase REST. > Currently if using stateful scanners and Knox or HBase REST is being load > balanced, there will be an issue using that scanner. The stateless scanners > avoid this since they have all the information necessary. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KNOX-1154) Dump Kerberos Configuration on Gateway Startup to Logs
[ https://issues.apache.org/jira/browse/KNOX-1154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467847#comment-16467847 ] Phil Zampino commented on KNOX-1154: [~rkellogg] Would you mind rebasing this patch? The package names are no longer consistent with 1.0.0+ > Dump Kerberos Configuration on Gateway Startup to Logs > -- > > Key: KNOX-1154 > URL: https://issues.apache.org/jira/browse/KNOX-1154 > Project: Apache Knox > Issue Type: Improvement > Components: Server >Affects Versions: 0.14.0 >Reporter: Rick Kellogg >Assignee: Rick Kellogg >Priority: Minor > Labels: security > Fix For: 1.1.0 > > Attachments: KNOX-1154.patch > > > Dump the following settings upon Gateway startup: > gateway.hadoop.kerberos.secured > java.security.krb5.conf > sun.security.krb5.debug > java.security.auth.login.config > javax.security.auth.useSubjectCredsOnly -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KNOX-1157) Scoped rewrite rules are treated as global rules in some cases
[ https://issues.apache.org/jira/browse/KNOX-1157?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467841#comment-16467841 ] Phil Zampino commented on KNOX-1157: [~weihan] Would you please provide an updated patch, rebased agains the latest source? The packages are no longer consistent with Knox 1.0.0+ > Scoped rewrite rules are treated as global rules in some cases > -- > > Key: KNOX-1157 > URL: https://issues.apache.org/jira/browse/KNOX-1157 > Project: Apache Knox > Issue Type: Bug >Reporter: Wei Han >Assignee: Wei Han >Priority: Minor > Fix For: 1.1.0 > > Attachments: > 0001-bug-fix-use-a-map-to-store-all-rules-in-ScopedMatche.patch > > > https://issues.apache.org/jira/browse/KNOX-711 introduced the concept of > 'scope' for rewrite rules. A rewrite rule can be applied to an input url only > if they share the same scope, unless the rule is explicitly defined as > 'global' rules. > However given the following rewrite.xml, and input url "/foo/bar" with role > service-1, the second rule(service-2) will win because the second rule is > more specific, even the scope is different from the input url. > > > > > > > The root cause is the templates for these two rules are different, so in > ScopedMatcher.java(https://github.com/apache/knox/commit/286e02a44dfb5f9ee101007b46bcb8ee47fa62d7#diff-6cffc9c391024e27c73a85ba8e736e60R118), > we don't create a separate matcher and the two rules share the same matcher > object. > My proposal is to change the implementation to create a brand new matcher for > each scope, and store them in a map keyed by scope name. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KNOX-1202) Admin UI Input Validation
[ https://issues.apache.org/jira/browse/KNOX-1202?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467831#comment-16467831 ] ASF subversion and git services commented on KNOX-1202: --- Commit b509532d18fe1c50fc499e9fd36870ccf74bb07e in knox's branch refs/heads/master from [~pzampino] [ https://git-wip-us.apache.org/repos/asf?p=knox.git;h=b509532 ] KNOX-1202 - Validate resource names > Admin UI Input Validation > - > > Key: KNOX-1202 > URL: https://issues.apache.org/jira/browse/KNOX-1202 > Project: Apache Knox > Issue Type: Bug > Components: AdminUI >Affects Versions: 1.0.0 >Reporter: Phil Zampino >Assignee: Phil Zampino >Priority: Major > Fix For: 1.1.0 > > > The Admin UI needs a comprehensive input validation treatment. There is > currently little to no validation being performed. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KNOX-1270) Yarn jobs url rewrites failure
[ https://issues.apache.org/jira/browse/KNOX-1270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467818#comment-16467818 ] Guang Yang commented on KNOX-1270: -- [~lmccay] I think KNOX-1023 is a duplicate of this one, so we just need to apply this one. And I just tried, this patch is good to be applied. > Yarn jobs url rewrites failure > -- > > Key: KNOX-1270 > URL: https://issues.apache.org/jira/browse/KNOX-1270 > Project: Apache Knox > Issue Type: Bug > Components: Server >Affects Versions: 0.14.0, 1.0.0 >Reporter: Guang Yang >Assignee: Guang Yang >Priority: Major > Fix For: 0.14.1, 1.1.0 > > Attachments: KNOX-1270.patch > > > If you go to see the Yarn job logs through Yarn UI, the log urls are actually > broken. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KNOX-1178) Add test to ensure regex or support in RegexIdentityAssertionFilter
[ https://issues.apache.org/jira/browse/KNOX-1178?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467804#comment-16467804 ] Phil Zampino commented on KNOX-1178: [~kminder] Is there anything outstanding wrt this issue, or can it be considered resolved? > Add test to ensure regex or support in RegexIdentityAssertionFilter > --- > > Key: KNOX-1178 > URL: https://issues.apache.org/jira/browse/KNOX-1178 > Project: Apache Knox > Issue Type: Test > Components: Server >Affects Versions: 1.0.0 >Reporter: Kevin Minder >Priority: Minor > Fix For: 1.1.0 > > > Created a test to ensure that regex or operations worked with both email > addresses (e.g. mem...@apache.org) and simple usernames (e.g. member) for > RegexIdentityAssertionFilter. This did work properly and I'd like to add the > test to ensure it continues to work. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KNOX-745) KnoxCLI system-user-auth-test and user-auth-test doesn't work with system password alias
[
https://issues.apache.org/jira/browse/KNOX-745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467802#comment-16467802
]
Phil Zampino commented on KNOX-745:
---
Given the lack of motion, pushing this one out beyond 1.1.0.
[~vrathor-hw], if there has been some progress with the patch, please feel free
to pull it back in.
> KnoxCLI system-user-auth-test and user-auth-test doesn't work with system
> password alias
>
>
> Key: KNOX-745
> URL: https://issues.apache.org/jira/browse/KNOX-745
> Project: Apache Knox
> Issue Type: Bug
> Components: KnoxCLI
>Affects Versions: 0.10.0
> Environment: centos6
>Reporter: Vipin Rathor
>Priority: Minor
> Fix For: 1.2.0
>
>
> When system password alias is used instead of plain text password in Knox
> topology, the knoxcli system-user-auth-test and user-auth-test fails to
> authenticate.
> Issue can be reproduced easily by following these steps:
> Steps to reproduce:
> 1. Specify these three property in topology (say sandbox.xml)
> {code:java}
>
> main.ldapRealm.authorizationEnabled
> true
>
>
> main.ldapRealm.contextFactory.systemUsername
> uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
>
>
> main.ldapRealm.contextFactory.systemPassword
> ${ALIAS=ldapsystempassword}
>
> {code}
> 2. Save and restart the Knox gateway service
> 3. Create password alias:
> bin/knoxcli.sh create-alias ldapsystempassword --value 'admin-password'
> --cluster sandbox
> 4. Both the below command would fail:
> {code:java}
> bin/knoxcli.sh system-user-auth-test --cluster sandbox --d
> org.apache.shiro.authc.AuthenticationException: LDAP authentication failed.
> [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot
> authenticate user uid=admin,ou=people,dc=hadoop,dc=apache,dc=org]
> org.apache.shiro.authc.AuthenticationException: LDAP authentication failed.
> at
> org.apache.shiro.realm.ldap.JndiLdapRealm.doGetAuthenticationInfo(JndiLdapRealm.java:300)
> at
> org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.doGetAuthenticationInfo(KnoxLdapRealm.java:193)
> at
> org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568)
> at
> org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
> at
> org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
> at
> org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
> at
> org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
> at
> org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270)
> at
> org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
> at
> org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.authenticateUser(KnoxCLI.java:1069)
> at
> org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.testSysBind(KnoxCLI.java:1171)
> at
> org.apache.hadoop.gateway.util.KnoxCLI$LDAPSysBindCommand.execute(KnoxCLI.java:1478)
> at org.apache.hadoop.gateway.util.KnoxCLI.run(KnoxCLI.java:138)
> at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70)
> at
> org.apache.hadoop.gateway.util.KnoxCLI.main(KnoxCLI.java:1675)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.apache.hadoop.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:70)
> at
> org.apache.hadoop.gateway.launcher.Invoker.invoke(Invoker.java:39)
> at
> org.apache.hadoop.gateway.launcher.Command.run(Command.java:101)
> at
> org.apache.hadoop.gateway.launcher.Launcher.run(Launcher.java:69)
> at
> org.apache.hadoop.gateway.launcher.Launcher.main(Launcher.java:46)
> Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 -
> INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user
> uid=admin,ou=people,dc=hadoop,dc=apache,dc=org]
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3088)
> at
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3034)
>
[jira] [Updated] (KNOX-745) KnoxCLI system-user-auth-test and user-auth-test doesn't work with system password alias
[
https://issues.apache.org/jira/browse/KNOX-745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Phil Zampino updated KNOX-745:
--
Fix Version/s: (was: 1.1.0)
1.2.0
> KnoxCLI system-user-auth-test and user-auth-test doesn't work with system
> password alias
>
>
> Key: KNOX-745
> URL: https://issues.apache.org/jira/browse/KNOX-745
> Project: Apache Knox
> Issue Type: Bug
> Components: KnoxCLI
>Affects Versions: 0.10.0
> Environment: centos6
>Reporter: Vipin Rathor
>Priority: Minor
> Fix For: 1.2.0
>
>
> When system password alias is used instead of plain text password in Knox
> topology, the knoxcli system-user-auth-test and user-auth-test fails to
> authenticate.
> Issue can be reproduced easily by following these steps:
> Steps to reproduce:
> 1. Specify these three property in topology (say sandbox.xml)
> {code:java}
>
> main.ldapRealm.authorizationEnabled
> true
>
>
> main.ldapRealm.contextFactory.systemUsername
> uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
>
>
> main.ldapRealm.contextFactory.systemPassword
> ${ALIAS=ldapsystempassword}
>
> {code}
> 2. Save and restart the Knox gateway service
> 3. Create password alias:
> bin/knoxcli.sh create-alias ldapsystempassword --value 'admin-password'
> --cluster sandbox
> 4. Both the below command would fail:
> {code:java}
> bin/knoxcli.sh system-user-auth-test --cluster sandbox --d
> org.apache.shiro.authc.AuthenticationException: LDAP authentication failed.
> [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot
> authenticate user uid=admin,ou=people,dc=hadoop,dc=apache,dc=org]
> org.apache.shiro.authc.AuthenticationException: LDAP authentication failed.
> at
> org.apache.shiro.realm.ldap.JndiLdapRealm.doGetAuthenticationInfo(JndiLdapRealm.java:300)
> at
> org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.doGetAuthenticationInfo(KnoxLdapRealm.java:193)
> at
> org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568)
> at
> org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
> at
> org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
> at
> org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
> at
> org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
> at
> org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270)
> at
> org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
> at
> org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.authenticateUser(KnoxCLI.java:1069)
> at
> org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.testSysBind(KnoxCLI.java:1171)
> at
> org.apache.hadoop.gateway.util.KnoxCLI$LDAPSysBindCommand.execute(KnoxCLI.java:1478)
> at org.apache.hadoop.gateway.util.KnoxCLI.run(KnoxCLI.java:138)
> at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70)
> at
> org.apache.hadoop.gateway.util.KnoxCLI.main(KnoxCLI.java:1675)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.apache.hadoop.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:70)
> at
> org.apache.hadoop.gateway.launcher.Invoker.invoke(Invoker.java:39)
> at
> org.apache.hadoop.gateway.launcher.Command.run(Command.java:101)
> at
> org.apache.hadoop.gateway.launcher.Launcher.run(Launcher.java:69)
> at
> org.apache.hadoop.gateway.launcher.Launcher.main(Launcher.java:46)
> Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 -
> INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user
> uid=admin,ou=people,dc=hadoop,dc=apache,dc=org]
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3088)
> at
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3034)
> at
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2836)
> at
[jira] [Commented] (KNOX-1080) Custom dispatch for NiFi should be moved to its own package
[ https://issues.apache.org/jira/browse/KNOX-1080?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467791#comment-16467791 ] Phil Zampino commented on KNOX-1080: [~jtstorck] Are you in a position to provide a patch? > Custom dispatch for NiFi should be moved to its own package > --- > > Key: KNOX-1080 > URL: https://issues.apache.org/jira/browse/KNOX-1080 > Project: Apache Knox > Issue Type: Improvement > Components: Server >Affects Versions: 0.14.0 >Reporter: Jeff Storck >Priority: Minor > Fix For: 1.1.0 > > > The custom NiFi dispatch code should be moved from the > org.apache.knox.gateway.dispatch package to org.apache.knox.gateway.nifi > package. In addition, the default service.xml for the NiFi dispatch should be > updated to use the new package name. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KNOX-1023) nodemanager log links for a running job not working through YARNUI
[
https://issues.apache.org/jira/browse/KNOX-1023?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467779#comment-16467779
]
Larry McCay commented on KNOX-1023:
---
[~hariharan022] - I am going to move this out to 1.2.0 unless we can get an
updated patch for this. I've tried to resolve it myself but I don't want to
make assumptions that break things.
> nodemanager log links for a running job not working through YARNUI
> --
>
> Key: KNOX-1023
> URL: https://issues.apache.org/jira/browse/KNOX-1023
> Project: Apache Knox
> Issue Type: Bug
>Affects Versions: 0.13.0
>Reporter: vaibhav beriwala
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: KNOX-1023.patch
>
>
> When nodemanager links are accessed through YARNUI service, it requires the
> host and port to be appended in the URI , something like:
> {code:java}
> https://host:8443/gateway/sandbox/yarn/nodemanager/node/containerlogs/container_e02_1498543212255_0001_01_01/user?host=nm-host=8042
> {code}
> When I'm coming from the RM page, this link is rendered as an absolute one,
> so the rewrite rule works fine and appends the host and port. However, when
> I'm on the NM page itself, the URLs are not absolute(the URL's on NM page are
> relative), so a different rewrite rule applies:
> {code:java}
> DEBUG hadoop.gateway (UrlRewriteProcessor.java:rewrite(164)) - Rewrote URL:
> /node/containerlogs/container_e01_1498485266952_0006_01_01/hiyer
> qa3july/stderr/?start=-4096, direction: OUT via implicit rule:
> YARNUI/yarn/outbound/node to URL:
> https://host:8443/gateway/sandbox/yarn/node/containerlogs/container_e01_1498485266952_0006_01_01/user/stderr
> {code}
> As you can see, this link does not contain the host=nm-host=8042 at the
> end of query string, so it does not work. This affects log links for running
> tasks, and links for the nodemanager itself.
> So, the links on NM page of type
> {code:java}
> href=/syslog
> {code}
> gets transformed to
> {code:java}
> https://host:8443/gateway/sandbox/yarn/nodemanager/node/containerlogs/container_e02_1498543212255_0001_01_01/user/syslog
> {code}
> whereas it should have been transformed to
> {code:java}
> https://host:8443/gateway/sandbox/yarn/nodemanager/node/containerlogs/container_e02_1498543212255_0001_01_01/user/syslog?host=nm-host=8042
> {code}
> One possible solution I could think of is appending the query string of the
> *current* page to the link, but I couldn't see how to do that in a rewrite
> rule.
> Also, if you can provide some code pointers I may look into it. :)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (KNOX-1143) Add MR job history ws rest api rewrite rule to jobhistoryui
[ https://issues.apache.org/jira/browse/KNOX-1143?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467763#comment-16467763 ] Guang Yang commented on KNOX-1143: -- [~lmccay] Thanks for reviewing this. Updated patch. > Add MR job history ws rest api rewrite rule to jobhistoryui > --- > > Key: KNOX-1143 > URL: https://issues.apache.org/jira/browse/KNOX-1143 > Project: Apache Knox > Issue Type: Improvement >Affects Versions: Future >Reporter: Guang Yang >Priority: Major > Labels: features > Fix For: 1.1.0 > > Attachments: KNOX-1143.patch, KNOX-jhs.patch > > > Currently, there is no url rewrite rule for mapreduce job history server ws > rest api calls, like http://0:19888/ws/v1/history/mapreduce/jobs/job_id. We > need to add such rewrite rules. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (KNOX-1143) Add MR job history ws rest api rewrite rule to jobhistoryui
[ https://issues.apache.org/jira/browse/KNOX-1143?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Guang Yang updated KNOX-1143: - Attachment: KNOX-1143.patch > Add MR job history ws rest api rewrite rule to jobhistoryui > --- > > Key: KNOX-1143 > URL: https://issues.apache.org/jira/browse/KNOX-1143 > Project: Apache Knox > Issue Type: Improvement >Affects Versions: Future >Reporter: Guang Yang >Priority: Major > Labels: features > Fix For: 1.1.0 > > Attachments: KNOX-1143.patch, KNOX-jhs.patch > > > Currently, there is no url rewrite rule for mapreduce job history server ws > rest api calls, like http://0:19888/ws/v1/history/mapreduce/jobs/job_id. We > need to add such rewrite rules. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (KNOX-1033) Apache Tez UI support
[
https://issues.apache.org/jira/browse/KNOX-1033?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Larry McCay updated KNOX-1033:
--
Fix Version/s: (was: 1.1.0)
1.2.0
> Apache Tez UI support
> -
>
> Key: KNOX-1033
> URL: https://issues.apache.org/jira/browse/KNOX-1033
> Project: Apache Knox
> Issue Type: New Feature
> Components: Server
>Affects Versions: 0.13.0
> Environment: Apache Hadoop clusters, HortonWorks clusters, Cloudera
> clusters, MapR clusters
>Reporter: Pierre Beauvois
>Priority: Major
> Fix For: 1.2.0
>
>
> Tez UI as documented here: [Tez UI|https://tez.apache.org/tez-ui.html]
> Tez becomes more and more popular on the market. Supporting its UI is crucial
> for Knox.
> This feature allow to access the Tez UI through Knox. It could be enabled in
> your topology by adding the following sample:
> {code:java}
>
> TEZUI
> http://{tezui-host}:{tezui-port}
>
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (KNOX-1270) Yarn jobs url rewrites failure
[ https://issues.apache.org/jira/browse/KNOX-1270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467754#comment-16467754 ] Larry McCay commented on KNOX-1270: --- [~yg54123] - I'd like to get this into 1.1.0 and we need to be able to cleanly apply both JIRAs. Can you rebase and create a new patch for KNOX-1023 and make sure that this one still applies correctly? > Yarn jobs url rewrites failure > -- > > Key: KNOX-1270 > URL: https://issues.apache.org/jira/browse/KNOX-1270 > Project: Apache Knox > Issue Type: Bug > Components: Server >Affects Versions: 0.14.0, 1.0.0 >Reporter: Guang Yang >Assignee: Guang Yang >Priority: Major > Fix For: 0.14.1, 1.1.0 > > Attachments: KNOX-1270.patch > > > If you go to see the Yarn job logs through Yarn UI, the log urls are actually > broken. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KNOX-1086) Error message in gateway.log when Atlas enabled with Knox SSO , is accessed via Knox Proxy.
[
https://issues.apache.org/jira/browse/KNOX-1086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467749#comment-16467749
]
Larry McCay commented on KNOX-1086:
---
[~ssainath] - can you please attach a patch rather than a whole file.
We can't really just replace what is already there with a file from a snapshot
in time.
We need the patch to show the actual diff between the two.
> Error message in gateway.log when Atlas enabled with Knox SSO , is accessed
> via Knox Proxy.
> ---
>
> Key: KNOX-1086
> URL: https://issues.apache.org/jira/browse/KNOX-1086
> Project: Apache Knox
> Issue Type: Bug
> Components: KnoxSSO
>Reporter: Sharmadha Sainath
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: rewrite.xml
>
>
> 1.Enabled Knox SSO for Atlas.
> 2.Added a topology ui.xml for Atlas Knox Proxy.
> 3.When
> {code}
> https://knox_gateway:8443/gateway/ui/atlas
> {code}
> is accessed , it redirects to
> {code}
> https://knox_gateway:8443/gateway/knoxsso/knoxauth/login.html?originalUrl=https://knox_gateway:8443/gateway/ui/atlas/
> {code}
> correctly.
> No error in functionality. When username , password is provided , it
> redirects to https://knox_gateway:8443/gateway/ui/atlas/ and Atlas functions
> as expected. No error messages in Atlas .
> But following error message is found in knox gateway.log when
> https://knox_gateway:8443/gateway/ui/atlas/ is hit :
> {code}
> 2017-10-23 09:34:55,340 ERROR hadoop.gateway
> (UrlRewriteProcessor.java:rewrite(169)) - Failed to rewrite
> URL:https://knox_gateway:8443/gateway/knoxsso/api/v1/websso?originalUrl=https://knox_gateway:8443/gateway/ui/atlas/
> , direction: OUT via rule: ATLAS/atlas/outbound/login/headers/location,
> status: FAILURE
> {code}
> Attached the rewrite.xml for Atlas.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (KNOX-941) Ranger HA does not work through Knox
[
https://issues.apache.org/jira/browse/KNOX-941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467746#comment-16467746
]
Larry McCay commented on KNOX-941:
--
Moved to Future as there has been no movement here and have not heard this
issue from anywhere else.
If this continues to be an issue then please pull it back into 1.1.0 or 1.2.0
releases depending on your cycles to provide a patch.
> Ranger HA does not work through Knox
>
>
> Key: KNOX-941
> URL: https://issues.apache.org/jira/browse/KNOX-941
> Project: Apache Knox
> Issue Type: Bug
>Affects Versions: 0.11.0
>Reporter: Krisztian Horvath
>Priority: Major
> Fix For: Future
>
> Attachments: gateway.log, ranger-ha.bp, ranger_admin_compact.log,
> services.xml
>
>
> Ranger Admin runs in HA mode and knox is configured with:
> {code}
>
> ha
> HaProvider
> true
>
> RANGERUI
>
> maxFailoverAttempts=3;failoverSleep=1000;enabled=true
>
>
>
> RANGERUI
> http://ip-10-0-2-243.eu-west-1.compute.internal:6080
> http://ip-10-0-2-10.eu-west-1.compute.internal:6080
>
> {code}
> Knox keeps redirecting to the login page. In Ranger log I can see however the
> login was successful so it accepted the credentials. Load-balancing works as
> I stop one of the Ranger Admins I still can reach the UI, but cannot move on
> from the login page. Might be some session issue.
> Attached the knox topology and log file and ranger aggregated log.
> Ranger is installed with Ambari through Blueprints (see attachment)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (KNOX-941) Ranger HA does not work through Knox
[
https://issues.apache.org/jira/browse/KNOX-941?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Larry McCay updated KNOX-941:
-
Fix Version/s: (was: 1.1.0)
Future
> Ranger HA does not work through Knox
>
>
> Key: KNOX-941
> URL: https://issues.apache.org/jira/browse/KNOX-941
> Project: Apache Knox
> Issue Type: Bug
>Affects Versions: 0.11.0
>Reporter: Krisztian Horvath
>Priority: Major
> Fix For: Future
>
> Attachments: gateway.log, ranger-ha.bp, ranger_admin_compact.log,
> services.xml
>
>
> Ranger Admin runs in HA mode and knox is configured with:
> {code}
>
> ha
> HaProvider
> true
>
> RANGERUI
>
> maxFailoverAttempts=3;failoverSleep=1000;enabled=true
>
>
>
> RANGERUI
> http://ip-10-0-2-243.eu-west-1.compute.internal:6080
> http://ip-10-0-2-10.eu-west-1.compute.internal:6080
>
> {code}
> Knox keeps redirecting to the login page. In Ranger log I can see however the
> login was successful so it accepted the credentials. Load-balancing works as
> I stop one of the Ranger Admins I still can reach the UI, but cannot move on
> from the login page. Might be some session issue.
> Attached the knox topology and log file and ranger aggregated log.
> Ranger is installed with Ambari through Blueprints (see attachment)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (KNOX-889) Document how to support native library in gateway service
[ https://issues.apache.org/jira/browse/KNOX-889?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467744#comment-16467744 ] Larry McCay commented on KNOX-889: -- [~kamrul]??? > Document how to support native library in gateway service > - > > Key: KNOX-889 > URL: https://issues.apache.org/jira/browse/KNOX-889 > Project: Apache Knox > Issue Type: Task >Reporter: Mohammad Kamrul Islam >Priority: Major > Fix For: 1.1.0 > > > KNOX-868 allows the user to include any native library required for gateway > service. > This JIRA is to document the feature in knox-site. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KNOX-1025) Topology Domain Mapping
[
https://issues.apache.org/jira/browse/KNOX-1025?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467743#comment-16467743
]
Larry McCay commented on KNOX-1025:
---
Moving this out to 1.2.0 since there has been little movement on it and it
still requires test coverage. If you would like to get it in and have cycles to
close down on it in a week or so then please feel free to pull it back in.
> Topology Domain Mapping
> ---
>
> Key: KNOX-1025
> URL: https://issues.apache.org/jira/browse/KNOX-1025
> Project: Apache Knox
> Issue Type: New Feature
> Components: Server
>Reporter: Benjamin Tan
>Assignee: Benjamin Tan
>Priority: Major
> Fix For: 1.2.0
>
> Attachments: knox-1025.patch, knox-1025.v2.patch
>
>
> h2. Motivation
> In a multi-tenant doployment, end user need to access hadoop service in:
> {code:java}
> https://{gateway-host}:8443/gateway/eerie/webhdfs
> {code}
> , even with [KIP-6 Topology Port
> Mapping|https://cwiki.apache.org/confluence/display/KNOX/KIP-6+Topology+Port+Mapping],
> end user need to access in:
> {code:java}
> https://{gateway-host}:5443/webhdfs
> {code}
> we can give more convenience for end user, let them access in:
> {code:java}
> https://{eerie-specific-domain}/webhdfs
> or
> https://eerie.{gateway-domain}/webhdfs
> {code}
> There are some deploy prerequisites:
> # Let tenant admin add CNAME topology-specific-domain in their DNS server,
> point gateway host;
> # add CNAME eerie.gateway-domain in gateway domain DNS server, point geteway
> host;
> # add firewall rule in gateway host and redirect 443 to knox listening port
> 8443.
> h2. Configuration
> Configuration for this feature will be in gateway-site.xml config file.
> {code:java}
>
>
> gateway.domain.mapping.enabled
> true
> Enable/Disable gateway topology domain mapping
> feature.
>
>
>
>
> gateway.domain.mapping.eerie
> {eerie-specific-domain}
> The domain for the Topology.
>
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (KNOX-1025) Topology Domain Mapping
[
https://issues.apache.org/jira/browse/KNOX-1025?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Larry McCay updated KNOX-1025:
--
Fix Version/s: (was: 1.1.0)
1.2.0
> Topology Domain Mapping
> ---
>
> Key: KNOX-1025
> URL: https://issues.apache.org/jira/browse/KNOX-1025
> Project: Apache Knox
> Issue Type: New Feature
> Components: Server
>Reporter: Benjamin Tan
>Assignee: Benjamin Tan
>Priority: Major
> Fix For: 1.2.0
>
> Attachments: knox-1025.patch, knox-1025.v2.patch
>
>
> h2. Motivation
> In a multi-tenant doployment, end user need to access hadoop service in:
> {code:java}
> https://{gateway-host}:8443/gateway/eerie/webhdfs
> {code}
> , even with [KIP-6 Topology Port
> Mapping|https://cwiki.apache.org/confluence/display/KNOX/KIP-6+Topology+Port+Mapping],
> end user need to access in:
> {code:java}
> https://{gateway-host}:5443/webhdfs
> {code}
> we can give more convenience for end user, let them access in:
> {code:java}
> https://{eerie-specific-domain}/webhdfs
> or
> https://eerie.{gateway-domain}/webhdfs
> {code}
> There are some deploy prerequisites:
> # Let tenant admin add CNAME topology-specific-domain in their DNS server,
> point gateway host;
> # add CNAME eerie.gateway-domain in gateway domain DNS server, point geteway
> host;
> # add firewall rule in gateway host and redirect 443 to knox listening port
> 8443.
> h2. Configuration
> Configuration for this feature will be in gateway-site.xml config file.
> {code:java}
>
>
> gateway.domain.mapping.enabled
> true
> Enable/Disable gateway topology domain mapping
> feature.
>
>
>
>
> gateway.domain.mapping.eerie
> {eerie-specific-domain}
> The domain for the Topology.
>
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (KNOX-1143) Add MR job history ws rest api rewrite rule to jobhistoryui
[ https://issues.apache.org/jira/browse/KNOX-1143?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467741#comment-16467741 ] Larry McCay commented on KNOX-1143: --- [~yg54123] - sorry for the delay on reviewing this. I am in the process of trying to ramp down 1.1.0 and would like to get this in - however the patch does not apply. Can you please rebase and provide an updated patch? > Add MR job history ws rest api rewrite rule to jobhistoryui > --- > > Key: KNOX-1143 > URL: https://issues.apache.org/jira/browse/KNOX-1143 > Project: Apache Knox > Issue Type: Improvement >Affects Versions: Future >Reporter: Guang Yang >Priority: Major > Labels: features > Fix For: 1.1.0 > > Attachments: KNOX-jhs.patch > > > Currently, there is no url rewrite rule for mapreduce job history server ws > rest api calls, like http://0:19888/ws/v1/history/mapreduce/jobs/job_id. We > need to add such rewrite rules. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (KNOX-1273) New service for Spark2
[ https://issues.apache.org/jira/browse/KNOX-1273?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Larry McCay resolved KNOX-1273. --- Resolution: Won't Fix > New service for Spark2 > -- > > Key: KNOX-1273 > URL: https://issues.apache.org/jira/browse/KNOX-1273 > Project: Apache Knox > Issue Type: New Feature >Reporter: Marco Gaido >Priority: Major > Fix For: 1.1.0 > > > Currently we have 2 services for Spark Thriftserver and Spark History Server. > Those and their rewrite rules are targeting Spark1. Since Spark2 has been > introduced for a while, we should introduce new services for supporting > Spark2 too. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KNOX-1273) New service for Spark2
[ https://issues.apache.org/jira/browse/KNOX-1273?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467730#comment-16467730 ] Larry McCay commented on KNOX-1273: --- Closing this as Won't Fix since I believe KNOX-1293 supersedes this JIRA. > New service for Spark2 > -- > > Key: KNOX-1273 > URL: https://issues.apache.org/jira/browse/KNOX-1273 > Project: Apache Knox > Issue Type: New Feature >Reporter: Marco Gaido >Priority: Major > Fix For: 1.1.0 > > > Currently we have 2 services for Spark Thriftserver and Spark History Server. > Those and their rewrite rules are targeting Spark1. Since Spark2 has been > introduced for a while, we should introduce new services for supporting > Spark2 too. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KNOX-1155) Knox Gateway Service for ElasticSearch
[ https://issues.apache.org/jira/browse/KNOX-1155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467715#comment-16467715 ] Larry McCay commented on KNOX-1155: --- [~dequanchen] - sorry for the delay in reviewing this patch. I am trying to close down on the 1.1.0 release and would like to get this in if possible. Would you be able to verify that this patch still works with latest Knox release 1.0.0/master and your elastic search deployment? I notice that you are forcing the use of Anonymous authentication provider. This should mean that elastic search is actually doing its own authentication otherwise there will be no actual authentication done. Is this what you expect? > Knox Gateway Service for ElasticSearch > -- > > Key: KNOX-1155 > URL: https://issues.apache.org/jira/browse/KNOX-1155 > Project: Apache Knox > Issue Type: New Feature > Components: Build, Release >Affects Versions: 0.9.0, 0.9.1, 0.10.0, 0.11.0 > Environment: Knox Gateway Servers >Reporter: Dequan Chen >Assignee: Dequan Chen >Priority: Critical > Labels: patch > Fix For: 1.1.0 > > Attachments: KNOX-1155-001.patch, rewrite.xml, service.xml > > Original Estimate: 1h > Remaining Estimate: 1h > > We have used a lot of Knox Gateway Services and ElasticSearch service on our > Big Data platforms. However there are no Knox Gateway Service for > ElasticSearch yet. In our situation, we need such a Knox Gateway Service for > ElasticSearch without Knox to do the … > authentication but ElasticSearch Rest Server(s) to do the authentication. As > per our use case, we have developed such a Knox Gateway ElasticSearch Service > (services/elasticsearch/1.0.0), and we are in a mode to share the code to the > Apache Knox community because it has been fully tested for the following > scenarios: > (1) No-LDAP, Local-LDAP or company-specific-LDAP authentication in the Knox > gateway; > (2) Any Elasitcsearch Index - creation, deletion, refresshing and data - > writing, updating and retrieval; > (3) Elasticsearch node root query. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (KNOX-1280) Accessing Atlas through knox proxy on sso enabled cluster fails with missing SNI entry
[
https://issues.apache.org/jira/browse/KNOX-1280?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Larry McCay reassigned KNOX-1280:
-
Assignee: Larry McCay (was: Lawrence McCay IV)
> Accessing Atlas through knox proxy on sso enabled cluster fails with missing
> SNI entry
> --
>
> Key: KNOX-1280
> URL: https://issues.apache.org/jira/browse/KNOX-1280
> Project: Apache Knox
> Issue Type: Bug
>Affects Versions: 0.14.0
>Reporter: J.Andreina
>Assignee: Larry McCay
>Priority: Critical
> Fix For: 1.1.0
>
>
> Accessing Atlas through knox proxy on sso enabled cluster fails with missing
> SNI entry
> Cluster details :
> WE+SSO+HA enabled cluster
> accessed url : https://knox_host:8443/gateway/ui/atlas
> Error message:
> {noformat}
> HTTP ERROR: 400
> Problem accessing /. Reason:
> Host does not match SNI
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Resolved] (KNOX-1295) X-Forwarded-Context contains not the full base path in SHS request
[
https://issues.apache.org/jira/browse/KNOX-1295?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Larry McCay resolved KNOX-1295.
---
Resolution: Fixed
I have committed this to master and it will be available in 1.1.0 release.
Thank you, Attila and Marco for this contribution!
We need to write this up as part of service definition authoring and how
leveraging the X-Forwarded headers can make rewrite rules and KnoxSSO redirects
(I believe) easier.
> X-Forwarded-Context contains not the full base path in SHS request
> --
>
> Key: KNOX-1295
> URL: https://issues.apache.org/jira/browse/KNOX-1295
> Project: Apache Knox
> Issue Type: Improvement
>Affects Versions: 0.14.0
>Reporter: Marco Gaido
>Assignee: Attila Csoma
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: KNOX-1295.patch
>
>
> Knox can send the base path which may be useful for the proxied application
> in order to determine the proxy base URL and build the URLs accordingly. This
> may be useful in Spark History Server which may use this to determine the
> proxy base URL, instead of relying on an internal config (which prevents SHS
> to be consumed through direct URL anymore).
> The problem is that Knox currently in the {{X-Forwarded-Context}} doesn't
> send the full base path, but only the first part of it, eg. it sends
> {{X-Forwarded-Context: gateway/default}} instead of {{X-Forwarded-Context:
> gateway/default/sparkhistoryui}}.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (KNOX-1295) X-Forwarded-Context contains not the full base path in SHS request
[
https://issues.apache.org/jira/browse/KNOX-1295?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467428#comment-16467428
]
ASF subversion and git services commented on KNOX-1295:
---
Commit c7477c12ffc7aadc0a89c11da36104cdacdd92fb in knox's branch
refs/heads/master from [~lmccay]
[ https://git-wip-us.apache.org/repos/asf?p=knox.git;h=c7477c1 ]
KNOX-1295 - X-Forwarded-Context contains not the full base path in SHS request
(Atilla Csoma and Marco Gaido via lmccay)
> X-Forwarded-Context contains not the full base path in SHS request
> --
>
> Key: KNOX-1295
> URL: https://issues.apache.org/jira/browse/KNOX-1295
> Project: Apache Knox
> Issue Type: Improvement
>Affects Versions: 0.14.0
>Reporter: Marco Gaido
>Assignee: Attila Csoma
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: KNOX-1295.patch
>
>
> Knox can send the base path which may be useful for the proxied application
> in order to determine the proxy base URL and build the URLs accordingly. This
> may be useful in Spark History Server which may use this to determine the
> proxy base URL, instead of relying on an internal config (which prevents SHS
> to be consumed through direct URL anymore).
> The problem is that Knox currently in the {{X-Forwarded-Context}} doesn't
> send the full base path, but only the first part of it, eg. it sends
> {{X-Forwarded-Context: gateway/default}} instead of {{X-Forwarded-Context:
> gateway/default/sparkhistoryui}}.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Created] (KNOX-1304) Knox service wizard
Phil Zampino created KNOX-1304: -- Summary: Knox service wizard Key: KNOX-1304 URL: https://issues.apache.org/jira/browse/KNOX-1304 Project: Apache Knox Issue Type: Bug Components: AdminUI Reporter: Phil Zampino Fix For: 1.2.0 The Admin UI currently provides the ability to add well-known Hadoop services, which are supported for proxying by Knox, to a descriptor. The Knox services/applications should also be able to be added similarly. Further, there should be service/application-specific wizardry for adding them. * knoxauth (application) * knoxsso (service) * knoxtoken (service) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (KNOX-1303) Admin UI welcome panel
Phil Zampino created KNOX-1303: -- Summary: Admin UI welcome panel Key: KNOX-1303 URL: https://issues.apache.org/jira/browse/KNOX-1303 Project: Apache Knox Issue Type: Bug Components: AdminUI Reporter: Phil Zampino Fix For: 1.2.0 When the Admin UI is initially loaded, no resource type is selected by default. If it's a fresh Knox installation, even if a resource type were selected by default, there are no resources to display. It would be nicer to have a welcome panel to display as the initial presentation when the Admin UI is accessed. The contents of this panel are yet to be defined, but could include: * A welcome message or introduction * Links to docs (e.g., User Guide) for the associated release * Links to tutorials (e.g., creating provider configs and descriptors via the UI) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (KNOX-1302) Admin UI for viewing Knox logs
Phil Zampino created KNOX-1302: -- Summary: Admin UI for viewing Knox logs Key: KNOX-1302 URL: https://issues.apache.org/jira/browse/KNOX-1302 Project: Apache Knox Issue Type: Bug Components: AdminUI Reporter: Phil Zampino Fix For: 1.2.0 It would be convenient to have access to the Knox logs from the Admin UI. The available logs would be limited to those local to the Knox instance from which the UI is being served. (In other words, if the UI is being accessed via [https://knox-host-1:8443/gateway/manager/admin-ui,] then the logs from the Knox installation on knox-host-1 would be accessible, but the logs from other Knox hosts would not be.) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
