Author: lmccay
Date: Wed Oct 14 16:14:56 2015
New Revision: 1708642
URL: http://svn.apache.org/viewvc?rev=1708642&view=rev
Log:
added config info section to 0.6.0 book
Modified:
knox/site/books/knox-0-6-0/user-guide.html
knox/trunk/books/0.6.0/config.md
Modified: knox/site/books/knox-0-6-0/user-guide.html
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-0-6-0/user-guide.html?rev=1708642&r1=1708641&r2=1708642&view=diff
==============================================================================
--- knox/site/books/knox-0-6-0/user-guide.html (original)
+++ knox/site/books/knox-0-6-0/user-guide.html Wed Oct 14 16:14:56 2015
@@ -355,7 +355,12 @@ https://{gateway-host}:{gateway-port}/{g
<li>Gateway:
jdbc:hive2://{gateway-host}:{gateway-port}/;ssl=true;sslTrustStore={gateway-trust-store-path};trustStorePassword={gateway-trust-store-password}?hive.server2.transport.mode=http;hive.server2.thrift.http.path={gateway-path}/{cluster-name}/hive</li>
<li>Cluster: <code>http://{hive-host}:10001/cliservice</code></li>
</ul></li>
-</ul><p>The values for <code>{gateway-host}</code>,
<code>{gateway-port}</code>, <code>{gateway-path}</code> are provided via the
gateway configuration file (i.e.
<code>{GATEWAY_HOME}/conf/gateway-site.xml</code>).</p><p>The value for
<code>{cluster-name}</code> is derived from the file name of the cluster
topology descriptor (e.g.
<code>{GATEWAY_HOME}/deployments/{cluster-name}.xml</code>).</p><p>The value
for <code>{webhdfs-host}</code>, <code>{webhcat-host}</code>,
<code>{oozie-host}</code>, <code>{hbase-host}</code> and
<code>{hive-host}</code> are provided via the cluster topology descriptor (e.g.
<code>{GATEWAY_HOME}/conf/topologies/{cluster-name}.xml</code>).</p><p>Note:
The ports 50070, 50111, 11000, 60080 (default 8080) and 10001 are the defaults
for WebHDFS, WebHCat, Oozie, Stargate/HBase and Hive respectively. Their values
can also be provided via the cluster topology descriptor if your Hadoop cluster
uses different ports.</p><h3><a id="Configuration"></a>Configuration</h
3><h3><a id="Related+Cluster+Configuration"></a>Related Cluster
Configuration</h3><p>The following configuration changes must be made to your
cluster to allow Apache Knox to dispatch requests to the various service
components on behalf of end users.</p><h4><a
id="Grant+Proxy+privileges+for+Knox+user+in+`core-site.xml`+on+Hadoop+master+nodes"></a>Grant
Proxy privileges for Knox user in <code>core-site.xml</code> on Hadoop master
nodes</h4><p>Update <code>core-site.xml</code> and add the following lines
towards the end of the file.</p><p>Replace FQDN_OF_KNOX_HOST with the fully
qualified domain name of the host running the gateway. You can usually find
this by running <code>hostname -f</code> on that host.</p><p>You could use *
for local developer testing if Knox host does not have static IP.</p>
+</ul><p>The values for <code>{gateway-host}</code>,
<code>{gateway-port}</code>, <code>{gateway-path}</code> are provided via the
gateway configuration file (i.e.
<code>{GATEWAY_HOME}/conf/gateway-site.xml</code>).</p><p>The value for
<code>{cluster-name}</code> is derived from the file name of the cluster
topology descriptor (e.g.
<code>{GATEWAY_HOME}/deployments/{cluster-name}.xml</code>).</p><p>The value
for <code>{webhdfs-host}</code>, <code>{webhcat-host}</code>,
<code>{oozie-host}</code>, <code>{hbase-host}</code> and
<code>{hive-host}</code> are provided via the cluster topology descriptor (e.g.
<code>{GATEWAY_HOME}/conf/topologies/{cluster-name}.xml</code>).</p><p>Note:
The ports 50070, 50111, 11000, 60080 (default 8080) and 10001 are the defaults
for WebHDFS, WebHCat, Oozie, Stargate/HBase and Hive respectively. Their values
can also be provided via the cluster topology descriptor if your Hadoop cluster
uses different ports.</p><h3><a id="Configuration"></a>Configuration</h
3><p>Configuration for Apache Knox includes:</p>
+<ol>
+ <li><a href="#Related+Cluster+Configuration">Related Cluster
Configuration</a> that must be done within the Hadoop cluster to allow Knox to
communicate with various services</li>
+ <li><a href="#Gateway+Server+Configuration">Gateway Server Configuration</a>
- which is the configurable elements of the server itself which applies to
behavior that spans all topologies or managed Hadoop clusters</li>
+ <li><a href="#Topology+Descriptors">Topology Descriptors</a> which are the
descriptors for controlling access to Hadoop clusters in various ways</li>
+</ol><h3><a id="Related+Cluster+Configuration"></a>Related Cluster
Configuration</h3><p>The following configuration changes must be made to your
cluster to allow Apache Knox to dispatch requests to the various service
components on behalf of end users.</p><h4><a
id="Grant+Proxy+privileges+for+Knox+user+in+`core-site.xml`+on+Hadoop+master+nodes"></a>Grant
Proxy privileges for Knox user in <code>core-site.xml</code> on Hadoop master
nodes</h4><p>Update <code>core-site.xml</code> and add the following lines
towards the end of the file.</p><p>Replace FQDN_OF_KNOX_HOST with the fully
qualified domain name of the host running the gateway. You can usually find
this by running <code>hostname -f</code> on that host.</p><p>You could use *
for local developer testing if Knox host does not have static IP.</p>
<pre><code><property>
<name>hadoop.proxyuser.knox.groups</name>
<value>users</value>
@@ -405,7 +410,93 @@ https://{gateway-host}:{gateway-port}/{g
<value>cliservice</value>
<description>Path component of URL endpoint when in HTTP
mode.</description>
</property>
-</code></pre><h4><a id="Topology+Descriptors"></a>Topology
Descriptors</h4><p>The topology descriptor files provide the gateway with
per-cluster configuration information. This includes configuration for both the
providers within the gateway and the services within the Hadoop cluster. These
files are located in <code>{GATEWAY_HOME}/conf/topologies</code>. The general
outline of this document looks like this.</p>
+</code></pre><h4><a id="Gateway+Server+Configuration"></a>Gateway Server
Configuration</h4><p>The following table illustrates the configurable elements
of the Apache Knox Gateway at the server level.</p>
+<table>
+ <thead>
+ <tr>
+ <th>property </th>
+ <th>description </th>
+ <th>default</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td>gateway.deployment.dir</td>
+ <td>The directory within GATEWAY_HOME that contains gateway topology
deployments.</td>
+ <td>{GATEWAY_HOME}/data/deployments</td>
+ </tr>
+ <tr>
+ <td>gateway.security.dir</td>
+ <td>The directory within GATEWAY_HOME that contains the required
security artifacts</td>
+ <td>{GATEWAY_HOME}/data/security</td>
+ </tr>
+ <tr>
+ <td>gateway.data.dir</td>
+ <td>The directory within GATEWAY_HOME that contains the gateway instance
data</td>
+ <td>{GATEWAY_HOME}/data</td>
+ </tr>
+ <tr>
+ <td>gateway.services.dir</td>
+ <td>The directory within GATEWAY_HOME that contains the gateway services
definitions.</td>
+ <td>{GATEWAY_HOME}/services</td>
+ </tr>
+ <tr>
+ <td>gateway.hadoop.conf.dir</td>
+ <td>The directory within GATEWAY_HOME that contains the gateway
configuration</td>
+ <td>{GATEWAY_HOME}/conf</td>
+ </tr>
+ <tr>
+ <td>gateway.frontend.url</td>
+ <td>The URL that should be used during rewriting so that it can rewrite
the URLs with the correct “frontend” URL</td>
+ <td>none</td>
+ </tr>
+ <tr>
+ <td>gateway.xforwarded.enabled</td>
+ <td>Indicates whether support for some X-Forwarded-* headers is
enabled</td>
+ <td>true</td>
+ </tr>
+ <tr>
+ <td>gateway.trust.all.certs</td>
+ <td>Indicates whether all presented client certs should establish
trust</td>
+ <td>false</td>
+ </tr>
+ <tr>
+ <td>gateway.client.auth.needed</td>
+ <td>Indicates whether clients are required to establish a trust
relationship with client certificates</td>
+ <td>false</td>
+ </tr>
+ <tr>
+ <td>gateway.truststore.path</td>
+ <td>Location of the truststore for client certificates to be trusted</td>
+ <td>gateway.jks</td>
+ </tr>
+ <tr>
+ <td>gateway.truststore.type</td>
+ <td>Indicates the type of truststore</td>
+ <td>JKS</td>
+ </tr>
+ <tr>
+ <td>gateway.keystore.type</td>
+ <td>Indicates the type of keystore for the identity store</td>
+ <td>JKS</td>
+ </tr>
+ <tr>
+ <td>gateway.jdk.tls.ephemeralDHKeySize</td>
+ <td>jdk.tls.ephemeralDHKeySize, is defined to customize the ephemeral DH
key sizes. The minimum acceptable DH key size is 1024 bits, except for
exportable cipher suites or legacy mode (jdk.tls.ephemeralDHKeySize=legacy)</td>
+ <td>2048</td>
+ </tr>
+ <tr>
+ <td>ssl.enabled</td>
+ <td>Indicates whether SSL is enabled for the Gateway</td>
+ <td>true</td>
+ </tr>
+ <tr>
+ <td>ssl.exclude.protocols</td>
+ <td>Excludes a comma separated list of protocols to not accept for SSL
or “none”</td>
+ <td>SSLv3</td>
+ </tr>
+ </tbody>
+</table><h4><a id="Topology+Descriptors"></a>Topology Descriptors</h4><p>The
topology descriptor files provide the gateway with per-cluster configuration
information. This includes configuration for both the providers within the
gateway and the services within the Hadoop cluster. These files are located in
<code>{GATEWAY_HOME}/conf/topologies</code>. The general outline of this
document looks like this.</p>
<pre><code><topology>
<gateway>
<provider>
Modified: knox/trunk/books/0.6.0/config.md
URL:
http://svn.apache.org/viewvc/knox/trunk/books/0.6.0/config.md?rev=1708642&r1=1708641&r2=1708642&view=diff
==============================================================================
--- knox/trunk/books/0.6.0/config.md (original)
+++ knox/trunk/books/0.6.0/config.md Wed Oct 14 16:14:56 2015
@@ -17,6 +17,12 @@
### Configuration ###
+Configuration for Apache Knox includes:
+
+1. #[Related Cluster Configuration] that must be done within the Hadoop
cluster to allow Knox to communicate with various services
+2. #[Gateway Server Configuration] - which is the configurable elements of the
server itself which applies to behavior that spans all topologies or managed
Hadoop clusters
+3. #[Topology Descriptors] which are the descriptors for controlling access to
Hadoop clusters in various ways
+
### Related Cluster Configuration ###
The following configuration changes must be made to your cluster to allow
Apache Knox to
@@ -101,6 +107,29 @@ Ensure that the values match the ones be
<description>Path component of URL endpoint when in HTTP
mode.</description>
</property>
+#### Gateway Server Configuration ####
+
+The following table illustrates the configurable elements of the Apache Knox
Gateway at the server level.
+
+property | description | default
+------------|-----------|-----------
+gateway.deployment.dir|The directory within GATEWAY_HOME that contains gateway
topology deployments.|{GATEWAY_HOME}/data/deployments
+gateway.security.dir|The directory within GATEWAY_HOME that contains the
required security artifacts|{GATEWAY_HOME}/data/security
+gateway.data.dir|The directory within GATEWAY_HOME that contains the gateway
instance data|{GATEWAY_HOME}/data
+gateway.services.dir|The directory within GATEWAY_HOME that contains the
gateway services definitions.|{GATEWAY_HOME}/services
+gateway.hadoop.conf.dir|The directory within GATEWAY_HOME that contains the
gateway configuration|{GATEWAY_HOME}/conf
+gateway.frontend.url|The URL that should be used during rewriting so that it
can rewrite the URLs with the correct "frontend" URL|none
+gateway.xforwarded.enabled|Indicates whether support for some X-Forwarded-*
headers is enabled|true
+gateway.trust.all.certs|Indicates whether all presented client certs should
establish trust|false
+gateway.client.auth.needed|Indicates whether clients are required to establish
a trust relationship with client certificates|false
+gateway.truststore.path|Location of the truststore for client certificates to
be trusted|gateway.jks
+gateway.truststore.type|Indicates the type of truststore|JKS
+gateway.keystore.type|Indicates the type of keystore for the identity store|JKS
+gateway.jdk.tls.ephemeralDHKeySize|jdk.tls.ephemeralDHKeySize, is defined to
customize the ephemeral DH key sizes. The minimum acceptable DH key size is
1024 bits, except for exportable cipher suites or legacy mode
(jdk.tls.ephemeralDHKeySize=legacy)|2048
+ssl.enabled|Indicates whether SSL is enabled for the Gateway|true
+ssl.exclude.protocols|Excludes a comma separated list of protocols to not
accept for SSL or "none"|SSLv3
+
+
#### Topology Descriptors ####
The topology descriptor files provide the gateway with per-cluster
configuration information.
