ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (JIRA)" <>
Subject [jira] [Commented] (AMBARI-21325) Ability to switch Quick Links to use Service URL through Knox or given proxy
Date Wed, 23 Aug 2017 03:50:03 GMT


Larry McCay commented on AMBARI-21325:

This patch is really interesting.
I am a bit concerned about a couple aspects of the implementation however and I think we need
to consider them carefully due to backward compatibility issues if we decide that we need
to evolve it.

One thing that stands out to me is that it seems to hardcode specific topology names that
it is generating for the deployment. While this may work in targeted deployments, it may not
suite others as well. I have also noticed that these same topology names have bled into the
service definitions that were recently added to Knox itself. The rewrite rules are actually
hardcoded for specific names.

One of the things that makes that concerning to me is that it breaks the namespace provided
by topologies. In order for Knox to support multiple clusters in the same gateway instance,
we use topologies to represent each cluster and the services, UIs that are to be proxied from
the cluster. By introducing a hbaseui.xml, an admin looking at that topology will not easily
know which cluster it belongs to. Moreover, you are limited to a single hbaseui.xml for the
gateway instance. Which means that our support for proxying the HBase UI will be limited to
one cluster even though Knox supports multiple clusters.

I have been thinking about how this namespace can be preserved through a new feature in Knox
that will allow for simpler UI rewrite rules and a browser redirect from a typical cluster
topology like default.xml to a UI specific topology for the default cluster.

Since I believe there is a good bit of work to get this provisioning work done properly, fix
the rewrite rules in the current service definitions and add the new indirection for namespace
preservation, I would suggest that we use what is here as a source to inform what ends up
being done and target it in a later release.

In the meantime, I know folks do some similar things as part of a post installation provisioning
Essentially, generate the needed topologies and update the quicklinks json file to use Knox
URLs instead of direct.

> Ability to switch Quick Links to use Service URL through Knox or given proxy
> ----------------------------------------------------------------------------
>                 Key: AMBARI-21325
>                 URL:
>             Project: Ambari
>          Issue Type: Improvement
>    Affects Versions: trunk, 2.5.2, 2.5.3
>            Reporter: Jeffrey E  Rodriguez
>            Assignee: Chandana Mirashi
>         Attachments:, AMBARI-21325.patch
>   Original Estimate: 336h
>  Remaining Estimate: 336h
> Knox has the ability to proxy Hadoop user interfaces URL. Having the ability to setup
Quicklinks  through Knox so instead of for example going to "Hbase Master UI" directly we
can proxy through Knox for example:
> can be instead go through:
> Here is the Knox gateway URL.
> This will bring authentication to the UI access and would secure the UI access.
> Ideally this behavior can be set as secure going through proxy by default or it can be
turn off to go directly by Ambari Admin.
> Changes added:
> 1. Add new json properties knox_url, knox_path, supports_knox 
>    a. knox_url: template to be used for urls that are proxied through Knox
>    b. knox_path: Knox gateway path that will be added to the proxy url.
>    c. supports_knox: whether link will be redirected through Knox
> 2. Add above json properties to quicklinks.json 
services to Knox topology template.
> 4. Automate protocol and port added to Knox topology file. Based on whether SSL is enabled
for the services  listed above, the port and protocol in will be updated.
> 5. Update quick_view_link_view.js so that when Knox is installed and support_knox is
true, quicklink url follows knox url template specified in the quicklinks.json for the service/component.

This message was sent by Atlassian JIRA

View raw message