Access ADH services via the Knox Gateway

Sergei Tikhomirov

Overview

In the Hadoop ecosystem, Knox Gateway, among other things, is used as a reverse proxy — a single point of access to communicate with Hadoop services while keeping the internal topology hidden from potential attackers. Knox accepts requests and redirects them to the appropriate backend services.

To read about the topology creation, see Configure topologies in Knox.

Service access

To test if a service can be access through Knox Gateway, you can run a command of the following format:

$ curl -ik --negotiate -u <principal>:<password> -X GET https://<gateway_host>:8443/gateway/my-descriptor/<service>/[<parameters>]

where:

  • <principal> is a Kerberos principal that has access to <gateway_host>.

  • <password> is a password for <principal>.

  • <gateway_host> is a Knox gateway host.

  • <service> is a service that is defined within the my-descriptor topology.

  • <parameters> are optional parameters that specify the requested resource.

You can find examples for each service below.

WEBHDFS

$ curl -ik --negotiate -u <principal>:<password> -X GET https://<gateway_host>:8443/gateway/my-descriptor/webhdfs/v1/tmp?op=LISTSTATUS

As a result, you should receive a JSON with the contents of the tmp directory.

HIVE

$ curl -ik --negotiate -u <principal>:<password> -X GET https://<gateway_host>:8443/gateway/my-descriptor/hive

As a result, you should receive HTML code of the main Hive Server UI page.

RESOURCEMANGER

$ curl -ik --negotiate -u <principal>:<password> -X GET https://<gateway_host>:8443/gateway/my-descriptor/resourcemanager/v1/cluster

As a result, you should receive a JSON with cluster information.

WEBHBASE

$ curl -ik --negotiate -u <principal>:<password> -X GET https://<gateway_host>:8443/gateway/my-descriptor/hbase/version/cluster

As a result, you should receive a currently installed HBase version number:

2.5.10
Found a mistake? Seleсt text and press Ctrl+Enter to report it