...
You will need to add the following three properties to Knox gateway-site.xml file wither either manually or using CM.
- gateway.remote.config.registry.zookeeper-client
- gateway.remote.config.monitor.client
- gateway.remote.alias.service.config.type
You will also need to enable Kerberos using the following property set to true
- gateway.hadoop.kerberos.secured
NOTE: Make sure krb5.conf and krb5JAASLogin.conf properties are set properly in gateway-site.xml. Else they default to system property by the same name.
- java.security.krb5.conf
- java.security.auth.login.config
This is an example
Code Block |
---|
<property> <name>gateway.remote.config.registry.zookeeper-client</name> <value>type=ZooKeeper;address=zk-host:2181;authType=Kerberos;principal=knox/zk-host@zk-host;keytab=/run/cloudera-scm-agent/process/1546334182-knox-KNOX_GATEWAY/knox.keytab;useKeyTab=true;useTicketCache=false</value> <description>ZooKeeper configuration registry client details.</description> </property> <property> <name>gateway.remote.config.monitor.client</name> <value>zookeeper-client</value> <description>Remote configuration monitor client name.</description> </property> <property> <name>gateway.remote.alias.service.config.type</name> <value>zookeeper</value> <description>monitoring for remote aliases that are added, deleted or updated in Zookeeper</description> </property> |
...