...
You will need to add the following three properties to Knox gateway-site.xml file wither either manually or using CM.
- gateway.remote.config.registry.zookeeper-client
- gateway.remote.config.monitor.client
- gateway.remote.alias.service.config.type
You will also need to enable Kerberos using the following property set to true
- gateway.hadoop.kerberos.secured
NOTE: Make sure krb5.conf and krb5JAASLogin.conf properties are set properly in gateway-site.xml. Else they default to system property by the same name.
- java.security.krb5.conf
- java.security.auth.login.config
This is an example
| Code Block |
|---|
<property>
<name>gateway.remote.config.registry.zookeeper-client</name>
<value>type=ZooKeeper;address=zk-host:2181;authType=Kerberos;principal=knox/zk-host@zk-host;keytab=/run/cloudera-scm-agent/process/1546334182-knox-KNOX_GATEWAY/knox.keytab;useKeyTab=true;useTicketCache=false</value>
<description>ZooKeeper configuration registry client details.</description>
</property>
<property>
<name>gateway.remote.config.monitor.client</name>
<value>zookeeper-client</value>
<description>Remote configuration monitor client name.</description>
</property>
<property>
<name>gateway.remote.alias.service.config.type</name>
<value>zookeeper</value>
<description>monitoring for remote aliases that are added, deleted or updated in Zookeeper</description>
</property>
|
...