THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
| Jira | ||||
|---|---|---|---|---|
|
Requirement Summary
At present (Knox 0.4), all the clusters fronted by a Knox instance have to be either secure (secured with Keberos) or non secure. In other words, you can not have a mix of secure and non secure clusters.
This Jira proposes adding support for mix of secure and non secure clusters by a single Knox instance
Analysis of existing implementation
At present, global Knox config file, gateway-site.xml references to krb5.conf and JAAS login config file krb5JAASLogin.conf files.
In addition there is a global boolean flag in gateway-site.xml, gateway.hadoop.kerberos.secured.
This flag indicates whether hadoop cluster is secured with Kerberos.
As this flag is defined at global level, we do not have the choice to have some of the clusters fronted by Knox secured and other clusters secured by the same Knox instance not secured by Kerberos.
Proposed Design
Design Summary
We would add a boolean flag, hadoop.kerberos.secured, in topology file.
By doing this, we can configure single instance of Knox to front a mix of secure and non secure clusters.
Please note that all secure clusters would point to same KDC and share same krb5.conf and krb5JAASLoging.conf defined globally in gateway-site.xml.
Description