Apache Knox is a gateway security tool that provides perimeter security for the Cloudera Data Platform (CDP). Knox provides secure access to the CDP components on a cluster. Connecting to a cluster using Knox provides you with a single point of access to connect to CDP services, eliminating the need to map to each service separately. If your system administrator has implemented Apache Ranger on the cluster, Pentaho will respect the policies your system administrator has set up.
As an example of a Knox deployment, the PDI client connects to Knox using a user ID and password that is registered in LDAP. Knox then authenticates to the Kerberos Key Distribution Center (KDC) with the PDI client user ID and password. Lastly, Knox authorizes with Ranger and submits the request to the cluster.
Setup requirements for Knox with Pentaho
As a system or cluster administrator, you must obtain the following information and provide it to your Pentaho users:
The cluster name, gateway URL, username, and password.
The SSL certificate must be installed. The Knox URL is a secure URL. You need an SSL certificate to successfully perform operations using a Knox gateway. See Configure SSL (HTTPS) in the Pentaho User Console and Server for information on SSL.
LDAP directory server
Hive configuration with Knox
Open the connection to your Hive database, or review the article Set Up a Database Connection for instructions on setting up a connection.
In the Database Connection dialog box, select Options in the page panel on the left to display the Parameters panel.
Enter the following parameters and values in the Options section and click OK.
Parameter Definition Value httpPath Path to database datahub_cluster_name/cdp-proxy-api/hive, where the
cdp-proxy-apivariables depend on your environment.
knox (Optional) Option to use Knox true transportMode Connection protocol to use http ssl Option to use SSL true
443for the Port Number in the General tab.