大家好，又见面了，我是你们的朋友全栈君。如果您正在找激活码,请点击查看最新教程,关注关注公众号 “全栈程序员社区” 获取激活教程,可能之前旧版本教程已经失效.最新Idea2022.1教程亲测有效,一键激活。

Jetbrains全家桶1年46，售后保障稳定

knox错误总结

windows browser 有时候打不开Knox UI

hosts文件添加 Knox 的{
{GATE_WAY}}ip的映射
就可以打开界面了

打开Knox admin_UI后显示不完全

需要 下载特定的js，私信我即可解决

Knox 配置yarn service报错

2020-03-17 17:07:13,311 ERROR knox.gateway (GatewayDispatchFilter.java:isDispatchAllowed(155)) - The dispatch to http://10.1.236.56:8088/cluster was disallowed because it fails the dispatch whitelist validation. See documentation for dispatch whitelisting.

Jetbrains全家桶1年46，售后保障稳定

需要修改一下gateway.dispatch.whitelist.services属性，内容里删掉YARNUI，如果不删除，则会报错：

修改完重新调用
ERROR knox.gateway (GatewayFilter.java:doFilter(173)) – Gateway processing failed: java.io.IOException: Service connectivity error.

发现是地址写错了
地址修改后没问题

Knox跳yarn时账号密码输入后跳转不进去

2020-03-17 18:08:12,147 ERROR knox.gateway (KnoxLdapRealm.java:doGetAuthenticationInfo(206)) - Shiro unable to login: javax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user ou=people,dc=hadoop,dc=apache,dc=org]

https://cwiki.apache.org/confluence/display/KNOX/2017/03/01/Apache+Knox+using+multiple+LDAP+Realms
发现realm配置错误

要把这个Uid加上就可以了

KnoxSSO登陆后，一会就退出

修改timeout参数，30–>60，不行
百度

整个人沉默了
看gateway.log日志

2020-03-17 14:59:34,277 INFO  federation.jwt (AbstractJWTFilter.java:validateToken(295)) - Access token has expired; a new one must be acquired.

看文档
https://cwiki.apache.org/confluence/display/KNOX/KnoxToken+Sessions+with+KnoxShell+in+Apache+Knox+0.12.0

knox.token.ttl参数修改下就好了

登陆账号密码后继续让登陆52集群

高版本1.0.x的knox 跳转Hdfs，HbaseUI ssl报错

2020-04-13 11:53:03,401 WARN  knox.gateway (DefaultDispatch.java:executeOutboundRequest(147)) - Connection exception dispatching request: https://host-10-1-236-145:8443/gateway/ocdp/hdfs
?user.name=admin javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: un
able to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali
d certification path to requested target

正在解决中…

输入admin/admin-password点击sign in报错

因为ambari 2.6版本没有KNOX的quick links
所以访问knox admin ui需要手动输入，url如下
https://10.1.236.84:8443/gateway/knoxsso/knoxauth/login.html

输入admin/admin-password点击sign in报错
查看gateway.log发现报错日志如下

ERROR service.knoxsso (WebSSOResource.java:getAuthenticationToken(172)) - The original URL: undefined for redirecting back after authentication is not valid according to the configured whitelist: . See documentation for KnoxSSO Whitelisting.

在ambari2.6版本中没有quick link的跳转，所以没有cookie带进来，正在解决

Knox跳转HDFS页面js加载不出来

在/usr/hdp/2.6.0.3-8/knox/data/services/hdfsui/2.7.0/rewrite.xml添加如下配置
并删除/usr/hdp/2.6.0.3-8/knox/data/deployments/中的cluster.topo文件，重启集群knox

  <rule dir="OUT" name="HDFSUI/hdfs/outbound/jquery-1.10.2.min.js" pattern="/static/jquery-1.10.2.min.js">
    <rewrite template="{$frontend[url]}/hdfs/static/jquery-1.10.2.min.js"/>
  </rule>
  <rule dir="OUT" name="HDFSUI/hdfs/outbound/jquery.dataTables.min.js" pattern="/static/jquery.dataTables.min.js">
    <rewrite template="{$frontend[url]}/hdfs/static/jquery.dataTables.min.js"/>

nginx跳转knox跳转ranger报错400

nginx代理knox报错，但是knox直接跳转正常

解决方案
在/usr/hdp/2.6.0.3-8/knox/data/services/rangerui/2.7.0/rewrite.xml添加如下配置
并删除/usr/hdp/2.6.0.3-8/knox/data/deployments/中的cluster.topo文件，重启集群knox

<match pattern="*://*:*/login.jsp"/>

0.12版本knox无法在ambari操作组件启停

前台报错

gateway.log如下

2020-04-13 15:54:15,600 WARN  hadoop.gateway (DefaultDispatch.java:executeOutboundRequest(146)) - Connection exception dispatching request: http://10.1.236.84:8080/api/v1/stacks/HDP/versions/2.6/recommendations java.lang.IllegalArgumentException: URLDecoder: Illegal hex characters in escape (%) pattern - For input string: "d{"

F12

message: "Invalid Request: Malformed Request Body.  An exception occurred parsing the request body: Unexpected character ('%' (code 37)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')↵ at [Source: java.io.StringReader@699524d0; line: 1, column: 3]"

解决方案
在ocdp.xml中添加配置

    <service>
         <role>AMBARI</role>
         <url>http://10.1.236.84:8080</url>
    </service>

加了这个配置后就可以进行ambari操作组件，包括配置参数修改、组件启停

knox访问组件UI报错

2020-04-13 16:21:03,961 ERROR knox.gateway (GatewayDispatchFilter.java:isDispatchAllowed(155)) - The dispatch to https://10.1.236.84:8443/gateway/ocdp/hdfs was disallowed because it fails the dispatch whitelist validation. See documentation for dispatch whitelisting.

将gateway.site.xml参数进行修改

gateway.dispatch.whitelist=DEFAULT

Knox访问ambari，后台不停报错

2020-04-13 17:07:41,990 ERROR hadoop.gateway (JsonFilterReader.java:filterStreamValue(531)) - Failed to filter value http://ocdp_host-10-1-236-84/api/v1/clusters/ocdp/requests/377, rule AMBARI/ambari/href/outbound: java.lang.NullPointerException
2020-04-13 17:07:41,990 ERROR hadoop.gateway (UrlRewriteProcessor.java:rewrite(169)) - Failed to rewrite URL: http://ocdp_host-10-1-236-84/api/v1/clusters/ocdp/requests/378, direction: OUT via rule: AMBARI/ambari/href/outbound, status: FAILURE

解决方案
删除底下文件的配置
/usr/hdp/2.6.0.3-8/knox/data/services/ambari/2.2.0/rewrite.xml

<match pattern="*://*:*/api/{**}?{**}"/>

Knox跳转yarn界面中其他节点日志8042报错

2020-03-17 17:07:13,311 ERROR knox.gateway (GatewayDispatchFilter.java:isDispatchAllowed(155)) - The dispatch to http://10.1.236.56:8042/cluster was disallowed because it fails the dispatch whitelist validation. See documentation for dispatch whitelisting.

gateway-site.xml修改参数

gateway.dispatch.whitelist.services=DEFAULT

knox 修改了create-master密码启动失败

ERROR hadoop.gateway (DefaultAliasService.java:getPasswordFromAliasForCluster(100)) - Failed to get credential for cluster __gateway: org.apache.hadoop.gateway.se
rvices.security.KeystoreServiceException: java.io.IOException: Keystore was tampered with, or password was incorrect
 FATAL hadoop.gateway (GatewayServer.java:main(155)) - Failed to start gateway: org.apache.hadoop.gateway.services.ServiceLifecycleException: Provisioned signing k
ey passphrase cannot be acquired.

修改了knox gateway的create-master ，启动报错
解决方案：rm -rf {GATE_WAY}/data/security/*
然后再
su knox;
{GATE_WAY}/bin/create-master;
{GATE_WAY}/bin/gateway.sh start
即可

报错Gateway SSL Certificate is Expired. Server will not start

2021-08-24 10:18:43,689 FATAL knox.gateway (GatewayServer.java:main(167)) - Failed to start gateway: org.apache.knox.gateway.services.ServiceLifecycleException: Gateway SSL Certificate is Expired. Server will not start.

解决

证书过期了，重新生成试试
mv /home/ocdc/knox/data/security/keystores/gateway.jks /home/ocdc/knox/data/security/keystores/bak_gateway.jks

Knox 代理ambari等页面后输入密码报错

后台日志如下

ERROR service.knoxsso (WebSSOResource.java:getAuthenticationToken(214)) - The original URL: http://10.1.236.92:8080/ for redirecting back after authentication is not valid according to the configured whitelist: ^/.*$;^https?://(.+\.asiainfo\.com):[0-9]+/?.*$. See documentation for KnoxSSO Whitelisting.

试试1.4版本吧
结果依旧是这个错
但是发现正则不匹配
正则匹配上了就可以了
但是输入knox的账号密码后进去ambari又跳转出来了，又到了knox登陆界面
后台日志报错如下

2020-09-01 17:34:18,928 INFO  knox.gateway (KnoxLdapRealm.java:getUserDn(688)) - Computed userDn: uid=admin,ou=people,dc=hadoop,dc=apache,dc=org using dnTemplate for principal: admin
2020-09-01 17:34:18,945 ERROR knox.gateway (WhitelistUtils.java:deriveDefaultDispatchWhitelist(92)) - Unable to reliably determine the Knox domain for the default whitelist. Defaulting to allow requests only to testdp01. Please consider explicitly configuring the whitelist via the gateway.dispatch.whitelist property in gateway-site
2020-09-01 17:34:18,945 INFO  knox.gateway (WhitelistUtils.java:getDispatchWhitelist(61)) - Applying a derived dispatch whitelist because none is configured in gateway-site: ^\/.*$;^https?:\/\/testdp01:[0-9]+\/?.*$
2020-09-01 17:34:18,946 INFO  knox.gateway (CookieUtils.java:getCookiesForName(46)) - Unable to find cookie with name: original-url
2020-09-01 17:34:18,959 INFO  service.knoxsso (WebSSOResource.java:addJWTHadoopCookie(368)) - JWT cookie successfully added.
2020-09-01 17:34:18,960 INFO  service.knoxsso (WebSSOResource.java:getAuthenticationToken(270)) - About to redirect to original URL: http://testdp01:8080/
2020-09-01 17:34:19,235 ERROR knox.gateway (WhitelistUtils.java:deriveDefaultDispatchWhitelist(92)) - Unable to reliably determine the Knox domain for the default whitelist. Defaulting to allow requests only to testdp01. Please consider explicitly configuring the whitelist via the gateway.dispatch.whitelist property in gateway-site
2020-09-01 17:34:19,235 INFO  knox.gateway (WhitelistUtils.java:getDispatchWhitelist(61)) - Applying a derived dispatch whitelist because none is configured in gateway-site: ^\/.*$;^https?:\/\/testdp01:[0-9]+\/?.*$

然后我又吧gateway-site.xml中配置修改如下

    <property>
        <name>gateway.dispatch.whitelist</name>
        <value>^.*$</value>
        <description>The whitelist to be applied for dispatches associated with the service roles specified by gateway.dispatch.whitelist.services.
        If the value is DEFAULT, a domain-based whitelist will be derived from the Knox host.</description>
    </property>

发现还是一样，输入knox的账号密码后进去ambari又跳转出来了，又到了knox登陆界面。
但是这一次日志没有报错了

跟同事讨论发现可能要对knox中自带的ldap用户导入到ambari user中去