Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
2.1.0
-
None
-
None
-
All
Description
Ambari Security exposure -
"Quick Links" Ambari allow Ambari users to access servers inside of users cluster. e.g. Click oozie Web UI, if installed, you get redirected to Ooozie UI server. Worse yet, if not SSL set up that is a gapping security hole.
Since Knox is a component of Ambari then it makes sense to set the Quickreferences as a proxified links.
This could work as follows:
+ If Knox is installed, the current topology may be picked and the proxified links could be derived from the Knox gateway configuration.
The URL variable can then be set to the proxy URLs.
+ If Knox is not installed then we use the default non proxy URL variables.
In the example of Oozie, if you put the Oozie Knox through a proxy and put the proxified link that would be accessed through Knox securely and outsiders to the cluster would not gain information about the inside of the cluster.
Also We need to think about customers who may want to set a firewall, how would customer access User Interfaces services in a cluster managed by Ambari
Attachments
Issue Links
- contains
-
-
- Open
-
