Install Knox

Install Knox

Perform the following steps to install Knox.

  1. Install the Knox service from the Ambari UI.
  1. Add entry for the Pinot service in the topology.
  1. Save and restart Knox.

Start the demo LDAP Server

If you are enabling Knox, disable the basic auth option.

Knox Homepage UI

Access the Knox Homepage UI, click the Pinot service, and enter username and password.

SSL Enablement on the Controller UI

To generate the pinot-keystore.p12 and pinot-truststore.p12 files for securing the Pinot Controller UI using SSL/TLS, follow these steps:

Prerequisites

  • Java installed (keytool comes with JDK)
  • OpenSSL (optional for importing existing certs)
  • Directory /etc/pinot/ssl/ exists and has proper permissions

Generate Keystore and Truststore for Pinot Controller

  1. Generate a Keystore (Self-Signed Certificate)
Bash
Copy
  • storepass and keypass can be the same.
  • Replace CN and other DNAME values as needed.
  1. Create the Truststore

If you're using self-signed certs, export the public certificate from the keystore and import it into the truststore.

Export certificate from keystore:

Bash
Copy

Import into a new truststore

Bash
Copy
  1. Secure Permissions (Optional, but Recommended).
Bash
Copy
  1. Configure Pinot to use the SSL Certificate.

Edit controller.conf or wherever your Pinot Controller properties are set:

Bash
Copy

Restart the Pinot Controller after updating the configuration.

Save and restart the service.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
  Last updated on May 9, 2025
Next to read:
Batch Import using Local File
On This Page
Install KnoxInstall KnoxStart the demo LDAP ServerKnox Homepage UISSL Enablement on the Controller UIPrerequisitesGenerate Keystore and Truststore for Pinot Controller