SSL/TLS for PULSE UI using ad-proxy

Enabling (TLS) HTTPS for Pulse Web UI Configuration using ad-proxy

Pre-requisites

Certificate File: cert.crt
Certificate Key: cert.key
CA Certificate: ca.crt (optional)
Decide whether to keep the HTTP port (Default: 4000) open or not
Decide on which port to use (default: 443)

Deployment and Configuration

Copy the cert.crt, cert.key and ca.crt (optional) files to $AcceloHome/config/proxy/certs location.
Check if ad-core.yml file is present by executing the following command.

Bash
    
 
ls -al $AcceloHome/config/docker/ad-core.yml
Copy

If ad-core.yml file is not present, then generate the ad-core.yml file by executing the following command.

Bash
    
 
accelo admin makeconfig ad-core
Copy

The output for the above looks as follows.

Bash
    
[root@hostname:addons (ad-default)]$ accelo admin makeconfig ad-coreWARN: Gauntlet is running in dry run mode. Disable this to delete indices from elastic and purge data from mongo DB✓ Done, Configuration file generatedIMPORTANT: Please edit/verify the file '/data01/acceldata/config/docker/ad-core.yml'.If the stack is already up and running, use './accelo admin recreate' to recreate the whole environment with the new configuration.
Copy

Modify the ad-core.yml file.
1. Open the ad-core.yml file by executing the following command..

Bash
    
 
vi $AcceloHome/config/docker/ad-core.yml
Copy

b. Remove the ports: field in the ad-graphql section of ad-core.yml

Bash
    
 
ports:  - 4000:4000
Copy

c. The resulted ad-graphql section will look like as follows:

Bash
    
 
ad-graphql:    image: ad-graphql    container_name: ""    environment:    - MONGO_URI=ZN4v8cuUTXYvdnDJIDp+R8Z+ZsVXXjv8zDOvh8UwQXosC8vfVkGYGWGPNnX64ZVSp9yHgErQknPBAfYZ9cOG1A==    - MONGO_ENCRYPTED=true    - MONGO_SECRET=Ah+MqxeIjflxE8u+/wcqWA==    - UI_PORT=4000    - LDAP_HOST=ad-ldap    - LDAP_PORT=19020    - SSL_ENFORCED=false    - SSL_ENABLED=false    - SSL_KEYDIR=/etc/acceldata/ssl/    - SSL_KEYFILE=ssl.key    - SSL_CERTDIR=/etc/acceldata/ssl/    - SSL_CERTFILE=ssl.crt    - SSL_PASSPHRASE=""    - DS_HOST=ad-query-estimation    - DS_PORT=8181    - 'FEATURE_FLAGS={ "ui_regex": { "regex": "ip-([^.]+)", "index": 1 }, "rename_nav_labels":{},      "timezone": "", "experimental": true, "themes": false, "hive_const":{ "HIVE_QUERY_COST_ENABLED":      false, "HIVE_MEMORY_GBHOUR_COST": 0, "HIVE_VCORE_HOUR_COST": 0 }, "spark_const":      { "SPARK_QUERY_COST_ENABLED": false, "SPARK_MEMORY_GBHOUR_COST": 0, "SPARK_VCORE_HOUR_COST":      0 }, "queryRecommendations": false, "hostIsTrialORLocalhost": false, "data_temp_string":      "" }'    volumes:    - /etc/localtime:/etc/localtime:ro    - /etc/hosts:/etc/hosts:ro    - /data01/acceldata/work/license:/etc/acceldata/license:ro    ulimits: {}    depends_on:    - ad-db    opts: {}    restart: ""    extra_hosts: []    network_alias: []
Copy

d. Save the file.

Restart the ad-graphql container by executing the following command.

Bash
    
 
accelo restart ad-graphql
Copy

Check if the port is not exposed to host by executing the following command.

Bash
    
 
docker ps
Copy

The output for the above command looks as follows.

Bash
    
ea4eb6fd540f   191579300362.dkr.ecr.us-east-1.amazonaws.com/acceldata/ad-graphql:3.2.1  "docker-entrypoint.s…"   9 minutes ago       Up 9 minutes   4000/tcp    ad-graphql_default
Copy

Check if there any errors in ad-graphql container:

Bash
    
 
docker logs -f ad-graphql_default
Copy

Deploy the ad-proxy addons, run the following command and select Proxy from the list and press enter.

Bash
    
 
accelo deploy addons
Copy

The output for the above command looks as follows.

Bash
    
 
[x]  Notifications  [x]  Oozie Connector> [x]  Proxy  [ ]  QUERY ROUTER DB  [ ]  SHARD SERVER DB  [ ]  StandAlone Connector
Copy

Check if any errors are there in the ad-proxy container:

Bash
    
 
docker logs -f ad-proxy_default
Copy

Now you can access the Pulse UI using https://<pulse-server-hostname>

By default the port used is 443

Configuration

If you want to change the SSL port to another ports, follow the below steps.

Check if ad-proxy.yml file is present, by executing the following command.

Bash
    
 
ls -altrh $AcceloHome/config/docker/addons/ad-proxy.yml
Copy

Generate the ad-proxy.yml file if its not present, by executing the following command.

Bash
    
 
accelo admin makeconfig ad-proxy
Copy

The output for the above command looks as follows.

Bash
    
 
[root@hostname:addons (ad-default)]$ accelo admin makeconfig ad-proxyWARN: Gauntlet is running in dry run mode. Disable this to delete indices from elastic and purge data from mongo DB✓ Done, Configuration file generatedIMPORTANT: Please edit/verify the file '/data01/acceldata/config/docker/addons/ad-proxy.yml'.If the addon is already up and running, use './accelo deploy addons' to remove and recreate the addon service.
Copy

Modify the ad-proxy.yml.
1. ```Open the ad-proxy.yml file by executing the following command. ` ``

Bash
    
 
vi $AcceloHome/config/docker/addons/ad-proxy.yml
Copy

b. Change the host port in the ports list to the desired port.

Bash
    
 
ports:  - <DESIRED_HOST_PORT>:443
Copy

The final file will look like this, if the host port is 6003

Bash
    
 
version: "2"services:  ad-proxy:    image: ad-proxy    container_name: ""    environment: []    volumes:    - /etc/localtime:/etc/localtime:ro    - /data01/acceldata/config/proxy/traefik.toml:/etc/traefik/traefik.toml    - /data01/acceldata/config/proxy/config.toml:/etc/traefik/conf/config.toml    - /data01/acceldata/config/proxy/certs:/etc/acceldata    ulimits: {}    ports:    - 6003:443    depends_on: []    opts: {}    restart: ""    extra_hosts: []    network_alias: []label: Proxy
Copy

c. Save thew file.

Restart the ad-proxy container by executing the following command.

Bash
    
 
accelo restart ad-proxy
Copy

Check if there aren’t any errors.

Bash
    
 
docker logs -f ad-proxy_default
Copy

Now you can access the Pulse UI using the following URL.

Bash
    
 
https://<pulse-server-hostname>:6003
Copy

Last updated on

Was this page helpful?