AMBARI-7685. Add Knox as a managed service in Ambari. (sumit gupta and jaimin jetly)

ambari-server/src/main/resources/stacks/HDP/2.0.6/services/NAGIOS/package/files/nagios_alerts.php

@@ -417,6 +417,7 @@ function hdp_mon_generate_response( $response_data )
       case "GANGLIA":
       case "STORM":
       case "FALCON":
+      case "KNOX":
       case "PUPPET":
         break;
       default:

ambari-server/src/main/resources/stacks/HDP/2.0.6/services/NAGIOS/package/scripts/params.py

@@ -131,6 +131,7 @@ supervisor_port = "56431"
 storm_rest_api_port = "8745"
 falcon_port = config['configurations']['falcon-env']['falcon_port']
 ahs_port = get_port_from_url(config['configurations']['yarn-site']['yarn.timeline-service.webapp.address'])
+knox_gateway_port = config['configurations']['gateway-site']['gateway.port']
 
 # use sensible defaults for checkpoint as they are required by Nagios and 
 # may not be part of hdfs-site.xml on an upgrade
@@ -249,6 +250,7 @@ _falcon_host = default("/clusterHostInfo/falcon_server_hosts", None)
 #if hbase_rs_hosts not given it is assumed that region servers on same nodes as slaves
 _hbase_rs_hosts = default("/clusterHostInfo/hbase_rs_hosts", _slave_hosts)
 _hue_server_host = default("/clusterHostInfo/hue_server_host", None)
+_knox_gateway_host =  default("/clusterHostInfo/knox_gateway_hosts", None)
 all_hosts = config['clusterHostInfo']['all_hosts']
 
 if 'namenode_host' in config['clusterHostInfo']:
@@ -283,5 +285,6 @@ hostgroup_defs = {
     'supervisors' : _supervisor_hosts,
     'storm_rest_api' : _storm_rest_api_hosts,
     'falcon-server' : _falcon_host,
-    'ats-servers' : _app_timeline_server_hosts
+    'ats-servers' : _app_timeline_server_hosts,
+    'knox-gateway' : _knox_gateway_host
 }

ambari-server/src/main/resources/stacks/HDP/2.0.6/services/NAGIOS/package/templates/hadoop-servicegroups.cfg.j2

@@ -111,3 +111,11 @@ define servicegroup {
   alias  FLUME Checks
 }
 {% endif %}
+
+{%if hostgroup_defs['knox-gateway'] %}
+define servicegroup {
+  servicegroup_name  KNOX
+  alias  KNOX Checks
+}
+{% endif %}
+

ambari-server/src/main/resources/stacks/HDP/2.0.6/services/NAGIOS/package/templates/hadoop-services.cfg.j2

@@ -802,3 +802,18 @@ define service {
 }
 {% endif %}
 
+{% if hostgroup_defs['knox-gateway'] %}
+# KNOX Checks
+define service {
+        hostgroup_name          knox-gateway
+        use                     hadoop-service
+        service_description     KNOX::Knox Gateway process
+        servicegroups           KNOX
+        check_command           check_tcp_wrapper!{{ knox_gateway_port }}!-w 1 -c 1
+        normal_check_interval   1
+        retry_check_interval    0.5
+        max_check_attempts      3
+}
+{% endif %}
+
+

ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/configuration/ambari-topology.xml

@@ -0,0 +1,116 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+
+<configuration supports_final="false" supports_adding_forbidden="true">
+    <!-- topology file -->
+
+    <property>
+    <name>content</name>
+    <value>
+        &lt;topology&gt;
+
+            &lt;gateway&gt;
+
+                &lt;provider&gt;
+                    &lt;role&gt;authentication&lt;/role&gt;
+                    &lt;name&gt;ShiroProvider&lt;/name&gt;
+                    &lt;enabled&gt;true&lt;/enabled&gt;
+                    &lt;param&gt;
+                        &lt;name&gt;sessionTimeout&lt;/name&gt;
+                        &lt;value&gt;30&lt;/value&gt;
+                    &lt;/param&gt;
+                    &lt;param&gt;
+                        &lt;name&gt;main.ldapRealm&lt;/name&gt;
+                        &lt;value&gt;org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm&lt;/value&gt;
+                    &lt;/param&gt;
+                    &lt;param&gt;
+                        &lt;name&gt;main.ldapRealm.userDnTemplate&lt;/name&gt;
+                        &lt;value&gt;uid={0},ou=people,dc=hadoop,dc=apache,dc=org&lt;/value&gt;
+                    &lt;/param&gt;
+                    &lt;param&gt;
+                        &lt;name&gt;main.ldapRealm.contextFactory.url&lt;/name&gt;
+                        &lt;value&gt;ldap://{{knox_host_name}}:33389&lt;/value&gt;
+                    &lt;/param&gt;
+                    &lt;param&gt;
+                        &lt;name&gt;main.ldapRealm.contextFactory.authenticationMechanism&lt;/name&gt;
+                        &lt;value&gt;simple&lt;/value&gt;
+                    &lt;/param&gt;
+                    &lt;param&gt;
+                        &lt;name&gt;urls./**&lt;/name&gt;
+                        &lt;value&gt;authcBasic&lt;/value&gt;
+                    &lt;/param&gt;
+                &lt;/provider&gt;
+
+                &lt;provider&gt;
+                    &lt;role&gt;identity-assertion&lt;/role&gt;
+                    &lt;name&gt;Default&lt;/name&gt;
+                    &lt;enabled&gt;true&lt;/enabled&gt;
+                &lt;/provider&gt;
+
+            &lt;/gateway&gt;
+
+            &lt;service&gt;
+                &lt;role&gt;NAMENODE&lt;/role&gt;
+                &lt;url&gt;hdfs://{{namenode_host}}:{{namenode_rpc_port}}&lt;/url&gt;
+            &lt;/service&gt;
+
+            &lt;service&gt;
+                &lt;role&gt;JOBTRACKER&lt;/role&gt;
+                &lt;url&gt;rpc://{{rm_host}}:{{jt_rpc_port}}&lt;/url&gt;
+            &lt;/service&gt;
+
+            &lt;service&gt;
+                &lt;role&gt;WEBHDFS&lt;/role&gt;
+                &lt;url&gt;http://{{namenode_host}}:{{namenode_http_port}}/webhdfs&lt;/url&gt;
+            &lt;/service&gt;
+
+            &lt;service&gt;
+                &lt;role&gt;WEBHCAT&lt;/role&gt;
+                &lt;url&gt;http://{{webhcat_server_host}}:{{templeton_port}}/templeton&lt;/url&gt;
+            &lt;/service&gt;
+
+            &lt;service&gt;
+                &lt;role&gt;OOZIE&lt;/role&gt;
+                &lt;url&gt;http://{{oozie_server_host}}:{{oozie_server_port}}/oozie&lt;/url&gt;
+            &lt;/service&gt;
+
+            &lt;service&gt;
+                &lt;role&gt;WEBHBASE&lt;/role&gt;
+                &lt;url&gt;http://{{hbase_master_host}}:{{hbase_master_port}}&lt;/url&gt;
+            &lt;/service&gt;
+
+            &lt;service&gt;
+                &lt;role&gt;HIVE&lt;/role&gt;
+                &lt;url&gt;http://{{hive_server_host}}:{{hive_http_port}}/{{hive_http_path}}&lt;/url&gt;
+            &lt;/service&gt;
+
+            &lt;service&gt;
+                &lt;role&gt;RESOURCEMANAGER&lt;/role&gt;
+                &lt;url&gt;http://{{rm_host}}:{{rm_port}}/ws&lt;/url&gt;
+            &lt;/service&gt;
+        &lt;/topology&gt;
+    </value>
+    <description>
+        content for topology file for Knox.
+    </description>
+    </property>
+</configuration>

ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/configuration/gateway-log4j.xml

@@ -0,0 +1,83 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+
+<configuration supports_final="false">
+
+  <property>
+    <name>content</name>
+    <value>
+
+      # Licensed to the Apache Software Foundation (ASF) under one
+      # or more contributor license agreements. See the NOTICE file
+      # distributed with this work for additional information
+      # regarding copyright ownership. The ASF licenses this file
+      # to you under the Apache License, Version 2.0 (the
+      # "License"); you may not use this file except in compliance
+      # with the License. You may obtain a copy of the License at
+      #
+      # http://www.apache.org/licenses/LICENSE-2.0
+      #
+      # Unless required by applicable law or agreed to in writing, software
+      # distributed under the License is distributed on an "AS IS" BASIS,
+      # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+      # See the License for the specific language governing permissions and
+      # limitations under the License.
+
+      app.log.dir=${launcher.dir}/../logs
+      app.log.file=${launcher.name}.log
+      app.audit.file=${launcher.name}-audit.log
+
+      log4j.rootLogger=ERROR, drfa
+
+      log4j.logger.org.apache.hadoop.gateway=INFO
+      #log4j.logger.org.apache.hadoop.gateway=DEBUG
+
+      #log4j.logger.org.eclipse.jetty=DEBUG
+      #log4j.logger.org.apache.shiro=DEBUG
+      #log4j.logger.org.apache.http=DEBUG
+      #log4j.logger.org.apache.http.client=DEBUG
+      #log4j.logger.org.apache.http.headers=DEBUG
+      #log4j.logger.org.apache.http.wire=DEBUG
+
+      log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+      log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+      log4j.appender.stdout.layout.ConversionPattern=%d{yy/MM/dd HH:mm:ss} %p %c{2}: %m%n
+
+      log4j.appender.drfa=org.apache.log4j.DailyRollingFileAppender
+      log4j.appender.drfa.File=${app.log.dir}/${app.log.file}
+      log4j.appender.drfa.DatePattern=.yyyy-MM-dd
+      log4j.appender.drfa.layout=org.apache.log4j.PatternLayout
+      log4j.appender.drfa.layout.ConversionPattern=%d{ISO8601} %-5p %c{2} (%F:%M(%L)) - %m%n
+
+      log4j.logger.audit=INFO, auditfile
+      log4j.appender.auditfile=org.apache.log4j.DailyRollingFileAppender
+      log4j.appender.auditfile.File=${app.log.dir}/${app.audit.file}
+      log4j.appender.auditfile.Append = true
+      log4j.appender.auditfile.DatePattern = '.'yyyy-MM-dd
+      log4j.appender.auditfile.layout = org.apache.hadoop.gateway.audit.log4j.layout.AuditLayout
+
+    </value>
+    <description>
+      content for log4j.properties file for Knox.
+    </description>
+  </property>
+</configuration>

ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/configuration/gateway-site.xml

@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+<!-- The default settings for Knox. -->
+<!-- Edit gateway-site.xml to change settings for your local -->
+<!-- install. -->
+
+<configuration supports_final="false">
+
+    <property>
+        <name>gateway.port</name>
+        <value>8443</value>
+        <description>The HTTP port for the Gateway.</description>
+    </property>
+
+    <property>
+        <name>gateway.path</name>
+        <value>gateway</value>
+        <description>The default context path for the gateway.</description>
+    </property>
+
+    <property>
+        <name>gateway.gateway.conf.dir</name>
+        <value>deployments</value>
+        <description>The directory within GATEWAY_HOME that contains gateway topology files and deployments.</description>
+    </property>
+
+    <property>
+        <name>gateway.hadoop.kerberos.secured</name>
+        <value>false</value>
+        <description>Boolean flag indicating whether the Hadoop cluster protected by Gateway is secured with Kerberos</description>
+    </property>
+
+    <property>
+        <name>java.security.krb5.conf</name>
+        <value>/etc/knox/conf/krb5.conf</value>
+        <description>Absolute path to krb5.conf file</description>
+    </property>
+
+    <property>
+        <name>java.security.auth.login.config</name>
+        <value>/etc/knox/conf/krb5JAASLogin.conf</value>
+        <description>Absolute path to JASS login config file</description>
+    </property>
+
+    <property>
+        <name>sun.security.krb5.debug</name>
+        <value>true</value>
+        <description>Boolean flag indicating whether to enable debug messages for krb5 authentication</description>
+    </property>
+
+</configuration>
+
+
+
+

ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/configuration/knox-env.xml

@@ -0,0 +1,53 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+
+<configuration supports_final="true">
+    <!-- knox-env.sh -->
+
+    <property require-input="true">
+        <name>knox_master_secret</name>
+        <value></value>
+        <property-type>PASSWORD</property-type>
+        <description>password to use as the master secret</description>
+    </property>
+
+    <property>
+        <name>knox_user</name>
+        <value>knox</value>
+        <property-type>USER</property-type>
+        <description>Knox Username.</description>
+    </property>
+
+    <property>
+        <name>knox_group</name>
+        <value>knox</value>
+        <property-type>GROUP</property-type>
+        <description>Knox Group.</description>
+    </property>
+
+    <property>
+        <name>knox_pid_dir</name>
+        <value>/var/run/knox</value>
+        <description>Knox PID dir.</description>
+    </property>
+
+</configuration>

ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/configuration/ldap-log4j.xml

@@ -0,0 +1,66 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+
+<configuration supports_final="false">
+
+  <property>
+    <name>content</name>
+    <value>
+        # Licensed to the Apache Software Foundation (ASF) under one
+        # or more contributor license agreements.  See the NOTICE file
+        # distributed with this work for additional information
+        # regarding copyright ownership.  The ASF licenses this file
+        # to you under the Apache License, Version 2.0 (the
+        # "License"); you may not use this file except in compliance
+        # with the License.  You may obtain a copy of the License at
+        #
+        #     http://www.apache.org/licenses/LICENSE-2.0
+        #
+        # Unless required by applicable law or agreed to in writing, software
+        # distributed under the License is distributed on an "AS IS" BASIS,
+        # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+        # See the License for the specific language governing permissions and
+        # limitations under the License.
+
+        app.log.dir=${launcher.dir}/../logs
+        app.log.file=${launcher.name}.log
+
+        log4j.rootLogger=ERROR, drfa
+        log4j.logger.org.apache.directory.server.ldap.LdapServer=INFO
+        log4j.logger.org.apache.directory=WARN
+
+        log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+        log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+        log4j.appender.stdout.layout.ConversionPattern=%d{yy/MM/dd HH:mm:ss} %p %c{2}: %m%n
+
+        log4j.appender.drfa=org.apache.log4j.DailyRollingFileAppender
+        log4j.appender.drfa.File=${app.log.dir}/${app.log.file}
+        log4j.appender.drfa.DatePattern=.yyyy-MM-dd
+        log4j.appender.drfa.layout=org.apache.log4j.PatternLayout
+        log4j.appender.drfa.layout.ConversionPattern=%d{ISO8601} %-5p %c{2} (%F:%M(%L)) - %m%n
+
+    </value>
+    <description>
+      content for log4j.properties file for the demo LDAP that comes with Knox.
+    </description>
+  </property>
+</configuration>

ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/configuration/users-ldif.xml

@@ -0,0 +1,135 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+
+<configuration supports_final="false" supports_adding_forbidden="true">
+
+    <property>
+        <name>content</name>
+        <value>
+            # Licensed to the Apache Software Foundation (ASF) under one
+            # or more contributor license agreements.  See the NOTICE file
+            # distributed with this work for additional information
+            # regarding copyright ownership.  The ASF licenses this file
+            # to you under the Apache License, Version 2.0 (the
+            # "License"); you may not use this file except in compliance
+            # with the License.  You may obtain a copy of the License at
+            #
+            #     http://www.apache.org/licenses/LICENSE-2.0
+            #
+            # Unless required by applicable law or agreed to in writing, software
+            # distributed under the License is distributed on an "AS IS" BASIS,
+            # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+            # See the License for the specific language governing permissions and
+            # limitations under the License.
+
+            version: 1
+
+            # Please replace with site specific values
+            dn: dc=hadoop,dc=apache,dc=org
+            objectclass: organization
+            objectclass: dcObject
+            o: Hadoop
+            dc: hadoop
+
+            # Entry for a sample people container
+            # Please replace with site specific values
+            dn: ou=people,dc=hadoop,dc=apache,dc=org
+            objectclass:top
+            objectclass:organizationalUnit
+            ou: people
+
+            # Entry for a sample end user
+            # Please replace with site specific values
+            dn: uid=guest,ou=people,dc=hadoop,dc=apache,dc=org
+            objectclass:top
+            objectclass:person
+            objectclass:organizationalPerson
+            objectclass:inetOrgPerson
+            cn: Guest
+            sn: User
+            uid: guest
+            userPassword:guest-password
+
+            # entry for sample user admin
+            dn: uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
+            objectclass:top
+            objectclass:person
+            objectclass:organizationalPerson
+            objectclass:inetOrgPerson
+            cn: Admin
+            sn: Admin
+            uid: admin
+            userPassword:admin-password
+
+            # entry for sample user sam
+            dn: uid=sam,ou=people,dc=hadoop,dc=apache,dc=org
+            objectclass:top
+            objectclass:person
+            objectclass:organizationalPerson
+            objectclass:inetOrgPerson
+            cn: sam
+            sn: sam
+            uid: sam
+            userPassword:sam-password
+
+            # entry for sample user tom
+            dn: uid=tom,ou=people,dc=hadoop,dc=apache,dc=org
+            objectclass:top
+            objectclass:person
+            objectclass:organizationalPerson
+            objectclass:inetOrgPerson
+            cn: tom
+            sn: tom
+            uid: tom
+            userPassword:tom-password
+
+            # create FIRST Level groups branch
+            dn: ou=groups,dc=hadoop,dc=apache,dc=org
+            objectclass:top
+            objectclass:organizationalUnit
+            ou: groups
+            description: generic groups branch
+
+            # create the analyst group under groups
+            dn: cn=analyst,ou=groups,dc=hadoop,dc=apache,dc=org
+            objectclass:top
+            objectclass: groupofnames
+            cn: analyst
+            description:analyst  group
+            member: uid=sam,ou=people,dc=hadoop,dc=apache,dc=org
+            member: uid=tom,ou=people,dc=hadoop,dc=apache,dc=org
+
+
+            # create the scientist group under groups
+            dn: cn=scientist,ou=groups,dc=hadoop,dc=apache,dc=org
+            objectclass:top
+            objectclass: groupofnames
+            cn: scientist
+            description: scientist group
+            member: uid=sam,ou=people,dc=hadoop,dc=apache,dc=org
+
+        </value>
+        <description>
+            content for users-ldif file for the demo LDAP that comes with Knox.
+        </description>
+    </property>
+</configuration>

ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/metainfo.xml

@@ -0,0 +1,78 @@
+<?xml version="1.0"?>
+<!--
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+-->
+<metainfo>
+  <schemaVersion>2.0</schemaVersion>
+  <services>
+    <service>
+      <name>KNOX</name>
+      <displayName>Knox</displayName>
+      <comment>Provides a single point of authentication and access for Apache Hadoop services in a cluster</comment>
+      <version>0.5.0</version>
+      <components>
+        <component>
+          <name>KNOX_GATEWAY</name>
+          <category>MASTER</category>
+          <cardinality>1+</cardinality>
+          <commandScript>
+            <script>scripts/knox_gateway.py</script>
+            <scriptType>PYTHON</scriptType>
+            <timeout>600</timeout>
+          </commandScript>
+            <customCommands>
+                <customCommand>
+                    <name>STARTDEMOLDAP</name>
+                    <commandScript>
+                        <script>scripts/demo_ldap.py</script>
+                        <scriptType>PYTHON</scriptType>
+                        <timeout>600</timeout>
+                    </commandScript>
+                </customCommand>
+                <customCommand>
+                    <name>STOPDEMOLDAP</name>
+                    <commandScript>
+                        <script>scripts/demo_ldap.py</script>
+                        <scriptType>PYTHON</scriptType>
+                        <timeout>600</timeout>
+                    </commandScript>
+                </customCommand>
+            </customCommands>
+        </component>
+      </components>
+      <osSpecifics>
+        <osSpecific>
+          <osFamily>any</osFamily>
+          <packages>
+            <package>
+              <name>knox_2_2_0_0_*</name>
+            </package>
+          </packages>
+        </osSpecific>
+      </osSpecifics>
+      <commandScript>
+        <script>scripts/service_check.py</script>
+        <scriptType>PYTHON</scriptType>
+        <timeout>300</timeout>
+      </commandScript>
+      <configuration-dependencies>
+        <config-type>gateway-site</config-type>
+        <config-type>gateway-log4j</config-type>
+        <config-type>ambari-topology</config-type>
+      </configuration-dependencies>
+    </service>
+  </services>
+</metainfo>

ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/package/scripts/knox.py

@@ -0,0 +1,52 @@
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+from resource_management import *
+
+
+def knox():
+    import params
+
+    Directory(params.knox_conf_dir,
+              owner = params.knox_user,
+              group = params.knox_group,
+              recursive = True
+    )
+
+
+    XmlConfig("gateway-site.xml",
+              conf_dir=params.knox_conf_dir,
+              configurations=params.config['configurations']['gateway-site'],
+              configuration_attributes=params.config['configuration_attributes']['gateway-site'],
+              owner=params.knox_user,
+              group=params.knox_group,
+    )
+
+    File(format("{params.knox_conf_dir}/gateway-log4j.properties"),
+         mode=0644,
+         group=params.knox_group,
+         owner=params.knox_user,
+         content=params.gateway_log4j
+    )
+
+    File(format("{params.knox_conf_dir}/topologies/default.xml"),
+         group=params.knox_group,
+         owner=params.knox_user,
+         content=InlineTemplate(params.topology_template)
+    )

ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/package/scripts/knox_gateway.py

@@ -0,0 +1,101 @@
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+from resource_management import *
+import sys
+
+from knox import knox
+from ldap import ldap
+
+class KnoxGateway(Script):
+  def install(self, env):
+    self.install_packages(env)
+    import params
+    env.set_params(params)
+    cmd = format('{knox_client_bin} create-master --master {knox_master_secret}')
+    Execute(cmd,
+            user=params.knox_user
+    )
+    cmd = format('rm -f {knox_conf_dir}/topologies/sandbox.xml')
+    Execute(cmd)
+
+  def configure(self, env):
+    import params
+    env.set_params(params)
+    knox()
+    ldap()
+
+  def start(self, env):
+    import params
+    env.set_params(params)
+    self.configure(env)
+    daemon_cmd = format('{knox_bin} start')
+    no_op_test = format('ls {knox_pid_file} >/dev/null 2>&1 && ps `cat {knox_pid_file}` >/dev/null 2>&1')
+    Execute(daemon_cmd,
+            user=params.knox_user,
+            not_if=no_op_test
+    )
+
+  def stop(self, env):
+    import params
+    env.set_params(params)
+    self.configure(env)
+    daemon_cmd = format('{knox_bin} stop')
+    Execute(daemon_cmd,
+            user=params.knox_user,
+    )
+    Execute (format("rm -f {knox_pid_file}"))
+
+
+  def status(self, env):
+    import status_params
+    env.set_params(status_params)
+    check_process_status(status_params.knox_pid_file)
+
+
+  def configureldap(self, env):
+    import params
+    env.set_params(params)
+    ldap()
+
+  def startdemoldap(self, env):
+    import params
+    env.set_params(params)
+    self.configureldap(env)
+    daemon_cmd = format('{ldap_bin} start')
+    no_op_test = format('ls {ldap_pid_file} >/dev/null 2>&1 && ps `cat {ldap_pid_file}` >/dev/null 2>&1')
+    Execute(daemon_cmd,
+            user=params.knox_user,
+            not_if=no_op_test
+    )
+
+  def stopdemoldap(self, env):
+    import params
+    env.set_params(params)
+    self.configureldap(env)
+    daemon_cmd = format('{ldap_bin} stop')
+    Execute(daemon_cmd,
+            user=params.knox_user,
+            )
+    Execute (format("rm -f {ldap_pid_file}"))
+
+
+
+if __name__ == "__main__":
+  KnoxGateway().execute()

ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/package/scripts/ldap.py

@@ -0,0 +1,39 @@
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+from resource_management import *
+
+
+def ldap():
+    import params
+
+    File(format("{params.knox_conf_dir}/ldap-log4j.properties"),
+         mode=0644,
+         group=params.knox_group,
+         owner=params.knox_user,
+         content=params.ldap_log4j
+    )
+
+    File(format("{params.knox_conf_dir}/users-ldif"),
+         mode=0644,
+         group=params.knox_group,
+         owner=params.knox_user,
+         content=params.users_ldif
+    )
+

ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/package/scripts/params.py

@@ -0,0 +1,120 @@
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+Ambari Agent
+
+"""
+
+from resource_management import *
+import status_params
+
+config = Script.get_config()
+
+rpm_version = default("/configurations/cluster-env/rpm_version", None)
+
+if rpm_version:
+  knox_bin = '/usr/hdp/current/knox-server/bin/gateway.sh'
+  ldap_bin = '/usr/hdp/current/knox-server/bin/ldap.sh'
+  knox_client_bin = '/usr/hdp/current/knox-server/bin/knoxcli.sh'
+else:
+  knox_bin = '/usr/bin/gateway'
+  ldap_bin = '/usr/lib/knox/bin/ldap.sh'
+  knox_client_bin = '/usr/lib/knox/bin/knoxcli.sh'
+
+namenode_hosts = default("/clusterHostInfo/namenode_host", None)
+if type(namenode_hosts) is list:
+    namenode_host = namenode_hosts[0]
+else:
+    namenode_host = namenode_hosts
+
+has_namenode = not namenode_host == None
+namenode_http_port = "50070"
+namenode_rpc_port = "8020"
+
+if has_namenode:
+    if 'dfs.namenode.http-address' in config['configurations']['hdfs-site']:
+        namenode_http_port = get_port_from_url(config['configurations']['hdfs-site']['dfs.namenode.http-address'])
+    if 'dfs.namenode.rpc-address' in config['configurations']['hdfs-site']:
+        namenode_rpc_port = get_port_from_url(config['configurations']['hdfs-site']['dfs.namenode.rpc-address'])
+
+rm_hosts = default("/clusterHostInfo/rm_host", None)
+if type(rm_hosts) is list:
+    rm_host = rm_hosts[0]
+else:
+    rm_host = rm_hosts
+has_rm = not rm_host == None
+
+jt_rpc_port = "8050"
+rm_port = "8080"
+
+if has_rm:
+    if 'yarn.resourcemanager.address' in config['configurations']['yarn-site']:
+        jt_rpc_port = get_port_from_url(config['configurations']['yarn-site']['yarn.resourcemanager.address'])
+
+    if 'yarn.resourcemanager.webapp.address' in config['configurations']['yarn-site']:
+        rm_port = get_port_from_url(config['configurations']['yarn-site']['yarn.resourcemanager.webapp.address'])
+
+hive_http_port = default('/configurations/hive-site/hive.server2.thrift.http.port', "10001")
+hive_http_path = default('/configurations/hive-site/hive.server2.thrift.http.path', "cliservice")
+hive_server_hosts = default("/clusterHostInfo/hive_server_host", None)
+if type(hive_server_hosts) is list:
+    hive_server_host = hive_server_hosts[0]
+else:
+    hive_server_host = hive_server_hosts
+
+templeton_port = default('/configurations/webhcat-site/templeton.port', "50111")
+webhcat_server_hosts = default("/clusterHostInfo/webhcat_server_host", None)
+if type(webhcat_server_hosts) is list:
+    webhcat_server_host = webhcat_server_hosts[0]
+else:
+    webhcat_server_host = webhcat_server_hosts
+
+hbase_master_port = default('/configurations/hbase-site/hbase.rest.port', "8080")
+hbase_master_hosts = default("/clusterHostInfo/hbase_master_hosts", None)
+if type(hbase_master_hosts) is list:
+    hbase_master_host = hbase_master_hosts[0]
+else:
+    hbase_master_host = hbase_master_hosts
+
+oozie_server_hosts = default("/clusterHostInfo/oozie_server", None)
+if type(oozie_server_hosts) is list:
+    oozie_server_host = oozie_server_hosts[0]
+else:
+    oozie_server_host = oozie_server_hosts
+
+has_oozie = not oozie_server_host == None
+oozie_server_port = "11000"
+
+if has_oozie:
+    if 'oozie.base.url' in config['configurations']['oozie-site']:
+        oozie_server_port = get_port_from_url(config['configurations']['oozie-site']['oozie.base.url'])
+
+
+# server configurations
+knox_conf_dir = '/etc/knox/conf'
+knox_user = default("/configurations/knox-env/knox_user", "knox")
+knox_group = default("/configurations/knox-env/knox_group", "knox")
+knox_pid_file = status_params.knox_pid_file
+ldap_pid_file = status_params.ldap_pid_file
+knox_master_secret = config['configurations']['knox-env']['knox_master_secret']
+knox_host_name = config['clusterHostInfo']['knox_gateway_hosts'][0]
+knox_host_port = config['configurations']['gateway-site']['gateway.port']
+topology_template = config['configurations']['ambari-topology']['content']
+gateway_log4j = config['configurations']['gateway-log4j']['content']
+ldap_log4j = config['configurations']['ldap-log4j']['content']
+users_ldif = config['configurations']['users-ldif']['content']
+

ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/package/scripts/service_check.py

@@ -0,0 +1,45 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+from resource_management import *
+import socket
+import sys
+
+class KnoxServiceCheck(Script):
+
+    def service_check(self, env):
+        import params
+        env.set_params(params)
+
+        address = format("{knox_host_name}")
+        port = int(format("{knox_host_port}"))
+        s = socket.socket()
+        print "Test connectivity to knox server"
+        try:
+            s.connect((address, port))
+            print "Successfully connected to %s on port %s" % (address, port)
+            s.close()
+        except socket.error, e:
+            print "Connection to %s on port %s failed: %s" % (address, port, e)
+            sys.exit(1)
+
+
+if __name__ == "__main__":
+    KnoxServiceCheck().execute()

ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/package/scripts/status_params.py

@@ -0,0 +1,27 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+from resource_management import *
+
+config = Script.get_config()
+
+knox_pid_dir = config['configurations']['knox-env']['knox_pid_dir']
+knox_pid_file = format("{knox_pid_dir}/gateway.pid")
+ldap_pid_file = format("{knox_pid_dir}/ldap.pid")

ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py

@@ -0,0 +1,71 @@
+#!/usr/bin/env python
+
+'''
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+'''
+from stacks.utils.RMFTestCase import *
+
+class TestKnoxGateway(RMFTestCase):
+
+  def test_configure_default(self):
+    self.executeScript("2.2/services/KNOX/package/scripts/knox_gateway.py",
+                       classname = "KnoxGateway",
+                       command = "configure",
+                       config_file="default.json"
+    )
+
+    self.assertResourceCalled('Directory', '/etc/knox/conf',
+                              owner = 'knox',
+                              group = 'knox',
+                              recursive = True
+    )
+
+    self.assertResourceCalled('XmlConfig', 'gateway-site.xml',
+                              owner = 'knox',
+                              group = 'knox',
+                              conf_dir = '/etc/knox/conf',
+                              configurations = self.getConfig()['configurations']['gateway-site'],
+                              configuration_attributes = self.getConfig()['configuration_attributes']['gateway-site']
+    )
+
+    self.assertResourceCalled('File', '/etc/knox/conf/gateway-log4j.properties',
+                              mode=0644,
+                              group='knox',
+                              owner = 'knox',
+                              content = self.getConfig()['configurations']['gateway-log4j']['content']
+    )
+    self.assertResourceCalled('File', '/etc/knox/conf/topologies/default.xml',
+                              group='knox',
+                              owner = 'knox',
+                              content = InlineTemplate(self.getConfig()['configurations']['ambari-topology']['content'])
+    )
+    self.assertResourceCalled('File', '/etc/knox/conf/ldap-log4j.properties',
+                              mode=0644,
+                              group='knox',
+                              owner = 'knox',
+                              content = self.getConfig()['configurations']['ldap-log4j']['content']
+    )
+    self.assertResourceCalled('File', '/etc/knox/conf/users-ldif',
+                              mode=0644,
+                              group='knox',
+                              owner = 'knox',
+                              content = self.getConfig()['configurations']['users-ldif']['content']
+    )
+
+    self.assertNoMoreResources()
+
+

ambari-web/app/controllers/main/service/item.js

@@ -292,6 +292,56 @@ App.MainServiceItemController = Em.Controller.extend({
     App.showAlertPopup(Em.I18n.t('services.service.actions.run.yarnRefreshQueues.error'), error);
     console.warn('Error during refreshYarnQueues:'+error);
   },
+
+  startLdapKnox: function(event) {
+    var context =  Em.I18n.t('services.service.actions.run.startLdapKnox.context');
+    this.startStopLdapKnox('STARTDEMOLDAP',context);
+  },
+
+  stopLdapKnox: function(event) {
+    var context = Em.I18n.t('services.service.actions.run.stopLdapKnox.context');
+    this.startStopLdapKnox('STOPDEMOLDAP',context);
+  },
+
+  startStopLdapKnox: function(command,context) {
+    var controller = this;
+    var host = App.HostComponent.find().findProperty('componentName', 'KNOX_GATEWAY').get('hostName');
+    return App.showConfirmationPopup(function() {
+      App.ajax.send({
+        name: 'service.item.startStopLdapKnox',
+        sender: controller,
+        data: {
+          command: command,
+          context: context,
+          host: host,
+          serviceName: "KNOX",
+          componentName: "KNOX_GATEWAY"
+        },
+        success: 'startStopLdapKnoxSuccessCallback',
+        error: 'startStopLdapKnoxErrorCallback'
+      });
+    });
+  },
+
+  startStopLdapKnoxSuccessCallback  : function(data, ajaxOptions, params) {
+    if (data.Requests.id) {
+      App.router.get('backgroundOperationsController').showPopup();
+    } else {
+      console.warn('Error during startStopLdapKnox');
+    }
+  },
+  startStopLdapKnoxErrorCallback : function(data) {
+    var error = Em.I18n.t('services.service.actions.run.startStopLdapKnox.error');
+    if(data && data.responseText){
+      try {
+        var json = $.parseJSON(data.responseText);
+        error += json.message;
+      } catch (err) {}
+    }
+    App.showAlertPopup(Em.I18n.t('services.service.actions.run.yarnRefreshQueues.error'), error);
+    console.warn('Error during refreshYarnQueues:'+ error);
+  },
+
   /**
    * On click handler for rebalance Hdfs command from items menu
    */

ambari-web/app/data/HDP2/site_properties.js

@@ -1631,6 +1631,78 @@ module.exports =
       "filename": "pig-properties.xml",
       "category": "Advanced pig-properties"
     },
+
+  /**********************************************KNOX*****************************************/
+    {
+      "id": "site property",
+      "name": "content",
+      "displayName": "content",
+      "value": "",
+      "defaultValue": "",
+      "displayType": "content",
+      "isRequired": false,
+      "showLabel": false,
+      "serviceName": "KNOX",
+      "filename": "ambari-topology.xml",
+      "category": "Advanced ambari-topology"
+    },
+
+    {
+      "id": "site property",
+      "name": "content",
+      "displayName": "content",
+      "value": "",
+      "defaultValue": "",
+      "displayType": "content",
+      "isRequired": false,
+      "showLabel": false,
+      "serviceName": "KNOX",
+      "filename": "users-ldif.xml",
+      "category": "Advanced users-ldif"
+    },
+    {
+      "id": "puppet var",
+      "name": "knox_gateway_host",
+      "displayName": "Knox Gateway host",
+      "value": "",
+      "defaultValue": "",
+      "description": "The host that has been assigned to run Knox Gateway",
+      "displayType": "masterHost",
+      "isOverridable": false,
+      "isVisible": true,
+      "isRequiredByAgent": false,
+      "serviceName": "KNOX",
+      "filename": "knox-env.xml",
+      "category": "KNOX_GATEWAY",
+      "index": 0
+    },
+    {
+      "id": "site property",
+      "name": "knox_master_secret",
+      "displayName": "Knox Master Secret",
+      "value": "",
+      "defaultValue": "",
+      "displayType": "password",
+      "isReconfigurable": false,
+      "isOverridable": false,
+      "isRequired": true,
+      "serviceName": "KNOX",
+      "filename": "knox-env.xml",
+      "category": "KNOX_GATEWAY"
+    },
+    {
+      "id": "puppet var",
+      "name": "knox_pid_dir",
+      "displayName": "Knox PID dir",
+      "value": "",
+      "displayType": "directory",
+      "isReconfigurable": false,
+      "isOverridable": false,
+      "serviceName": "KNOX",
+      "filename": "knox-env.xml",
+      "category": "Advanced knox-env.xml"
+    },
+
   /********************************************* flume-agent *****************************/
     {
       "id": "site property",
@@ -3717,6 +3789,36 @@ module.exports =
       "belongsToService": ["SQOOP"],
       "index": 17
     },
+    {
+      "id": "puppet var",
+      "name": "knox_user",
+      "displayName": "Knox User",
+      "isReconfigurable": false,
+      "displayType": "user",
+      "isOverridable": false,
+      "isVisible": true,
+      "serviceName": "MISC",
+      "filename": "knox-env.xml",
+      "category": "Users and Groups",
+      "belongsToService": ["KNOX"],
+      "index": 18
+    },
+    {
+      "id": "puppet var",
+      "name": "knox_group",
+      "displayName": "Knox Group",
+      "description": "Knox Group",
+      "defaultValue": "knox",
+      "isReconfigurable": false,
+      "displayType": "user",
+      "isOverridable": false,
+      "isVisible": true,
+      "serviceName": "MISC",
+      "filename": "knox-env.xml",
+      "category": "Users and Groups",
+      "belongsToService": ["KNOX"],
+      "index": 19
+    },
     {
       "id": "puppet var",
       "name": "rrdcached_base_dir",

ambari-web/app/messages.js

@@ -1225,6 +1225,9 @@ Em.I18n.translations = {
   'services.service.actions.reassign.master':'Move {0}',
   'services.service.actions.reassign.master.hive':'Move HiveServer2, WebHCat Server, MySQL Server',
   'services.service.actions.manage_configuration_groups':'Manage Configuration Groups...',
+  'services.service.actions.run.startLdapKnox.context':'Start Demo LDAP',
+  'services.service.actions.run.stopLdapKnox.context':'Stop Demo LDAP',
+  'services.service.actions.run.startStopLdapKnox.error': 'Error during remote command: ',
   'services.service.actions.manage_configuration_groups.short':'Manage Config Groups',
   'services.service.actions.serviceActions':'Service Actions',
   'services.service.summary.unknown':'unknown',

ambari-web/app/models/service_config.js

@@ -478,6 +478,9 @@ App.ServiceConfigProperty = Ember.Object.extend({
       case 'supervisor_hosts':
         this.set('value', slaveComponentHostsInDB.findProperty('componentName', 'SUPERVISOR').hosts.mapProperty('hostName'));
         break;
+      case 'knox_gateway_host':
+        this.set('value', masterComponentHostsInDB.findProperty('component', 'KNOX_GATEWAY').hostName);
+        break;
       case 'hbase.zookeeper.quorum':
         var zkHosts = masterComponentHostsInDB.filterProperty('component', 'ZOOKEEPER_SERVER').mapProperty('hostName');
         this.setDefaultValue("(\\w*)", zkHosts);

ambari-web/app/models/stack_service.js

@@ -313,6 +313,11 @@ App.StackService.configCategories = function () {
         App.ServiceConfigCategory.create({ name: 'FLUME_HANDLER', displayName: 'flume.conf', siteFileName: 'flume-conf', canAddProperty: false})
       ]);
       break;
+    case 'KNOX':
+      serviceConfigCategories.pushObjects([
+        App.ServiceConfigCategory.create({ name: 'KNOX_GATEWAY', displayName: 'Knox Gateway'})
+      ]);
+      break;
     case 'PIG':
       break;
     case 'SQOOP':
@@ -342,7 +347,7 @@ App.StackService.configCategories = function () {
 
   // Add custom section for every configType to all the services
   configTypes.forEach(function (type) {
-    var configTypesWithNoCustomSection = ['capacity-scheduler','mapred-queue-acls','flume-conf', 'pig-properties'];
+    var configTypesWithNoCustomSection = ['capacity-scheduler','mapred-queue-acls','flume-conf', 'pig-properties','ambari-topology','users-ldif'];
     if (type.endsWith('-env') || type.endsWith('-log4j') || configTypesWithNoCustomSection.contains(type)) {
       return;
     }

ambari-web/app/utils/ajax/ajax.js

@@ -405,6 +405,23 @@ var urls = {
       }
   },
 
+  'service.item.startStopLdapKnox':{
+    'real': '/clusters/{clusterName}/requests',
+    'mock': '',
+    'format' : function(data) {
+      return {
+        type : 'POST',
+        data : JSON.stringify({
+          RequestInfo: {
+            'context': data.context,
+            'command': data.command
+          },
+          "Requests/resource_filters": [{"service_name" : data.serviceName, "component_name" : data.componentName, 'hosts': data.host}]
+        })
+      }
+    }
+  },
+
   'service.item.executeCustomCommand':{
     'real': '/clusters/{clusterName}/requests',
     'mock': '',

ambari-web/app/utils/config.js

@@ -599,7 +599,7 @@ App.config = Em.Object.create({
              * (/^\s+$/.test(_config.value)) { _config.isRequired = false; }
              */
             _config.isRequired = true;
-            _config.displayType = stringUtils.isSingleLine(_config.value) ? 'advanced' : 'multiLine';
+            _config.displayType = _config.displayType ? _config.displayType : stringUtils.isSingleLine(_config.value) ? 'advanced' : 'multiLine';
             serviceConfigs.push(_config);
           }
         }
@@ -914,7 +914,7 @@ App.config = Em.Object.create({
          */
         if ((fileName !== 'mapred-queue-acls.xml' || App.supports.capacitySchedulerUi) &&
           (fileName !== 'capacity-scheduler.xml' || isHDP2 || App.supports.capacitySchedulerUi)) {
-          properties.push({
+          var property = {
             serviceName: serviceName,
             name: item.property_name,
             value: item.property_value,
@@ -923,7 +923,11 @@ App.config = Em.Object.create({
             isFinal: item.final === "true",
             defaultIsFinal: item.final === "true",
             filename: item.filename || fileName
-          });
+          };
+          if (item.property_type.contains('PASSWORD')) {
+            property.displayType = "password";
+          }
+          properties.push(property);
         }
       }, this);
     }

ambari-web/app/views/main/service/item.js

@@ -93,6 +93,18 @@ App.MainServiceItemView = Em.View.extend({
         cssClass: 'icon-share-alt',
         disabled: false
       },
+      STARTDEMOLDAP: {
+        action: 'startLdapKnox',
+        label: Em.I18n.t('services.service.actions.run.startLdapKnox.context'),
+        cssClass: 'icon-play-sign',
+        disabled: false
+      },
+      STOPDEMOLDAP: {
+        action: 'stopLdapKnox',
+        label: Em.I18n.t('services.service.actions.run.stopLdapKnox.context'),
+        cssClass: 'icon-stop',
+        disabled: false
+      },
       REBALANCE_HDFS: {
         action: 'rebalanceHdfsNodes',
         context: Em.I18n.t('services.service.actions.run.rebalanceHdfsNodes.context'),
@@ -202,11 +214,21 @@ App.MainServiceItemView = Em.View.extend({
       options.push(actionMap.TOGGLE_PASSIVE);
       var serviceName = service.get('serviceName');
       var nnComponent = App.StackServiceComponent.find().findProperty('componentName','NAMENODE');
+      var knoxGatewayComponent = App.StackServiceComponent.find().findProperty('componentName','KNOX_GATEWAY');
       if (serviceName === 'HDFS' && nnComponent) {
         var namenodeCustomCommands = nnComponent.get('customCommands');
         if (namenodeCustomCommands && namenodeCustomCommands.contains('REBALANCEHDFS'))
         options.push(actionMap.REBALANCE_HDFS);
       }
+
+      if (serviceName === 'KNOX' && knoxGatewayComponent) {
+        var knoxGatewayCustomCommands = knoxGatewayComponent.get('customCommands');
+        knoxGatewayCustomCommands.forEach(function(command) {
+          if (actionMap[command]) {
+            options.push(actionMap[command]);
+          }
+        });
+      }
       self.addActionMap().filterProperty('service', serviceName).forEach(function(item) {
         item.action = 'add' + item.component;
         item.disabled = self.get('controller.isAddDisabled-' + item.component);

ambari-web/test/controllers/main/service/item_test.js

@@ -625,4 +625,38 @@ describe('App.MainServiceItemController', function () {
     });
   });
 
+  describe('#startLdapKnox() and #stopLdapKnox() should call startStopLdapKnox once: ', function () {
+
+
+    var mainServiceItemController = App.MainServiceItemController.create({content: {serviceName: 'KNOX',
+      displayName: 'Knox'}});
+
+    beforeEach(function () {
+      sinon.stub(mainServiceItemController, 'startStopLdapKnox', function(){
+        return true;
+      });
+    });
+    afterEach(function () {
+      mainServiceItemController.startStopLdapKnox.restore();
+    });
+
+    var tests = [
+      {
+        methodName: 'startLdapKnox',
+        callback: mainServiceItemController.startLdapKnox
+      },
+      {
+        methodName: 'stopLdapKnox',
+        callback: mainServiceItemController.stopLdapKnox
+      }
+    ];
+
+    tests.forEach(function(test){
+      it(test.methodName + ' should call startStopLdapKnox method', function () {
+        test.callback.call(mainServiceItemController);
+        expect(mainServiceItemController.startStopLdapKnox.calledOnce).to.be.true;
+      });
+    },this);
+
+  });
 });