You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2017/03/06 10:23:33 UTC

[jira] [Commented] (AMBARI-18892) storm DRPC_SERVER kerberos configs duplicate

    [ https://issues.apache.org/jira/browse/AMBARI-18892?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15897044#comment-15897044 ] 

Robert Levas commented on AMBARI-18892:
---------------------------------------

[~forestsissi]...

Looking a the Storm docs, it appears that the {{DRPC_SERVER}} and {{NIMBUS}} should use the same Kerberos identity (principal and keytab), which is used in the {{StormServer}} section of Storm's JAAS file.  I do not see where {{nimbus_drpc_principal_name}} is being using by Storm and there is no reference to this new variable in Ambari's agent side scripts.

So, to accomplish this, rather than create a new Kerberos Identity, which appears to not be used, create a reference to the {{NIMBUS}} identity descriptor in the {{DRPC_SERVER}} section. Instead of 

{code}
        {
          "name": "DRPC_SERVER",
          "identities": [
            {
              "name": "nimbus_server",
              "principal": {
                "value": "nimbus/_HOST@${realm}",
                "type": "service",
                "configuration": "storm-env/nimbus_drpc_principal_name"
              },
              "keytab": {
                "file": "${keytab_dir}/nimbus.service.keytab",
                "owner": {
                  "name": "${storm-env/storm_user}",
                  "access": "r"
                },
                "group": {
                  "name": "${cluster-env/user_group}",
                  "access": ""
                },
                "configuration": "storm-env/nimbus_drpc_principal_name"
              }
            }
          ]
        },
{code}

You can do

{code}
        {
          "name": "DRPC_SERVER",
          "identities": [
            {
              "name": "dprc_server",
              "reference": "/STORM/NIMBUS/nimbus_server"
            }
          ]
        },
{code}

> storm DRPC_SERVER kerberos configs  duplicate
> ---------------------------------------------
>
>                 Key: AMBARI-18892
>                 URL: https://issues.apache.org/jira/browse/AMBARI-18892
>             Project: Ambari
>          Issue Type: Improvement
>    Affects Versions: trunk, 2.4.1
>            Reporter: wangyaoxin
>            Assignee: wangyaoxin
>             Fix For: trunk, 3.0.0
>
>         Attachments: AMBARI-18892.patch, storm.png
>
>
> when ambari enables kerberos, add storm service ,nimbus_keytab and nimbus_principal_name will  duplicate



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)