You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@drill.apache.org by br...@apache.org on 2015/09/17 23:33:42 UTC
drill-site git commit: updates for 1.2
Repository: drill-site
Updated Branches:
refs/heads/asf-site 540e0ed6b -> 5cd44b69b
updates for 1.2
Project: http://git-wip-us.apache.org/repos/asf/drill-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/drill-site/commit/5cd44b69
Tree: http://git-wip-us.apache.org/repos/asf/drill-site/tree/5cd44b69
Diff: http://git-wip-us.apache.org/repos/asf/drill-site/diff/5cd44b69
Branch: refs/heads/asf-site
Commit: 5cd44b69b676163237ac5078e4fc212a6e7707d7
Parents: 540e0ed
Author: Bridget Bevens <bb...@maprtech.com>
Authored: Thu Sep 17 14:33:21 2015 -0700
Committer: Bridget Bevens <bb...@maprtech.com>
Committed: Thu Sep 17 14:33:21 2015 -0700
----------------------------------------------------------------------
docs/configuring-user-authentication/index.html | 15 +++++++++--
.../index.html | 26 +++----------------
docs/img/query-flow-client.png | Bin 11366 -> 13094 bytes
docs/img/web-ui-admin-view.png | Bin 45701 -> 45382 bytes
docs/img/web-ui-user-view.png | Bin 47799 -> 47457 bytes
docs/img/web-ui.png | Bin 43194 -> 42637 bytes
docs/starting-the-web-console/index.html | 6 ++---
feed.xml | 4 +--
8 files changed, 22 insertions(+), 29 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/drill-site/blob/5cd44b69/docs/configuring-user-authentication/index.html
----------------------------------------------------------------------
diff --git a/docs/configuring-user-authentication/index.html b/docs/configuring-user-authentication/index.html
index 7104919..a83e2d0 100644
--- a/docs/configuring-user-authentication/index.html
+++ b/docs/configuring-user-authentication/index.html
@@ -993,11 +993,22 @@
<p>When using PAM for authentication, each user that has permission to run Drill queries must exist in the list of users that resides on each Drill node in the cluster. The username (including uid) and password for each user must be identical across all of the Drill nodes. </p>
-<p>If you use PAM with /etc/passwd for authentication, verify that the users with permission to start the Drill process are part of the shadow user group on all nodes in the cluster. This enables Drill to read the /etc/shadow file for authentication. </p>
+<p>If you use PAM with /etc/passwd for authentication, verify that the users with permission to start the Drill process are part of the shadow user group on all nodes in the cluster. This enables Drill to read the /etc/shadow file for authentication. </p>
+
+<h2 id="administrator-privileges">Administrator Privileges</h2>
+
+<p>When authentication is enabled, only Drill users who are assigned Drill cluster administrator privileges can perform the following tasks:</p>
+
+<ul>
+<li>Change a system-level option by issuing an ALTER SYSTEM command</li>
+<li>Update a storage plugin configuration through the REST API or Web Console</li>
+<li>View profiles of all queries that all users have run or are currently running in a cluster</li>
+<li>Cancel running queries that were launched by any user in the cluster</li>
+</ul>
<h2 id="user-authentication-process">User Authentication Process</h2>
-<p>When user authentication is configured, each user that accesses the Drillbit process through a client, such as SQLLine, must provide their username and password for access. </p>
+<p>When user authentication is enabled, each user that accesses the Drillbit process through a client, such as SQLLine, must provide their username and password for access. </p>
<p>When launching SQLLine, a user must include the <code>–n</code> and <code>–p</code> parameters with their username and password in the SQLLine argument:<br>
<code>sqlline –u jdbc:drill:zk=10.10.11.112:5181 –n bob –p bobdrill</code></p>
http://git-wip-us.apache.org/repos/asf/drill-site/blob/5cd44b69/docs/configuring-web-console-and-rest-api-security/index.html
----------------------------------------------------------------------
diff --git a/docs/configuring-web-console-and-rest-api-security/index.html b/docs/configuring-web-console-and-rest-api-security/index.html
index f587abb..aebdb85 100644
--- a/docs/configuring-web-console-and-rest-api-security/index.html
+++ b/docs/configuring-web-console-and-rest-api-security/index.html
@@ -996,11 +996,11 @@ you can limit the access of certain users to Web Console functionality, such as
<p>Drill 1.2 uses the Linux Pluggable Authentication Module (PAM) and code-level support for transport layer security (TLS) to secure the Web Console and REST API. By default, the Web Console and REST API now support the HTTPS protocol.</p>
-<p>By default, Drill generates a self-signed certificate that works with SSL for HTTPS access to the Web Console; however, as administrator, you can set up SSL to specify the keystore or truststore, or both, for your organization, as described in the next section.</p>
+<p>By default, Drill generates a self-signed certificate that works with SSL for HTTPS access to the Web Console. Because Drill uses a self-signed certificate, you see a warning in the browser when you go to <code>https://<node IP address>:8047</code>. The Chrome browser, for example, requires you to click <code>Advanced</code>, and then <code>Proceed to <address> (unsafe)</code>. If you have a signed certificate by an authority, you can set up a custom SSL to avoid this warning. You can set up SSL to specify the keystore or truststore, or both, for your organization, as described in the next section.</p>
<h2 id="setting-up-a-custom-ssl-configuration">Setting Up a Custom SSL Configuration</h2>
-<p>As cluster administrator, you can set the following SSL configuration parameters at the JVM level through system properties, as described in the <a href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#Customization">Java product documentation</a>:</p>
+<p>As cluster administrator, you can set the following SSL configuration parameters at in the <code>conf/drill-override.conf</code> file, as described in the <a href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#Customization">Java product documentation</a>:</p>
<ul>
<li>javax.net.ssl.keyStore<br>
@@ -1031,10 +1031,10 @@ Optionally, you can set up Web Console administrator-user groups to facilitate m
<li>security.admin.users<br>
Set the value of this option to a comma-separated list of user names who you want to give administrator privileges, such as changing system options.<br></li>
<li>security.admin.user_groups<br>
-Set the value of this option to a comma-separated list of administrators.</li>
+Set the value of this option to a comma-separated list of administrator groups.</li>
</ul>
-<p>Any user for whom you have configured Drill user authentication, but not set up as a Web Console administrator, has only user privileges to access the Web Console and REST API client applications.</p>
+<p>Any user who is a member of any group listed in security.admin.user.groups is a Drill cluster administrator. Any user for whom you have configured Drill user authentication, but not set up as a Drill cluster administrator, has only user privileges to access the Web Console and REST API client applications.</p>
<h2 id="web-console-and-rest-api-privileges">Web Console and REST API Privileges</h2>
@@ -1293,24 +1293,6 @@ Set the value of this option to a comma-separated list of administrators.</li>
<li>USER - cancel the query only if the query is launched by the user requesting the cancellation.</li>
</ul>
-<h2 id="starting-the-web-console-using-authentication">Starting the Web Console Using Authentication</h2>
-
-<p>The following example shows the sequence of steps you typically perform to access the Web Console when authentication is enabled on a Drill cluster.</p>
-
-<ol>
-<li>Set the JVM library path to the location of the PAM <code>.so</code> file.<br>
-<code>export DRILLBIT_JAVA_OPTS=" -Djava.library.path=/root/ "</code><br></li>
-<li>Restart the Drillbit.<br>
-<code>[root@centos64-30143 apache-drill-1.2.0-SNAPSHOT]# ./bin/drillbit.sh restart</code><br></li>
-<li>Start the Drill Shell, using a user name and password.<br>
-<code>bin/sqlline -u "jdbc:drill:zk=10.10.30.146:5181" -n joeadmin -p mypwd</code><br></li>
-<li>Open a browser, and go to <code>https://<IP address>:8047</code>, where IP address is the host name or IP address of one of the installed Drillbits in a distributed system.<br>
-The login screen appears:<br></li>
-</ol>
-
-<p><img src="/docs/img/web-ui-login.png" alt="Web Console Login">
-5. <a href="/docs/starting-the-web-console/">Start the Web Console</a>.</p>
-
<div class="doc-nav">
http://git-wip-us.apache.org/repos/asf/drill-site/blob/5cd44b69/docs/img/query-flow-client.png
----------------------------------------------------------------------
diff --git a/docs/img/query-flow-client.png b/docs/img/query-flow-client.png
index 0ae87fc..2aad204 100755
Binary files a/docs/img/query-flow-client.png and b/docs/img/query-flow-client.png differ
http://git-wip-us.apache.org/repos/asf/drill-site/blob/5cd44b69/docs/img/web-ui-admin-view.png
----------------------------------------------------------------------
diff --git a/docs/img/web-ui-admin-view.png b/docs/img/web-ui-admin-view.png
index fbdb709..b7d8657 100644
Binary files a/docs/img/web-ui-admin-view.png and b/docs/img/web-ui-admin-view.png differ
http://git-wip-us.apache.org/repos/asf/drill-site/blob/5cd44b69/docs/img/web-ui-user-view.png
----------------------------------------------------------------------
diff --git a/docs/img/web-ui-user-view.png b/docs/img/web-ui-user-view.png
index 0d75600..1f0dd10 100644
Binary files a/docs/img/web-ui-user-view.png and b/docs/img/web-ui-user-view.png differ
http://git-wip-us.apache.org/repos/asf/drill-site/blob/5cd44b69/docs/img/web-ui.png
----------------------------------------------------------------------
diff --git a/docs/img/web-ui.png b/docs/img/web-ui.png
index f68a135..2e14e1c 100644
Binary files a/docs/img/web-ui.png and b/docs/img/web-ui.png differ
http://git-wip-us.apache.org/repos/asf/drill-site/blob/5cd44b69/docs/starting-the-web-console/index.html
----------------------------------------------------------------------
diff --git a/docs/starting-the-web-console/index.html b/docs/starting-the-web-console/index.html
index d18367c..5fb1266 100644
--- a/docs/starting-the-web-console/index.html
+++ b/docs/starting-the-web-console/index.html
@@ -993,15 +993,15 @@
<p><img src="/docs/img/web-ui.png" alt="Web Console"></p>
-<p>If user authentication is enabled, Drill 1.2 and later prompts you for a user name and password:</p>
+<p>If <a href="/docs/configuring-user-authentication/">user authentication</a> is enabled, Drill 1.2 and later prompts you for a user name and password:</p>
<p><img src="/docs/img/web-ui-login.png" alt="Web Console Login"></p>
-<p>If an administrator logs in, all the Web Console controls appear: Query, Profiles, Storage, Metrics, Threads, and Options.</p>
+<p>If an <a href="/docs/configuring-user-authentication/#administrator-privileges">administrator</a> logs in, all the Web Console controls appear: Query, Profiles, Storage, Metrics, Threads, and Options.</p>
<p><img src="/docs/img/web-ui-admin-view.png" alt="Web Console Admin View"></p>
-<p>If a user, who is not an administrator, logs in, the Web Console controls are limited to Query, Metrics, Threads controls, and possibly, Profiles. An administrator can give users permission to access the Profiles control. Only administrators can see and use the Storage control for managing storage plugin configurations.</p>
+<p>If a user, who is not an administrator, logs in, the Web Console controls are limited to Query, Metrics, and Profiles. The Profiles page for a non-administrator user contains the profiles of all queries the user issued either through ODBC, JDBC, or the Web Console. The Profiles pages for administrators contains the profiles of all queries executed on a cluster. Only administrators can see and use the Storage control for managing storage plugin configurations.</p>
<p><img src="/docs/img/web-ui-user-view.png" alt="Web Console User View"></p>
http://git-wip-us.apache.org/repos/asf/drill-site/blob/5cd44b69/feed.xml
----------------------------------------------------------------------
diff --git a/feed.xml b/feed.xml
index 94f837c..6f60a3e 100644
--- a/feed.xml
+++ b/feed.xml
@@ -6,8 +6,8 @@
</description>
<link>/</link>
<atom:link href="/feed.xml" rel="self" type="application/rss+xml"/>
- <pubDate>Wed, 16 Sep 2015 17:21:00 -0700</pubDate>
- <lastBuildDate>Wed, 16 Sep 2015 17:21:00 -0700</lastBuildDate>
+ <pubDate>Thu, 17 Sep 2015 14:28:08 -0700</pubDate>
+ <lastBuildDate>Thu, 17 Sep 2015 14:28:08 -0700</lastBuildDate>
<generator>Jekyll v2.5.2</generator>
<item>