You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@drill.apache.org by "Alfaro, Tony" <Jo...@viasat.com> on 2015/11/12 16:44:53 UTC
How to setup user authentication for the WebUI?
I've done as the documentation said and installed jpam, user auth works with the command line access tools (bin/drill-conf -n user -p pass), but the webui's don't show a login page, only the data for number of drill bits, the hostnames for each bit, the port addresses, and direct memory numbers. The drill-env.sh file contains the path declaration for jpam as /opt/pam/ (where it was installed) and the drill-override.conf has the following drill.exec section:
drill.exec: {
cluster-id: "clusterid",
zk.connect: "node01:2181,node02:2181,node03:2181"
security.user.auth {
enabled: true,
packages += "org.apache.drill.exec.rpc.user.security",
impl: "pam",
pam_profiles: [ "sudo", "login" ]
}
http: {
enabled: true,
ssl_enabled: true,
port: 8047
},
}
Is there something obvious I'm missing to get the user login page to show?
Jose A. "Tony" Alfaro // Application Systems Administrator
ViaSat, Inc.
Email : jose.alfaro@viasat.com<ma...@viasat.com>
desk : 720.568.3061
mobile: 720.467.9481
Re: How to setup user authentication for the WebUI?
Posted by Jacques Nadeau <ja...@dremio.com>.
I see the disconnect. I was responding to the block of text below. The
last three bullet points below are false.
Administrator Privileges
When authentication is enabled, only Drill users who are assigned Drill
cluster administrator privileges can perform the following tasks:
- Change a system-level option by issuing an ALTER SYSTEM command
- Update a storage plugin configuration through the REST API or Web
Console
- View profiles of all queries that all users have run or are currently
running in a cluster
- Cancel running queries that were launched by any user in the cluster
--
Jacques Nadeau
CTO and Co-Founder, Dremio
On Thu, Nov 12, 2015 at 3:46 PM, Kristine Hahn <kh...@maprtech.com> wrote:
> >
> > Having that be 404 doesn't seem great either.
>
> Right. In this case, users probably won't encounter the problem again. The
> doc title/URL change occurred before the feature was released. It's likely
> not a URL that anybody except reviewers like Andries bookmarked. It seemed
> "right" to change the doc title from Web UI to Web Console when we first
> saw the interface name--Web Console.
>
> Do we have any way to accommodate redirects in the docs?
>
> Putting metadata in html files to redirect the page instead of deleting it
> should work.
>
> Kristine Hahn
> Sr. Technical Writer
> 415-497-8107 @krishahn skype:krishahn
>
>
> On Thu, Nov 12, 2015 at 1:41 PM, Jacques Nadeau <ja...@dremio.com>
> wrote:
>
> > We should be cautious about changing these urls. I don't know about
> others
> > but I used search to get to the page. Having that be 404 doesn't seem
> great
> > either. Do we have any way to accommodate redirects in the docs?
> > On Nov 12, 2015 1:00 PM, "Kristine Hahn" <kh...@maprtech.com> wrote:
> >
> > > Fixed:
> > >
> > >
> >
> https://drill.apache.org/docs/configuring-web-console-and-rest-api-security/
> > > is the correct URL to the page.
> > >
> > >
> https://drill.apache.org/docs/configuring-web-ui-and-rest-api-security/
> > is
> > > an obsolete url and is now not found.
> > >
> > > Kristine Hahn
> > > Sr. Technical Writer
> > > 415-497-8107 @krishahn skype:krishahn
> > >
> > >
> > > On Thu, Nov 12, 2015 at 11:02 AM, Jacques Nadeau <ja...@dremio.com>
> > > wrote:
> > >
> > > > There is a lot of confusion here. I'll try to clear it up a little
> bit:
> > > >
> > > > - Apache Drill 1.2 does not support web authentication. The Apache
> > Drill
> > > > docs incorrectly state that it does. (it sounds like maybe Kristine
> is
> > > > saying these will be fixed shortly)
> > > > - MapR has released their own version of Drill that does include web
> > > > authentication.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Jacques Nadeau
> > > > CTO and Co-Founder, Dremio
> > > >
> > > > On Thu, Nov 12, 2015 at 10:27 AM, Kristine Hahn <kh...@maprtech.com>
> > > > wrote:
> > > >
> > > > > The doc link Andries mentioned is an obsolete cached version that
> > > should
> > > > > have been (and will be) removed. Please see the recently clarified
> > > > (thanks
> > > > > Andries!) MapR docs for Web Console security info:
> > > > >
> > > > > http://doc.mapr.com/display/MapR/Starting+the+Web+Console
> > > > >
> > > > >
> > > >
> > >
> >
> http://doc.mapr.com/display/MapR/Configuring+Web+Console+and+REST+API+Security
> > > > >
> > > > > Kristine Hahn
> > > > > Sr. Technical Writer
> > > > > 415-497-8107 @krishahn skype:krishahn
> > > > >
> > > > >
> > > > > On Thu, Nov 12, 2015 at 8:06 AM, Andries Engelbrecht <
> > > > > aengelbrecht@maprtech.com> wrote:
> > > > >
> > > > > > Try looking at this page
> > > > > >
> > > >
> > https://drill.apache.org/docs/configuring-web-ui-and-rest-api-security/
> > > > > <
> > > > > >
> > > >
> > https://drill.apache.org/docs/configuring-web-ui-and-rest-api-security/>
> > > > > >
> > > > > > I didn't set the http settings you list in drill-override.conf,
> > > > instead i
> > > > > > added this to drill-env.sh
> > > > > > export DRILL_JAVA_OPTS="$DRILL_JAVA_OPTS
> > > > > > -Ddrill.exec.http.ssl_enabled=true"
> > > > > >
> > > > > > Also make sure to add some admin users and groups.
> > > > > > 1. alter system set `security.admin.users`='admin1,admin2,...';
> > > > > > 2. alter system set `security.admin.user_groups`='admingroup';
> and
> > > add
> > > > > > users to the group.
> > > > > >
> > > > > >
> > > > > > --Andries
> > > > > >
> > > > > >
> > > > > > > On Nov 12, 2015, at 7:44 AM, Alfaro, Tony <
> > Jose.Alfaro@viasat.com>
> > > > > > wrote:
> > > > > > >
> > > > > > > I've done as the documentation said and installed jpam, user
> auth
> > > > works
> > > > > > with the command line access tools (bin/drill-conf -n user -p
> > pass),
> > > > but
> > > > > > the webui's don't show a login page, only the data for number of
> > > drill
> > > > > > bits, the hostnames for each bit, the port addresses, and direct
> > > memory
> > > > > > numbers. The drill-env.sh file contains the path declaration for
> > > jpam
> > > > as
> > > > > > /opt/pam/ (where it was installed) and the drill-override.conf
> has
> > > the
> > > > > > following drill.exec section:
> > > > > > >
> > > > > > > drill.exec: {
> > > > > > > cluster-id: "clusterid",
> > > > > > > zk.connect: "node01:2181,node02:2181,node03:2181"
> > > > > > > security.user.auth {
> > > > > > > enabled: true,
> > > > > > > packages += "org.apache.drill.exec.rpc.user.security",
> > > > > > > impl: "pam",
> > > > > > > pam_profiles: [ "sudo", "login" ]
> > > > > > > }
> > > > > > > http: {
> > > > > > > enabled: true,
> > > > > > > ssl_enabled: true,
> > > > > > > port: 8047
> > > > > > > },
> > > > > > > }
> > > > > > >
> > > > > > > Is there something obvious I'm missing to get the user login
> page
> > > to
> > > > > > show?
> > > > > > >
> > > > > > > Jose A. "Tony" Alfaro // Application Systems Administrator
> > > > > > > ViaSat, Inc.
> > > > > > > Email : jose.alfaro@viasat.com<ma...@viasat.com>
> > > > > > > desk : 720.568.3061
> > > > > > > mobile: 720.467.9481
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
Re: How to setup user authentication for the WebUI?
Posted by Kristine Hahn <kh...@maprtech.com>.
>
> Having that be 404 doesn't seem great either.
Right. In this case, users probably won't encounter the problem again. The
doc title/URL change occurred before the feature was released. It's likely
not a URL that anybody except reviewers like Andries bookmarked. It seemed
"right" to change the doc title from Web UI to Web Console when we first
saw the interface name--Web Console.
Do we have any way to accommodate redirects in the docs?
Putting metadata in html files to redirect the page instead of deleting it
should work.
Kristine Hahn
Sr. Technical Writer
415-497-8107 @krishahn skype:krishahn
On Thu, Nov 12, 2015 at 1:41 PM, Jacques Nadeau <ja...@dremio.com> wrote:
> We should be cautious about changing these urls. I don't know about others
> but I used search to get to the page. Having that be 404 doesn't seem great
> either. Do we have any way to accommodate redirects in the docs?
> On Nov 12, 2015 1:00 PM, "Kristine Hahn" <kh...@maprtech.com> wrote:
>
> > Fixed:
> >
> >
> https://drill.apache.org/docs/configuring-web-console-and-rest-api-security/
> > is the correct URL to the page.
> >
> > https://drill.apache.org/docs/configuring-web-ui-and-rest-api-security/
> is
> > an obsolete url and is now not found.
> >
> > Kristine Hahn
> > Sr. Technical Writer
> > 415-497-8107 @krishahn skype:krishahn
> >
> >
> > On Thu, Nov 12, 2015 at 11:02 AM, Jacques Nadeau <ja...@dremio.com>
> > wrote:
> >
> > > There is a lot of confusion here. I'll try to clear it up a little bit:
> > >
> > > - Apache Drill 1.2 does not support web authentication. The Apache
> Drill
> > > docs incorrectly state that it does. (it sounds like maybe Kristine is
> > > saying these will be fixed shortly)
> > > - MapR has released their own version of Drill that does include web
> > > authentication.
> > >
> > >
> > >
> > >
> > >
> > > --
> > > Jacques Nadeau
> > > CTO and Co-Founder, Dremio
> > >
> > > On Thu, Nov 12, 2015 at 10:27 AM, Kristine Hahn <kh...@maprtech.com>
> > > wrote:
> > >
> > > > The doc link Andries mentioned is an obsolete cached version that
> > should
> > > > have been (and will be) removed. Please see the recently clarified
> > > (thanks
> > > > Andries!) MapR docs for Web Console security info:
> > > >
> > > > http://doc.mapr.com/display/MapR/Starting+the+Web+Console
> > > >
> > > >
> > >
> >
> http://doc.mapr.com/display/MapR/Configuring+Web+Console+and+REST+API+Security
> > > >
> > > > Kristine Hahn
> > > > Sr. Technical Writer
> > > > 415-497-8107 @krishahn skype:krishahn
> > > >
> > > >
> > > > On Thu, Nov 12, 2015 at 8:06 AM, Andries Engelbrecht <
> > > > aengelbrecht@maprtech.com> wrote:
> > > >
> > > > > Try looking at this page
> > > > >
> > >
> https://drill.apache.org/docs/configuring-web-ui-and-rest-api-security/
> > > > <
> > > > >
> > >
> https://drill.apache.org/docs/configuring-web-ui-and-rest-api-security/>
> > > > >
> > > > > I didn't set the http settings you list in drill-override.conf,
> > > instead i
> > > > > added this to drill-env.sh
> > > > > export DRILL_JAVA_OPTS="$DRILL_JAVA_OPTS
> > > > > -Ddrill.exec.http.ssl_enabled=true"
> > > > >
> > > > > Also make sure to add some admin users and groups.
> > > > > 1. alter system set `security.admin.users`='admin1,admin2,...';
> > > > > 2. alter system set `security.admin.user_groups`='admingroup'; and
> > add
> > > > > users to the group.
> > > > >
> > > > >
> > > > > --Andries
> > > > >
> > > > >
> > > > > > On Nov 12, 2015, at 7:44 AM, Alfaro, Tony <
> Jose.Alfaro@viasat.com>
> > > > > wrote:
> > > > > >
> > > > > > I've done as the documentation said and installed jpam, user auth
> > > works
> > > > > with the command line access tools (bin/drill-conf -n user -p
> pass),
> > > but
> > > > > the webui's don't show a login page, only the data for number of
> > drill
> > > > > bits, the hostnames for each bit, the port addresses, and direct
> > memory
> > > > > numbers. The drill-env.sh file contains the path declaration for
> > jpam
> > > as
> > > > > /opt/pam/ (where it was installed) and the drill-override.conf has
> > the
> > > > > following drill.exec section:
> > > > > >
> > > > > > drill.exec: {
> > > > > > cluster-id: "clusterid",
> > > > > > zk.connect: "node01:2181,node02:2181,node03:2181"
> > > > > > security.user.auth {
> > > > > > enabled: true,
> > > > > > packages += "org.apache.drill.exec.rpc.user.security",
> > > > > > impl: "pam",
> > > > > > pam_profiles: [ "sudo", "login" ]
> > > > > > }
> > > > > > http: {
> > > > > > enabled: true,
> > > > > > ssl_enabled: true,
> > > > > > port: 8047
> > > > > > },
> > > > > > }
> > > > > >
> > > > > > Is there something obvious I'm missing to get the user login page
> > to
> > > > > show?
> > > > > >
> > > > > > Jose A. "Tony" Alfaro // Application Systems Administrator
> > > > > > ViaSat, Inc.
> > > > > > Email : jose.alfaro@viasat.com<ma...@viasat.com>
> > > > > > desk : 720.568.3061
> > > > > > mobile: 720.467.9481
> > > > > >
> > > > >
> > > > >
> > > >
> > >
> >
>
Re: How to setup user authentication for the WebUI?
Posted by Jacques Nadeau <ja...@dremio.com>.
We should be cautious about changing these urls. I don't know about others
but I used search to get to the page. Having that be 404 doesn't seem great
either. Do we have any way to accommodate redirects in the docs?
On Nov 12, 2015 1:00 PM, "Kristine Hahn" <kh...@maprtech.com> wrote:
> Fixed:
>
> https://drill.apache.org/docs/configuring-web-console-and-rest-api-security/
> is the correct URL to the page.
>
> https://drill.apache.org/docs/configuring-web-ui-and-rest-api-security/ is
> an obsolete url and is now not found.
>
> Kristine Hahn
> Sr. Technical Writer
> 415-497-8107 @krishahn skype:krishahn
>
>
> On Thu, Nov 12, 2015 at 11:02 AM, Jacques Nadeau <ja...@dremio.com>
> wrote:
>
> > There is a lot of confusion here. I'll try to clear it up a little bit:
> >
> > - Apache Drill 1.2 does not support web authentication. The Apache Drill
> > docs incorrectly state that it does. (it sounds like maybe Kristine is
> > saying these will be fixed shortly)
> > - MapR has released their own version of Drill that does include web
> > authentication.
> >
> >
> >
> >
> >
> > --
> > Jacques Nadeau
> > CTO and Co-Founder, Dremio
> >
> > On Thu, Nov 12, 2015 at 10:27 AM, Kristine Hahn <kh...@maprtech.com>
> > wrote:
> >
> > > The doc link Andries mentioned is an obsolete cached version that
> should
> > > have been (and will be) removed. Please see the recently clarified
> > (thanks
> > > Andries!) MapR docs for Web Console security info:
> > >
> > > http://doc.mapr.com/display/MapR/Starting+the+Web+Console
> > >
> > >
> >
> http://doc.mapr.com/display/MapR/Configuring+Web+Console+and+REST+API+Security
> > >
> > > Kristine Hahn
> > > Sr. Technical Writer
> > > 415-497-8107 @krishahn skype:krishahn
> > >
> > >
> > > On Thu, Nov 12, 2015 at 8:06 AM, Andries Engelbrecht <
> > > aengelbrecht@maprtech.com> wrote:
> > >
> > > > Try looking at this page
> > > >
> > https://drill.apache.org/docs/configuring-web-ui-and-rest-api-security/
> > > <
> > > >
> > https://drill.apache.org/docs/configuring-web-ui-and-rest-api-security/>
> > > >
> > > > I didn't set the http settings you list in drill-override.conf,
> > instead i
> > > > added this to drill-env.sh
> > > > export DRILL_JAVA_OPTS="$DRILL_JAVA_OPTS
> > > > -Ddrill.exec.http.ssl_enabled=true"
> > > >
> > > > Also make sure to add some admin users and groups.
> > > > 1. alter system set `security.admin.users`='admin1,admin2,...';
> > > > 2. alter system set `security.admin.user_groups`='admingroup'; and
> add
> > > > users to the group.
> > > >
> > > >
> > > > --Andries
> > > >
> > > >
> > > > > On Nov 12, 2015, at 7:44 AM, Alfaro, Tony <Jo...@viasat.com>
> > > > wrote:
> > > > >
> > > > > I've done as the documentation said and installed jpam, user auth
> > works
> > > > with the command line access tools (bin/drill-conf -n user -p pass),
> > but
> > > > the webui's don't show a login page, only the data for number of
> drill
> > > > bits, the hostnames for each bit, the port addresses, and direct
> memory
> > > > numbers. The drill-env.sh file contains the path declaration for
> jpam
> > as
> > > > /opt/pam/ (where it was installed) and the drill-override.conf has
> the
> > > > following drill.exec section:
> > > > >
> > > > > drill.exec: {
> > > > > cluster-id: "clusterid",
> > > > > zk.connect: "node01:2181,node02:2181,node03:2181"
> > > > > security.user.auth {
> > > > > enabled: true,
> > > > > packages += "org.apache.drill.exec.rpc.user.security",
> > > > > impl: "pam",
> > > > > pam_profiles: [ "sudo", "login" ]
> > > > > }
> > > > > http: {
> > > > > enabled: true,
> > > > > ssl_enabled: true,
> > > > > port: 8047
> > > > > },
> > > > > }
> > > > >
> > > > > Is there something obvious I'm missing to get the user login page
> to
> > > > show?
> > > > >
> > > > > Jose A. "Tony" Alfaro // Application Systems Administrator
> > > > > ViaSat, Inc.
> > > > > Email : jose.alfaro@viasat.com<ma...@viasat.com>
> > > > > desk : 720.568.3061
> > > > > mobile: 720.467.9481
> > > > >
> > > >
> > > >
> > >
> >
>
Re: How to setup user authentication for the WebUI?
Posted by Kristine Hahn <kh...@maprtech.com>.
Fixed:
https://drill.apache.org/docs/configuring-web-console-and-rest-api-security/
is the correct URL to the page.
https://drill.apache.org/docs/configuring-web-ui-and-rest-api-security/ is
an obsolete url and is now not found.
Kristine Hahn
Sr. Technical Writer
415-497-8107 @krishahn skype:krishahn
On Thu, Nov 12, 2015 at 11:02 AM, Jacques Nadeau <ja...@dremio.com> wrote:
> There is a lot of confusion here. I'll try to clear it up a little bit:
>
> - Apache Drill 1.2 does not support web authentication. The Apache Drill
> docs incorrectly state that it does. (it sounds like maybe Kristine is
> saying these will be fixed shortly)
> - MapR has released their own version of Drill that does include web
> authentication.
>
>
>
>
>
> --
> Jacques Nadeau
> CTO and Co-Founder, Dremio
>
> On Thu, Nov 12, 2015 at 10:27 AM, Kristine Hahn <kh...@maprtech.com>
> wrote:
>
> > The doc link Andries mentioned is an obsolete cached version that should
> > have been (and will be) removed. Please see the recently clarified
> (thanks
> > Andries!) MapR docs for Web Console security info:
> >
> > http://doc.mapr.com/display/MapR/Starting+the+Web+Console
> >
> >
> http://doc.mapr.com/display/MapR/Configuring+Web+Console+and+REST+API+Security
> >
> > Kristine Hahn
> > Sr. Technical Writer
> > 415-497-8107 @krishahn skype:krishahn
> >
> >
> > On Thu, Nov 12, 2015 at 8:06 AM, Andries Engelbrecht <
> > aengelbrecht@maprtech.com> wrote:
> >
> > > Try looking at this page
> > >
> https://drill.apache.org/docs/configuring-web-ui-and-rest-api-security/
> > <
> > >
> https://drill.apache.org/docs/configuring-web-ui-and-rest-api-security/>
> > >
> > > I didn't set the http settings you list in drill-override.conf,
> instead i
> > > added this to drill-env.sh
> > > export DRILL_JAVA_OPTS="$DRILL_JAVA_OPTS
> > > -Ddrill.exec.http.ssl_enabled=true"
> > >
> > > Also make sure to add some admin users and groups.
> > > 1. alter system set `security.admin.users`='admin1,admin2,...';
> > > 2. alter system set `security.admin.user_groups`='admingroup'; and add
> > > users to the group.
> > >
> > >
> > > --Andries
> > >
> > >
> > > > On Nov 12, 2015, at 7:44 AM, Alfaro, Tony <Jo...@viasat.com>
> > > wrote:
> > > >
> > > > I've done as the documentation said and installed jpam, user auth
> works
> > > with the command line access tools (bin/drill-conf -n user -p pass),
> but
> > > the webui's don't show a login page, only the data for number of drill
> > > bits, the hostnames for each bit, the port addresses, and direct memory
> > > numbers. The drill-env.sh file contains the path declaration for jpam
> as
> > > /opt/pam/ (where it was installed) and the drill-override.conf has the
> > > following drill.exec section:
> > > >
> > > > drill.exec: {
> > > > cluster-id: "clusterid",
> > > > zk.connect: "node01:2181,node02:2181,node03:2181"
> > > > security.user.auth {
> > > > enabled: true,
> > > > packages += "org.apache.drill.exec.rpc.user.security",
> > > > impl: "pam",
> > > > pam_profiles: [ "sudo", "login" ]
> > > > }
> > > > http: {
> > > > enabled: true,
> > > > ssl_enabled: true,
> > > > port: 8047
> > > > },
> > > > }
> > > >
> > > > Is there something obvious I'm missing to get the user login page to
> > > show?
> > > >
> > > > Jose A. "Tony" Alfaro // Application Systems Administrator
> > > > ViaSat, Inc.
> > > > Email : jose.alfaro@viasat.com<ma...@viasat.com>
> > > > desk : 720.568.3061
> > > > mobile: 720.467.9481
> > > >
> > >
> > >
> >
>
Re: How to setup user authentication for the WebUI?
Posted by Jacques Nadeau <ja...@dremio.com>.
There is a lot of confusion here. I'll try to clear it up a little bit:
- Apache Drill 1.2 does not support web authentication. The Apache Drill
docs incorrectly state that it does. (it sounds like maybe Kristine is
saying these will be fixed shortly)
- MapR has released their own version of Drill that does include web
authentication.
--
Jacques Nadeau
CTO and Co-Founder, Dremio
On Thu, Nov 12, 2015 at 10:27 AM, Kristine Hahn <kh...@maprtech.com> wrote:
> The doc link Andries mentioned is an obsolete cached version that should
> have been (and will be) removed. Please see the recently clarified (thanks
> Andries!) MapR docs for Web Console security info:
>
> http://doc.mapr.com/display/MapR/Starting+the+Web+Console
>
> http://doc.mapr.com/display/MapR/Configuring+Web+Console+and+REST+API+Security
>
> Kristine Hahn
> Sr. Technical Writer
> 415-497-8107 @krishahn skype:krishahn
>
>
> On Thu, Nov 12, 2015 at 8:06 AM, Andries Engelbrecht <
> aengelbrecht@maprtech.com> wrote:
>
> > Try looking at this page
> > https://drill.apache.org/docs/configuring-web-ui-and-rest-api-security/
> <
> > https://drill.apache.org/docs/configuring-web-ui-and-rest-api-security/>
> >
> > I didn't set the http settings you list in drill-override.conf, instead i
> > added this to drill-env.sh
> > export DRILL_JAVA_OPTS="$DRILL_JAVA_OPTS
> > -Ddrill.exec.http.ssl_enabled=true"
> >
> > Also make sure to add some admin users and groups.
> > 1. alter system set `security.admin.users`='admin1,admin2,...';
> > 2. alter system set `security.admin.user_groups`='admingroup'; and add
> > users to the group.
> >
> >
> > --Andries
> >
> >
> > > On Nov 12, 2015, at 7:44 AM, Alfaro, Tony <Jo...@viasat.com>
> > wrote:
> > >
> > > I've done as the documentation said and installed jpam, user auth works
> > with the command line access tools (bin/drill-conf -n user -p pass), but
> > the webui's don't show a login page, only the data for number of drill
> > bits, the hostnames for each bit, the port addresses, and direct memory
> > numbers. The drill-env.sh file contains the path declaration for jpam as
> > /opt/pam/ (where it was installed) and the drill-override.conf has the
> > following drill.exec section:
> > >
> > > drill.exec: {
> > > cluster-id: "clusterid",
> > > zk.connect: "node01:2181,node02:2181,node03:2181"
> > > security.user.auth {
> > > enabled: true,
> > > packages += "org.apache.drill.exec.rpc.user.security",
> > > impl: "pam",
> > > pam_profiles: [ "sudo", "login" ]
> > > }
> > > http: {
> > > enabled: true,
> > > ssl_enabled: true,
> > > port: 8047
> > > },
> > > }
> > >
> > > Is there something obvious I'm missing to get the user login page to
> > show?
> > >
> > > Jose A. "Tony" Alfaro // Application Systems Administrator
> > > ViaSat, Inc.
> > > Email : jose.alfaro@viasat.com<ma...@viasat.com>
> > > desk : 720.568.3061
> > > mobile: 720.467.9481
> > >
> >
> >
>
Re: How to setup user authentication for the WebUI?
Posted by Kristine Hahn <kh...@maprtech.com>.
The doc link Andries mentioned is an obsolete cached version that should
have been (and will be) removed. Please see the recently clarified (thanks
Andries!) MapR docs for Web Console security info:
http://doc.mapr.com/display/MapR/Starting+the+Web+Console
http://doc.mapr.com/display/MapR/Configuring+Web+Console+and+REST+API+Security
Kristine Hahn
Sr. Technical Writer
415-497-8107 @krishahn skype:krishahn
On Thu, Nov 12, 2015 at 8:06 AM, Andries Engelbrecht <
aengelbrecht@maprtech.com> wrote:
> Try looking at this page
> https://drill.apache.org/docs/configuring-web-ui-and-rest-api-security/ <
> https://drill.apache.org/docs/configuring-web-ui-and-rest-api-security/>
>
> I didn't set the http settings you list in drill-override.conf, instead i
> added this to drill-env.sh
> export DRILL_JAVA_OPTS="$DRILL_JAVA_OPTS
> -Ddrill.exec.http.ssl_enabled=true"
>
> Also make sure to add some admin users and groups.
> 1. alter system set `security.admin.users`='admin1,admin2,...';
> 2. alter system set `security.admin.user_groups`='admingroup'; and add
> users to the group.
>
>
> --Andries
>
>
> > On Nov 12, 2015, at 7:44 AM, Alfaro, Tony <Jo...@viasat.com>
> wrote:
> >
> > I've done as the documentation said and installed jpam, user auth works
> with the command line access tools (bin/drill-conf -n user -p pass), but
> the webui's don't show a login page, only the data for number of drill
> bits, the hostnames for each bit, the port addresses, and direct memory
> numbers. The drill-env.sh file contains the path declaration for jpam as
> /opt/pam/ (where it was installed) and the drill-override.conf has the
> following drill.exec section:
> >
> > drill.exec: {
> > cluster-id: "clusterid",
> > zk.connect: "node01:2181,node02:2181,node03:2181"
> > security.user.auth {
> > enabled: true,
> > packages += "org.apache.drill.exec.rpc.user.security",
> > impl: "pam",
> > pam_profiles: [ "sudo", "login" ]
> > }
> > http: {
> > enabled: true,
> > ssl_enabled: true,
> > port: 8047
> > },
> > }
> >
> > Is there something obvious I'm missing to get the user login page to
> show?
> >
> > Jose A. "Tony" Alfaro // Application Systems Administrator
> > ViaSat, Inc.
> > Email : jose.alfaro@viasat.com<ma...@viasat.com>
> > desk : 720.568.3061
> > mobile: 720.467.9481
> >
>
>
RE: How to setup user authentication for the WebUI?
Posted by Kevin Verhoeven <Ke...@ds-iq.com>.
I have the same problem, using Ubuntu 14.04 and Drill 1.2.0. After following the instructions I am not offered a way to authenticate on the Web UI. The problem is when I run a query using the Web UI I receive the following error: org.apache.drill.exec.rpc.RpcException: HANDSHAKE_VALIDATION : Status: AUTH_FAILED.
I found a Drill Bug report in Jira that might cover this problem, hopefully this is fixed soon: https://issues.apache.org/jira/browse/DRILL-3201
Kevin
-----Original Message-----
From: Alfaro, Tony [mailto:Jose.Alfaro@viasat.com]
Sent: Thursday, November 12, 2015 8:25 AM
To: user@drill.apache.org
Subject: RE: How to setup user authentication for the WebUI?
Andries -
Thanks, that's the exact page I was following when I first tried to set it up.
drill-env.sh:
DRILL_MAX_DIRECT_MEMORY="8G"
DRILL_HEAP="4G"
export DRILL_JAVA_OPTS="-Xms$DRILL_HEAP -Xmx$DRILL_HEAP -XX:MaxDirectMemorySize=$DRILL_MAX_DIRECT_MEMORY -XX:MaxPermSize=512M -XX:ReservedCodeCacheSize=1G -Ddrill.exec.enable-epoll=true -Djava.library.path=/opt/pam/ -Ddrill.exec.http.ssl_enabled=true"
export SERVER_GC_OPTS="-XX:+CMSClassUnloadingEnabled -XX:+UseG1GC "
drill-override.conf:
drill.exec: {
cluster-id: "clusterid",
zk.connect: "node01:2181,node02:2181,node03:2181"
security.user.auth {
enabled: true,
packages += "org.apache.drill.exec.rpc.user.security",
impl: "pam",
pam_profiles: [ "sudo", "login" ]
}
http: {
enabled: true,
ssl_enabled: true,
port: 8047
},
}
I also set the users and user_groups in sys.options:
0: jdbc:drill:> select * from sys.options WHERE type = 'SYSTEM' and name like 'security%';
+-----------------------------+---------+---------+----------+----------+------------------------+-----------+------------+
| name | kind | type | status | num_val | string_val | bool_val | float_val |
+-----------------------------+---------+---------+----------+----------+------------------------+-----------+------------+
| security.admin.user_groups | STRING | SYSTEM | CHANGED | null | jon.snow,emerson.wang | null | null |
| security.admin.users | STRING | SYSTEM | CHANGED | null | jon.snow,emerson.wang | null | null |
+-----------------------------+---------+---------+----------+----------+------------------------+-----------+------------+
2 rows selected (0.256 seconds)
Jose A. "Tony" Alfaro // Application Systems Administrator ViaSat, Inc.
Email : jose.alfaro@viasat.com
desk : 720.568.3061
mobile: 720.467.9481
-----Original Message-----
From: Andries Engelbrecht [mailto:aengelbrecht@maprtech.com]
Sent: Thursday, November 12, 2015 9:07 AM
To: user@drill.apache.org
Subject: Re: How to setup user authentication for the WebUI?
Try looking at this page
https://urldefense.proofpoint.com/v2/url?u=https-3A__drill.apache.org_docs_configuring-2Dweb-2Dui-2Dand-2Drest-2Dapi-2Dsecurity_&d=BQIFAg&c=jcv3orpCsv7C4ly8-ubDob57ycZ4jvhoYZNDBA06fPk&r=aFp43i9OHbKPAwg9pA572ji1Jcjj2xwJK3bO-qY8f3U&m=G5gaSyt7huoRxcZzJWvU-tNUvfbntKY-fdkIDywmqf8&s=13BTcwnaq8_z8_FIxVwSEimkAaZQ9uiZ-V-e02w1758&e= <https://urldefense.proofpoint.com/v2/url?u=https-3A__drill.apache.org_docs_configuring-2Dweb-2Dui-2Dand-2Drest-2Dapi-2Dsecurity_&d=BQIFAg&c=jcv3orpCsv7C4ly8-ubDob57ycZ4jvhoYZNDBA06fPk&r=aFp43i9OHbKPAwg9pA572ji1Jcjj2xwJK3bO-qY8f3U&m=G5gaSyt7huoRxcZzJWvU-tNUvfbntKY-fdkIDywmqf8&s=13BTcwnaq8_z8_FIxVwSEimkAaZQ9uiZ-V-e02w1758&e= >
I didn't set the http settings you list in drill-override.conf, instead i added this to drill-env.sh export DRILL_JAVA_OPTS="$DRILL_JAVA_OPTS -Ddrill.exec.http.ssl_enabled=true"
Also make sure to add some admin users and groups.
1. alter system set `security.admin.users`='admin1,admin2,...';
2. alter system set `security.admin.user_groups`='admingroup'; and add users to the group.
--Andries
> On Nov 12, 2015, at 7:44 AM, Alfaro, Tony <Jo...@viasat.com> wrote:
>
> I've done as the documentation said and installed jpam, user auth works with the command line access tools (bin/drill-conf -n user -p pass), but the webui's don't show a login page, only the data for number of drill bits, the hostnames for each bit, the port addresses, and direct memory numbers. The drill-env.sh file contains the path declaration for jpam as /opt/pam/ (where it was installed) and the drill-override.conf has the following drill.exec section:
>
> drill.exec: {
> cluster-id: "clusterid",
> zk.connect: "node01:2181,node02:2181,node03:2181"
> security.user.auth {
> enabled: true,
> packages += "org.apache.drill.exec.rpc.user.security",
> impl: "pam",
> pam_profiles: [ "sudo", "login" ]
> }
> http: {
> enabled: true,
> ssl_enabled: true,
> port: 8047
> },
> }
>
> Is there something obvious I'm missing to get the user login page to show?
>
> Jose A. "Tony" Alfaro // Application Systems Administrator ViaSat,
> Inc.
> Email : jose.alfaro@viasat.com<ma...@viasat.com>
> desk : 720.568.3061
> mobile: 720.467.9481
>
RE: How to setup user authentication for the WebUI?
Posted by "Alfaro, Tony" <Jo...@viasat.com>.
Andries -
Thanks, that's the exact page I was following when I first tried to set it up.
drill-env.sh:
DRILL_MAX_DIRECT_MEMORY="8G"
DRILL_HEAP="4G"
export DRILL_JAVA_OPTS="-Xms$DRILL_HEAP -Xmx$DRILL_HEAP -XX:MaxDirectMemorySize=$DRILL_MAX_DIRECT_MEMORY -XX:MaxPermSize=512M -XX:ReservedCodeCacheSize=1G -Ddrill.exec.enable-epoll=true -Djava.library.path=/opt/pam/ -Ddrill.exec.http.ssl_enabled=true"
export SERVER_GC_OPTS="-XX:+CMSClassUnloadingEnabled -XX:+UseG1GC "
drill-override.conf:
drill.exec: {
cluster-id: "clusterid",
zk.connect: "node01:2181,node02:2181,node03:2181"
security.user.auth {
enabled: true,
packages += "org.apache.drill.exec.rpc.user.security",
impl: "pam",
pam_profiles: [ "sudo", "login" ]
}
http: {
enabled: true,
ssl_enabled: true,
port: 8047
},
}
I also set the users and user_groups in sys.options:
0: jdbc:drill:> select * from sys.options WHERE type = 'SYSTEM' and name like 'security%';
+-----------------------------+---------+---------+----------+----------+------------------------+-----------+------------+
| name | kind | type | status | num_val | string_val | bool_val | float_val |
+-----------------------------+---------+---------+----------+----------+------------------------+-----------+------------+
| security.admin.user_groups | STRING | SYSTEM | CHANGED | null | jon.snow,emerson.wang | null | null |
| security.admin.users | STRING | SYSTEM | CHANGED | null | jon.snow,emerson.wang | null | null |
+-----------------------------+---------+---------+----------+----------+------------------------+-----------+------------+
2 rows selected (0.256 seconds)
Jose A. "Tony" Alfaro // Application Systems Administrator
ViaSat, Inc.
Email : jose.alfaro@viasat.com
desk : 720.568.3061
mobile: 720.467.9481
-----Original Message-----
From: Andries Engelbrecht [mailto:aengelbrecht@maprtech.com]
Sent: Thursday, November 12, 2015 9:07 AM
To: user@drill.apache.org
Subject: Re: How to setup user authentication for the WebUI?
Try looking at this page
https://urldefense.proofpoint.com/v2/url?u=https-3A__drill.apache.org_docs_configuring-2Dweb-2Dui-2Dand-2Drest-2Dapi-2Dsecurity_&d=BQIFAg&c=jcv3orpCsv7C4ly8-ubDob57ycZ4jvhoYZNDBA06fPk&r=aFp43i9OHbKPAwg9pA572ji1Jcjj2xwJK3bO-qY8f3U&m=G5gaSyt7huoRxcZzJWvU-tNUvfbntKY-fdkIDywmqf8&s=13BTcwnaq8_z8_FIxVwSEimkAaZQ9uiZ-V-e02w1758&e= <https://urldefense.proofpoint.com/v2/url?u=https-3A__drill.apache.org_docs_configuring-2Dweb-2Dui-2Dand-2Drest-2Dapi-2Dsecurity_&d=BQIFAg&c=jcv3orpCsv7C4ly8-ubDob57ycZ4jvhoYZNDBA06fPk&r=aFp43i9OHbKPAwg9pA572ji1Jcjj2xwJK3bO-qY8f3U&m=G5gaSyt7huoRxcZzJWvU-tNUvfbntKY-fdkIDywmqf8&s=13BTcwnaq8_z8_FIxVwSEimkAaZQ9uiZ-V-e02w1758&e= >
I didn't set the http settings you list in drill-override.conf, instead i added this to drill-env.sh export DRILL_JAVA_OPTS="$DRILL_JAVA_OPTS -Ddrill.exec.http.ssl_enabled=true"
Also make sure to add some admin users and groups.
1. alter system set `security.admin.users`='admin1,admin2,...';
2. alter system set `security.admin.user_groups`='admingroup'; and add users to the group.
--Andries
> On Nov 12, 2015, at 7:44 AM, Alfaro, Tony <Jo...@viasat.com> wrote:
>
> I've done as the documentation said and installed jpam, user auth works with the command line access tools (bin/drill-conf -n user -p pass), but the webui's don't show a login page, only the data for number of drill bits, the hostnames for each bit, the port addresses, and direct memory numbers. The drill-env.sh file contains the path declaration for jpam as /opt/pam/ (where it was installed) and the drill-override.conf has the following drill.exec section:
>
> drill.exec: {
> cluster-id: "clusterid",
> zk.connect: "node01:2181,node02:2181,node03:2181"
> security.user.auth {
> enabled: true,
> packages += "org.apache.drill.exec.rpc.user.security",
> impl: "pam",
> pam_profiles: [ "sudo", "login" ]
> }
> http: {
> enabled: true,
> ssl_enabled: true,
> port: 8047
> },
> }
>
> Is there something obvious I'm missing to get the user login page to show?
>
> Jose A. "Tony" Alfaro // Application Systems Administrator ViaSat,
> Inc.
> Email : jose.alfaro@viasat.com<ma...@viasat.com>
> desk : 720.568.3061
> mobile: 720.467.9481
>
Re: How to setup user authentication for the WebUI?
Posted by Andries Engelbrecht <ae...@maprtech.com>.
Try looking at this page
https://drill.apache.org/docs/configuring-web-ui-and-rest-api-security/ <https://drill.apache.org/docs/configuring-web-ui-and-rest-api-security/>
I didn't set the http settings you list in drill-override.conf, instead i added this to drill-env.sh
export DRILL_JAVA_OPTS="$DRILL_JAVA_OPTS -Ddrill.exec.http.ssl_enabled=true"
Also make sure to add some admin users and groups.
1. alter system set `security.admin.users`='admin1,admin2,...';
2. alter system set `security.admin.user_groups`='admingroup'; and add users to the group.
--Andries
> On Nov 12, 2015, at 7:44 AM, Alfaro, Tony <Jo...@viasat.com> wrote:
>
> I've done as the documentation said and installed jpam, user auth works with the command line access tools (bin/drill-conf -n user -p pass), but the webui's don't show a login page, only the data for number of drill bits, the hostnames for each bit, the port addresses, and direct memory numbers. The drill-env.sh file contains the path declaration for jpam as /opt/pam/ (where it was installed) and the drill-override.conf has the following drill.exec section:
>
> drill.exec: {
> cluster-id: "clusterid",
> zk.connect: "node01:2181,node02:2181,node03:2181"
> security.user.auth {
> enabled: true,
> packages += "org.apache.drill.exec.rpc.user.security",
> impl: "pam",
> pam_profiles: [ "sudo", "login" ]
> }
> http: {
> enabled: true,
> ssl_enabled: true,
> port: 8047
> },
> }
>
> Is there something obvious I'm missing to get the user login page to show?
>
> Jose A. "Tony" Alfaro // Application Systems Administrator
> ViaSat, Inc.
> Email : jose.alfaro@viasat.com<ma...@viasat.com>
> desk : 720.568.3061
> mobile: 720.467.9481
>