You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@drill.apache.org by "Ibrahim Safieddine (JIRA)" <ji...@apache.org> on 2018/11/02 08:05:00 UTC
[jira] [Created] (DRILL-6827) Apache Drill 1.14 on a kerberized
Cloudera cluster (CDH 5.14).
Ibrahim Safieddine created DRILL-6827:
-----------------------------------------
Summary: Apache Drill 1.14 on a kerberized Cloudera cluster (CDH 5.14).
Key: DRILL-6827
URL: https://issues.apache.org/jira/browse/DRILL-6827
Project: Apache Drill
Issue Type: Bug
Components: Security
Affects Versions: 1.14.0
Environment: * Apache Drill 1.14
* Cloudera CDH 5.14
Reporter: Ibrahim Safieddine
Hello,
I'am using apache Drill 1.14 on a kerberized Cloudera cluster (CDH 5.14).
When I activate kerberos authentification, drill server refuse to start with error:
{color:#ff0000}_org.apache.drill.exec.exception.DrillbitStartupException: Authentication is enabled for WebServer but none of the security mechanism was configured properly. Please verify the configurations and try again._{color}
I can see in the logs that the kerberos authentification is ok:
[main] INFO o.a.d.exec.server.BootStrapContext - Process user name: 'root' and logged in successfully as 'tata/xx.yy.zz@XX.YY'
Can you help me please?
Based on the Apache Drill documentation, there is my conf/drill-override.conf:
drill.exec: {
cluster-id: "drillbits1",
zk.connect: "xx.yy.zz:2181",
service_name: "service1",
impersonation: {
enabled: true,
max_chained_user_hops: 3
},
security: {
user.auth.enabled:true,
auth.mechanisms:["KERBEROS"],
auth.principal:"tata/xx.yy.zz@XX.YY",
auth.keytab:"keytab1.keytab",
drill.exec.security.auth.auth_to_local:hive,
auth.realm: "XX.YY",
user.encryption.sasl.enabled: true,
user.encryption.sasl.max_wrapped_size: 65536
},
security.user.encryption.ssl: {
enabled: true,
keyPassword: "XXXXX",
handshakeTimeout: 10000,
provider: "JDK"
},
ssl: {
keyStorePath: "XXXXX",
keyStorePassword: "XXXXX",
trustStorePath: "XXXXX",
trustStorePassword: "XXXXX"
},
http: {
enabled: true,
auth.enabled: false,
auth.mechanisms: ["KERBEROS"],
ssl_enabled: true,
port: 8047
session_max_idle_secs: 3600, # Default value 1hr
cors: {
enabled: false,
allowedOrigins: ["null"],
allowedMethods: ["GET", "POST", "HEAD", "OPTIONS"],
allowedHeaders: ["X-Requested-With", "Content-Type", "Accept", "Origin"],
credentials: true
}
}
}
Thank you
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)