You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@drill.apache.org by "Ibrahim Safieddine (JIRA)" <ji...@apache.org> on 2018/11/02 08:05:00 UTC

[jira] [Created] (DRILL-6827) Apache Drill 1.14 on a kerberized Cloudera cluster (CDH 5.14).

Ibrahim Safieddine created DRILL-6827:
-----------------------------------------

             Summary: Apache Drill 1.14 on a kerberized Cloudera cluster (CDH 5.14).
                 Key: DRILL-6827
                 URL: https://issues.apache.org/jira/browse/DRILL-6827
             Project: Apache Drill
          Issue Type: Bug
          Components: Security
    Affects Versions: 1.14.0
         Environment: * Apache Drill 1.14
 * Cloudera CDH 5.14
            Reporter: Ibrahim Safieddine


Hello,

 

I'am using apache Drill 1.14 on a kerberized Cloudera cluster (CDH 5.14).

 

When I activate kerberos authentification, drill server refuse to start with error:

{color:#ff0000}_org.apache.drill.exec.exception.DrillbitStartupException: Authentication is enabled for WebServer but none of the security mechanism was configured properly. Please verify the configurations and try again._{color}

 

I can see in the logs that the kerberos authentification is ok: 
[main] INFO  o.a.d.exec.server.BootStrapContext - Process user name: 'root' and logged in successfully as 'tata/xx.yy.zz@XX.YY'
 
Can you help me please?

 

Based on the Apache Drill documentation, there is my conf/drill-override.conf:

 
drill.exec: {
  cluster-id: "drillbits1",
  zk.connect: "xx.yy.zz:2181",
  service_name: "service1",
  impersonation: {
    enabled: true,
    max_chained_user_hops: 3
  },
  security: {
    user.auth.enabled:true,
    auth.mechanisms:["KERBEROS"],
    auth.principal:"tata/xx.yy.zz@XX.YY",
    auth.keytab:"keytab1.keytab",
    drill.exec.security.auth.auth_to_local:hive,
    auth.realm: "XX.YY",
    user.encryption.sasl.enabled: true,
    user.encryption.sasl.max_wrapped_size: 65536
  },
  security.user.encryption.ssl: {
    enabled: true,
    keyPassword: "XXXXX",
    handshakeTimeout: 10000,
    provider: "JDK"
  },
  ssl: {
    keyStorePath: "XXXXX",
    keyStorePassword: "XXXXX",
    trustStorePath: "XXXXX",
    trustStorePassword: "XXXXX"
  },
  http: {
    enabled: true,
    auth.enabled: false,
    auth.mechanisms: ["KERBEROS"],
    ssl_enabled: true,
    port: 8047
    session_max_idle_secs: 3600, # Default value 1hr
    cors: {
      enabled: false,
      allowedOrigins: ["null"],
      allowedMethods: ["GET", "POST", "HEAD", "OPTIONS"],
      allowedHeaders: ["X-Requested-With", "Content-Type", "Accept", "Origin"],
      credentials: true
    }
  }
}

 Thank you
 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)