You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Yusaku Sako (JIRA)" <ji...@apache.org> on 2015/09/15 00:19:46 UTC
[jira] [Updated] (AMBARI-9981) Ambari storm logviewer in secure
mode doesn't work
[ https://issues.apache.org/jira/browse/AMBARI-9981?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Yusaku Sako updated AMBARI-9981:
--------------------------------
Assignee: Robert Levas
> Ambari storm logviewer in secure mode doesn't work
> --------------------------------------------------
>
> Key: AMBARI-9981
> URL: https://issues.apache.org/jira/browse/AMBARI-9981
> Project: Ambari
> Issue Type: Bug
> Reporter: Robert Levas
> Assignee: Robert Levas
> Labels: kerberos
> Attachments: AMBARI-9981_01.patch
>
>
> Storm logviewer uses the same UI.filter config thats being used for Storm UI.
> In secure mode storm UI uses SPENGO to authenticate user to access the UI.
> Similarly logviewer also does the same .
> But in Ambari 1.7 we advise user to create HTTP/storm-ui@REALM and this gets added to storm.yaml.
> As this is bound to a host storm logviewers which are running one per supervisor won't be able to use this key .
> Solution:
> There is a configuration problem in the {{/etc/storm/conf/storm.yaml}} file. In particular the issue is here:
> {code:title=/etc/storm/conf/storm.yaml:109}
> ui.filter.params:
> "type": "kerberos"
> "kerberos.principal": "HTTP/host-2.internal@EXAMPLE.COM"
> "kerberos.keytab": "/etc/security/keytabs/spnego.service.keytab"
> "kerberos.name.rules": "DEFAULT"
> {code}
> The {{kerberos.principal}} value should be the SPNEGO principal for the localhost, not the host where the UI server is running. In this example, the localhost is *host-4.internal* so the {{kerberos.principal}} value should be *HTTP/host-4.internal@EXAMPLE.COM* not *HTTP/host-2.internal@EXAMPLE.COM*. The Storm UI server is running on *host-2.internal*
> The fix for this should be in the code around
> {code:title=common-services/STORM/0.9.1.2.1/package/scripts/params.py:103}
> _storm_ui_jaas_principal_name = config['configurations']['storm-env']['storm_ui_principal_name']
> storm_ui_host = default("/clusterHostInfo/storm_ui_server_hosts", [])
> storm_ui_jaas_principal = _storm_ui_jaas_principal_name.replace('_HOST',storm_ui_host[0].lower())
> {code}
> {{storm_ui_jaas_principal}} is then used in the template to build the storm.yaml file.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)