Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
Storm logviewer uses the same UI.filter config thats being used for Storm UI.
In secure mode storm UI uses SPENGO to authenticate user to access the UI.
Similarly logviewer also does the same .
But in Ambari 1.7 we advise user to create HTTP/storm-ui@REALM and this gets added to storm.yaml.
As this is bound to a host storm logviewers which are running one per supervisor won't be able to use this key .
Solution:
There is a configuration problem in the /etc/storm/conf/storm.yaml file. In particular the issue is here:
ui.filter.params: "type": "kerberos" "kerberos.principal": "HTTP/host-2.internal@EXAMPLE.COM" "kerberos.keytab": "/etc/security/keytabs/spnego.service.keytab" "kerberos.name.rules": "DEFAULT"
The kerberos.principal value should be the SPNEGO principal for the localhost, not the host where the UI server is running. In this example, the localhost is host-4.internal so the kerberos.principal value should be HTTP/host-4.internal@EXAMPLE.COM not HTTP/host-2.internal@EXAMPLE.COM. The Storm UI server is running on host-2.internal
The fix for this should be in the code around
_storm_ui_jaas_principal_name = config['configurations']['storm-env']['storm_ui_principal_name']
storm_ui_host = default("/clusterHostInfo/storm_ui_server_hosts", [])
storm_ui_jaas_principal = _storm_ui_jaas_principal_name.replace('_HOST',storm_ui_host[0].lower())
storm_ui_jaas_principal is then used in the template to build the storm.yaml file.
Attachments
Attachments
Issue Links
- links to
