Apache Drill 1.14 on a kerberized Cloudera cluster (CDH 5.14).

Hello,

 

I'am using apache Drill 1.14 on a kerberized Cloudera cluster (CDH 5.14).

 

When I activate kerberos authentification, drill server refuse to start with error:

org.apache.drill.exec.exception.DrillbitStartupException: Authentication is enabled for WebServer but none of the security mechanism was configured properly. Please verify the configurations and try again.

 

I can see in the logs that the kerberos authentification is ok: 
[main] INFO  o.a.d.exec.server.BootStrapContext - Process user name: 'root' and logged in successfully as 'tata/xx.yy.zz@XX.YY'
 
Can you help me please?

 

Based on the Apache Drill documentation, there is my conf/drill-override.conf:

 
drill.exec: {
  cluster-id: "drillbits1",
  zk.connect: "xx.yy.zz:2181",
  service_name: "service1",
  impersonation:

{     enabled: true,     max_chained_user_hops: 3   }

,
  security:

{     user.auth.enabled:true,     auth.mechanisms:["KERBEROS"],     auth.principal:"tata/xx.yy.zz@XX.YY",     auth.keytab:"keytab1.keytab",     drill.exec.security.auth.auth_to_local:hive,     auth.realm: "XX.YY",     user.encryption.sasl.enabled: true,     user.encryption.sasl.max_wrapped_size: 65536   }

,
  security.user.encryption.ssl:

{     enabled: true,     keyPassword: "XXXXX",     handshakeTimeout: 10000,     provider: "JDK"   }

,
  ssl:

{     keyStorePath: "XXXXX",     keyStorePassword: "XXXXX",     trustStorePath: "XXXXX",     trustStorePassword: "XXXXX"   }

,
  http: {
    enabled: true,
    auth.enabled: false,
    auth.mechanisms: ["KERBEROS"],
    ssl_enabled: true,
    port: 8047
    session_max_idle_secs: 3600, # Default value 1hr
    cors:

{       enabled: false,       allowedOrigins: ["null"],       allowedMethods: ["GET", "POST", "HEAD", "OPTIONS"],       allowedHeaders: ["X-Requested-With", "Content-Type", "Accept", "Origin"],       credentials: true     }

  }
}

Thank you