Uploaded image for project: 'Apache Storm'
  1. Apache Storm
  2. STORM-633

Nimbus - HTTP Error 413 full HEAD if using kerberos authentication

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.9.3
    • Fix Version/s: 0.10.0
    • Component/s: storm-core
    • Labels:
      None

      Description

      When trying to access Nimbus that is kerberized, a HTTP 413 full HEAD error is received. This seems related to the issue outlined in HADOOP-8816.

      Setting the Jetty header buffer size with ring-jetty is outlined on Stackoverflow here: http://stackoverflow.com/questions/9285096/clojure-ring-using-the-ring-jetty-adapter-large-requests-give-me-a-413-full-h

      The setting could be exposed like the host as done in STORM-575.

        Issue Links

          Activity

          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user asfgit closed the pull request at:

          https://github.com/apache/storm/pull/393

          Show
          githubbot ASF GitHub Bot added a comment - Github user asfgit closed the pull request at: https://github.com/apache/storm/pull/393
          Hide
          githubbot ASF GitHub Bot added a comment -

          Github user ptgoetz commented on the pull request:

          https://github.com/apache/storm/pull/393#issuecomment-74160282

          +1 (since this is just a doc update, we probably don't need to wait for additional review)

          Show
          githubbot ASF GitHub Bot added a comment - Github user ptgoetz commented on the pull request: https://github.com/apache/storm/pull/393#issuecomment-74160282 +1 (since this is just a doc update, we probably don't need to wait for additional review)
          Hide
          githubbot ASF GitHub Bot added a comment -

          GitHub user harshach opened a pull request:

          https://github.com/apache/storm/pull/393

          STORM-633. Nimbus - HTTP Error 413 full HEAD if using kerberos authentication.

          You can merge this pull request into a Git repository by running:

          $ git pull https://github.com/harshach/incubator-storm STORM-633

          Alternatively you can review and apply these changes as the patch at:

          https://github.com/apache/storm/pull/393.patch

          To close this pull request, make a commit to your master/trunk branch
          with (at least) the following in the commit message:

          This closes #393


          commit ef85387299e48051abe2434a58adbd74376190e0
          Author: Sriharsha Chintalapani <mail@harsha.io>
          Date: 2015-01-22T23:04:35Z

          STORM-633. Nimbus - HTTP Error 413 full HEAD if using kerberos authentication.


          Show
          githubbot ASF GitHub Bot added a comment - GitHub user harshach opened a pull request: https://github.com/apache/storm/pull/393 STORM-633 . Nimbus - HTTP Error 413 full HEAD if using kerberos authentication. You can merge this pull request into a Git repository by running: $ git pull https://github.com/harshach/incubator-storm STORM-633 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/storm/pull/393.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #393 commit ef85387299e48051abe2434a58adbd74376190e0 Author: Sriharsha Chintalapani <mail@harsha.io> Date: 2015-01-22T23:04:35Z STORM-633 . Nimbus - HTTP Error 413 full HEAD if using kerberos authentication.
          Hide
          sriharsha Sriharsha Chintalapani added a comment -

          spoke to Adam Muise offline . In AD MIT kerberos setup the kerberos key size bigger than default jetty requestHeaderSize. This can be fixed by setting "ui.header.buffer.bytes" to 65536 . Will send a PR for SECURITY.md .

          Show
          sriharsha Sriharsha Chintalapani added a comment - spoke to Adam Muise offline . In AD MIT kerberos setup the kerberos key size bigger than default jetty requestHeaderSize. This can be fixed by setting "ui.header.buffer.bytes" to 65536 . Will send a PR for SECURITY.md .
          Hide
          amuise Adam Muise added a comment -

          Please note, we are using AD for Kerberos with an encryption type of arcfour-hmac.

          Show
          amuise Adam Muise added a comment - Please note, we are using AD for Kerberos with an encryption type of arcfour-hmac.
          Hide
          amuise Adam Muise added a comment - - edited

          Details on the 413 from a curl command local to the UI:

          curl -i --negotiate -u:edi_storm -b ~/cookiejar.txt -c ~/cookiejar.txt http://ac95edimstr02xxxxxx:8744/api/v1/cluster/summary

          HTTP/1.1 401 Authentication required
          Date: Wed, 21 Jan 2015 16:34:43 GMT
          WWW-Authenticate: Negotiate
          Set-Cookie: hadoop.auth=; Expires=Thu, 01-Jan-1970 00:00:00 GMT; HttpOnly
          Cache-Control: must-revalidate,no-cache,no-store
          Content-Type: text/html;charset=ISO-8859-1
          Content-Length: 1317
          Server: Jetty(7.6.13.v20130916)

          HTTP/1.1 413 FULL head
          Content-Length: 0
          Connection: close
          Server: Jetty(7.6.13.v20130916)

          And here is the exception in the ui.log from the 413:

          The offending header length comes from the Authorization property, it contains a long key.

          2015-01-19 08:38:45 o.a.h.s.a.s.AuthenticationFilter [WARN] Authentication exception: GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)
          org.apache.hadoop.security.authentication.client.AuthenticationException: GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)
          at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:360) ~[hadoop-auth-2.4.0.jar:na]
          at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:357) ~[hadoop-auth-2.4.0.jar:na]
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1291) [jetty-servlet-7.6.13.v20130916.jar:7.6.13.v20130916]
          at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:443) [jetty-servlet-7.6.13.v20130916.jar:7.6.13.v20130916]
          at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1044) [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
          at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:372) [jetty-servlet-7.6.13.v20130916.jar:7.6.13.v20130916]
          at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:978) [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
          at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
          at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
          at org.eclipse.jetty.server.Server.handle(Server.java:369) [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
          at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:486) [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
          at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:933) [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
          at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:995) [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
          at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644) [jetty-http-7.6.13.v20130916.jar:7.6.13.v20130916]
          at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) [jetty-http-7.6.13.v20130916.jar:7.6.13.v20130916]
          at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916]
          at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668) [jetty-io-7.6.13.v20130916.jar:7.6.13.v20130916]
          at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) [jetty-io-7.6.13.v20130916.jar:7.6.13.v20130916]
          at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) [jetty-util-7.6.13.v20130916.jar:7.6.13.v20130916]
          at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) [jetty-util-7.6.13.v20130916.jar:7.6.13.v20130916]
          at java.lang.Thread.run(Thread.java:745) [na:1.7.0_65]
          Caused by: org.ietf.jgss.GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)
          at sun.security.jgss.GSSHeader.<init>(GSSHeader.java:97) ~[na:1.7.0_65]
          at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:306) ~[na:1.7.0_65]
          at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) ~[na:1.7.0_65]
          at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:327) ~[hadoop-auth-2.4.0.jar:na]
          at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:309) ~[hadoop-auth-2.4.0.jar:na]
          at java.security.AccessController.doPrivileged(Native Method) ~[na:1.7.0_65]
          at javax.security.auth.Subject.doAs(Subject.java:415) ~[na:1.7.0_65]
          at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:309) ~[hadoop-auth-2.4.0.jar:na]
          ... 20 common frames omitted

          Show
          amuise Adam Muise added a comment - - edited Details on the 413 from a curl command local to the UI: curl -i --negotiate -u:edi_storm -b ~/cookiejar.txt -c ~/cookiejar.txt http://ac95edimstr02xxxxxx:8744/api/v1/cluster/summary HTTP/1.1 401 Authentication required Date: Wed, 21 Jan 2015 16:34:43 GMT WWW-Authenticate: Negotiate Set-Cookie: hadoop.auth=; Expires=Thu, 01-Jan-1970 00:00:00 GMT; HttpOnly Cache-Control: must-revalidate,no-cache,no-store Content-Type: text/html;charset=ISO-8859-1 Content-Length: 1317 Server: Jetty(7.6.13.v20130916) HTTP/1.1 413 FULL head Content-Length: 0 Connection: close Server: Jetty(7.6.13.v20130916) And here is the exception in the ui.log from the 413: The offending header length comes from the Authorization property, it contains a long key. 2015-01-19 08:38:45 o.a.h.s.a.s.AuthenticationFilter [WARN] Authentication exception: GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag) org.apache.hadoop.security.authentication.client.AuthenticationException: GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag) at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:360) ~ [hadoop-auth-2.4.0.jar:na] at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:357) ~ [hadoop-auth-2.4.0.jar:na] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1291) [jetty-servlet-7.6.13.v20130916.jar:7.6.13.v20130916] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:443) [jetty-servlet-7.6.13.v20130916.jar:7.6.13.v20130916] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1044) [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:372) [jetty-servlet-7.6.13.v20130916.jar:7.6.13.v20130916] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:978) [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916] at org.eclipse.jetty.server.Server.handle(Server.java:369) [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916] at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:486) [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916] at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:933) [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916] at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:995) [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916] at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644) [jetty-http-7.6.13.v20130916.jar:7.6.13.v20130916] at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) [jetty-http-7.6.13.v20130916.jar:7.6.13.v20130916] at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) [jetty-server-7.6.13.v20130916.jar:7.6.13.v20130916] at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668) [jetty-io-7.6.13.v20130916.jar:7.6.13.v20130916] at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) [jetty-io-7.6.13.v20130916.jar:7.6.13.v20130916] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) [jetty-util-7.6.13.v20130916.jar:7.6.13.v20130916] at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) [jetty-util-7.6.13.v20130916.jar:7.6.13.v20130916] at java.lang.Thread.run(Thread.java:745) [na:1.7.0_65] Caused by: org.ietf.jgss.GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag) at sun.security.jgss.GSSHeader.<init>(GSSHeader.java:97) ~ [na:1.7.0_65] at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:306) ~ [na:1.7.0_65] at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) ~ [na:1.7.0_65] at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:327) ~ [hadoop-auth-2.4.0.jar:na] at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:309) ~ [hadoop-auth-2.4.0.jar:na] at java.security.AccessController.doPrivileged(Native Method) ~ [na:1.7.0_65] at javax.security.auth.Subject.doAs(Subject.java:415) ~ [na:1.7.0_65] at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:309) ~ [hadoop-auth-2.4.0.jar:na] ... 20 common frames omitted
          Hide
          amuise Adam Muise added a comment - - edited

          Sri,
          Kevin and I are on the same cluster. Here is the cleansed storm.yaml:

          dev.zookeeper.path : '/tmp/dev-storm-zookeeper'
          drpc.childopts : '-Xmx768m -Djava.security.auth.login.config=/etc/storm/conf/storm_jaas.conf'
          drpc.invocations.port : 3773
          drpc.port : 3772
          drpc.queue.size : 128
          drpc.request.timeout.secs : 600
          drpc.worker.threads : 64
          java.library.path : '/usr/local/lib:/opt/local/lib:/usr/lib:/usr/hdp/current/storm-client/lib'
          logviewer.appender.name : 'A1'
          logviewer.childopts : '-Xmx128m -Djava.security.auth.login.config=/etc/storm/conf/storm_jaas.conf'
          logviewer.port : 8000
          nimbus.childopts : '-Xmx1024m -Djava.security.auth.login.config=/etc/storm/conf/storm_jaas.conf -javaagent:/usr/hdp/current/storm-nimbus/contrib/storm-jmxetric/lib/jmxetric-1.0.4.jar=host=ac95edimstr01xxxxxxx,port=8649,wireformat31x=true,mode=multicast,config=/usr/hdp/current/storm-nimbus/contrib/storm-jmxetric/conf/jmxetric-conf.xml,process=Nimbus_JVM -Djava.security.auth.login.config=/etc/storm/conf/storm_jaas.conf -Djava.security.auth.login.config=/etc/storm/conf/storm_jaas.conf'
          nimbus.cleanup.inbox.freq.secs : 600
          nimbus.file.copy.expiration.secs : 600
          nimbus.host : 'ac95edimstr02xxxxxxxxx'
          nimbus.inbox.jar.expiration.secs : 3600
          nimbus.monitor.freq.secs : 10
          nimbus.reassign : true
          nimbus.supervisor.timeout.secs : 60
          nimbus.task.launch.secs : 120
          nimbus.task.timeout.secs : 30
          nimbus.thrift.max_buffer_size : 1048576
          nimbus.thrift.port : 6627
          nimbus.topology.validator : 'backtype.storm.nimbus.DefaultTopologyValidator'
          storm.cluster.mode : 'distributed'
          storm.local.dir : '/opt/hadoop/storm'
          storm.local.mode.zmq : false
          storm.messaging.netty.buffer_size : 5242880
          storm.messaging.netty.client_worker_threads : 1
          storm.messaging.netty.max_retries : 30
          storm.messaging.netty.max_wait_ms : 1000
          storm.messaging.netty.min_wait_ms : 100
          storm.messaging.netty.server_worker_threads : 1
          storm.messaging.transport : 'backtype.storm.messaging.netty.Context'
          storm.zookeeper.connection.timeout : 15000
          storm.zookeeper.port : 2181
          storm.zookeeper.retry.interval : 1000
          storm.zookeeper.retry.intervalceiling.millis : 30000
          storm.zookeeper.retry.times : 5
          storm.zookeeper.root : '/storm'
          storm.zookeeper.servers : ['ac95edimstr01xxxxxx','ac95edimstr02xxxxxxx','ac95edidata01xxxxxxxx']
          storm.zookeeper.session.timeout : 20000
          supervisor.childopts : '-Xmx256m -Djava.security.auth.login.config=/etc/storm/conf/storm_jaas.conf -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.port=56431 -javaagent:/usr/hdp/current/storm-supervisor/contrib/storm-jmxetric/lib/jmxetric-1.0.4.jar=host=ac95edimstr01xxxxxxx,port=8650,wireformat31x=true,mode=multicast,config=/usr/hdp/current/storm-supervisor/contrib/storm-jmxetric/conf/jmxetric-conf.xml,process=Supervisor_JVM -Djava.security.auth.login.config=/etc/storm/conf/storm_jaas.conf -Djava.security.auth.login.config=/etc/storm/conf/storm_jaas.conf'
          supervisor.heartbeat.frequency.secs : 5
          supervisor.monitor.frequency.secs : 3
          supervisor.slots.ports : [6700, 6701]
          supervisor.worker.start.timeout.secs : 120
          supervisor.worker.timeout.secs : 30
          task.heartbeat.frequency.secs : 3
          task.refresh.poll.secs : 10
          topology.acker.executors : null
          topology.builtin.metrics.bucket.size.secs : 60
          topology.debug : false
          topology.disruptor.wait.strategy : 'com.lmax.disruptor.BlockingWaitStrategy'
          topology.enable.message.timeouts : true
          topology.error.throttle.interval.secs : 10
          topology.executor.receive.buffer.size : 1024
          topology.executor.send.buffer.size : 1024
          topology.fall.back.on.java.serialization : true
          topology.kryo.factory : 'backtype.storm.serialization.DefaultKryoFactory'
          topology.max.error.report.per.interval : 5
          topology.max.spout.pending : null
          topology.max.task.parallelism : null
          topology.message.timeout.secs : 30
          topology.optimize : true
          topology.receiver.buffer.size : 8
          topology.skip.missing.kryo.registrations : false
          topology.sleep.spout.wait.strategy.time.ms : 1
          topology.spout.wait.strategy : 'backtype.storm.spout.SleepSpoutWaitStrategy'
          topology.state.synchronization.timeout.secs : 60
          topology.stats.sample.rate : 0.05
          topology.tick.tuple.freq.secs : null
          topology.transfer.buffer.size : 1024
          topology.trident.batch.emit.interval.millis : 500
          topology.tuple.serializer : 'backtype.storm.serialization.types.ListDelegateSerializer'
          topology.worker.childopts : null
          topology.worker.shared.thread.pool.size : 4
          topology.workers : 1
          transactional.zookeeper.port : null
          transactional.zookeeper.root : '/transactional'
          transactional.zookeeper.servers : null
          ui.childopts : '-Xmx768m -Djava.security.auth.login.config=/etc/storm/conf/storm_jaas.conf -Dorg.eclipse.jetty.server.ssl.SslSocketConnector.requestHeaderSize=65535 -Djava.security.auth.login.config=/etc/storm/conf/storm_jaas.conf -Djava.security.auth.login.config=/etc/storm/conf/storm_jaas.conf'
          ui.port : 8744
          worker.childopts : '-Xmx768m -Djava.security.auth.login.config=/etc/storm/conf/storm_jaas.conf -javaagent:/usr/hdp/current/storm-client/contrib/storm-jmxetric/lib/jmxetric-1.0.4.jar=host=ac95edimstr01xxxxxxx,port=8650,wireformat31x=true,mode=multicast,config=/usr/hdp/current/storm-client/contrib/storm-jmxetric/conf/jmxetric-conf.xml,process=Worker_%ID%_JVM'
          worker.heartbeat.frequency.secs : 1
          zmq.hwm : 0
          zmq.linger.millis : 5000
          zmq.threads : 1

          storm.thrift.transport : "backtype.storm.security.auth.kerberos.KerberosSaslTransportPlugin"

          #

          1. Kerberos security section. For the reference please use: https://github.com/hortonworks/storm/blob/champlain/SECURITY.md for details
            #

          storm.principal.tolocal: "backtype.storm.security.auth.KerberosPrincipalToLocal"
          storm.zookeeper.superACL: "sasl:edi_storm"
          java.security.auth.login.config: "/etc/storm/conf/storm_jaas.conf"
          nimbus.admins:

          • "edi_storm"
            nimbus.supervisor.users:
          • "edi_storm"
            nimbus.authorizer: "backtype.storm.security.auth.authorizer.SimpleACLAuthorizer"
            drpc.authorizer: "backtype.storm.security.auth.authorizer.DRPCSimpleACLAuthorizer"

          ui.filter: "org.apache.hadoop.security.authentication.server.AuthenticationFilter"
          ui.filter.params:
          "type": "kerberos"
          "kerberos.principal": "HTTP/ac95edimstr02xxxxxxx@XXXXXX.ORG"
          "kerberos.keytab": "/opt/hadoop/keytabs/spnego.service.keytab"
          "kerberos.name.rules": "DEFAULT"
          supervisor.enable: true

          Show
          amuise Adam Muise added a comment - - edited Sri, Kevin and I are on the same cluster. Here is the cleansed storm.yaml: dev.zookeeper.path : '/tmp/dev-storm-zookeeper' drpc.childopts : '-Xmx768m -Djava.security.auth.login.config=/etc/storm/conf/storm_jaas.conf' drpc.invocations.port : 3773 drpc.port : 3772 drpc.queue.size : 128 drpc.request.timeout.secs : 600 drpc.worker.threads : 64 java.library.path : '/usr/local/lib:/opt/local/lib:/usr/lib:/usr/hdp/current/storm-client/lib' logviewer.appender.name : 'A1' logviewer.childopts : '-Xmx128m -Djava.security.auth.login.config=/etc/storm/conf/storm_jaas.conf' logviewer.port : 8000 nimbus.childopts : '-Xmx1024m -Djava.security.auth.login.config=/etc/storm/conf/storm_jaas.conf -javaagent:/usr/hdp/current/storm-nimbus/contrib/storm-jmxetric/lib/jmxetric-1.0.4.jar=host=ac95edimstr01xxxxxxx,port=8649,wireformat31x=true,mode=multicast,config=/usr/hdp/current/storm-nimbus/contrib/storm-jmxetric/conf/jmxetric-conf.xml,process=Nimbus_JVM -Djava.security.auth.login.config=/etc/storm/conf/storm_jaas.conf -Djava.security.auth.login.config=/etc/storm/conf/storm_jaas.conf' nimbus.cleanup.inbox.freq.secs : 600 nimbus.file.copy.expiration.secs : 600 nimbus.host : 'ac95edimstr02xxxxxxxxx' nimbus.inbox.jar.expiration.secs : 3600 nimbus.monitor.freq.secs : 10 nimbus.reassign : true nimbus.supervisor.timeout.secs : 60 nimbus.task.launch.secs : 120 nimbus.task.timeout.secs : 30 nimbus.thrift.max_buffer_size : 1048576 nimbus.thrift.port : 6627 nimbus.topology.validator : 'backtype.storm.nimbus.DefaultTopologyValidator' storm.cluster.mode : 'distributed' storm.local.dir : '/opt/hadoop/storm' storm.local.mode.zmq : false storm.messaging.netty.buffer_size : 5242880 storm.messaging.netty.client_worker_threads : 1 storm.messaging.netty.max_retries : 30 storm.messaging.netty.max_wait_ms : 1000 storm.messaging.netty.min_wait_ms : 100 storm.messaging.netty.server_worker_threads : 1 storm.messaging.transport : 'backtype.storm.messaging.netty.Context' storm.zookeeper.connection.timeout : 15000 storm.zookeeper.port : 2181 storm.zookeeper.retry.interval : 1000 storm.zookeeper.retry.intervalceiling.millis : 30000 storm.zookeeper.retry.times : 5 storm.zookeeper.root : '/storm' storm.zookeeper.servers : ['ac95edimstr01xxxxxx','ac95edimstr02xxxxxxx','ac95edidata01xxxxxxxx'] storm.zookeeper.session.timeout : 20000 supervisor.childopts : '-Xmx256m -Djava.security.auth.login.config=/etc/storm/conf/storm_jaas.conf -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.port=56431 -javaagent:/usr/hdp/current/storm-supervisor/contrib/storm-jmxetric/lib/jmxetric-1.0.4.jar=host=ac95edimstr01xxxxxxx,port=8650,wireformat31x=true,mode=multicast,config=/usr/hdp/current/storm-supervisor/contrib/storm-jmxetric/conf/jmxetric-conf.xml,process=Supervisor_JVM -Djava.security.auth.login.config=/etc/storm/conf/storm_jaas.conf -Djava.security.auth.login.config=/etc/storm/conf/storm_jaas.conf' supervisor.heartbeat.frequency.secs : 5 supervisor.monitor.frequency.secs : 3 supervisor.slots.ports : [6700, 6701] supervisor.worker.start.timeout.secs : 120 supervisor.worker.timeout.secs : 30 task.heartbeat.frequency.secs : 3 task.refresh.poll.secs : 10 topology.acker.executors : null topology.builtin.metrics.bucket.size.secs : 60 topology.debug : false topology.disruptor.wait.strategy : 'com.lmax.disruptor.BlockingWaitStrategy' topology.enable.message.timeouts : true topology.error.throttle.interval.secs : 10 topology.executor.receive.buffer.size : 1024 topology.executor.send.buffer.size : 1024 topology.fall.back.on.java.serialization : true topology.kryo.factory : 'backtype.storm.serialization.DefaultKryoFactory' topology.max.error.report.per.interval : 5 topology.max.spout.pending : null topology.max.task.parallelism : null topology.message.timeout.secs : 30 topology.optimize : true topology.receiver.buffer.size : 8 topology.skip.missing.kryo.registrations : false topology.sleep.spout.wait.strategy.time.ms : 1 topology.spout.wait.strategy : 'backtype.storm.spout.SleepSpoutWaitStrategy' topology.state.synchronization.timeout.secs : 60 topology.stats.sample.rate : 0.05 topology.tick.tuple.freq.secs : null topology.transfer.buffer.size : 1024 topology.trident.batch.emit.interval.millis : 500 topology.tuple.serializer : 'backtype.storm.serialization.types.ListDelegateSerializer' topology.worker.childopts : null topology.worker.shared.thread.pool.size : 4 topology.workers : 1 transactional.zookeeper.port : null transactional.zookeeper.root : '/transactional' transactional.zookeeper.servers : null ui.childopts : '-Xmx768m -Djava.security.auth.login.config=/etc/storm/conf/storm_jaas.conf -Dorg.eclipse.jetty.server.ssl.SslSocketConnector.requestHeaderSize=65535 -Djava.security.auth.login.config=/etc/storm/conf/storm_jaas.conf -Djava.security.auth.login.config=/etc/storm/conf/storm_jaas.conf' ui.port : 8744 worker.childopts : '-Xmx768m -Djava.security.auth.login.config=/etc/storm/conf/storm_jaas.conf -javaagent:/usr/hdp/current/storm-client/contrib/storm-jmxetric/lib/jmxetric-1.0.4.jar=host=ac95edimstr01xxxxxxx,port=8650,wireformat31x=true,mode=multicast,config=/usr/hdp/current/storm-client/contrib/storm-jmxetric/conf/jmxetric-conf.xml,process=Worker_%ID%_JVM' worker.heartbeat.frequency.secs : 1 zmq.hwm : 0 zmq.linger.millis : 5000 zmq.threads : 1 storm.thrift.transport : "backtype.storm.security.auth.kerberos.KerberosSaslTransportPlugin" # Kerberos security section. For the reference please use: https://github.com/hortonworks/storm/blob/champlain/SECURITY.md for details # storm.principal.tolocal: "backtype.storm.security.auth.KerberosPrincipalToLocal" storm.zookeeper.superACL: "sasl:edi_storm" java.security.auth.login.config: "/etc/storm/conf/storm_jaas.conf" nimbus.admins: "edi_storm" nimbus.supervisor.users: "edi_storm" nimbus.authorizer: "backtype.storm.security.auth.authorizer.SimpleACLAuthorizer" drpc.authorizer: "backtype.storm.security.auth.authorizer.DRPCSimpleACLAuthorizer" ui.filter: "org.apache.hadoop.security.authentication.server.AuthenticationFilter" ui.filter.params: "type": "kerberos" "kerberos.principal": "HTTP/ac95edimstr02xxxxxxx@XXXXXX.ORG" "kerberos.keytab": "/opt/hadoop/keytabs/spnego.service.keytab" "kerberos.name.rules": "DEFAULT" supervisor.enable: true
          Hide
          sriharsha Sriharsha Chintalapani added a comment -

          Kevin Risden Can you please share the details on how are you configuring storm UI. Storm.yaml would be helpful.

          Show
          sriharsha Sriharsha Chintalapani added a comment - Kevin Risden Can you please share the details on how are you configuring storm UI. Storm.yaml would be helpful.

            People

            • Assignee:
              sriharsha Sriharsha Chintalapani
              Reporter:
              risdenk Kevin Risden
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development