ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas" <>
Subject Review Request 31856: Ambari storm logviewer in secure mode doesn't work
Date Mon, 09 Mar 2015 09:54:40 GMT

This is an automatically generated e-mail. To reply, visit:

Review request for Ambari, Berta Vitaliya, Costel Radulescu, and Emil Anca.

Bugs: AMBARI-9981

Repository: ambari


Storm logviewer uses the same UI.filter config thats being used for Storm UI.
In secure mode storm UI uses SPENGO to authenticate user to access the UI.
Similarly logviewer also does the same .
But in Ambari 1.7 we advise user to create HTTP/storm-ui@REALM and this gets added to storm.yaml.
As this is bound to a host storm logviewers which are running one per supervisor won't be
able to use this key .

There is a configuration problem in the {{/etc/storm/conf/storm.yaml}} file.  In particular
the issue is here:
  "type": "kerberos"
  "kerberos.principal": "HTTP/host-2.internal@EXAMPLE.COM"
  "kerberos.keytab": "/etc/security/keytabs/spnego.service.keytab"
  "": "DEFAULT"

The `kerberos.principal` value should be the SPNEGO principal for the localhost, not the host
where the UI server is running.  In this example, the localhost is *host-4.internal*  so the
`kerberos.principal` value should be *HTTP/host-4.internal@EXAMPLE.COM* not *HTTP/host-2.internal@EXAMPLE.COM*.
 The Storm UI server is running on *host-2.internal*

The fix for this should be in the code around 

_storm_ui_jaas_principal_name = config['configurations']['storm-env']['storm_ui_principal_name']
    storm_ui_host = default("/clusterHostInfo/storm_ui_server_hosts", [])
    storm_ui_jaas_principal = _storm_ui_jaas_principal_name.replace('_HOST',storm_ui_host[0].lower())

`storm_ui_jaas_principal` is then used in the template to build the storm.yaml file.





#Jenkins test results: PENDING


Robert Levas

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message