ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <>
Subject [jira] [Commented] (AMBARI-9981) Ambari storm logviewer in secure mode doesn't work
Date Mon, 09 Mar 2015 13:27:38 GMT


Hudson commented on AMBARI-9981:

FAILURE: Integrated in Ambari-trunk-Commit #1981 (See [])
AMBARI-9981. Ambari storm logviewer in secure mode doesn't work  (rlevas) (rlevas:
* ambari-server/src/main/resources/common-services/STORM/

> Ambari storm logviewer in secure mode doesn't work
> --------------------------------------------------
>                 Key: AMBARI-9981
>                 URL:
>             Project: Ambari
>          Issue Type: Bug
>            Reporter: Robert Levas
>              Labels: kerberos
>         Attachments: AMBARI-9981_01.patch
> Storm logviewer uses the same UI.filter config thats being used for Storm UI.
> In secure mode storm UI uses SPENGO to authenticate user to access the UI.
> Similarly logviewer also does the same .
> But in Ambari 1.7 we advise user to create HTTP/storm-ui@REALM and this gets added to
> As this is bound to a host storm logviewers which are running one per supervisor won't
be able to use this key .
> Solution:
> There is a configuration problem in the {{/etc/storm/conf/storm.yaml}} file.  In particular
the issue is here:
> {code:title=/etc/storm/conf/storm.yaml:109}
> ui.filter.params:
>   "type": "kerberos"
>   "kerberos.principal": "HTTP/host-2.internal@EXAMPLE.COM"
>   "kerberos.keytab": "/etc/security/keytabs/spnego.service.keytab"
>   "": "DEFAULT"
> {code}
> The {{kerberos.principal}} value should be the SPNEGO principal for the localhost, not
the host where the UI server is running.  In this example, the localhost is *host-4.internal*
 so the {{kerberos.principal}} value should be *HTTP/host-4.internal@EXAMPLE.COM* not *HTTP/host-2.internal@EXAMPLE.COM*.
 The Storm UI server is running on *host-2.internal*
> The fix for this should be in the code around 
> {code:title=common-services/STORM/} 
>     _storm_ui_jaas_principal_name = config['configurations']['storm-env']['storm_ui_principal_name']
>     storm_ui_host = default("/clusterHostInfo/storm_ui_server_hosts", [])
>     storm_ui_jaas_principal = _storm_ui_jaas_principal_name.replace('_HOST',storm_ui_host[0].lower())
> {code}
> {{storm_ui_jaas_principal}} is then used in the template to build the storm.yaml file.

This message was sent by Atlassian JIRA

View raw message