drill-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bridg...@apache.org
Subject drill-site git commit: updates for 1.2
Date Thu, 17 Sep 2015 21:33:42 GMT
Repository: drill-site
Updated Branches:
  refs/heads/asf-site 540e0ed6b -> 5cd44b69b


updates for 1.2


Project: http://git-wip-us.apache.org/repos/asf/drill-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/drill-site/commit/5cd44b69
Tree: http://git-wip-us.apache.org/repos/asf/drill-site/tree/5cd44b69
Diff: http://git-wip-us.apache.org/repos/asf/drill-site/diff/5cd44b69

Branch: refs/heads/asf-site
Commit: 5cd44b69b676163237ac5078e4fc212a6e7707d7
Parents: 540e0ed
Author: Bridget Bevens <bbevens@maprtech.com>
Authored: Thu Sep 17 14:33:21 2015 -0700
Committer: Bridget Bevens <bbevens@maprtech.com>
Committed: Thu Sep 17 14:33:21 2015 -0700

----------------------------------------------------------------------
 docs/configuring-user-authentication/index.html |  15 +++++++++--
 .../index.html                                  |  26 +++----------------
 docs/img/query-flow-client.png                  | Bin 11366 -> 13094 bytes
 docs/img/web-ui-admin-view.png                  | Bin 45701 -> 45382 bytes
 docs/img/web-ui-user-view.png                   | Bin 47799 -> 47457 bytes
 docs/img/web-ui.png                             | Bin 43194 -> 42637 bytes
 docs/starting-the-web-console/index.html        |   6 ++---
 feed.xml                                        |   4 +--
 8 files changed, 22 insertions(+), 29 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/drill-site/blob/5cd44b69/docs/configuring-user-authentication/index.html
----------------------------------------------------------------------
diff --git a/docs/configuring-user-authentication/index.html b/docs/configuring-user-authentication/index.html
index 7104919..a83e2d0 100644
--- a/docs/configuring-user-authentication/index.html
+++ b/docs/configuring-user-authentication/index.html
@@ -993,11 +993,22 @@
 
 <p>When using PAM for authentication, each user that has permission to run Drill queries
must exist in the list of users that resides on each Drill node in the cluster. The username
(including uid) and password for each user must be identical across all of the Drill nodes.
</p>
 
-<p>If you use PAM with /etc/passwd for authentication, verify that the users with permission
to start the Drill process are part of the shadow user group on all nodes in the cluster.
This enables Drill to read the /etc/shadow file for authentication. </p>
+<p>If you use PAM with /etc/passwd for authentication, verify that the users with permission
to start the Drill process are part of the shadow user group on all nodes in the cluster.
This enables Drill to read the /etc/shadow file for authentication.  </p>
+
+<h2 id="administrator-privileges">Administrator Privileges</h2>
+
+<p>When authentication is enabled, only Drill users who are assigned Drill cluster
administrator privileges can perform the following tasks:</p>
+
+<ul>
+<li>Change a system-level option by issuing an ALTER SYSTEM command</li>
+<li>Update a storage plugin configuration through the REST API or Web Console</li>
+<li>View profiles of all queries that all users have run or are currently running in
a cluster</li>
+<li>Cancel running queries that were launched by any user in the cluster</li>
+</ul>
 
 <h2 id="user-authentication-process">User Authentication Process</h2>
 
-<p>When user authentication is configured, each user that accesses the Drillbit process
through a client, such as SQLLine, must provide their username and password for access. </p>
+<p>When user authentication is enabled, each user that accesses the Drillbit process
through a client, such as SQLLine, must provide their username and password for access. </p>
 
 <p>When launching SQLLine, a user must include the <code>–n</code> and
<code>–p</code> parameters with their username and password in the SQLLine argument:<br>
        <code>sqlline –u jdbc:drill:zk=10.10.11.112:5181 –n bob –p bobdrill</code></p>

http://git-wip-us.apache.org/repos/asf/drill-site/blob/5cd44b69/docs/configuring-web-console-and-rest-api-security/index.html
----------------------------------------------------------------------
diff --git a/docs/configuring-web-console-and-rest-api-security/index.html b/docs/configuring-web-console-and-rest-api-security/index.html
index f587abb..aebdb85 100644
--- a/docs/configuring-web-console-and-rest-api-security/index.html
+++ b/docs/configuring-web-console-and-rest-api-security/index.html
@@ -996,11 +996,11 @@ you can limit the access of certain users to Web Console functionality,
such as
 
 <p>Drill 1.2 uses the Linux Pluggable Authentication Module (PAM) and code-level support
for transport layer security (TLS) to secure the Web Console and REST API. By default, the
Web Console and REST API now support the HTTPS protocol.</p>
 
-<p>By default, Drill generates a self-signed certificate that works with SSL for HTTPS
access to the Web Console; however, as administrator, you can set up SSL to specify the keystore
or truststore, or both, for your organization, as described in the next section.</p>
+<p>By default, Drill generates a self-signed certificate that works with SSL for HTTPS
access to the Web Console. Because Drill uses a self-signed certificate, you see a warning
in the browser when you go to <code>https://&lt;node IP address&gt;:8047</code>.
The Chrome browser, for example, requires you to click <code>Advanced</code>,
and then <code>Proceed to &lt;address&gt; (unsafe)</code>.  If you have
a signed certificate by an authority, you can set up a custom SSL to avoid this warning. You
can set up SSL to specify the keystore or truststore, or both, for your organization, as described
in the next section.</p>
 
 <h2 id="setting-up-a-custom-ssl-configuration">Setting Up a Custom SSL Configuration</h2>
 
-<p>As cluster administrator, you can set the following SSL configuration parameters
at the JVM level through system properties, as described in the <a href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#Customization">Java
product documentation</a>:</p>
+<p>As cluster administrator, you can set the following SSL configuration parameters
at in the <code>conf/drill-override.conf</code> file, as described in the <a
href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#Customization">Java
product documentation</a>:</p>
 
 <ul>
 <li>javax.net.ssl.keyStore<br>
@@ -1031,10 +1031,10 @@ Optionally, you can set up Web Console administrator-user groups to
facilitate m
 <li>security.admin.users<br>
 Set the value of this option to a comma-separated list of user names who you want to give
administrator privileges, such as changing system options.<br></li>
 <li>security.admin.user_groups<br>
-Set the value of this option to a comma-separated list of administrators.</li>
+Set the value of this option to a comma-separated list of administrator groups.</li>
 </ul>
 
-<p>Any user for whom you have configured Drill user authentication, but not set up
as a Web Console administrator, has only user privileges to access the Web Console and REST
API client applications.</p>
+<p>Any user who is a member of any group listed in security.admin.user.groups is a
Drill cluster administrator. Any user for whom you have configured Drill user authentication,
but not set up as a Drill cluster administrator, has only user privileges to access the Web
Console and REST API client applications.</p>
 
 <h2 id="web-console-and-rest-api-privileges">Web Console and REST API Privileges</h2>
 
@@ -1293,24 +1293,6 @@ Set the value of this option to a comma-separated list of administrators.</li>
 <li>USER - cancel the query only if the query is launched by the user requesting the
cancellation.</li>
 </ul>
 
-<h2 id="starting-the-web-console-using-authentication">Starting the Web Console Using
Authentication</h2>
-
-<p>The following example shows the sequence of steps you typically perform to access
the Web Console when authentication is enabled on a Drill cluster.</p>
-
-<ol>
-<li>Set the JVM library path to the location of the PAM <code>.so</code>
file.<br>
-<code>export DRILLBIT_JAVA_OPTS=&quot; -Djava.library.path=/root/ &quot;</code><br></li>
-<li>Restart the Drillbit.<br>
-<code>[root@centos64-30143 apache-drill-1.2.0-SNAPSHOT]# ./bin/drillbit.sh restart</code><br></li>
-<li>Start the Drill Shell, using  a user name and password.<br>
-<code>bin/sqlline -u &quot;jdbc:drill:zk=10.10.30.146:5181&quot; -n joeadmin
-p mypwd</code><br></li>
-<li>Open a browser, and go to <code>https://&lt;IP address&gt;:8047</code>,
where IP address is the host name or IP address of one of the installed Drillbits in a distributed
system.<br>
-The login screen appears:<br></li>
-</ol>
-
-<p><img src="/docs/img/web-ui-login.png" alt="Web Console Login">
-5. <a href="/docs/starting-the-web-console/">Start the Web Console</a>.</p>
-
     
       
         <div class="doc-nav">

http://git-wip-us.apache.org/repos/asf/drill-site/blob/5cd44b69/docs/img/query-flow-client.png
----------------------------------------------------------------------
diff --git a/docs/img/query-flow-client.png b/docs/img/query-flow-client.png
index 0ae87fc..2aad204 100755
Binary files a/docs/img/query-flow-client.png and b/docs/img/query-flow-client.png differ

http://git-wip-us.apache.org/repos/asf/drill-site/blob/5cd44b69/docs/img/web-ui-admin-view.png
----------------------------------------------------------------------
diff --git a/docs/img/web-ui-admin-view.png b/docs/img/web-ui-admin-view.png
index fbdb709..b7d8657 100644
Binary files a/docs/img/web-ui-admin-view.png and b/docs/img/web-ui-admin-view.png differ

http://git-wip-us.apache.org/repos/asf/drill-site/blob/5cd44b69/docs/img/web-ui-user-view.png
----------------------------------------------------------------------
diff --git a/docs/img/web-ui-user-view.png b/docs/img/web-ui-user-view.png
index 0d75600..1f0dd10 100644
Binary files a/docs/img/web-ui-user-view.png and b/docs/img/web-ui-user-view.png differ

http://git-wip-us.apache.org/repos/asf/drill-site/blob/5cd44b69/docs/img/web-ui.png
----------------------------------------------------------------------
diff --git a/docs/img/web-ui.png b/docs/img/web-ui.png
index f68a135..2e14e1c 100644
Binary files a/docs/img/web-ui.png and b/docs/img/web-ui.png differ

http://git-wip-us.apache.org/repos/asf/drill-site/blob/5cd44b69/docs/starting-the-web-console/index.html
----------------------------------------------------------------------
diff --git a/docs/starting-the-web-console/index.html b/docs/starting-the-web-console/index.html
index d18367c..5fb1266 100644
--- a/docs/starting-the-web-console/index.html
+++ b/docs/starting-the-web-console/index.html
@@ -993,15 +993,15 @@
 
 <p><img src="/docs/img/web-ui.png" alt="Web Console"></p>
 
-<p>If user authentication is enabled, Drill 1.2 and later prompts you for a user name
and password:</p>
+<p>If <a href="/docs/configuring-user-authentication/">user authentication</a>
is enabled, Drill 1.2 and later prompts you for a user name and password:</p>
 
 <p><img src="/docs/img/web-ui-login.png" alt="Web Console Login"></p>
 
-<p>If an administrator logs in, all the Web Console controls appear: Query, Profiles,
Storage, Metrics, Threads, and Options.</p>
+<p>If an <a href="/docs/configuring-user-authentication/#administrator-privileges">administrator</a>
logs in, all the Web Console controls appear: Query, Profiles, Storage, Metrics, Threads,
and Options.</p>
 
 <p><img src="/docs/img/web-ui-admin-view.png" alt="Web Console Admin View"></p>
 
-<p>If a user, who is not an administrator, logs in, the Web Console controls are limited
to Query, Metrics, Threads controls, and possibly, Profiles. An administrator can give users
permission to access the Profiles control. Only administrators can see and use the Storage
control for managing storage plugin configurations.</p>
+<p>If a user, who is not an administrator, logs in, the Web Console controls are limited
to Query, Metrics, and Profiles. The Profiles page for a non-administrator user contains the
profiles of all queries the user issued either through ODBC, JDBC, or the Web Console. The
Profiles pages for administrators contains the profiles of all queries executed on a cluster.
Only administrators can see and use the Storage control for managing storage plugin configurations.</p>
 
 <p><img src="/docs/img/web-ui-user-view.png" alt="Web Console User View"></p>
 

http://git-wip-us.apache.org/repos/asf/drill-site/blob/5cd44b69/feed.xml
----------------------------------------------------------------------
diff --git a/feed.xml b/feed.xml
index 94f837c..6f60a3e 100644
--- a/feed.xml
+++ b/feed.xml
@@ -6,8 +6,8 @@
 </description>
     <link>/</link>
     <atom:link href="/feed.xml" rel="self" type="application/rss+xml"/>
-    <pubDate>Wed, 16 Sep 2015 17:21:00 -0700</pubDate>
-    <lastBuildDate>Wed, 16 Sep 2015 17:21:00 -0700</lastBuildDate>
+    <pubDate>Thu, 17 Sep 2015 14:28:08 -0700</pubDate>
+    <lastBuildDate>Thu, 17 Sep 2015 14:28:08 -0700</lastBuildDate>
     <generator>Jekyll v2.5.2</generator>
     
       <item>


Mime
View raw message