Security
Also available as:
PDF
loading table of contents...

Cluster Component Configuration Updates

After you have enabled Kerberos, some cluster components require additional configuration updates.

Storm Configuration Changes

After kerborizing your cluster in Ambari, select the Storm Service, then Configs.

Replace the nimbus.impersonation.acl text:

{ {{storm_bare_jaas_principal}} : {hosts: ['*'], groups: ['*']}}

With this text:

{ {{storm_bare_jaas_principal}} : {hosts: ['*'], groups: ['*']}, 
streamline-$REPLACE_WITH_YOUR_CLUSTER_NAME_LOWER_CASE : 
{hosts: ['*'], groups: ['*']}}

Example

If your cluster name is STREAMANALYTICS, the updated nimbus.impersonation.acl is:

{ {{storm_bare_jaas_principal}} : {hosts: ['*'], groups: ['*']}, 
streamline-streamanalytics : 
{hosts: ['*'], groups: ['*']}}

After make this change, restart Storm. Then go into any Service Pools that are using this storm cluster and referesh them.

Druid Configuration Changes

Update the Druid property druid.hadoop.security.spnego.excludedPaths to the following value:

["/status", "/druid/worker/v1", "/druid/indexer/v1"]

HDFS Configuration Changes

If you are going to use the HDFS processor in your application in secure mode, add the following properties in the HDFS service under custom core-site.xml.

Property NameValue
hadoop.proxyuser.$principal_you_configured_in_sam_app_settings.groups*
hadoop.proxyuser.$principal_you_configured_in_sam_app_settings.hosts*

Example

In SAM, you have configured the following principal and keytab under Application Settings:

The configuration for the 2 HDF properties is:

hadoop.proxyuser.storm-streamanalytics.hosts=*
hadoop.proxyuser.storm-streamanalytics.groups=*

HBase Configuration

In the HBase service, under custom hbase-site.xml add the following properties

  • hbase.thrift.support.proxyuser=true

  • hbase.regionserver.thrift.http=true

In HDFS service, add the following under custom core-site.xm

  • hadoop.proxyuser.streamline-streamanalytics.hosts=*

  • hadoop.proxyuser.streamline-streamanalytics.groups=*