Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

Storm impersonation is not working. Appreciate any suggestions.

Labels:
avatar
author-rank rakanchi author-rank
Contributor

Created ‎06-30-2017 12:07 PM

When we submit Storm toplogy as any user, it always goes as strom user I guess impersonation is not happening.

2,001 Views
1 ACCEPTED SOLUTION

avatar
author-rank nyadav
Expert Contributor

Created ‎06-30-2017 12:50 PM

@rakanchi

You need to configure storm_jaas.conf with client properties, and pass to storm topology 

storm_jaas.conf 
StormClient { 
com.sun.security.auth.module.Krb5LoginModule required 
useKeyTab=true 
keyTab="/etc/security/keytabs/hdfs.headless.keytab" 
storeKey=true 
useTicketCache=false 
serviceName="nimbus" 
principal="hdfs@example.com"; 
}; 
Client { 
com.sun.security.auth.module.Krb5LoginModule required 
useKeyTab=true 
keyTab="/etc/security/keytabs/hdfs.headless.keytab" 
storeKey=true 
useTicketCache=false 
serviceName="zookeeper" 
principal="hdfs@example.com"; 
};

And pass jaas file with -c option

storm jar /usr/hdp/current/storm-client/contrib/storm-starter/storm-starter-*-jar-with-dependencies.jar storm.starter.WordCountTopology wordcount -c java.security.auth.login.config=/my/custom/jaas/path

Let me know if it helps!

View solution in original post

1,993 Views
0 Kudos
2 REPLIES 2

avatar
author-rank nyadav
Expert Contributor

Created ‎06-30-2017 12:50 PM

@rakanchi

You need to configure storm_jaas.conf with client properties, and pass to storm topology 

storm_jaas.conf 
StormClient { 
com.sun.security.auth.module.Krb5LoginModule required 
useKeyTab=true 
keyTab="/etc/security/keytabs/hdfs.headless.keytab" 
storeKey=true 
useTicketCache=false 
serviceName="nimbus" 
principal="hdfs@example.com"; 
}; 
Client { 
com.sun.security.auth.module.Krb5LoginModule required 
useKeyTab=true 
keyTab="/etc/security/keytabs/hdfs.headless.keytab" 
storeKey=true 
useTicketCache=false 
serviceName="zookeeper" 
principal="hdfs@example.com"; 
};

And pass jaas file with -c option

storm jar /usr/hdp/current/storm-client/contrib/storm-starter/storm-starter-*-jar-with-dependencies.jar storm.starter.WordCountTopology wordcount -c java.security.auth.login.config=/my/custom/jaas/path

Let me know if it helps!

1,994 Views
0 Kudos

avatar
author-rank rkandula author-rank
Rising Star

Created ‎08-28-2017 09:55 PM

in your /home/<user>/.storm/storm.yaml file,need to specify following property

supervisor.run.worker.as.user : true

1,993 Views
0 Kudos
Announcements
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
What's New @ Cloudera
Announcing Cloudera Streaming Analytics Operator for Kuberne...
View More Announcements