Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Storm impersonation is not working. Appreciate any suggestions.

Labels:
avatar
author-rank rakanchi author-rank
Contributor

Created ‎06-30-2017 12:07 PM

When we submit Storm toplogy as any user, it always goes as strom user I guess impersonation is not happening.

1,130 Views
1 ACCEPTED SOLUTION

avatar
author-rank nyadav
Expert Contributor

Created ‎06-30-2017 12:50 PM

@rakanchi

You need to configure storm_jaas.conf with client properties, and pass to storm topology 

storm_jaas.conf 
StormClient { 
com.sun.security.auth.module.Krb5LoginModule required 
useKeyTab=true 
keyTab="/etc/security/keytabs/hdfs.headless.keytab" 
storeKey=true 
useTicketCache=false 
serviceName="nimbus" 
principal="hdfs@example.com"; 
}; 
Client { 
com.sun.security.auth.module.Krb5LoginModule required 
useKeyTab=true 
keyTab="/etc/security/keytabs/hdfs.headless.keytab" 
storeKey=true 
useTicketCache=false 
serviceName="zookeeper" 
principal="hdfs@example.com"; 
};

And pass jaas file with -c option

storm jar /usr/hdp/current/storm-client/contrib/storm-starter/storm-starter-*-jar-with-dependencies.jar storm.starter.WordCountTopology wordcount -c java.security.auth.login.config=/my/custom/jaas/path

Let me know if it helps!

View solution in original post

1,122 Views
0 Kudos
2 REPLIES 2

avatar
author-rank nyadav
Expert Contributor

Created ‎06-30-2017 12:50 PM

@rakanchi

You need to configure storm_jaas.conf with client properties, and pass to storm topology 

storm_jaas.conf 
StormClient { 
com.sun.security.auth.module.Krb5LoginModule required 
useKeyTab=true 
keyTab="/etc/security/keytabs/hdfs.headless.keytab" 
storeKey=true 
useTicketCache=false 
serviceName="nimbus" 
principal="hdfs@example.com"; 
}; 
Client { 
com.sun.security.auth.module.Krb5LoginModule required 
useKeyTab=true 
keyTab="/etc/security/keytabs/hdfs.headless.keytab" 
storeKey=true 
useTicketCache=false 
serviceName="zookeeper" 
principal="hdfs@example.com"; 
};

And pass jaas file with -c option

storm jar /usr/hdp/current/storm-client/contrib/storm-starter/storm-starter-*-jar-with-dependencies.jar storm.starter.WordCountTopology wordcount -c java.security.auth.login.config=/my/custom/jaas/path

Let me know if it helps!

1,123 Views
0 Kudos

avatar
author-rank rkandula author-rank
Rising Star

Created ‎08-28-2017 09:55 PM

in your /home/<user>/.storm/storm.yaml file,need to specify following property

supervisor.run.worker.as.user : true

1,122 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements