Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Welcome to the upgraded Community! Read this blog to see What’s New!
Solved Go to solution

Storm impersonation is not working. Appreciate any suggestions.

Labels:
avatar
rakanchi author-rank
Cloudera Employee

Created ‎06-30-2017 12:07 PM

When we submit Storm toplogy as any user, it always goes as strom user I guess impersonation is not happening.

676 Views
1 ACCEPTED SOLUTION

avatar
author-rank nyadav
Rising Star

Created ‎06-30-2017 12:50 PM

@rakanchi

You need to configure storm_jaas.conf with client properties, and pass to storm topology 

storm_jaas.conf 
StormClient { 
com.sun.security.auth.module.Krb5LoginModule required 
useKeyTab=true 
keyTab="/etc/security/keytabs/hdfs.headless.keytab" 
storeKey=true 
useTicketCache=false 
serviceName="nimbus" 
principal="hdfs@example.com"; 
}; 
Client { 
com.sun.security.auth.module.Krb5LoginModule required 
useKeyTab=true 
keyTab="/etc/security/keytabs/hdfs.headless.keytab" 
storeKey=true 
useTicketCache=false 
serviceName="zookeeper" 
principal="hdfs@example.com"; 
};

And pass jaas file with -c option

storm jar /usr/hdp/current/storm-client/contrib/storm-starter/storm-starter-*-jar-with-dependencies.jar storm.starter.WordCountTopology wordcount -c java.security.auth.login.config=/my/custom/jaas/path

Let me know if it helps!

View solution in original post

668 Views
0 Kudos
2 REPLIES 2

avatar
author-rank nyadav
Rising Star

Created ‎06-30-2017 12:50 PM

@rakanchi

You need to configure storm_jaas.conf with client properties, and pass to storm topology 

storm_jaas.conf 
StormClient { 
com.sun.security.auth.module.Krb5LoginModule required 
useKeyTab=true 
keyTab="/etc/security/keytabs/hdfs.headless.keytab" 
storeKey=true 
useTicketCache=false 
serviceName="nimbus" 
principal="hdfs@example.com"; 
}; 
Client { 
com.sun.security.auth.module.Krb5LoginModule required 
useKeyTab=true 
keyTab="/etc/security/keytabs/hdfs.headless.keytab" 
storeKey=true 
useTicketCache=false 
serviceName="zookeeper" 
principal="hdfs@example.com"; 
};

And pass jaas file with -c option

storm jar /usr/hdp/current/storm-client/contrib/storm-starter/storm-starter-*-jar-with-dependencies.jar storm.starter.WordCountTopology wordcount -c java.security.auth.login.config=/my/custom/jaas/path

Let me know if it helps!

669 Views
0 Kudos

avatar
rkandula author-rank
Cloudera Employee

Created ‎08-28-2017 09:55 PM

in your /home/<user>/.storm/storm.yaml file,need to specify following property

supervisor.run.worker.as.user : true

668 Views
0 Kudos
Announcements
Community Announcements
September 2023 Community Highlights
What's New @ Cloudera
Cloudera Streaming Analytics (CSA) 1.11 with support for Ice...
What's New @ Cloudera
Cloudera Operational Database (COD) supports creating an ope...
What's New @ Cloudera
Cloudera Operational Database (COD) is available as a Techni...
What's New @ Cloudera
Cloudera Operational Database (COD) has removed the COD_ON_G...
View More Announcements
Labels