Cluster Component Configuration Updates
After you have enabled Kerberos, some cluster components require additional configuration updates.
Storm Configuration Changes
After kerborizing your cluster in Ambari, select the Storm Service, then Configs.
Replace the nimbus.impersonation.acl text:
{ {{storm_bare_jaas_principal}} : {hosts: ['*'], groups: ['*']}}With this text:
{ {{storm_bare_jaas_principal}} : {hosts: ['*'], groups: ['*']},
streamline-$REPLACE_WITH_YOUR_CLUSTER_NAME_LOWER_CASE :
{hosts: ['*'], groups: ['*']}}Example
If your cluster name is STREAMANALYTICS, the updated
nimbus.impersonation.acl is:
{ {{storm_bare_jaas_principal}} : {hosts: ['*'], groups: ['*']},
streamline-streamanalytics :
{hosts: ['*'], groups: ['*']}}After make this change, restart Storm. Then go into any Service Pools that are using this storm cluster and referesh them.
Druid Configuration Changes
Update the Druid property druid.hadoop.security.spnego.excludedPaths to the following value:
["/status", "/druid/worker/v1", "/druid/indexer/v1"]
HDFS Configuration Changes
If you are going to use the HDFS processor in your
application in secure mode, add the following properties in the HDFS service under
custom core-site.xml.
| Property Name | Value |
|---|---|
| hadoop.proxyuser.$principal_you_configured_in_sam_app_settings.groups | * |
| hadoop.proxyuser.$principal_you_configured_in_sam_app_settings.hosts | * |
Example
In SAM, you have configured the following principal and keytab under Application Settings:
The configuration for the 2 HDF properties is:
hadoop.proxyuser.storm-streamanalytics.hosts=* hadoop.proxyuser.storm-streamanalytics.groups=*
HBase Configuration
In the HBase service, under custom hbase-site.xml add the
following properties
hbase.thrift.support.proxyuser=true
hbase.regionserver.thrift.http=true
In HDFS service, add the following under custom core-site.xm
hadoop.proxyuser.streamline-streamanalytics.hosts=*
hadoop.proxyuser.streamline-streamanalytics.groups=*