Configuring Storm for Kerberos Over Ambari
Also available as:
PDF

Dedicate or Use an Existing Gateway Node

To dedicate or use an existing gateway node (edge node):

  1. Install the storm package on the node:

    sudo yum install storm_<version>

    For example, for HDP 2.2:

    sudo yum install storm_2_2*

  2. Create a file at /etc/storm/conf/client_jaas.conf, and add the following entry to it:

    StormClient {
        com.sun.security.auth.module.Krb5LoginModule required
        useTicketCache=true
        renewTicket=true
        serviceName="nimbus"
        };
  3. Add the following settings to the /etc/storm/conf/storm.yaml configuration file:

    nimbus.host: <nimbus-host>
    nimbus.thrift.port: 6667
    java.security.auth.login.config: "/etc/storm/conf/client_jaas.conf"
    storm.thrift.transport: "backtype.storm.security.auth.kerberos.KerberosSaslTransportPlugin"

    where <nimbus-host> is the host that is running Nimbus.

    For example:

       nimbus.host: "c6401.ambari.apache.org"