Configuring Storm for Kerberos Over Ambari
Also available as:
PDF

Chapter 3. Running Workers as Users

In Storm secure mode, workers can run as the user (owner of the topology) who deployed the topology. To enable, complete the following steps:

  1. (HDP 2.2 only) On all Storm nodes, change ownership of the conf directory from storm to root:

    sudo chown -R root:hadoop /etc/storm/conf

    This restricts access to the worker-launcher.cfg file in the conf directory. Users can still modify and update Storm configuration properties, because Ambari runs as root.

  2. Make sure all users who are going to deploy topologies have a UNIX account on all of the Storm nodes. Workers will run under the UNIX account for topologies deployed by the user.

    Example: For user testuser1 and principal testuser1/c6401.ambari.apache.org, make sure there is a corresponding testuser1 UNIX account.

  3. Add the following configuration under "Custom storm-site" in the Ambari Storm configuration screen:

    supervisor.run.worker.as.user : true

  4. Restart Storm components.