Configuring Authentication with Kerberos
Also available as:
PDF
loading table of contents...

Dedicate or Use an Existing Gateway Node

How to designate a storm client node using an existing gateway node (edge node).

  1. Install the storm package on the node: sudo yum install storm_<version>.
    For HDP 2.4: sudo yum install storm_2_4*
  2. Create a file at /etc/storm/conf/client_jaas.conf, and add the following entry to it:
    StormClient {
        com.sun.security.auth.module.Krb5LoginModule required
        useTicketCache=true
        renewTicket=true
        serviceName="nimbus"
        };
  3. Add the following settings to the /etc/storm/conf/storm.yaml configuration file:
    nimbus.seeds: <nimbus-host-array>
    nimbus.thrift.port: 6627
    java.security.auth.login.config: "/etc/storm/conf/client_jaas.conf"
    storm.thrift.transport: "org.apache.storm.security.auth.kerberos.KerberosSaslTransportPlugin"

    where <nimbus-host-array> is an array of hostnames running Nimbus. (The value should come from /etc/storm/conf/storm.yaml.)

    nimbus.seeds: ["c6401.ambari.apache.org", "c6402.ambari.apache.org"]