[
https://issues.apache.org/jira/browse/AMBARI-18892?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15897044#comment-15897044
]
Robert Levas commented on AMBARI-18892:
---------------------------------------
[~forestsissi]...
Looking a the Storm docs, it appears that the {{DRPC_SERVER}} and {{NIMBUS}}
should use the same Kerberos identity (principal and keytab), which is used in
the {{StormServer}} section of Storm's JAAS file. I do not see where
{{nimbus_drpc_principal_name}} is being using by Storm and there is no
reference to this new variable in Ambari's agent side scripts.
So, to accomplish this, rather than create a new Kerberos Identity, which
appears to not be used, create a reference to the {{NIMBUS}} identity
descriptor in the {{DRPC_SERVER}} section. Instead of
{code}
{
"name": "DRPC_SERVER",
"identities": [
{
"name": "nimbus_server",
"principal": {
"value": "nimbus/_HOST@${realm}",
"type": "service",
"configuration": "storm-env/nimbus_drpc_principal_name"
},
"keytab": {
"file": "${keytab_dir}/nimbus.service.keytab",
"owner": {
"name": "${storm-env/storm_user}",
"access": "r"
},
"group": {
"name": "${cluster-env/user_group}",
"access": ""
},
"configuration": "storm-env/nimbus_drpc_principal_name"
}
}
]
},
{code}
You can do
{code}
{
"name": "DRPC_SERVER",
"identities": [
{
"name": "dprc_server",
"reference": "/STORM/NIMBUS/nimbus_server"
}
]
},
{code}
> storm DRPC_SERVER kerberos configs duplicate
> ---------------------------------------------
>
> Key: AMBARI-18892
> URL: https://issues.apache.org/jira/browse/AMBARI-18892
> Project: Ambari
> Issue Type: Improvement
> Affects Versions: trunk, 2.4.1
> Reporter: wangyaoxin
> Assignee: wangyaoxin
> Fix For: trunk, 3.0.0
>
> Attachments: AMBARI-18892.patch, storm.png
>
>
> when ambari enables kerberos, add storm service ,nimbus_keytab and
> nimbus_principal_name will duplicate
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
