1) Configure the Apache Storm UI
The first step is to follow the previous tutorial to deploy the Apache Kerby KDC, to configure Apache Zookeeper, and to download and deploy Apache Storm (sections 1-3). Note that there is a bug in Kerby that is not yet fixed in the 1.0.0 release that you might run in to when using curl (see below), depending on whether the MIT libraries are installed or not. In additional to the principals listed in the last post, the Kerby deployment test for Storm also contains a principal for the Storm UI (HTTPemail@example.com).
Now edit 'conf/storm.yaml' and add the following properties:
- ui.filter: "org.apache.hadoop.security.authentication.server.AuthenticationFilter"
- "type": "kerberos"
- "kerberos.principal": "HTTPfirstname.lastname@example.org"
- "kerberos.keytab": "/path.to.kerby.project/target/http.keytab"
- "kerberos.name.rules": "RULE:[2:$1@$0]([jt]t@.*EXAMPLE.COM)s/.*/$MAPRED_USER/ RULE:[2:$1@$0]([nd]n@.*EXAMPLE.COM)s/.*/$HDFS_USER/DEFAULT"
- bin/storm ui
We will invoke on the Storm UI REST API using "curl" on the command line. This can be done as follows:
- export KRB5_CONFIG=/path.to.kerby.project/target/krb5.conf
- kinit -k -t /path.to.kerby.project/target/alice.keytab alice
- curl --negotiate -u : -b ~/cookiejar.txt -c ~/cookiejar.txt http://localhost:8080/api/v1/cluster/configuration