[
https://issues.apache.org/jira/browse/STORM-885?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14990433#comment-14990433
]
ASF GitHub Bot commented on STORM-885:
--------------------------------------
Github user revans2 commented on a diff in the pull request:
https://github.com/apache/storm/pull/838#discussion_r43940262
--- Diff: storm-core/src/jvm/backtype/storm/Config.java ---
@@ -752,6 +759,54 @@
public static final String UI_HTTPS_NEED_CLIENT_AUTH =
"ui.https.need.client.auth";
/**
+ * The host that Pacemaker is running on.
+ */
+ @isString
+ public static final String PACEMAKER_HOST = "pacemaker.host";
+
+ /**
+ * The port Pacemaker should run on. Clients should
+ * connect to this port to submit or read heartbeats.
+ */
+ @isNumber
+ @isPositiveNumber
+ public static final String PACEMAKER_PORT = "pacemaker.port";
+
+ /**
+ * The maximum number of threads that should be used by the Pacemaker.
+ * When Pacemaker gets loaded it will spawn new threads, up to
+ * this many total, to handle the load.
+ */
+ @isNumber
+ @isPositiveNumber
+ public static final String PACEMAKER_MAX_THREADS =
"pacemaker.max.threads";
+
+ /**
+ * This parameter is used by the storm-deploy project to configure the
+ * jvm options for the nimbus daemon.
+ */
+ @isString
+ public static final String PACEMAKER_CHILDOPTS = "pacemaker.childopts";
+
+ /**
+ * This should be one of "DIGEST", "KERBEROS", or "NONE"
+ * Determines the mode of authentication the pacemaker server and
client use.
+ * The client must either match the server, or be NONE. In the case of
NONE,
+ * no authentication is performed for the client, and if the server is
running with
+ * DIGEST or KERBEROS, the client can only write to the server (no
reads).
+ * This is intended to provide a primitive form of access-control.
+ */
+ @isString
+ public static final String PACEMAKER_AUTH_METHOD =
"pacemaker.auth.method";
+
+ /**
+ * These are the kerberos users who are authorized to read hearbeats
from
+ * Pacemaker.
+ */
+ @isStringList
+ public static final String PACEMAKER_KERBEROS_USERS =
"pacemaker.kerberos.users";
--- End diff --
Could we please rename this? We already have configs that indicate who the
supervisors are running as, and who admins are, I really would prefer to see a
config that indicates who nimbus is running as so it can be shared with other
things in the future, if we ever need them.
I would also like to see the authentication code refactored to look more
like what the regular thrift auth does with the request context and a pluggable
authorization mechanism. I don't see a reason to do it here, if the code
already works, but I would like to see it in a follow on JIRA.
> Heartbeat Server (Pacemaker)
> ----------------------------
>
> Key: STORM-885
> URL: https://issues.apache.org/jira/browse/STORM-885
> Project: Apache Storm
> Issue Type: Improvement
> Components: storm-core
> Reporter: Robert Joseph Evans
> Assignee: Kyle Nusbaum
>
> Large highly connected topologies and large clusters write a lot of data into
> ZooKeeper. The heartbeats, that make up the majority of this data, do not
> need to be persisted to disk. Pacemaker is intended to be a secure
> replacement for storing the heartbeats without changing anything within the
> heartbeats. In the future as more metrics are added in, we may want to look
> into switching it over to look more like Heron, where a metrics server is
> running for each node/topology. And can be used to aggregate/per-aggregate
> them in a more scalable manor.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
