Harsha, Thanks, I will open JIRA for the issue. For ACLs, I found the information from SimpleACLAuthorizer.java. and working on it.
Thanks, Raghavendra Nandagopal On Tue, Jul 15, 2014 at 8:39 AM, Harsha <[email protected]> wrote: > Raghav, > EXEC_CONF_DIR is a issue as we have to manually pass it while > building. > I think it should be part of storm.yaml and passed to worker-launcher as > an argument. > -Harsha > > On Mon, Jul 14, 2014, at 11:20 AM, Raghavendra Nandagopal wrote: > > Hi Bobby, > > I have couple of questions on Storm security configurations. > > > > 1) For providing the path to the file "worker-launcher.cfg", I modified > > the > > file worker-launcher.c and added the below line. > > > > EXEC_CONF_DIR = /etc > > > > Do we need to do this manually for setting storm security or is it done > > through any configuration parameter? > > > > 2) We have a set of users who will be authenticated through Kerberos and > > obtain the TGT. Although the user obtained the TGT, the user should not > > be > > authorized to submit/manage the topologies within the storm cluster. Do > > we > > have any kind of ACLs that can be set in Nimbus for a specific > > users/groups? > > > > Thanks, > > > > Raghavendra Nandagopal > > > > > > > > On Wed, Jul 9, 2014 at 8:42 AM, Bobby Evans <[email protected] > > > > wrote: > > > > > Great to hear, if you do have any more issue please feel free to reach > out > > > and I will do my best to answer them. > > > > > > - Bobby > > > > > > On 7/9/14, 6:03 AM, "Raghavendra Nandagopal" <[email protected]> > > > wrote: > > > > > > >Please ignore the above issue. I have resolved the issues with the > storm > > > >security setup. It is working fine. > > > > > > > >Thanks, > > > >Raghav > > > > > > > > > > > >On Tue, Jul 8, 2014 at 8:53 PM, Raghavendra Nandagopal < > > > >[email protected]> wrote: > > > > > > > >> Hi, > > > >> I am trying to setup storm security branch code. All the > services > > > >> (zookeeper, nimbus, supervisor, ui) are getting authenticated from > > > >> Kerberos. I did get into some issues with "worker-launcher" > executable > > > >> with permissions and set the binary permission to *4470. *Once the > > > >> permissions where set it didn't add any issues with the > worker-launcher > > > >> permissions. > > > >> > > > >> I am facing a new problem while submitting a topology, below is the > > > >> exception that is occurring in nimbus. The nimbus is getting > halted. > > > >>The > > > >> exception is thrown by zookeeper but couldn't figure out any trace > of > > > >>it. > > > >> Please let me know if you have come across the problem and any > > > >> configurations that needs to be taken care in Storm security branch. > > > >> > > > >> *java.lang.RuntimeException: > > > >> org.apache.zookeeper.KeeperException$NoAuthException: > KeeperErrorCode = > > > >> NoAuth for > > > >> > > > > >>/workerbeats/exclamation-topology-1-1404876382/db219ca4-da85-4c68-87c0-84 > > > >>734c9e89da-6703* > > > >> > > > >> Thanks, > > > >> > > > >> Raghav > > > >> > > > > > > >
