I have the same problem, using Ubuntu 14.04 and Drill 1.2.0. After following the instructions I am not offered a way to authenticate on the Web UI. The problem is when I run a query using the Web UI I receive the following error: org.apache.drill.exec.rpc.RpcException: HANDSHAKE_VALIDATION : Status: AUTH_FAILED.
I found a Drill Bug report in Jira that might cover this problem, hopefully this is fixed soon: https://issues.apache.org/jira/browse/DRILL-3201 Kevin -----Original Message----- From: Alfaro, Tony [mailto:[email protected]] Sent: Thursday, November 12, 2015 8:25 AM To: [email protected] Subject: RE: How to setup user authentication for the WebUI? Andries - Thanks, that's the exact page I was following when I first tried to set it up. drill-env.sh: DRILL_MAX_DIRECT_MEMORY="8G" DRILL_HEAP="4G" export DRILL_JAVA_OPTS="-Xms$DRILL_HEAP -Xmx$DRILL_HEAP -XX:MaxDirectMemorySize=$DRILL_MAX_DIRECT_MEMORY -XX:MaxPermSize=512M -XX:ReservedCodeCacheSize=1G -Ddrill.exec.enable-epoll=true -Djava.library.path=/opt/pam/ -Ddrill.exec.http.ssl_enabled=true" export SERVER_GC_OPTS="-XX:+CMSClassUnloadingEnabled -XX:+UseG1GC " drill-override.conf: drill.exec: { cluster-id: "clusterid", zk.connect: "node01:2181,node02:2181,node03:2181" security.user.auth { enabled: true, packages += "org.apache.drill.exec.rpc.user.security", impl: "pam", pam_profiles: [ "sudo", "login" ] } http: { enabled: true, ssl_enabled: true, port: 8047 }, } I also set the users and user_groups in sys.options: 0: jdbc:drill:> select * from sys.options WHERE type = 'SYSTEM' and name like 'security%'; +-----------------------------+---------+---------+----------+----------+------------------------+-----------+------------+ | name | kind | type | status | num_val | string_val | bool_val | float_val | +-----------------------------+---------+---------+----------+----------+------------------------+-----------+------------+ | security.admin.user_groups | STRING | SYSTEM | CHANGED | null | jon.snow,emerson.wang | null | null | | security.admin.users | STRING | SYSTEM | CHANGED | null | jon.snow,emerson.wang | null | null | +-----------------------------+---------+---------+----------+----------+------------------------+-----------+------------+ 2 rows selected (0.256 seconds) Jose A. "Tony" Alfaro // Application Systems Administrator ViaSat, Inc. Email : [email protected] desk : 720.568.3061 mobile: 720.467.9481 -----Original Message----- From: Andries Engelbrecht [mailto:[email protected]] Sent: Thursday, November 12, 2015 9:07 AM To: [email protected] Subject: Re: How to setup user authentication for the WebUI? Try looking at this page https://urldefense.proofpoint.com/v2/url?u=https-3A__drill.apache.org_docs_configuring-2Dweb-2Dui-2Dand-2Drest-2Dapi-2Dsecurity_&d=BQIFAg&c=jcv3orpCsv7C4ly8-ubDob57ycZ4jvhoYZNDBA06fPk&r=aFp43i9OHbKPAwg9pA572ji1Jcjj2xwJK3bO-qY8f3U&m=G5gaSyt7huoRxcZzJWvU-tNUvfbntKY-fdkIDywmqf8&s=13BTcwnaq8_z8_FIxVwSEimkAaZQ9uiZ-V-e02w1758&e= <https://urldefense.proofpoint.com/v2/url?u=https-3A__drill.apache.org_docs_configuring-2Dweb-2Dui-2Dand-2Drest-2Dapi-2Dsecurity_&d=BQIFAg&c=jcv3orpCsv7C4ly8-ubDob57ycZ4jvhoYZNDBA06fPk&r=aFp43i9OHbKPAwg9pA572ji1Jcjj2xwJK3bO-qY8f3U&m=G5gaSyt7huoRxcZzJWvU-tNUvfbntKY-fdkIDywmqf8&s=13BTcwnaq8_z8_FIxVwSEimkAaZQ9uiZ-V-e02w1758&e= > I didn't set the http settings you list in drill-override.conf, instead i added this to drill-env.sh export DRILL_JAVA_OPTS="$DRILL_JAVA_OPTS -Ddrill.exec.http.ssl_enabled=true" Also make sure to add some admin users and groups. 1. alter system set `security.admin.users`='admin1,admin2,...'; 2. alter system set `security.admin.user_groups`='admingroup'; and add users to the group. --Andries > On Nov 12, 2015, at 7:44 AM, Alfaro, Tony <[email protected]> wrote: > > I've done as the documentation said and installed jpam, user auth works with > the command line access tools (bin/drill-conf -n user -p pass), but the > webui's don't show a login page, only the data for number of drill bits, the > hostnames for each bit, the port addresses, and direct memory numbers. The > drill-env.sh file contains the path declaration for jpam as /opt/pam/ (where > it was installed) and the drill-override.conf has the following drill.exec > section: > > drill.exec: { > cluster-id: "clusterid", > zk.connect: "node01:2181,node02:2181,node03:2181" > security.user.auth { > enabled: true, > packages += "org.apache.drill.exec.rpc.user.security", > impl: "pam", > pam_profiles: [ "sudo", "login" ] > } > http: { > enabled: true, > ssl_enabled: true, > port: 8047 > }, > } > > Is there something obvious I'm missing to get the user login page to show? > > Jose A. "Tony" Alfaro // Application Systems Administrator ViaSat, > Inc. > Email : [email protected]<mailto:[email protected]> > desk : 720.568.3061 > mobile: 720.467.9481 >
