storm_relay
Synopsis
Most of Storm commands will be performed using Storm UI HTTP/REST API. This definition will provide informations for HADeploy to use this interface.
This is a reference part. Refer to the associated overview
for a more synthetical view.
Attributes
storm_relay
is a map with the following attributes:
Name | req? | Description |
---|---|---|
host | yes | The host which will be used for both launching topologies and accessing the Storm UI REST interface |
storm_ui_url | yes | The base URL to access Storm UI REST API. Same host:port as the Storm GUI. Typically: http://mystormui.mycluster.com:8744 |
async | no | Boolean Specify if the all the topologies can be launched simultaneously. Default: yes . More info here. |
default_timeout_secs | no | Default value for timeout_secs value on storm_topologies entry. Default to 90 seconds |
principal | no | A Kerberos principal allowing all Storm related operation to be performed. See below |
local_keytab_path | no | A local path to the associated keytab file. This path is relative to the embeding file. See below |
relay_keytab_path | no | A path to the associated keytab file on the relay host. See below |
tools_folder | no | Folder used by HADeploy to store keytab if needed. Default: /tmp/hadeploy_<user>/ where user is the ssh_user defined for this relay host. |
when | no | Boolean. Allow conditional deployment of this item. Default True |
Kerberos authentication
When principal
and ..._keytab_path
variables are defined, Kerberos authentication will be activated for all Storm operations. This means a kinit
will be issued with provided values before any Storm access, and a kdestroy
issued after. This has the following consequences:
-
All Storm operations will be performed on behalf of the user defined by the provided principal.
-
The
kinit
will be issued on the relay host with thessh_user
account. This means any previous ticket own by this user on this node will be lost.
Regarding the keytab file, two cases:
-
This keytab file already exists on the relay host. In such case, the
relay_keytab_path
must be set to the location of this file. And the relay host'sssh_user
must have read access on it. -
This keytab file is not present on the relay host. In such case the
local_keytab_path
must be set to its local location. HADeploy will take care of copying it on the remote relay host, in a location undertools_folder
. Note you can also modify this target location by setting also therelay_keytab_path
parameter. In this case, it must be the full path, including the keytab file name. And the containing folder must exists.
Example
The simplest case:
storm_relay:
host: en1
storm_ui_url: "http://stui.mycluster.mydomain.com:8744/"
And a more complete case, in a secured environement.
storm_relay:
host: en1
storm_ui_url: "http://stui.mysecuredcluster.mydomain.com:8744/"
async: no
principal: sa
local_keytab_path: ./sa-gate17.keytab
default_timeout_secs: 240