Discussion:
setting an administrator
(too old to reply)
Knapp, Michael
2017-05-04 22:27:45 UTC
Permalink
Raw Message
Hi,

I am trying to set drill administrators but it’s just not working. I have setup a custom authenticator that uses a backend database for authentication, and that is working. The only problem is I am a “user” not an administrator, leaving me essentially powerless and drill useless.

First, I think the instructions<https://drill.apache.org/docs/configuring-web-console-and-rest-api-security/> are not clear, it is not clear to me if I should be executing the SET statement from the web console or something else. I have tried this:

I updated my drill-override.conf, I have attempted setting “drill.exec.security.admin.users” and “security.admin.users”. I have set them to single values and also attempted putting the values in brackets like a list. None of these combinations have worked.

It was unclear to me how I was supposed to run your SQL statements when I am not an administrator in the first place. Then I guessed I should try it from the sqlline, but that also is not working.

sqlline> ALTER SYSTEM SET `security.admin.users` = "my_id";
No current connection

Why is it saying that I have no current connection? What am I missing here?

Michael Knapp
________________________________________________________

The information contained in this e-mail is confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.
Knapp, Michael
2017-05-05 14:47:34 UTC
Permalink
Raw Message
After a lot of source code digging, and some trial and error, I discovered I can set admin users from the zookeeper CLI with this command:

create /drill/sys.options/security.admin.users '{"kind":"STRING","type":"SYSTEM","name":"security.admin.users","num_val":"0","string_val":"bbt612","bool_val":"true","float_val":"0"}'

now why the heck this is not in the documentation beats me. I think the developers wanted me to use sqlline to set this, but they left no documentation whatsoever about how to establish a connection between sqlline and my zookeeper persistent store.

On 5/4/17, 6:27 PM, "Knapp, Michael" <***@capitalone.com> wrote:

Hi,

I am trying to set drill administrators but it’s just not working. I have setup a custom authenticator that uses a backend database for authentication, and that is working. The only problem is I am a “user” not an administrator, leaving me essentially powerless and drill useless.

First, I think the instructions<https://drill.apache.org/docs/configuring-web-console-and-rest-api-security/> are not clear, it is not clear to me if I should be executing the SET statement from the web console or something else. I have tried this:

I updated my drill-override.conf, I have attempted setting “drill.exec.security.admin.users” and “security.admin.users”. I have set them to single values and also attempted putting the values in brackets like a list. None of these combinations have worked.

It was unclear to me how I was supposed to run your SQL statements when I am not an administrator in the first place. Then I guessed I should try it from the sqlline, but that also is not working.

sqlline> ALTER SYSTEM SET `security.admin.users` = "my_id";
No current connection

Why is it saying that I have no current connection? What am I missing here?

Michael Knapp
________________________________________________________

The information contained in this e-mail is confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.


________________________________________________________

The information contained in this e-mail is confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from
Sudheesh Katkam
2017-05-05 16:27:06 UTC
Permalink
Raw Message
There are system options that define the list of users and list of groups that are considered administrators. By default, the user running the drillbit is the administrator.

System options can only be changed by administrators. So login as an administrator through sqlline and run “ALTER SYSTEM SET 
”, or login as an administrator through web UI and change system options there.

Details are here: https://issues.apache.org/jira/browse/DRILL-3622 I agree this should be better documented. So please open a ticket.

Also, system options are stored in ZooKeeper, which is why manually creating/editing that znode worked.

On May 5, 2017, at 7:47 AM, Knapp, Michael <***@capitalone.com<mailto:***@capitalone.com>> wrote:

After a lot of source code digging, and some trial and error, I discovered I can set admin users from the zookeeper CLI with this command:

create /drill/sys.options/security.admin.users '{"kind":"STRING","type":"SYSTEM","name":"security.admin.users","num_val":"0","string_val":"bbt612","bool_val":"true","float_val":"0"}'

now why the heck this is not in the documentation beats me. I think the developers wanted me to use sqlline to set this, but they left no documentation whatsoever about how to establish a connection between sqlline and my zookeeper persistent store.

On 5/4/17, 6:27 PM, "Knapp, Michael" <***@capitalone.com<mailto:***@capitalone.com>> wrote:

Hi,

I am trying to set drill administrators but it’s just not working. I have setup a custom authenticator that uses a backend database for authentication, and that is working. The only problem is I am a “user” not an administrator, leaving me essentially powerless and drill useless.

First, I think the instructions<https://drill.apache.org/docs/configuring-web-console-and-rest-api-security/> are not clear, it is not clear to me if I should be executing the SET statement from the web console or something else. I have tried this:

I updated my drill-override.conf, I have attempted setting “drill.exec.security.admin.users” and “security.admin.users”. I have set them to single values and also attempted putting the values in brackets like a list. None of these combinations have worked.

It was unclear to me how I was supposed to run your SQL statements when I am not an administrator in the first place. Then I guessed I should try it from the sqlline, but that also is not working.

sqlline> ALTER SYSTEM SET `security.admin.users` = "my_id";
No current connection

Why is it saying that I have no current connection? What am I missing here?

Michael Knapp
________________________________________________________

The information contained in this e-mail is confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.


________________________________________________________

The information contained in this e-mail is confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.
Loading...