Known Issues
Issue: Ambari does not show the security configuration on the Storm configuration tab, so you cannot add users to nimbus.admins.
Workaround: To give permissions to other users, use
                    topology.users or topology.groups.
Issue: In AD+MIT setup, when trying to access Nimbus on a Kerberized cluster a HTTP 413 full HEAD error is received. (STORM-633)
Workaround: Add ui.header.buffer.bytes :
                    “65536” under “Custom storm-site" on the Ambari Storm configuration tab.
Issue: Log viewer. We recommend against creating HTTP principal keytabs for supervisors. This can cause the SPNEGO protocol to fail.
Workaround:
- Add the HTTP principal for Storm supervisor nodes too. For example: - sudo /usr/sbin/kadmin.local -q 'addprinc -randkey HTTP/<supervisor-hostname>- where - <supervisor-hostname>is your hostname and domain for Kerberos; for example:- supervisor1.host1.com@HOST1.COM
- Add this principal for all hosts that run supervisor machines. - For example: - sudo /usr/sbin/kadmin.local -q "ktadd -k /etc/security/keytabs/spnego.service.keytab HTTP/supervisor1.host1.com@HOST1.COM"
- Add the newly created HTTP principals to the - spnego.service.keytabfile.
- Make sure that the spnego.service.keytab file has “storm” user privileges for read operations. 
- Distribute this keytab to all supervisor hosts. 
- On the supervisor node, edit - /etc/storm/conf/storm.yaml. Change the- ui.filter.parametersas follows, replacing- <supervisor-hostname>with the hostname of your supervisor process:- "type": "kerberos"- "kerberos.principal": "HTTP/<supervisor-hostname>"- "kerberos.keytab": "/vagrant/keytabs/http.keytab"
- On each supervisor machine change the Kerberos.principal hostname to that supervisor’s hostname. 
- Restart the log viewer. 
- Add supervisor hosts to - network.negotiate-auth.trusted-uris(similar to the steps needed to access the Storm UI).

