How to shield the storm ui kill function in Linux

The Linux system storm ui has the kill topology function. If it is not blocked, it will cause the storm topology to be easily killed. If your topology appears to be killed. In most cases, the ui address is known. For the security of the system, it is necessary to shield the kill function of Storm ui. Let's understand it.

There are two methods:

1. distal increase Nginx, do location

ui page analysis, corresponding to the button kill, html is in action: < Br>

The code is as follows:

"input enabled=“” onclick=“confirmAction(‘xxxxxxxxxx’, ‘xxxxxxxx’, ‘kill’, true, 30)” type =“button” value=“Kill”

Called the js confirmAction method, this method exists in storm-core/src/ui/public/js/script.js, the method is defined as follows :

The code is as follows:

function confirmAction(id, name, action, wait, defaultWait) {var opts = {type:‘POST’,url:‘/topology/’ + id + ‘/’ + action};

if (wait) {

var waitSecs = prompt(‘Do you really want to ’ + action + ‘ topology &ldquo ;’ + name + ‘”? ’ +‘If yes, please, specify wait tim e in seconds:’,defaultWait);if (waitSecs != null && waitSecs != “” && ensureInt(waitSecs)) {opts.url += ‘/’ + waitSecs; } else {return false;}

} else if (! Confirm(‘Do you really want to ’ + action + ‘ topology “’ + name + ‘”?’)) {return false;}

$(“input[ Type=button]”).attr(“disabled”, “disabled”);$.ajax(opts).always(function () {window.location.reload();}).fail(function () {alert(“Error while communicating with Nimbus.”)});return false;}

The method of seeing is mainly divided into two steps, generating the url of the post request, the format is ‘/topology/’ + id + ‘/’ + action + ‘/’ + waitSecs, where action is kill, waitSecs is the time to manually fill in when killing, such as 30s here, the final url format is as follows:

The code is as follows:

/topology/xxxxx/kill/xxxx

The second step is to trigger an ajax request based on this setting. Here we only need to care about the first step. Set nginx as follows:

The code is as follows:

upstream storm {< Br>

server 127.0.0.1:8888 weight=3 max_fails=3 fail_timeout=5s;}

server {

server_name storm.xxx.com;

listen 80;

proxy_set_header Host $host;

proxy_read_timeout 3600;

proxy_set_header X-Forwarded-For $remote_addr;access_log /var/log/nginx/storm.access.log Main;error_log /var/log/nginx/storm.error.log debug;location ~* /topology/(.*)/kill/(.*) {return 403;}

location /{

proxy_pass http://storm;

}

}

This way, you can mask out the kill function of the front end.

Note one detail, the default port of storm ui is 8080, this port conflicts with nm (see bug https://github.com/yahoo/storm-yarn/issues/25), set storm.yaml ui .port: 8888, and restart ui.

2. Change the code and remove the action-related button

The code is as follows:

storm-core/src/ui/public/topology.html

Remove the following sections:

The code is as follows:

"div id=“topology-actions”"

"h2 class=“js-only”"Topology Actions//h2

"p id=“topology-actions” class=“js-only”"

"/p"

"/div"

The second method requires recompilation and has not been tested. .

The above is the method of shielding the kill function of storm ui in Linux system. This article introduces two methods, because the second method has not been tested, so you can use the first method to shield.