Repository: metron Updated Branches: refs/heads/master 886ed7a00 -> 29aad8b4a
METRON-833 Update MaaS documentation to explain how it interacts with kerberos (cestella via justinleet) closes apache/metron#520 Project: http://git-wip-us.apache.org/repos/asf/metron/repo Commit: http://git-wip-us.apache.org/repos/asf/metron/commit/29aad8b4 Tree: http://git-wip-us.apache.org/repos/asf/metron/tree/29aad8b4 Diff: http://git-wip-us.apache.org/repos/asf/metron/diff/29aad8b4 Branch: refs/heads/master Commit: 29aad8b4abc9993915616bfac3f18c739c2c7103 Parents: 886ed7a Author: cestella <[email protected]> Authored: Thu Jul 13 09:35:25 2017 -0400 Committer: leet <[email protected]> Committed: Thu Jul 13 09:35:25 2017 -0400 ---------------------------------------------------------------------- metron-analytics/metron-maas-service/README.md | 8 ++++++++ metron-deployment/Kerberos-manual-setup.md | 16 ++++++++++++++++ 2 files changed, 24 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/metron/blob/29aad8b4/metron-analytics/metron-maas-service/README.md ---------------------------------------------------------------------- diff --git a/metron-analytics/metron-maas-service/README.md b/metron-analytics/metron-maas-service/README.md index 65f1a01..5ed108b 100644 --- a/metron-analytics/metron-maas-service/README.md +++ b/metron-analytics/metron-maas-service/README.md @@ -95,6 +95,14 @@ usage: ModelSubmission -zr,--zk_root <arg> Zookeeper Root ``` +## Kerberos Support + +Model as a service will run on a kerberized cluster (see +[here](../../metron-deployment/vagrant/Kerberos-setup.md) for +instructions for vagrant) with a caveat. The user who submits +the service will be the user who executes the models on the cluster. That +is to say that user impersonation of models deployed is not done at the moment. + ## Stellar Integration Two Stellar functions have been added to provide the ability to call out to models deployed via Model as a Service. http://git-wip-us.apache.org/repos/asf/metron/blob/29aad8b4/metron-deployment/Kerberos-manual-setup.md ---------------------------------------------------------------------- diff --git a/metron-deployment/Kerberos-manual-setup.md b/metron-deployment/Kerberos-manual-setup.md index 0024c87..615e6e8 100644 --- a/metron-deployment/Kerberos-manual-setup.md +++ b/metron-deployment/Kerberos-manual-setup.md @@ -479,6 +479,22 @@ for sensorstub in bro snort; do done ``` +#### Model as a Service on Kerberos + +MaaS works with kerberos, you have to remember to kinit with the metron +user. There is one small issue out of the box (particularly on vagrant), you get an error like so +when running `$METRON_HOME/bin/maas_service.sh`: +``` +Requested user metron is not whitelisted and has id 501,which is below the minimum allowed 1000. +``` + +In order to correct this, you should: +* Navigate to the Yarn configuration in Ambari +* Click on "Advanced" +* Scroll to "Advanced yarn-env" +* Adjust the "Minimum user ID for submitting job" config to 500 from 1000 +* You should then restart Yarn to have the change take effect. + ### References * [https://github.com/apache/storm/blob/master/SECURITY.md](https://github.com/apache/storm/blob/master/SECURITY.md)
