Repository: incubator-metron Updated Branches: refs/heads/master 2724bf66c -> eb209f5c9
METRON-814 minor tweaks in document format of Kerberos-setup.md (mattf-horton) closes apache/incubator-metron#502 Project: http://git-wip-us.apache.org/repos/asf/incubator-metron/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-metron/commit/eb209f5c Tree: http://git-wip-us.apache.org/repos/asf/incubator-metron/tree/eb209f5c Diff: http://git-wip-us.apache.org/repos/asf/incubator-metron/diff/eb209f5c Branch: refs/heads/master Commit: eb209f5c9400b81720a866ef5dd1817f73226f44 Parents: 2724bf6 Author: mattf-horton <mfo...@hortonworks.com> Authored: Mon Apr 3 21:50:32 2017 -0700 Committer: mattf <ma...@apache.org> Committed: Mon Apr 3 21:50:32 2017 -0700 ---------------------------------------------------------------------- metron-deployment/vagrant/Kerberos-setup.md | 50 ++++++++++++++---------- 1 file changed, 30 insertions(+), 20 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/eb209f5c/metron-deployment/vagrant/Kerberos-setup.md ---------------------------------------------------------------------- diff --git a/metron-deployment/vagrant/Kerberos-setup.md b/metron-deployment/vagrant/Kerberos-setup.md index f18e407..c59fe68 100644 --- a/metron-deployment/vagrant/Kerberos-setup.md +++ b/metron-deployment/vagrant/Kerberos-setup.md @@ -18,6 +18,7 @@ export HDP_HOME="/usr/hdp/current" export METRON_VERSION="0.3.1" export METRON_HOME="/usr/metron/${METRON_VERSION}" ``` + 3. Stop all topologies - we will restart them again once Kerberos has been enabled. ``` for topology in bro snort enrichment indexing; do storm kill $topology; done @@ -54,29 +55,36 @@ sudo -u hdfs hdfs dfs -chmod 770 /user/metron 7. In Ambari, setup Storm to run with Kerberos and run worker jobs as the submitting user: a. Add the following properties to custom storm-site: - ``` - topology.auto-credentials=['org.apache.storm.security.auth.kerberos.AutoTGT'] - nimbus.credential.renewers.classes=['org.apache.storm.security.auth.kerberos.AutoTGT'] - supervisor.run.worker.as.user=true - ``` + + ``` + topology.auto-credentials=['org.apache.storm.security.auth.kerberos.AutoTGT'] + nimbus.credential.renewers.classes=['org.apache.storm.security.auth.kerberos.AutoTGT'] + supervisor.run.worker.as.user=true + ``` b. In the Storm config section in Ambari, choose âAdd Propertyâ under custom storm-site: -  + +  c. In the dialog window, choose the âbulk property add modeâ toggle button and add the below values: -  + +  8. Kerberize the cluster via Ambari. More detailed documentation can be found [here](http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.3/bk_security/content/_enabling_kerberos_security_in_ambari.html). a. For this exercise, choose existing MIT KDC (this is what we setup and installed in the previous steps.) -  -  + +  + +  b. Setup Kerberos configuration. Realm is EXAMPLE.COM. The admin principal will end up as admin/ad...@example.com when testing the KDC. Use the password you entered during the step for adding the admin principal. -  + +  c. Click through to âStart and Test Services.â Let the cluster spin up, but don't worry about starting up Metron via Ambari - we're going to run the parsers manually against the rest of the Hadoop cluster Kerberized. The wizard will fail at starting Metron, but this is OK. Click âcontinue.â When youâre finished, the custom storm-site should look similar to the following: -  + +  9. Setup Metron keytab ``` @@ -181,16 +189,18 @@ cd /home/metron 20. Setup enrichment and indexing. a. Modify enrichment.properties - `${METRON_HOME}/config/enrichment.properties` - ``` - kafka.security.protocol=PLAINTEXTSASL - topology.worker.childopts=-Djava.security.auth.login.config=/home/metron/.storm/client_jaas.conf - ``` + + ``` + kafka.security.protocol=PLAINTEXTSASL + topology.worker.childopts=-Djava.security.auth.login.config=/home/metron/.storm/client_jaas.conf + ``` b. Modify elasticsearch.properties - `${METRON_HOME}/config/elasticsearch.properties` - ``` - kafka.security.protocol=PLAINTEXTSASL - topology.worker.childopts=-Djava.security.auth.login.config=/home/metron/.storm/client_jaas.conf - ``` + + ``` + kafka.security.protocol=PLAINTEXTSASL + topology.worker.childopts=-Djava.security.auth.login.config=/home/metron/.storm/client_jaas.conf + ``` 21. Kinit with the metron user again ``` @@ -219,7 +229,7 @@ curl -XGET "${ZOOKEEPER}:9200/yaf*/_search" curl -XGET "${ZOOKEEPER}:9200/yaf*/_count" ``` -25. You should have data flowing from the parsers all the way through to the indexes. This completes the Kerberization instructions +26. You should have data flowing from the parsers all the way through to the indexes. This completes the Kerberization instructions ### Other useful commands: #### Kerberos
