svn commit: r1720369 - /incubator/slider/site/trunk/content/docs/manpage.md

[stevel]

Author: stevel
Date: Wed Dec 16 15:29:19 2015
New Revision: 1720369

URL: http://svn.apache.org/viewvc?rev=1720369&view=rev
Log:
SLIDER-1027 add a kdiag command for kerberos diagnostics

Modified:
    incubator/slider/site/trunk/content/docs/manpage.md

Modified: incubator/slider/site/trunk/content/docs/manpage.md
URL: 
http://svn.apache.org/viewvc/incubator/slider/site/trunk/content/docs/manpage.md?rev=1720369&r1=1720368&r2=1720369&view=diff
==============================================================================
--- incubator/slider/site/trunk/content/docs/manpage.md (original)
+++ incubator/slider/site/trunk/content/docs/manpage.md Wed Dec 16 15:29:19 2015
@@ -396,6 +396,36 @@ Example
     slider install-package --name HBASE --package 
/usr/work/package/hbase/slider-hbase-app-package-0.98.4-hadoop2.zip
     slider install-package --name HBASE --package 
/usr/work/package/hbase/slider-hbase-app-package-0.98.4-hadoop2.zip --replacepkg
 
+###` kdiag [--keytab <keytab> --principal <principal>] [--out outfile] 
[--fail]`
+
+Kerberos diagnostics.
+
+Any information which can be obtained to diagnose Kerberos problems:
+dumping settings, attempting login from a given keytab, etc, etc.
+
+The purpose here is to have something which can be used to begin to understand
+why the client is having problems talking to Kerberos; a file which can be
+attached to support calls.
+
+For an example of the output, see 
[SLIDER-1027|https://issues.apache.org/jira/browse/SLIDER-1027]
+
+Although there is a `--out outfile` option, much of the output can come from 
the JRE
+(to `stderr`) and via log4j (to `stdout`). To get all the output, it is best
+to redirect both these output streams to the same file, and omit the `--out` 
option.
+
+```
+slider kdiag --keytab zk.service.keytab --principal zookeeper/devix.cotham.uk 
> out.txt 2>&1
+```
+
+For extra logging during the operation
+
+1. Set the environment variable `HADOOP_JAAS_DEBUG` to `true`.
+1. Edit the `log4j.properties` file for the slider client:
+
+        log4j.logger.org.apache.hadoop.security=DEBUG
+
+The diagnostics information currently generated are incomplete. Any 
contributions
+to this codebase is very welcome.
 
 ### `list [name] [--live]  [--status status]`
 
@@ -405,7 +435,7 @@ which are on the filesystem.
 If no instance name is specified, all instances matching the criteria are 
listed.
 
 1. `--live` indicates live instances are to be listed: that is anything 
`RUNNING`
-or awaiting execution (e.g `ACCEPTED`) or earlier
+or awaiting execution (e.g `ACCEPTED`) or earlier.
 1. `--state <state>` defines an explicit state for which a record of the 
cluster
   must be found in the RM.