Github user mattf-horton commented on a diff in the pull request:
https://github.com/apache/metron/pull/605#discussion_r119911514
--- Diff: metron-deployment/Kerberos-manual-setup.md ---
@@ -42,86 +42,87 @@ Setup
1. Stop all Metron topologies. They will be restarted again once Kerberos
has been enabled.
- ```
- for topology in bro snort enrichment indexing; do
- storm kill $topology;
- done
- ```
+ ```
+ for topology in bro snort enrichment indexing; do
+ storm kill $topology;
+ done
+ ```
1. Create the `metron` user's home directory in HDFS.
- ```
- sudo -u hdfs hdfs dfs -mkdir /user/metron
- sudo -u hdfs hdfs dfs -chown metron:hdfs /user/metron
- sudo -u hdfs hdfs dfs -chmod 770 /user/metron
- ```
+ ```
+ sudo -u hdfs hdfs dfs -mkdir /user/metron
+ sudo -u hdfs hdfs dfs -chown metron:hdfs /user/metron
+ sudo -u hdfs hdfs dfs -chmod 770 /user/metron
+ ```
Setup a KDC
-----------
1. Install dependencies.
- ```
- yum -y install krb5-server krb5-libs krb5-workstation
- ```
+ ```
+ yum -y install krb5-server krb5-libs krb5-workstation
+ ```
1. Define the host, `node1`, as the KDC.
- ```
- sed -i 's/kerberos.example.com/node1/g' /etc/krb5.conf
- cp -f /etc/krb5.conf /var/lib/ambari-server/resources/scripts
- ```
+ ```
+ sed -i 's/kerberos.example.com/node1/g' /etc/krb5.conf
+ cp -f /etc/krb5.conf /var/lib/ambari-server/resources/scripts
+ ```
1. Ensure the KDC can issue renewable tickets. This can be necessary on a
real cluster, but should not be on full-dev. In /var/kerberos/krb5kdc/kdc.conf
ensure the following is in the realm section
- ```
- max_renewable_life = 7d
- ```
-
-
-1. Do not copy/paste this full set of commands as the `kdb5_util` command
will not run as expected. Run the commands individually to ensure they all
execute. This step takes a moment. It creates the kerberos database.
- ```
- kdb5_util create -s
+ ```
+ max_renewable_life = 7d
+ ```
- /etc/rc.d/init.d/krb5kdc start
- chkconfig krb5kdc on
+1. Do not copy/paste this full set of commands as the `kdb5_util` command
will not run as expected. Run the commands individually to ensure they all
execute. This step takes a moment. It creates the kerberos database.
- /etc/rc.d/init.d/kadmin start
- chkconfig kadmin on
- ```
+ ```
+ kdb5_util create -s
+ /etc/rc.d/init.d/krb5kdc start
--- End diff --
Hi Mike, thanks for your comment. We are still bridging Centos 6 and 7,
and currently this works in both, so I'm going to proceed. But if you wanted
to open a Jira to add "if Centos6 to this... else if Centos7 do this..."
instructions to this and other doc files with similar needs, it would be a
welcome contribution.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
