[
https://issues.apache.org/jira/browse/METRON-896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15986460#comment-15986460
]
ASF GitHub Bot commented on METRON-896:
---------------------------------------
GitHub user justinleet opened a pull request:
https://github.com/apache/incubator-metron/pull/553
METRON-896: Document Having Kerberos Issue Renewable Tickets
## Contributor Comments
Added a couple lines to the doc about setting up tickets as renewable, if
they aren't already.
See:
https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/kdc_conf.html,
specifically max_renewable_life may have to be set to a nonzero value.
Interestingly, full dev doesn't care, but an actual (non-AWS) cluster did care.
I'm guessing this is related to some version or OS differences or something,
but I'm not entirely sure.
Also added a couple lines to both manual and full dev docs about how to
verify a ticket is renewable, and how to modify the principals to add the
appropriate flags if needed.
Given that it's potentially a versioning type thing, and the solutions are
Kerberos specific issues, I don't know how much of a test plan we need/want to
repeat it. We're giving KDC instructions as a convenience, not supporting the
KDC itself. To me, this feels like a best-effort type attempt to address
issues. If we feel that way as a group, I'd be interested in if anyone wants
to modify or update the READMEs to reflect that a bit better. Otherwise,
coming up with a test plan may be a pain, because we'd have to track down the
actual root versioning cause.
I've also included a formatting fix to the docs from while I was in the
area. The newline didn't show up properly in triple backticks in the maven
site output.
## Pull Request Checklist
Thank you for submitting a contribution to Apache Metron.
Please refer to our [Development
Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235)
for the complete guide to follow for contributions.
Please refer also to our [Build Verification
Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview)
for complete smoke testing guides.
In order to streamline the review of the contribution we ask you follow
these guidelines and ask you to double check the following:
### For all changes:
- [x] Is there a JIRA ticket associated with this PR? If not one needs to
be created at [Metron
Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel).
- [x] Does your PR title start with METRON-XXXX where XXXX is the JIRA
number you are trying to resolve? Pay particular attention to the hyphen "-"
character.
- [x] Has your PR been rebased against the latest commit within the target
branch (typically master)?
### For code changes:
- [ ] Have you included steps to reproduce the behavior or problem that is
being changed or addressed?
See comments above. I'm personally inclined to consider this a best effort
attempt to provide a solution to a KDC configuration issue.
- [ ] Have you included steps or a guide to how the change may be verified
and tested manually?
See comments above. I'm personally inclined to consider this a best effort
attempt to provide a solution to a KDC configuration issue.
- [x] Have you ensured that the full suite of tests and checks have been
executed in the root incubating-metron folder via:
```
mvn -q clean integration-test install && build_utils/verify_licenses.sh
```
### For documentation related changes:
- [x] Have you ensured that format looks appropriate for the output in
which it is rendered by building and verifying the site-book? If not then run
the following commands and the verify changes via
`site-book/target/site/index.html`:
```
cd site-book
bin/generate-md.sh
mvn site:site
```
#### Note:
Please ensure that once the PR is submitted, you check travis-ci for build
issues and submit an update to your PR as soon as possible.
It is also recommended that [travis-ci](https://travis-ci.org) is set up
for your personal repository such that your branches are built there before
submitting a pull request.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/justinleet/incubator-metron METRON-896
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-metron/pull/553.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #553
----
commit 11a24cb1fccc3e83bde545c17b925a36caa059cd
Author: justinjleet <[email protected]>
Date: 2017-04-27T11:52:29Z
Adding notes about renewable tickets to the docs
commit 512c556234381109f0ca0483bc2d35692a60e31f
Author: justinjleet <[email protected]>
Date: 2017-04-27T12:04:14Z
Fix to the formatting
----
> Document Having Kerberos Issue Renewable Tickets
> ------------------------------------------------
>
> Key: METRON-896
> URL: https://issues.apache.org/jira/browse/METRON-896
> Project: Metron
> Issue Type: Bug
> Reporter: Justin Leet
> Assignee: Justin Leet
>
> Apparently in some circumstances, a default kerberos install on CentOS7 will
> not be configured to issue renewable keytabs. This causes issues with
> deploying topologies.
> Add documentation for both initial setup, as well as allowing a principal to
> get renewable tickets if the KDC is already setup.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
