anandsubbu commented on a change in pull request #1382: METRON-2074: Script to handle TGT renewal with Storm and Kerberos enabled URL: https://github.com/apache/metron/pull/1382#discussion_r276097188
########## File path: metron-deployment/Kerberos-manual-setup.md ########## @@ -636,3 +637,43 @@ The random access indexer topology fails with the following exception. This exc #### Solution This can occur when an HDFS Client is not installed on the Storm worker nodes. This might occur on any Storm worker node where an HDFS Client is not installed. Installing the HDFS Client on all Storm worker nodes should resolve the problem. + +## TGT Ticket Renew + +Apache Storm doesn't handle automatic TGT ticket renewal for their running topologies. Instead, it is left up to the operations team deploying the Storm topologies +in a Kerberized environment to manage this themselves. We've included a Python script that can be setup with a cron process to automatically manage the renewal +process for you. The script should be run on an interval that is shorter than the renew_lifetime configured for your TGT. + +### Setup Instructions + +Run the following on a node with a Storm and Metron client installed. We need python 2.7 via virtualenv for this to work correctly. + +``` +su - metron +for item in epel-release centos-release-scl "@Development tools" python27 python27-scldevel python27-python-virtualenv libselinux-python; do yum install -y $item; done Review comment: This needs to be run with `sudo` to be consistent with the steps that follow. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
