[GitHub] [metron] tigerquoll commented on issue #1519: METRON-2265: Update Kerberos settings

Wed, 02 Oct 2019 20:24:07 -0700 

tigerquoll commented on issue #1519: METRON-2265: Update Kerberos settings
URL: https://github.com/apache/metron/pull/1519#issuecomment-537767880
 
 
   Ok,
   I can get kerberos Metron processing data with this PR.
   
   I had to deviate from the provided 
"metron-deployment/Kerberos-manual-setup.md" file in the following ways (Can 
somebody update the markup file in the PR or will there need to be a new PR for 
that markup changes?)
   
   ### Initial environment:
   source /etc/default/metron
   export KAFKA_HOME="/usr/hdp/current/kafka-broker"
   export BROKERLIST=node1:6667
   export HDP_HOME="/usr/hdp/current"
   export KAFKA_HOME="${HDP_HOME}/kafka-broker"
   export CLIENT_JAAS_ARG=/etc/kafka/conf/kafka_client_jaas.conf
   export KAFKA_SECURITY_PROTOCOL=SASL_PLAINTEXT
   export ELASTICSEARCH=node1:9200
   export KAFKA_OPTS="-Djava.security.auth.login.config=$CLIENT_JAAS_ARG"
   
   ### Verify KDC
   Step 2:
   add
   kinit metron 
   before 
   klist -f 
   
   ### Enable kerberos
   Step 3:
   add to start of step 3: 
   rm metron.headless.keytab
   change:
    cp metron.headless.keytab /etc/security/keytabs
   to:
    cp -n metron.headless.keytab /etc/security/keytabs
   
   ### Kafka Authorization:
   Add to start of Step 3:
   
   export CLIENT_JAAS_ARG=/etc/kafka/conf/kafka_jaas.conf
   export KAFKA_OPTS="-Djava.security.auth.login.config=$CLIENT_JAAS_ARG"
   
   ### Storm Authoriszation
   Step 1 is su metron -
   
   Step 7 requires root access
   so add
   exit
   id
   <confirm root account>
   source /etc/default/metron
   before proceeding with the rest of the script
   
   ### Start metron
   
   Step 1:
   add source /etc/default/metron
   
   
   ### Push Data
   remove
   export KAFKA_OPTS=$CLIENT_JAAS_ARG
   Add
   source /etc/default/metron
   export ELASTICSEARCH=node1:9200
   export KAFKA_SECURITY_PROTOCOL=SASL_PLAINTEXT
   export KAFKA_HOME="/usr/hdp/current/kafka-broker"
   export CLIENT_JAAS_ARG=/etc/kafka/conf/kafka_client_jaas.conf
   export KAFKA_OPTS="-Djava.security.auth.login.config=$CLIENT_JAAS_ARG"
   
   Add 
   curl -XGET "${ELASTICSEARCH}/bro*/_count"
   before the dumping new sample data to kafka to get the count before hand for 
comparison purposes.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to