[
https://issues.apache.org/jira/browse/METRON-797?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Casey Stella updated METRON-797:
--------------------------------
Description:
METRON-793 migrated the storm topologies to the storm-kafka-client spout, which
supports kerberos. To complete the kerberos work on the existing topologies,
we need to be able to enable the spouts and kafka writers to use security
protocols other than PLAINTEXT. Also, enabling auto-renew plugins for storm
will enable the topologies to run for extended durations in a kerberized
cluster.
This work was inspired by a portion of the investigatory work done at
https://github.com/dlyle65535/incubator-metron/tree/kerb-testing?files=1 by:
* @dlyle65535
* @merrimanr
* @mmiklavc
This carves out a specific piece of that functionality with the following
differences:
* The mpack work is not included, but the properties are set up to enable it as
a follow-on
* It presumes METRON-793, so it uses storm-kafka-client rather than storm-kafka
* It adds a flag when starting the parsers to pass the security protocol and
sets up the writers and the spout automatically rather than relying on the set
of extra kafka configs (though both approaches would work here).
NOTE: This does not encompass MPack changes to enable kerberos (METRON-799) or
fix the sensors to work with a kerberized kafka (METRON-798). That would be
follow-on work.
was:
METRON-793 migrated the storm topologies to the storm-kafka-client spout, which
supports kerberos. To complete the kerberos work on the existing topologies,
we need to be able to enable the spouts and kafka writers to use security
protocols other than PLAINTEXT. Also, enabling auto-renew plugins for storm
will enable the topologies to run for extended durations in a kerberized
cluster.
NOTE: This does not encompass MPack changes to enable kerberos (METRON-799) or
fix the sensors to work with a kerberized kafka (METRON-798). That would be
follow-on work.
> Pass security.protocol and enable auto-renew for the storm topologies
> ---------------------------------------------------------------------
>
> Key: METRON-797
> URL: https://issues.apache.org/jira/browse/METRON-797
> Project: Metron
> Issue Type: Improvement
> Reporter: Casey Stella
> Assignee: Casey Stella
> Labels: kerberos
>
> METRON-793 migrated the storm topologies to the storm-kafka-client spout,
> which supports kerberos. To complete the kerberos work on the existing
> topologies, we need to be able to enable the spouts and kafka writers to use
> security protocols other than PLAINTEXT. Also, enabling auto-renew plugins
> for storm will enable the topologies to run for extended durations in a
> kerberized cluster.
> This work was inspired by a portion of the investigatory work done at
> https://github.com/dlyle65535/incubator-metron/tree/kerb-testing?files=1 by:
> * @dlyle65535
> * @merrimanr
> * @mmiklavc
> This carves out a specific piece of that functionality with the following
> differences:
> * The mpack work is not included, but the properties are set up to enable it
> as a follow-on
> * It presumes METRON-793, so it uses storm-kafka-client rather than
> storm-kafka
> * It adds a flag when starting the parsers to pass the security protocol and
> sets up the writers and the spout automatically rather than relying on the
> set of extra kafka configs (though both approaches would work here).
> NOTE: This does not encompass MPack changes to enable kerberos (METRON-799)
> or fix the sensors to work with a kerberized kafka (METRON-798). That would
> be follow-on work.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
