[
https://issues.apache.org/jira/browse/METRON-812?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15949996#comment-15949996
]
ASF GitHub Bot commented on METRON-812:
---------------------------------------
Github user cestella commented on the issue:
https://github.com/apache/incubator-metron/pull/501
# Testing Plan
## Preliminaries
* Spin up the full-dev environment via `vagrant up` from
`metron-deployment/vagrant/full-dev-platform`
* Stop the "Metron" service in ambari and put it in maintenance mode.
* Stop the sensor stubs
* `service sensor-stubs stop`
* Make sure the bro sensor stub is dead via `for i in $(ps -ef | grep
start-bro-stub | awk '{print $2}');do kill -9 $i;done`
* Install sensors without stubs by running the following from
`metron-deployment/vagrant/full-dev-platform`:
```
vagrant --ansible-tags="sensors,bro,pycapa"
--ansible-skip-tags="solr,flume,snort,yaf,sensor-test-mode" provision
```
* Set some environment variables to indicate `METRON_HOME`:
```
export METRON_HOME=/usr/metron/0.3.1
export HDP_HOME=/usr/hdp/current
```
## Non Kerberized Environment
Ensure that you can see bro data flowing with the base configuration by
running the console consumer and ensuring bro data flows through:
```
${HDP_HOME}/kafka-broker/bin/kafka-console-consumer.sh --bootstrap-server
node1:6667 --zookeeper node1:2181 --topic bro
```
## Kerberized Environment
* Follow steps 1-10, 14-18 of the kerberization instructions for full-dev
[here](https://github.com/mmiklavc/incubator-metron/blob/9ef9d5d97ca654c9120cae5e40eddfe69d6420a8/metron-deployment/vagrant/Kerberos-setup.md).
* Create a new topic called `b_k`
```
export KERB_USER=metron;
${HDP_HOME}/kafka-broker/bin/kafka-topics.sh --zookeeper $ZOOKEEPER:2181
--create --topic b_k --partitions 1 --replication-factor 1
${HDP_HOME}/kafka-broker/bin/kafka-acls.sh --authorizer
kafka.security.auth.SimpleAclAuthorizer --authorizer-properties
zookeeper.connect=node1:2181 --add --allow-principal User:${KERB_USER} --topic
b_k;
```
* Edit `~/consumer.config` to contain the following:
```
group.id=b_k_grp
```
* Edit `/usr/local/bro/share/bro/site/local.bro` to configure the
bro-kafka-plugin with the following (at the end of the document):
```
@load Bro/Kafka/logs-to-kafka.bro
redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG);
redef Kafka::topic_name = "b_k";
redef Kafka::tag_json = T;
redef Kafka::kafka_conf = table( ["metadata.broker.list"] = "node1:6667"
, ["security.protocol"] = "SASL_PLAINTEXT"
, ["sasl.kerberos.keytab"] =
"/etc/security/keytabs/metron.headless.keytab"
, ["sasl.kerberos.principal"] =
"[email protected]"
);
```
* Redeploy bro via `/usr/local/bro/bin/broctl deploy`
* Listen for messages on the `b_k` topic via
```
${HDP_HOME}/kafka-broker/bin/kafka-console-consumer.sh --bootstrap-server
node1:6667 --zookeeper node1:2181 --security-protocol SASL_PLAINTEXT --topic
b_k --new-consumer --consumer.config ~/consumer.config
```
> Make the bro-kafka plugin work with kerberos
> --------------------------------------------
>
> Key: METRON-812
> URL: https://issues.apache.org/jira/browse/METRON-812
> Project: Metron
> Issue Type: Improvement
> Reporter: Casey Stella
> Assignee: Casey Stella
> Labels: kerberos
>
> The bro-kafka plugin does not currently support kerberos. This JIRA should
> * make the version of librdkafka supported 0.9.4
> * ensure the plugin can write to a kerberized kafka
> * provide instructions on how to configure the plugin to write to a
> kerberized kafka
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
