[
https://issues.apache.org/jira/browse/METRON-821?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15957033#comment-15957033
]
ASF GitHub Bot commented on METRON-821:
---------------------------------------
Github user mmiklavc commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/510#discussion_r109948537
--- Diff: metron-deployment/vagrant/Kerberos-setup.md ---
@@ -135,71 +135,77 @@ echo "grant 'metron', 'RW', 'enrichment'" | hbase
shell
16. Create a “.storm” directory in the metron user’s home directory and
switch to that directory.
```
-su metron && cd ~/
-mkdir .storm
-cd .storm
+su metron
+mkdir ~/.storm
+cd ~/.storm
```
17. Create a custom client jaas file. This should look identical to the
Storm client jaas file located in /etc/storm/conf/client_jaas.conf except for
the addition of a Client stanza. The Client stanza is used for Zookeeper. All
quotes and semicolons are necessary.
```
-[metron@node1 .storm]$ cat client_jaas.conf
+cat << EOF > client_jaas.conf
StormClient {
- com.sun.security.auth.module.Krb5LoginModule required
- useTicketCache=true
- renewTicket=true
- serviceName="nimbus";
+ com.sun.security.auth.module.Krb5LoginModule required
+ useTicketCache=true
+ renewTicket=true
+ serviceName="nimbus";
};
Client {
- com.sun.security.auth.module.Krb5LoginModule required
- useKeyTab=true
- keyTab="/etc/security/keytabs/metron.headless.keytab"
- storeKey=true
- useTicketCache=false
- serviceName="zookeeper"
- principal="[email protected]";
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ keyTab="/etc/security/keytabs/metron.headless.keytab"
+ storeKey=true
+ useTicketCache=false
+ serviceName="zookeeper"
+ principal="[email protected]";
};
KafkaClient {
- com.sun.security.auth.module.Krb5LoginModule required
- useKeyTab=true
- keyTab="/etc/security/keytabs/metron.headless.keytab"
- storeKey=true
- useTicketCache=false
- serviceName="kafka"
- principal="[email protected]";
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ keyTab="/etc/security/keytabs/metron.headless.keytab"
+ storeKey=true
+ useTicketCache=false
+ serviceName="kafka"
+ principal="[email protected]";
};
+EOF
```
18. Create a storm.yaml with jaas file info. Set the array of nimbus hosts
accordingly.
```
-[metron@node1 .storm]$ cat storm.yaml
+cat << EOF > storm.yaml
nimbus.seeds : ['node1']
java.security.auth.login.config : '/home/metron/.storm/client_jaas.conf'
storm.thrift.transport :
'org.apache.storm.security.auth.kerberos.KerberosSaslTransportPlugin'
+EOF
```
19. Create an auxiliary storm configuration json file in the metron user’s
home directory. Note the login config option in the file points to our custom
client_jaas.conf.
```
-cd /home/metron
-[metron@node1 ~]$ cat storm-config.json
+cd
+cat << EOF > storm-config.json
{
"topology.worker.childopts" :
"-Djava.security.auth.login.config=/home/metron/.storm/client_jaas.conf"
}
+EOF
```
20. Setup enrichment and indexing.
a. Modify enrichment.properties -
`${METRON_HOME}/config/enrichment.properties`
```
- kafka.security.protocol=PLAINTEXTSASL
-
topology.worker.childopts=-Djava.security.auth.login.config=/home/metron/.storm/client_jaas.conf
+ [[ $EUID -eq 0 ]] || exit
--- End diff --
I wonder if it would be better to print a message about needing to be root?
This will log out the user and close their screen altogether in some instances.
> Minor fixes in full dev kerberos setup instructions
> ---------------------------------------------------
>
> Key: METRON-821
> URL: https://issues.apache.org/jira/browse/METRON-821
> Project: Metron
> Issue Type: Bug
> Reporter: Jon Zeolla
> Assignee: Jon Zeolla
>
> There is at least one error in metron-deployment/vagrant/Kerberos-setup.md
> and some other very minor changes for clarity/accuracy.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
