[ https://issues.apache.org/jira/browse/METRON-821?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15957106#comment-15957106 ]
ASF GitHub Bot commented on METRON-821: --------------------------------------- Github user JonZeolla commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/510#discussion_r109957525 --- Diff: metron-deployment/vagrant/Kerberos-setup.md --- @@ -135,71 +135,77 @@ echo "grant 'metron', 'RW', 'enrichment'" | hbase shell 16. Create a “.storm” directory in the metron user’s home directory and switch to that directory. ``` -su metron && cd ~/ -mkdir .storm -cd .storm +su metron +mkdir ~/.storm +cd ~/.storm ``` 17. Create a custom client jaas file. This should look identical to the Storm client jaas file located in /etc/storm/conf/client_jaas.conf except for the addition of a Client stanza. The Client stanza is used for Zookeeper. All quotes and semicolons are necessary. ``` -[metron@node1 .storm]$ cat client_jaas.conf +cat << EOF > client_jaas.conf StormClient { - com.sun.security.auth.module.Krb5LoginModule required - useTicketCache=true - renewTicket=true - serviceName="nimbus"; + com.sun.security.auth.module.Krb5LoginModule required + useTicketCache=true + renewTicket=true + serviceName="nimbus"; }; Client { - com.sun.security.auth.module.Krb5LoginModule required - useKeyTab=true - keyTab="/etc/security/keytabs/metron.headless.keytab" - storeKey=true - useTicketCache=false - serviceName="zookeeper" - principal="met...@example.com"; + com.sun.security.auth.module.Krb5LoginModule required + useKeyTab=true + keyTab="/etc/security/keytabs/metron.headless.keytab" + storeKey=true + useTicketCache=false + serviceName="zookeeper" + principal="met...@example.com"; }; KafkaClient { - com.sun.security.auth.module.Krb5LoginModule required - useKeyTab=true - keyTab="/etc/security/keytabs/metron.headless.keytab" - storeKey=true - useTicketCache=false - serviceName="kafka" - principal="met...@example.com"; + com.sun.security.auth.module.Krb5LoginModule required + useKeyTab=true + keyTab="/etc/security/keytabs/metron.headless.keytab" + storeKey=true + useTicketCache=false + serviceName="kafka" + principal="met...@example.com"; }; +EOF ``` 18. Create a storm.yaml with jaas file info. Set the array of nimbus hosts accordingly. ``` -[metron@node1 .storm]$ cat storm.yaml +cat << EOF > storm.yaml nimbus.seeds : ['node1'] java.security.auth.login.config : '/home/metron/.storm/client_jaas.conf' storm.thrift.transport : 'org.apache.storm.security.auth.kerberos.KerberosSaslTransportPlugin' +EOF ``` 19. Create an auxiliary storm configuration json file in the metron user’s home directory. Note the login config option in the file points to our custom client_jaas.conf. ``` -cd /home/metron -[metron@node1 ~]$ cat storm-config.json +cd +cat << EOF > storm-config.json { "topology.worker.childopts" : "-Djava.security.auth.login.config=/home/metron/.storm/client_jaas.conf" } +EOF ``` 20. Setup enrichment and indexing. a. Modify enrichment.properties - `${METRON_HOME}/config/enrichment.properties` ``` - kafka.security.protocol=PLAINTEXTSASL - topology.worker.childopts=-Djava.security.auth.login.config=/home/metron/.storm/client_jaas.conf + [[ $EUID -eq 0 ]] || exit --- End diff -- Right, like if they are just in the native `vagrant ssh`, which is bad. I will clean it up to alert and quit the code snippet but not the shell. > Minor fixes in full dev kerberos setup instructions > --------------------------------------------------- > > Key: METRON-821 > URL: https://issues.apache.org/jira/browse/METRON-821 > Project: Metron > Issue Type: Bug > Reporter: Jon Zeolla > Assignee: Jon Zeolla > > There is at least one error in metron-deployment/vagrant/Kerberos-setup.md > and some other very minor changes for clarity/accuracy. -- This message was sent by Atlassian JIRA (v6.3.15#6346)