[
https://issues.apache.org/jira/browse/METRON-799?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15960765#comment-15960765
]
ASF GitHub Bot commented on METRON-799:
---------------------------------------
Github user justinleet commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/518#discussion_r110385183
--- Diff:
metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/metron_security.py
---
@@ -0,0 +1,74 @@
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+"""
+
+import os.path
+from resource_management.core.source import Template
+from resource_management.core.resources.system import Directory, File
+from resource_management.core import global_lock
+from resource_management.core.logger import Logger
+from resource_management.core.resources.system import Execute
+from resource_management.libraries.functions import format as ambari_format
+
+
+# Convenience function for ensuring home dirs are setup consistently.
+def storm_security_setup(params):
+ if params.security_enabled:
+ # I don't think there's an Ambari way to get a user's local home
dir , so have Python perform tilde expansion.
+ # Ambari's Directory doesn't do tilde expansion.
+ metron_storm_dir_tilde = '~' + params.metron_user + '/.storm'
+ metron_storm_dir = os.path.expanduser(metron_storm_dir_tilde)
+ Directory(metron_storm_dir,
+ mode=0755,
+ owner=params.metron_user,
+ group=params.metron_group
+ )
+
+ File(ambari_format('{client_jaas_path}'),
+ content=Template('client_jaas.conf.j2'),
+ owner=params.metron_user,
+ group=params.metron_group,
+ mode=0755
+ )
+
+ File(metron_storm_dir + '/storm.yaml',
+ content=Template('storm.yaml.j2'),
+ owner=params.metron_user,
+ group=params.metron_group,
+ mode=0755
+ )
+
--- End diff --
Just the properties in here. Couple thoughts as you bring this up.
We probably want to have a ticket to make sure turning off Kerberos works
correctly in the future. The properties in the file (except nimbus.seeds) are
essentially set properties. We need our own client_jaas, and the
storm.thrift.transport has to be there for some reason and that's pretty much
constant on a secure cluster. That should also be made a property that flows
down from Storm.
nimbus.seeds is wrong and I need to carry that over from the actual Storm
property. And I even made sure it was in params_linux and forgot to use it.
> The MPack should function in a kerberized cluster
> -------------------------------------------------
>
> Key: METRON-799
> URL: https://issues.apache.org/jira/browse/METRON-799
> Project: Metron
> Issue Type: Improvement
> Reporter: Casey Stella
> Assignee: Justin Leet
> Labels: kerberos
>
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
