Anything in the rest logs? Is this a production install?
> On Feb 21, 2018, at 5:53 PM, David McGinnis <mcginn...@avalonconsult.com> > wrote: > > OK, did this, added a simple username/password combo, as well as an entry in > authorities with ROLE_USER, and restarted the two UIs as well as the REST. I > am still not able to log in using these credentials with a "login failed" > error. > >> On Wed, Feb 21, 2018 at 5:24 PM, Ryan Merriman <merrim...@gmail.com> wrote: >> Ah I see. Yes the tables only get created automatically for MySQL. You >> will have to create them yourself in postgres. Here is the create statement >> for mysql that you should be able to map to postgres: >> https://github.com/apache/metron/blob/master/metron-interface/metron-rest/src/main/resources/schema-mysql.sql. >> >> >>> On Wed, Feb 21, 2018 at 5:15 PM, David McGinnis >>> <mcginn...@avalonconsult.com> wrote: >>> I had originally created a database named metron and pointed the JDBC >>> connection string to that. I have created a new database named metronrest, >>> and pointed the JDBC connection string to use this. After restarting, the >>> only table in the database is the alertprofile table mentioned before, with >>> no rows. I have verified that as the metron user I can log into psql, >>> create tables in the database, insert data, select it, and then drop the >>> table. >>> >>> Note I'm using postgres and not mysql (which seem to be the default for >>> Metron). Is there a chance this could be causing an issue? >>> >>>> On Wed, Feb 21, 2018 at 1:49 PM, Ryan Merriman <merrim...@gmail.com> wrote: >>>> Did you create the metronrest database and permission it? The tables >>>> should get created automatically when you start REST. >>>> >>>>> On Wed, Feb 21, 2018 at 1:46 PM, David McGinnis >>>>> <mcginn...@avalonconsult.com> wrote: >>>>> OK, that makes sense, thanks Ryan. I followed the steps mentioned above, >>>>> but no table has been created for users or authorities. The only table I >>>>> see in the metron database is 'alertprofile'. Do you have a schema >>>>> somewhere documented which those tables should have that I should use to >>>>> create the tables, or is something supposed to automatically create those >>>>> tables and just currently isn't? >>>>> >>>>>> On Wed, Feb 21, 2018 at 1:37 PM, Ryan Merriman <merrim...@gmail.com> >>>>>> wrote: >>>>>> David, >>>>>> >>>>>> Authentication in our UIs is not as seamless as it should be yet. >>>>>> Kerberos authentication is on the road map. For now you need to load >>>>>> your credentials into the appropriate security RDMBS tables. >>>>>> Instructions are in the REST README: >>>>>> https://github.com/apache/metron/tree/master/metron-interface/metron-rest#metron-rest. >>>>>> Specifically, these are the steps you should follow: >>>>>> Either identify or setup a new SQL database for REST: >>>>>> https://github.com/apache/metron/tree/master/metron-interface/metron-rest#manual-install >>>>>> For steps 4 through 6 of those instructions, you should use Ambari >>>>>> instead to configure the JDBC parameters and start REST >>>>>> Add users to the appropriate tables as described in >>>>>> https://github.com/apache/metron/tree/master/metron-interface/metron-rest#authentication >>>>>> Let us know if you hit any issues. >>>>>> >>>>>>> On Wed, Feb 21, 2018 at 9:44 AM, David McGinnis >>>>>>> <mcginn...@avalonconsult.com> wrote: >>>>>>> All, >>>>>>> >>>>>>> I have a kerberized HDP 2.6.3 cluster which I have installed Metron on >>>>>>> through an MPack. I am using code straight from the master branch of >>>>>>> the github as of last week. >>>>>>> >>>>>>> When I try to log into the Alerts UI or the Management UI, I seem to be >>>>>>> unable to do so. I have tried using Kerberos credentials, local host >>>>>>> credentials (mostly the same thanks to SSSD) and the test accounts >>>>>>> mentioned in some documentation (admin/password and user/password in >>>>>>> particular). I also examined the backing database (Postgres in my case) >>>>>>> to see if there might be some users there that have been configured, >>>>>>> but no table has been created there. No errors have appeared in the >>>>>>> logs for either UI as far as I can tell. My assumption was that my >>>>>>> kerberos principal would work here, but it doesn't seem to. >>>>>>> >>>>>>> Any ideas on where to look for errors that might be occurring, or >>>>>>> configurations that need to be set in order to allow for log into the >>>>>>> system properly? >>>>>>> >>>>>>> -- >>>>>>> David McGinnis >>>>>>> Staff Hadoop Consultant | Avalon Consulting, LLC >>>>>>> M: (513) 439-0082 >>>>>>> LinkedIn | Google+ | Twitter >>>>>>> ------------------------------------------------------------------------------------------------------------- >>>>>>> This message (including any attachments) contains confidential >>>>>>> information >>>>>>> intended for a specific individual and purpose, and is protected by >>>>>>> law. If >>>>>>> you are not the intended recipient, you should delete this message. Any >>>>>>> disclosure, copying, or distribution of this message, or the taking of >>>>>>> any >>>>>>> action based on it, is strictly prohibited. >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> David McGinnis >>>>> Staff Hadoop Consultant | Avalon Consulting, LLC >>>>> M: (513) 439-0082 >>>>> LinkedIn | Google+ | Twitter >>>>> ------------------------------------------------------------------------------------------------------------- >>>>> This message (including any attachments) contains confidential >>>>> information >>>>> intended for a specific individual and purpose, and is protected by law. >>>>> If >>>>> you are not the intended recipient, you should delete this message. Any >>>>> disclosure, copying, or distribution of this message, or the taking of >>>>> any >>>>> action based on it, is strictly prohibited. >>>> >>> >>> >>> >>> -- >>> David McGinnis >>> Staff Hadoop Consultant | Avalon Consulting, LLC >>> M: (513) 439-0082 >>> LinkedIn | Google+ | Twitter >>> ------------------------------------------------------------------------------------------------------------- >>> This message (including any attachments) contains confidential information >>> intended for a specific individual and purpose, and is protected by law. If >>> you are not the intended recipient, you should delete this message. Any >>> disclosure, copying, or distribution of this message, or the taking of any >>> action based on it, is strictly prohibited. >> > > > > -- > David McGinnis > Staff Hadoop Consultant | Avalon Consulting, LLC > M: (513) 439-0082 > LinkedIn | Google+ | Twitter > ------------------------------------------------------------------------------------------------------------- > This message (including any attachments) contains confidential information > intended for a specific individual and purpose, and is protected by law. If > you are not the intended recipient, you should delete this message. Any > disclosure, copying, or distribution of this message, or the taking of any > action based on it, is strictly prohibited.