You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@metron.apache.org by GitBox <gi...@apache.org> on 2019/10/03 03:29:21 UTC
[GitHub] [metron] tigerquoll edited a comment on issue #1519: METRON-2265:
Update Kerberos settings
tigerquoll edited a comment on issue #1519: METRON-2265: Update Kerberos settings
URL: https://github.com/apache/metron/pull/1519#issuecomment-537767880
Ok,
I can get kerberos Metron processing data with this PR. The jars and everything appear OK, it was the contained deployment instructions that were causing me grief.
I had to deviate from the provided "metron-deployment/Kerberos-manual-setup.md" file in the following ways (Can somebody update the markup file in the PR or will there need to be a new PR for that markup changes?)
### Initial environment:
source /etc/default/metron
export KAFKA_HOME="/usr/hdp/current/kafka-broker"
export BROKERLIST=node1:6667
export HDP_HOME="/usr/hdp/current"
export KAFKA_HOME="${HDP_HOME}/kafka-broker"
export CLIENT_JAAS_ARG=/etc/kafka/conf/kafka_client_jaas.conf
export KAFKA_SECURITY_PROTOCOL=SASL_PLAINTEXT
export ELASTICSEARCH=node1:9200
export KAFKA_OPTS="-Djava.security.auth.login.config=$CLIENT_JAAS_ARG"
### Verify KDC
Step 2:
add
kinit metron
before
klist -f
### Enable kerberos
Step 3:
metron.headless.keytab appears to already be generated
so add to start of step 3:
rm metron.headless.keytab
change:
cp metron.headless.keytab /etc/security/keytabs
to:
cp -n metron.headless.keytab /etc/security/keytabs
### Kafka Authorization:
The Metron user does not have permissions to edit ACLs, The Kafka Service account does have permissions, so we can temporarily use that keytab to add ACLS.
Add to start of Step 3:
export CLIENT_JAAS_ARG=/etc/kafka/conf/kafka_jaas.conf
export KAFKA_OPTS="-Djava.security.auth.login.config=$CLIENT_JAAS_ARG"
### Storm Authoriszation
An additional step should be done before the others
`su metron -`
Step 7 requires root access
so add
exit
id
<confirm root account>
source /etc/default/metron
before proceeding with the rest of the script
### Start metron
Step 1:
add source /etc/default/metron
### Push Data
remove
export KAFKA_OPTS=$CLIENT_JAAS_ARG
Add
source /etc/default/metron
export ELASTICSEARCH=node1:9200
export KAFKA_SECURITY_PROTOCOL=SASL_PLAINTEXT
export KAFKA_HOME="/usr/hdp/current/kafka-broker"
export CLIENT_JAAS_ARG=/etc/kafka/conf/kafka_client_jaas.conf
export KAFKA_OPTS="-Djava.security.auth.login.config=$CLIENT_JAAS_ARG"
Add
curl -XGET "${ELASTICSEARCH}/bro*/_count"
before the dumping new sample data to kafka to get the count before hand for comparison purposes.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services