You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@metron.apache.org by ni...@apache.org on 2017/04/10 18:54:33 UTC
incubator-metron git commit: METRON-829 Use Fastcapa with Kerberos
(nickwallen) closes apache/incubator-metron#514
Repository: incubator-metron
Updated Branches:
refs/heads/master ab80e7b18 -> 7c1a56549
METRON-829 Use Fastcapa with Kerberos (nickwallen) closes apache/incubator-metron#514
Project: http://git-wip-us.apache.org/repos/asf/incubator-metron/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-metron/commit/7c1a5654
Tree: http://git-wip-us.apache.org/repos/asf/incubator-metron/tree/7c1a5654
Diff: http://git-wip-us.apache.org/repos/asf/incubator-metron/diff/7c1a5654
Branch: refs/heads/master
Commit: 7c1a56549cf99b013aa2f6022121dc6ff581c0fd
Parents: ab80e7b
Author: nickwallen <ni...@nickallen.org>
Authored: Mon Apr 10 14:54:05 2017 -0400
Committer: nickallen <ni...@apache.org>
Committed: Mon Apr 10 14:54:05 2017 -0400
----------------------------------------------------------------------
metron-sensors/fastcapa/README.md | 55 ++++++++++++++++++++++++++++++++++
1 file changed, 55 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/7c1a5654/metron-sensors/fastcapa/README.md
----------------------------------------------------------------------
diff --git a/metron-sensors/fastcapa/README.md b/metron-sensors/fastcapa/README.md
index 74e7809..5efdb3f 100644
--- a/metron-sensors/fastcapa/README.md
+++ b/metron-sensors/fastcapa/README.md
@@ -9,6 +9,9 @@ Fastcapa leverages the Data Plane Development Kit ([DPDK](http://dpdk.org/)). D
* [Requirements](#requirements)
* [Installation](#installation)
* [Usage](#usage)
+ * [Parameters](#parameters)
+ * [Output](#output)
+ * [Kerberos](#kerberos)
* [How It Works](#how-it-works)
* [Performance](#performance)
* [FAQs](#faqs)
@@ -181,6 +184,7 @@ The probe has been tested with [Librdkafka 0.9.4](https://github.com/edenhill/li
cd incubator-metron/metron-sensors/fastcapa
make
```
+
Usage
-----
@@ -316,6 +320,57 @@ When running the probe some basic counters are output to stdout. Of course duri
* `[kaf]` + `out`: A total of 7 packets has successfully reached Kafka.
* `[kaf]` + `queued`: There is 1 packet within the `rdkafka` queue waiting to be sent.
+### Kerberos
+
+The probe can be used in a Kerberized environment. Follow these additional steps to use Fastcapa with Kerberos. The following assumptions have been made. These may need altered to fit your environment.
+
+* The Kafka broker is at `kafka1:6667`
+* Zookeeper is at `zookeeper1:2181`
+* The Kafka security protocol is `SASL_PLAINTEXT`
+* The keytab used is located at `/etc/security/keytabs/metron.headless.keytab`
+* The service principal is `metron@EXAMPLE.COM`
+
+1. Build Librdkafka with SASL support (` --enable-sasl`).
+ ```
+ wget https://github.com/edenhill/librdkafka/archive/v0.9.4.tar.gz -O - | tar -xz
+ cd librdkafka-0.9.4/
+ ./configure --prefix=$RDK_PREFIX --enable-sasl
+ make
+ make install
+ ```
+
+1. Validate Librdkafka does indeed support SASL. Run the following command and ensure that `sasl` is returned as a built-in feature.
+ ```
+ $ examples/rdkafka_example -X builtin.features
+ builtin.features = gzip,snappy,ssl,sasl,regex
+ ```
+
+ If it is not, ensure that you have `libsasl` or `libsasl2` installed. On CentOS, this can be installed with the following command.
+ ```
+ yum install -y cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi
+ ```
+
+1. Grant access to your Kafka topic. In this example, it is simply named `pcap`.
+ ```
+ $KAFKA_HOME/bin/kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer \
+ --authorizer-properties zookeeper.connect=zookeeper1:2181 \
+ --add --allow-principal User:metron --topic pcap
+ ```
+
+1. Obtain a Kerberos ticket.
+ ```
+ kinit -kt /etc/security/keytabs/metron.headless.keytab metron@EXAMPLE.COM
+ ```
+
+1. Add the following additional configuration values to your Fastcapa configuration file.
+ ```
+ security.protocol = SASL_PLAINTEXT
+ sasl.kerberos.keytab = /etc/security/keytabs/metron.headless.keytab
+ sasl.kerberos.principal = metron@EXAMPLE.COM
+ ```
+
+1. Now run Fastcapa as you normally would. It should have no problem landing packets in your kerberized Kafka broker.
+
How It Works
------