Github user miharp commented on a diff in the pull request:
https://github.com/apache/metron/pull/605#discussion_r119880076
--- Diff: metron-deployment/Kerberos-manual-setup.md ---
@@ -42,86 +42,87 @@ Setup
1. Stop all Metron topologies. They will be restarted again once Kerberos
has been enabled.
- ```
- for topology in bro snort enrichment indexing; do
- storm kill $topology;
- done
- ```
+ ```
+ for topology in bro snort enrichment indexing; do
+ storm kill $topology;
+ done
+ ```
1. Create the `metron` user's home directory in HDFS.
- ```
- sudo -u hdfs hdfs dfs -mkdir /user/metron
- sudo -u hdfs hdfs dfs -chown metron:hdfs /user/metron
- sudo -u hdfs hdfs dfs -chmod 770 /user/metron
- ```
+ ```
+ sudo -u hdfs hdfs dfs -mkdir /user/metron
+ sudo -u hdfs hdfs dfs -chown metron:hdfs /user/metron
+ sudo -u hdfs hdfs dfs -chmod 770 /user/metron
+ ```
Setup a KDC
-----------
1. Install dependencies.
- ```
- yum -y install krb5-server krb5-libs krb5-workstation
- ```
+ ```
+ yum -y install krb5-server krb5-libs krb5-workstation
+ ```
1. Define the host, `node1`, as the KDC.
- ```
- sed -i 's/kerberos.example.com/node1/g' /etc/krb5.conf
- cp -f /etc/krb5.conf /var/lib/ambari-server/resources/scripts
- ```
+ ```
+ sed -i 's/kerberos.example.com/node1/g' /etc/krb5.conf
+ cp -f /etc/krb5.conf /var/lib/ambari-server/resources/scripts
+ ```
1. Ensure the KDC can issue renewable tickets. This can be necessary on a
real cluster, but should not be on full-dev. In /var/kerberos/krb5kdc/kdc.conf
ensure the following is in the realm section
- ```
- max_renewable_life = 7d
- ```
-
-
-1. Do not copy/paste this full set of commands as the `kdb5_util` command
will not run as expected. Run the commands individually to ensure they all
execute. This step takes a moment. It creates the kerberos database.
- ```
- kdb5_util create -s
+ ```
+ max_renewable_life = 7d
+ ```
- /etc/rc.d/init.d/krb5kdc start
- chkconfig krb5kdc on
+1. Do not copy/paste this full set of commands as the `kdb5_util` command
will not run as expected. Run the commands individually to ensure they all
execute. This step takes a moment. It creates the kerberos database.
- /etc/rc.d/init.d/kadmin start
- chkconfig kadmin on
- ```
+ ```
+ kdb5_util create -s
+ /etc/rc.d/init.d/krb5kdc start
--- End diff --
Might consider using service command to better support OS's transitioning
to systemd
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
