Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/510#discussion_r109957525
--- Diff: metron-deployment/vagrant/Kerberos-setup.md ---
@@ -135,71 +135,77 @@ echo "grant 'metron', 'RW', 'enrichment'" | hbase
shell
16. Create a â.stormâ directory in the metron userâs home directory
and switch to that directory.
```
-su metron && cd ~/
-mkdir .storm
-cd .storm
+su metron
+mkdir ~/.storm
+cd ~/.storm
```
17. Create a custom client jaas file. This should look identical to the
Storm client jaas file located in /etc/storm/conf/client_jaas.conf except for
the addition of a Client stanza. The Client stanza is used for Zookeeper. All
quotes and semicolons are necessary.
```
-[metron@node1 .storm]$ cat client_jaas.conf
+cat << EOF > client_jaas.conf
StormClient {
- com.sun.security.auth.module.Krb5LoginModule required
- useTicketCache=true
- renewTicket=true
- serviceName="nimbus";
+ com.sun.security.auth.module.Krb5LoginModule required
+ useTicketCache=true
+ renewTicket=true
+ serviceName="nimbus";
};
Client {
- com.sun.security.auth.module.Krb5LoginModule required
- useKeyTab=true
- keyTab="/etc/security/keytabs/metron.headless.keytab"
- storeKey=true
- useTicketCache=false
- serviceName="zookeeper"
- principal="met...@example.com";
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ keyTab="/etc/security/keytabs/metron.headless.keytab"
+ storeKey=true
+ useTicketCache=false
+ serviceName="zookeeper"
+ principal="met...@example.com";
};
KafkaClient {
- com.sun.security.auth.module.Krb5LoginModule required
- useKeyTab=true
- keyTab="/etc/security/keytabs/metron.headless.keytab"
- storeKey=true
- useTicketCache=false
- serviceName="kafka"
- principal="met...@example.com";
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ keyTab="/etc/security/keytabs/metron.headless.keytab"
+ storeKey=true
+ useTicketCache=false
+ serviceName="kafka"
+ principal="met...@example.com";
};
+EOF
```
18. Create a storm.yaml with jaas file info. Set the array of nimbus hosts
accordingly.
```
-[metron@node1 .storm]$ cat storm.yaml
+cat << EOF > storm.yaml
nimbus.seeds : ['node1']
java.security.auth.login.config : '/home/metron/.storm/client_jaas.conf'
storm.thrift.transport :
'org.apache.storm.security.auth.kerberos.KerberosSaslTransportPlugin'
+EOF
```
19. Create an auxiliary storm configuration json file in the metron
userâs home directory. Note the login config option in the file points to our
custom client_jaas.conf.
```
-cd /home/metron
-[metron@node1 ~]$ cat storm-config.json
+cd
+cat << EOF > storm-config.json
{
"topology.worker.childopts" :
"-Djava.security.auth.login.config=/home/metron/.storm/client_jaas.conf"
}
+EOF
```
20. Setup enrichment and indexing.
a. Modify enrichment.properties -
`${METRON_HOME}/config/enrichment.properties`
```
- kafka.security.protocol=PLAINTEXTSASL
-
topology.worker.childopts=-Djava.security.auth.login.config=/home/metron/.storm/client_jaas.conf
+ [[ $EUID -eq 0 ]] || exit
--- End diff --
Right, like if they are just in the native `vagrant ssh`, which is bad. I
will clean it up to alert and quit the code snippet but not the shell.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
