Github user justinleet commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/518#discussion_r110385783
--- Diff:
metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/indexing_commands.py
---
@@ -72,55 +93,46 @@ def remote_repo():
raise ValueError("Unsupported repo type
'{0}'".format(repo_type))
def init_kafka_topics(self):
- Logger.info('Creating Kafka topics')
- command_template = """{0}/kafka-topics.sh \
- --zookeeper {1} \
- --create \
- --topic {2} \
- --partitions {3} \
- --replication-factor {4} \
- --config retention.bytes={5}"""
- num_partitions = 1
- replication_factor = 1
- retention_gigabytes = int(self.__params.metron_topic_retention)
- retention_bytes = retention_gigabytes * 1024 * 1024 * 1024
- Logger.info("Creating topics for indexing")
-
- Logger.info("Creating topic'{0}'".format(self.__indexing))
- Execute(command_template.format(self.__params.kafka_bin_dir,
- self.__params.zookeeper_quorum,
- self.__indexing,
- num_partitions,
- replication_factor,
- retention_bytes))
- Logger.info("Done creating Kafka topics")
+ Logger.info('Creating Kafka topics for indexing')
+ metron_service.init_kafka_topics(self.__params, [self.__indexing])
+
+ def init_kafka_acls(self):
+ Logger.info('Creating Kafka ACLs')
+ # Indexed topic names matches the group
+ metron_service.init_kafka_acls(self.__params, [self.__indexing],
[self.__indexing])
def init_hdfs_dir(self):
- Logger.info('Creating HDFS indexing directory')
+ Logger.info('Setting up HDFS indexing directory')
+
+ # Non Kerberized Metron runs under 'storm', requiring write under
the 'hadoop' group.
+ # Kerberized Metron runs under it's own user.
+ ownership = 0755 if self.__params.security_enabled else 0775
+ Logger.info('HDFS indexing directory ownership is: ' +
str(ownership))
self.__params.HdfsResource(self.__params.metron_apps_indexed_hdfs_dir,
type="directory",
action="create_on_execute",
owner=self.__params.metron_user,
group=self.__params.hadoop_group,
--- End diff --
I decided not to mess with it. If we have a preference on it not being
owned by metron:hadoop, we can go ahead and do that, but I think we probably
need a more thorough discussion of how we want all that owned and permissioned
anyway. Leaving it only readable seemed like a reasonable compromise for now.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
