metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nickwallen <...@git.apache.org>
Subject [GitHub] incubator-metron pull request #510: METRON-821 Minor fixes in full dev kerbe...
Date Wed, 12 Apr 2017 14:21:29 GMT
Github user nickwallen commented on a diff in the pull request:

    https://github.com/apache/incubator-metron/pull/510#discussion_r111162379
  
    --- Diff: metron-deployment/vagrant/Kerberos-setup.md ---
    @@ -167,39 +167,48 @@ KafkaClient {
        serviceName="kafka"
        principal="metron@EXAMPLE.COM";
     };
    +EOF
       ```
     
     18. Create a storm.yaml with jaas file info. Set the array of nimbus hosts accordingly.
       ```
    -[metron@node1 .storm]$ cat storm.yaml
    +cat << EOF > storm.yaml
     nimbus.seeds : ['node1']
     java.security.auth.login.config : '/home/metron/.storm/client_jaas.conf'
     storm.thrift.transport : 'org.apache.storm.security.auth.kerberos.KerberosSaslTransportPlugin'
    +EOF
       ```
     
     19. Create an auxiliary storm configuration json file in the metron user’s home directory.
Note the login config option in the file points to our custom client_jaas.conf.
       ```
    -cd /home/metron
    -[metron@node1 ~]$ cat storm-config.json
    +cd
    +cat << EOF > storm-config.json
     {
       "topology.worker.childopts" : "-Djava.security.auth.login.config=/home/metron/.storm/client_jaas.conf"
     }
    +EOF
       ```
     
     20. Setup enrichment and indexing.
     
         a. Modify enrichment.properties - `${METRON_HOME}/config/enrichment.properties`
     
         ```
    -    kafka.security.protocol=PLAINTEXTSASL
    -    topology.worker.childopts=-Djava.security.auth.login.config=/home/metron/.storm/client_jaas.conf
    +    if [[ $EUID -ne 0 ]]; then
    +        echo "You must be root to run these commands"
    +    else
    +        sed -i 's/kafka.security.protocol=.*/kafka.security.protocol=PLAINTEXTSASL/'
${METRON_HOME}/config/enrichment.properties
    +        sed -i 's/topology.worker.childopts=.*/topology.worker.childopts=-Djava.security.auth.login.config=\/home\/metron\/.storm\/client_jaas.conf/'
${METRON_HOME}/config/enrichment.properties
    +    fi
         ```
     
         b. Modify elasticsearch.properties - `${METRON_HOME}/config/elasticsearch.properties`
     
         ```
    -    kafka.security.protocol=PLAINTEXTSASL
    -    topology.worker.childopts=-Djava.security.auth.login.config=/home/metron/.storm/client_jaas.conf
    +    sed -i 's/kafka.security.protocol=.*/kafka.security.protocol=PLAINTEXTSASL/' ${METRON_HOME}/config/elasticsearch.properties
    +    sed -i 's/topology.worker.childopts=.*/topology.worker.childopts=-Djava.security.auth.login.config=\/home\/metron\/.storm\/client_jaas.conf/'
${METRON_HOME}/config/elasticsearch.properties
    +    su metron
    --- End diff --
    
    Why `su metron; cd` here?  We could move them to the step that actually needs them done
(maybe the next step) or call them out as a separate step.  Their purpose is not very clear
to me when we tack them onto the end of this step.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message