metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From JonZeolla <>
Subject [GitHub] incubator-metron issue #510: METRON-821 Minor fixes in full dev kerberos set...
Date Fri, 14 Apr 2017 20:26:16 GMT
Github user JonZeolla commented on the issue:
    I think the docs are cleaned up in the way that I intended to do with this PR, but I'm
running into an issue proving that they're successful.  Perhaps someone can provide some feedback?
    [metron@node1 ~]$ curl -XGET "${ZOOKEEPER}:9200/bro*/_count"
    {"count":1740,"_shards":{"total":1,"successful":1,"failed":0}}[metron@node1 ~]$
    [metron@node1 ~]$ kinit -kt /etc/security/keytabs/metron.headless.keytab metron@EXAMPLE.COM
    [metron@node1 ~]$ head -1 sample-bro.txt
(x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/ libidn/1.23 librtmp/2.3","request_body_len":0,"response_body_len":25523,"status_code":200,"status_msg":"OK","tags":[],"resp_fuids":["FJDyMC15lxUn5ngPfd"],"resp_mime_types":["text/html"]}}
    [metron@node1 ~]$ cat sample-bro.txt | ${HDP_HOME}/kafka-broker/bin/
--broker-list ${BROKERLIST}:6667 --security-protocol SASL_PLAINTEXT --topic bro
    [2017-04-14 20:13:07,290] WARN The TGT cannot be renewed beyond the next expiry date:
Sat Apr 15 20:12:58 UTC 2017.This process will not be able to authenticate new SASL connections
after that time (for example, it will not be able to authenticate a new connection with a
Kafka Broker).  Ask your system administrator to either increase the 'renew until' time by
doing : 'modprinc -maxrenewlife null ' within kadmin, or instead, to generate a keytab for
null. Because the TGT's expiry cannot be further extended by refreshing, exiting refresh thread
now. (
    [metron@node1 ~]$ curl -XGET "${ZOOKEEPER}:9200/bro*/_count"
    {"count":1740,"_shards":{"total":1,"successful":1,"failed":0}}[metron@node1 ~]$
    [metron@node1 ~]$ date
    Fri Apr 14 20:13:16 UTC 2017
    [metron@node1 ~]$ date;curl -XGET "${ZOOKEEPER}:9200/bro*/_count"
    Fri Apr 14 20:13:49 UTC 2017
    {"count":1740,"_shards":{"total":1,"successful":1,"failed":0}}[metron@node1 ~]$
    In my storm worker.logs I'm seeing things like:
    org.apache.kafka.common.KafkaException: Failed to construct kafka consumer
            at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(
            at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(
            at org.apache.storm.kafka.spout.KafkaSpout.subscribeKafkaConsumer(
            at org.apache.storm.kafka.spout.KafkaSpout.activate( ~[stormjar.jar:?]
            at org.apache.storm.daemon.executor$fn__6505$fn__6520$fn__6551.invoke(executor.clj:646)
            at org.apache.storm.util$async_loop$fn__554.invoke(util.clj:484) [storm-core-]
            at [clojure-1.7.0.jar:?]
            at [?:1.8.0_77]
    Caused by: java.lang.IllegalArgumentException: No enum constant org.apache.kafka.common.protocol.SecurityProtocol.PLAINTEXTSASL
            at java.lang.Enum.valueOf( ~[?:1.8.0_77]
            at org.apache.kafka.common.protocol.SecurityProtocol.valueOf(
            at org.apache.kafka.common.protocol.SecurityProtocol.forName(
            at org.apache.kafka.clients.ClientUtils.createChannelBuilder(
            at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(
            ... 7 more
    More details [here](

If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at or file a JIRA ticket
with INFRA.

View raw message