metron-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Merriman <merrim...@gmail.com>
Subject Re: Logging Into Metron UIs On Kerberized Cluster?
Date Thu, 22 Feb 2018 00:29:54 GMT
Anything in the rest logs?  Is this a production install?

> On Feb 21, 2018, at 5:53 PM, David McGinnis <mcginnisd@avalonconsult.com> wrote:
> 
> OK, did this, added a simple username/password combo, as well as an entry in authorities
with ROLE_USER, and restarted the two UIs as well as the REST. I am still not able to log
in using these credentials with a "login failed" error.
> 
>> On Wed, Feb 21, 2018 at 5:24 PM, Ryan Merriman <merrimanr@gmail.com> wrote:
>> Ah I see.  Yes the tables only get created automatically for MySQL.  You will have
to create them yourself in postgres.  Here is the create statement for mysql that you should
be able to map to postgres:  https://github.com/apache/metron/blob/master/metron-interface/metron-rest/src/main/resources/schema-mysql.sql.
 
>> 
>>> On Wed, Feb 21, 2018 at 5:15 PM, David McGinnis <mcginnisd@avalonconsult.com>
wrote:
>>> I had originally created a database named metron and pointed the JDBC connection
string to that. I have created a new database named metronrest, and pointed the JDBC connection
string to use this. After restarting, the only table in the database is the alertprofile table
mentioned before, with no rows. I have verified that as the metron user I can log into psql,
create tables in the database, insert data, select it, and then drop the table. 
>>> 
>>> Note I'm using postgres and not mysql (which seem to be the default for Metron).
Is there a chance this could be causing an issue?
>>> 
>>>> On Wed, Feb 21, 2018 at 1:49 PM, Ryan Merriman <merrimanr@gmail.com>
wrote:
>>>> Did you create the metronrest database and permission it?  The tables should
get created automatically when you start REST.
>>>> 
>>>>> On Wed, Feb 21, 2018 at 1:46 PM, David McGinnis <mcginnisd@avalonconsult.com>
wrote:
>>>>> OK, that makes sense, thanks Ryan. I followed the steps mentioned above,
but no table has been created for users or authorities. The only table I see in the metron
database is 'alertprofile'. Do you have a schema somewhere documented which those tables should
have that I should use to create the tables, or is something supposed to automatically create
those tables and just currently isn't?
>>>>> 
>>>>>> On Wed, Feb 21, 2018 at 1:37 PM, Ryan Merriman <merrimanr@gmail.com>
wrote:
>>>>>> David,
>>>>>> 
>>>>>> Authentication in our UIs is not as seamless as it should be yet.
 Kerberos authentication is on the road map.  For now you need to load your credentials into
the appropriate security RDMBS tables.  Instructions are in the REST README:  https://github.com/apache/metron/tree/master/metron-interface/metron-rest#metron-rest.
 Specifically, these are the steps you should follow:
>>>>>> Either identify or setup a new SQL database for REST:  https://github.com/apache/metron/tree/master/metron-interface/metron-rest#manual-install
>>>>>> For steps 4 through 6 of those instructions, you should use Ambari
instead to configure the JDBC parameters and start REST
>>>>>>  Add users to the appropriate tables as described in https://github.com/apache/metron/tree/master/metron-interface/metron-rest#authentication
>>>>>> Let us know if you hit any issues.
>>>>>> 
>>>>>>> On Wed, Feb 21, 2018 at 9:44 AM, David McGinnis <mcginnisd@avalonconsult.com>
wrote:
>>>>>>> All,
>>>>>>> 
>>>>>>> I have a kerberized HDP 2.6.3 cluster which I have installed
Metron on through an MPack. I am using code straight from the master branch of the github
as of last week. 
>>>>>>> 
>>>>>>> When I try to log into the Alerts UI or the Management UI, I
seem to be unable to do so. I have tried using Kerberos credentials, local host credentials
(mostly the same thanks to SSSD) and the test accounts mentioned in some documentation (admin/password
and user/password in particular). I also examined the backing database (Postgres in my case)
to see if there might be some users there that have been configured, but no table has been
created there. No errors have appeared in the logs for either UI as far as I can tell. My
assumption was that my kerberos principal would work here, but it doesn't seem to. 
>>>>>>> 
>>>>>>> Any ideas on where to look for errors that might be occurring,
or configurations that need to be set in order to allow for log into the system properly?
>>>>>>> 
>>>>>>> -- 
>>>>>>> David McGinnis
>>>>>>> Staff Hadoop Consultant | Avalon Consulting, LLC
>>>>>>> M: (513) 439-0082
>>>>>>> LinkedIn | Google+ | Twitter
>>>>>>> -------------------------------------------------------------------------------------------------------------
>>>>>>> This message (including any attachments) contains confidential
information 
>>>>>>> intended for a specific individual and purpose, and is protected
by law. If 
>>>>>>> you are not the intended recipient, you should delete this message.
Any 
>>>>>>> disclosure, copying, or distribution of this message, or the
taking of any 
>>>>>>> action based on it, is strictly prohibited.
>>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> -- 
>>>>> David McGinnis
>>>>> Staff Hadoop Consultant | Avalon Consulting, LLC
>>>>> M: (513) 439-0082
>>>>> LinkedIn | Google+ | Twitter
>>>>> -------------------------------------------------------------------------------------------------------------
>>>>> This message (including any attachments) contains confidential information

>>>>> intended for a specific individual and purpose, and is protected by law.
If 
>>>>> you are not the intended recipient, you should delete this message. Any

>>>>> disclosure, copying, or distribution of this message, or the taking of
any 
>>>>> action based on it, is strictly prohibited.
>>>> 
>>> 
>>> 
>>> 
>>> -- 
>>> David McGinnis
>>> Staff Hadoop Consultant | Avalon Consulting, LLC
>>> M: (513) 439-0082
>>> LinkedIn | Google+ | Twitter
>>> -------------------------------------------------------------------------------------------------------------
>>> This message (including any attachments) contains confidential information 
>>> intended for a specific individual and purpose, and is protected by law. If 
>>> you are not the intended recipient, you should delete this message. Any 
>>> disclosure, copying, or distribution of this message, or the taking of any 
>>> action based on it, is strictly prohibited.
>> 
> 
> 
> 
> -- 
> David McGinnis
> Staff Hadoop Consultant | Avalon Consulting, LLC
> M: (513) 439-0082
> LinkedIn | Google+ | Twitter
> -------------------------------------------------------------------------------------------------------------
> This message (including any attachments) contains confidential information 
> intended for a specific individual and purpose, and is protected by law. If 
> you are not the intended recipient, you should delete this message. Any 
> disclosure, copying, or distribution of this message, or the taking of any 
> action based on it, is strictly prohibited.

Mime
View raw message