Google Git
Sign in
apache / metron / HEAD / . / metron-deployment / development
tree: afaee6ac98a2326c9302438aa8494aea703033dc [path history] [tgz]
  1. centos6/
  2. centos7/
  3. fastcapa/
  4. ubuntu14/
  5. knox-demo-ldap.ldif
  6. README.md
metron-deployment/development/README.md

Metron Development Environments

This directory contains environments useful for Metron developers. These environments are not intended for proof-of-concept, testing, or production use. These are extremely resource constrained and cannot support anything beyond the most basic work loads.

  • Metron running on CentOS 6
  • Metron running on Ubuntu 14
  • Fastcapa

Vagrant Cachier recommendations

The development boxes are designed to be spun up and destroyed on a regular basis as part of the development cycle. In order to avoid the overhead of re-downloading many of the heavy platform dependencies, Vagrant can use the vagrant-cachier plugin to store package caches between builds. If the plugin has been installed to your vagrant it will be used, and packages will be cached in ~/.vagrant/cache.

Knox Demo LDAP

The development environment can be set up to authenticate against Knox's demo LDAP.

A couple notes

  • A custom LDIF file is used to setup users. This is to get the roles and passwords setup correctly.
  • The demo LDAP uses plaintext passwords with no encryption prefix (e.g. {SSHA}).
  • You may need or want to shut down any or all of the topologies. This is optional, but clears some room

To setup this up, start full dev.

  • In Ambari, add the Knox service (Actions -> +Add Service). Accept all defaults and let it install. The configs that will be set how we need by default are:

    • LDAP URL = ldap://localhost:33389
    • User dn pattern = uid={0},ou=people,dc=hadoop,dc=apache,dc=org
    • LDAP user searchbase = ou=people,dc=hadoop,dc=apache,dc=org
    • Group Search Base = ou=groups,dc=hadoop,dc=apache,dc=org
    • Group Search Filter = member={0}
    • User Base DN = uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
    • User Search Filter is empty
    • User password attribute = userPassword
    • LDAP group role attribute = cn
    • Bind User = uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
    • LDAP Truststore is empty
    • LDAP Truststore Password is empty

  • In the Knox configuration, go to “Advanced users-ldif”. We have a custom ldif file “knox-demo-ldap.ldif” in “metron-deployment/development” that contains a customized variant of the users and groups defined here. Replace the default ldif configuration with the contents of “knox-demo-ldap.ldif”

  • Start the Demo LDAP (In Knox, "Service Actions -> Start Demo LDAP)

  • In Metron‘s configs, we’re going to make two changes

    • Set “LDAP Enabled” to “On”
    • In Security, set “Bind user password” to match the admin user's password from the ldif file (admin-password).

  • Restart the REST application

Now, when you go to Swagger or the UIs, you should be able to give a user and password. “admin” will have the roles ROLE_ADMIN and ROLE_USER, which can be verified via the “/whoami/roles” endpoint in Swagger. Similarly, there is a user “sam” that only has ROLE_USER. A third user, “tom” has neither role.

Common Problems

Mac Mojave - Operation Not Permitted Error

tee: /etc/exports: Operation not permitted on macOS 10.14 Mojave with nfs exports

If you have the Mojave OS or newer, you may run into this issue when running vagrant up. In order to correct this you will need to grant permissions to your relevant terminal application. Navigate to System Preferences -> Security & Privacy -> Privacy and add your terminal application to “Full Disk Access”. See https://github.com/hashicorp/vagrant/issues/10234 for more details.