Community Articles
Find and share helpful community-sourced technical articles
Rising Star

This community article assumes that we already have CDH 6.x and Kerberos enabled, in case we have to install Kerberos, please use the document below:

 

https://docs.cloudera.com/documentation/enterprise/6/6.3/topics/cm_sg_intro_kerb.html

 

1. Install a database

In this case, we are using MySQL:

https://docs.cloudera.com/csp/2.0.1/deployment/topics/csp-installing_mysql.html

2. Configure the database for schema registry and SMM

https://docs.cloudera.com/csp/2.0.1/deployment/topics/csp-configuring-schema-registry-metadata-store...

3. Download Schema Registry and SMM parcels

4. Install the Parcels

Install the services in this order:

 

1. Schema Registry

2. SRM (if no SRM installation, avoid this step)

3. SMM

 

https://docs.cloudera.com/csp/2.0.1/deployment/topics/csp-get-parcel-csd.html

5. Distribute and activate the parcels.

  • In Schema registry point “Schema Registry storage connector url” to the mysql hostname. Check “Enable Kerberos Authentication”.
  • Use the database registry password for “Schema Registry storage connector password”

    5.1 For SMM use

    • cm.metrics.host = cloudera manager host
    • cm.metrics.password = cloudera manager UI password
    • cm.metrics.service.name = kafka (default)
    • Streams Messaging Manager storage connector url = jdbc:mysql://FQDN_MYHSQL:3306/streamsmsgmgr
    • Streams Messaging Manager storage connector password = user database password specified
    • Check “Enable Kerberos Authentication”

6. Add Kafka service

  • Check "Enable Kerberos Authentication"

7. Configure and access the SMM UI

  • Property "cm.metrics.service.name" must match with the Kafka service name, by default is "kafka"
  • Create streamsmsgmgr principal in the KDC, example when using MIT KDC
    • kadmin.local
    • add_principal streammsmmgr
  • Finally copy the /etc/krb5.conf to your local machine and get a valid kerberos ticket for streammsmmgr user by using "kinit streammsmmgr" and use the same password chosen for the user creation time.

 

411 Views