git clone @github.com:aggress/mesosphere-dcos-smack-installer.git
Change to the project directory
cd mesosphere-dcos-smack-installer
Edit group_vars/all
to set the following:
ad_hostname
- The hostname of your Active Directory serverad_user_password
- Required for testingrealm
- Required for Kerberos principalsssh_user
- The user used to SSH to DC/OS masters, used to setup client testingec2_keypair
- Used to deploy a test Active Directory serverservice_group
- The DC/OS folder to install the Kafka cluster intokafka_cluster_identifier
- A 6 digit numeric identifier for the cluster
dcos cluster setup --insecure <master_ip> --username=<username>
Test the DC/OS cli dcos node
Run make
with no options to review the options.
If you need a test AD server, please read Active Directory first, then spin up AD with:
make ad-deploy
Whether you're using a test AD server or a corporate one, you now need to create the batch script which automates the user, principal and keytab creation.
make ad-keytabs-bat
Copy output/create_keytabs.bat
onto the AD server, run it and copy the generated keytabs back into output
. Again see the Active Directory notes for the quickest way to do this with a test AD server.
- Creates a special certificate required for the l4lb service
- Validates the keytabs in
output/keytabs
- Adds the keytabs as DC/OS secrets
- Adds the Kerberos krb5.conf as a secret
- Adds the client-jaas.conf as secrets
- Adds the (temporary) confluent-aux-universe where the security enabled community packages currently reside
make one-time-setup
Now you're read to deploy a stack. This should be done in the order below as there are dependencies. Zookeeper must come before Kafka and Schema Registry should come before the others.
make install-cp-zookeeper
Watch Ansible do its magic and your new service is deployed. You want to let this complete before moving onto Kafka as it has a dependency on getting the Zookeeper endpoints as does Schema Registry with Kafka.
make install-cp-kafka
make install-cp-schema
make install-cp-rest
make install-cp-connect
make install-cp-control
Or go crazy
make install-cp-stack
After the deployment of a stack, archive all assets - option.jsons, certs, keytabs etc
make archive
This will create an archive directory in output/archive, copy over all the assets from output/{certs,keytabs,options,other}
and remove them from those directories, ready for a fresh deployment.
Edit group_vars/all and change the kafka_cluster_identifier
Now repeat from Active Directory / Kerberos create keytabs