Why Ambari is setting the security protocol of the kafka to PLAINTEXTSASL instead of SASL_PLAINTEXT?

个问题,截止 Param NC 2017年02月26日 08:36 kerberosKafka

Hi All ,

During Kerboraizing the kafka using the Ambari , it is setting the kafka security protocol to PLAINTEXTSASL instead of SASL_PLAINTEXT, but everywhere in the document is it mentioned that it must be SASL_PLAINTEXT , I have few questions regarding this .

1. Why Ambari setting the security protocol to PLAINTEXTSASL , is it a bug ?

2. Even though we are able to produce and consume the messages from program written in java.

But in the producer we are setting the security protocol to PLAINTEXTSASL, and in the consumer SASL_PLAINTEXT , it is working fine , Question is how come it is working fine when actual protocol is just PLAINTEXTSASL.

Thanks in Advance ,

Param.

 
 
 1
最佳解答

个解答,截止Sriharsha Chintalapani  · 2017年02月26日 18:20

@Param NC Kafka security is developed by Hortonworks. Before it shipped into Apache Kafka we shipped it in HDP. At that time we called the SASL protocol as PLAINTEXTSASL which later changed SASL_PLAINTEXT. These protocols are synonymous so you can use them interchangeably. Older version of AMBARI still calls it as PLAINTEXTSASL which will be changing to SASL_PLAINTEXT in upcoming version.

In your case, producer & consumer are working because PLAINTEXTSASL or SASL_PLAINTEXT means the same thing and can be used interchangeably. For consistency purpose , we recommend you to use SASL_PLAINTEXT everywhere.

 
 
 3  隐藏 2 · 分享
 

Thanks for the response I very much agree to you answer .

 

Hello Sriharsha, just a quick question. When I use confluentinc kafka rest proxy in company's HDP 2.5.3 cluster, I run into the error "No security protocol defined for listener PLAINTEXTSASL" and "broker info from zookeeper cannot be parsed". I guess that is because PLAINTEXTSASL cannot be recognized by other frameworks, though producer and consumer can work within HDP. Is there any way solving this problem?

 

个解答,截止bpreachuk  · 2017年06月28日 11:17

We encountered a similar issue when upgrading our Ambari from 2.4 to 2.5. Our Kafka brokers would not restart.

Here was the error message:

  1. /var/log/kafka/server.log.2017-06-27-19:java.lang.IllegalArgumentException: requirement failed: security.inter.broker.protocol must be a protocol in the configured set of advertised.listeners. The valid options based on currently configured protocols are Set(SASL_PLAINTEXT)

We had specified PLAINTEXTSASL as the SASL protocol in the configuration.

To fix this we changed the following configuration in Custom kafka-broker:

  1. security.inter.broker.protocol=SASL_PLAINTEXT
 
 
 0 · 分享
 
 

个解答,截止Sriharsha Chintalapani  · 2017年03月14日 21:38

@Qingyang Kong

Kafka rest proxy uses old client apis, which are not supported in secure cluster in Apache. However HDP kafka supports security in old consumer apis. To enable this you need to build kafka rest proxy code with HDP kafka_core dependency and pass a KafkaClient jaas config to your kafka rest server JVM.

 
 

最新文章

  1. C标准I/O库函数与Unbuffered I/O函数
  2. python【6】-函数式编程
  3. NET中的Memcached.ClientLibrary使用详解
  4. eclipse 编译android程序 编译错误
  5. saiku执行速度优化二
  6. Cobbler批量安装Ubuntu/CentOS系统
  7. CodeForces - 420A (字符对称问题)
  8. 分布式PostGIS系列【2】——pgpool-II
  9. [改善Java代码]列表相等只需关系元素数据
  10. 网易JS面试题与Javascript词法作用域说明
  11. Java随机输出验证码包含数字、字母、汉字
  12. Linux/Mac OS 下 批量提交 新增文件到SVN 服务器
  13. WCF配置文件的问题(位置)
  14. github提交代码到服务器的方法
  15. Hibernate缓存集成IMDG
  16. PHP删除当前目录及其目录下的所有文件
  17. VMware克隆虚拟机后无法启动网卡
  18. cogs1538 [AHOI2005]LANE 航线规划
  19. .NET基础 (21)ASP NET应用开发
  20. IE8实现媒体查询

热门文章

  1. 排错:Windows系统异常导致Filebeat无法正常运行
  2. springboot实现数据库中数据导出Excel功能
  3. java中并发下的集合类
  4. Oracle和Mysql获取uuid的方法对比
  5. 聊聊Mysql索引和redis跳表
  6. 由ODI初始化资料档案库(RUC)引起修改ORACLE字符集(ZHS16GBK-AL32UTF8)
  7. 学习ASP.NET Core Razor 编程系列十三——文件上传功能(一)
  8. ASP.NET Core 使用 Google 验证码(reCAPTCHA v3)代替传统验证码
  9. XSS 绕过技术
  10. SLAM+语音机器人DIY系列:(三)感知与大脑——2.带自校准九轴数据融合IMU惯性传感器