Created on 02-15-2016 03:21 PM
Use case: We want to control the kafka broker, producer and consumer policies using Ranger without having kerberos. "What is a recommended way to set-up policies when trying to control access to Kafka over a non-secure channel?"
Original doc
Demo
I have defined 3 policies as shown below:
Broker, Publisher and Consumer is controlled at IP level. With one click you can revoke the access from the consumer.
Demo commands
Happy Hadooping!!!
Created on 02-15-2016 06:23 PM
Created on 06-15-2016 03:34 PM
Hi Neeraj
I am trying to do exactly the same thing, ie using ranger with a non kerberized Kafka. Unfortunately I have following error :
[root@mykafka kafka]# tail -f kafka.out [2016-06-15 15:45:34,002] WARN got exception trying to get groups for user ANONYMOUS: id: ANONYMOUS: no such user (org.apache.hadoop.security.ShellBasedUnixGroupsMapping) [2016-06-15 15:45:34,002] WARN No groups available for user ANONYMOUS (org.apache.hadoop.security.UserGroupInformation)
The public group should be mapped to an ANONYMOUS user.
Did you do something special to declare it manually within ranger ? Can you share the list of declared users within ranger ?
Thx in advance. Regards
Created on 06-15-2016 08:51 PM
Hum... It seems that I have to use the new publisher and consumer API, and not the old one. Now it works but I still have warnings in kafka.out... With 6 lines of warning every second, I will quickly have a problem.
Created on 07-18-2016 06:54 PM
Hi Neeraj,
I'm experiencing the same issue as "easyoups". Do you have work around?
Created on 09-08-2016 11:14 AM
Hi,
I had the same Exception.
I solved the problem by creating the User ANONYMOUS on the kafka broker nodes.
Created on 10-08-2016 08:00 AM
Hi Neeraj,Can you tell me your ranger and kafka version ?Thank you
Created on 11-15-2016 07:15 PM
- i'm having issues in getting this to work,
attaching the link with the problem summary.
could you help resolve this issue ? Thnx.
Created on 03-31-2017 06:28 AM
Hi, does it mean that ranger kafka plugin can not define policy among users, and only among hosts?