Community Articles
Find and share helpful community-sourced technical articles
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.
Labels (1)

Use case: We want to control the kafka broker, producer and consumer policies using Ranger without having kerberos. "What is a recommended way to set-up policies when trying to control access to Kafka over a non-secure channel?"

Original doc

Demo

I have defined 3 policies as shown below:

Broker, Publisher and Consumer is controlled at IP level. With one click you can revoke the access from the consumer.

Demo commands

Happy Hadooping!!!

4,246 Views
Comments
New Contributor

Hi Neeraj

I am trying to do exactly the same thing, ie using ranger with a non kerberized Kafka. Unfortunately I have following error :

[root@mykafka kafka]# tail -f kafka.out
[2016-06-15 15:45:34,002] WARN got exception trying to get groups for user ANONYMOUS: id: ANONYMOUS: no such user (org.apache.hadoop.security.ShellBasedUnixGroupsMapping)
[2016-06-15 15:45:34,002] WARN No groups available for user ANONYMOUS (org.apache.hadoop.security.UserGroupInformation)

The public group should be mapped to an ANONYMOUS user.

https://cwiki.apache.org/confluence/display/RANGER/Kafka+Plugin#KafkaPlugin-Whydowehavetospecifypubl...?

Did you do something special to declare it manually within ranger ? Can you share the list of declared users within ranger ?

Thx in advance. Regards

New Contributor

Hum... It seems that I have to use the new publisher and consumer API, and not the old one. Now it works but I still have warnings in kafka.out... With 6 lines of warning every second, I will quickly have a problem.

Contributor

Hi Neeraj,

I'm experiencing the same issue as "easyoups". Do you have work around?

New Contributor

Hi,

I had the same Exception.

I solved the problem by creating the User ANONYMOUS on the kafka broker nodes.

Contributor

Hi Neeraj,Can you tell me your ranger and kafka version ?Thank you

Expert Contributor

@Neeraj Sabharwal

- i'm having issues in getting this to work,

attaching the link with the problem summary.

https://community.hortonworks.com/questions/65928/setting-up-kafka-securty-using-apache-ranger.html#...

could you help resolve this issue ? Thnx.

Contributor

Hi, does it mean that ranger kafka plugin can not define policy among users, and only among hosts?

Don't have an account?
Coming from Hortonworks? Activate your account here
Version history
Revision #:
1 of 1
Last update:
‎02-15-2016 03:21 PM
Updated by:
 
Contributors
Top Kudoed Authors