Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Now Live: Explore expert insights and technical deep dives on the new Cloudera Community BlogsRead the Announcement

Ambari Kafka config, how to enable SASL_PLAINTEXT?

Labels:
avatar
author-rank geko
Guru

Created ‎11-08-2017 01:07 PM

Hi,

how can I enable Kafka SASL_PLAINTEXT auth, without enabling Kerberos in general ?!?!

Right now I added the additional "listener" entry and populated the "advanced kafka_jaas_conf" as well as "advanced kafka_client_jaas_conf".

After that the KafkaBrokers won't start up, because of error:

FATAL [Kafka Server 1001], Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)
org.apache.kafka.common.KafkaException: java.lang.IllegalArgumentException: Could not find a 'KafkaServer' entry in the JAAS configuration. System property 'java.security.auth.login.config' is not set

What else needs to be done to provide the required properties to Broker startup as well as to distribute the .jaas files ?

Also it looks like the .jaas files are not being deployed to the kafka nodes, they are not under /usr/hdp/current/kafka-broker/config. Is this functionality missing because of Kerberos is disabled ?!?! I am sure after enabling Kerberos the defined .jaas entries in Ambari will be deployed to the nodes, hence there must be some "hidden" functionality missing in non-Kerberos mode....

Any help appreciated, thanks in advance...

8,367 Views
0 Kudos
2 REPLIES 2

avatar
author-rank gonzalo_herrero
New Member

Created ‎11-08-2017 02:30 PM

In Ambari you cannot pick and choose, either the whole cluster uses kerberos or not and that trigger a number of configuration and keytab creation done automatically.

The only non hacky solution I see is to have a separate ambari cluster for kafka but it's not ideal since each node can only belong to one cluster

6,911 Views
0 Kudos

avatar
author-rank fanhaiqiang
New Member

Created ‎05-17-2018 02:23 PM

I also came across this error.

I created the kafka_server_jass.conf manually and put it under directory /usr/hdf/current/kafka-broker/config/. And then In Ambari kafka-env template, add the path to file kafka_server_jass.conf to environment variable KAFKA_OPTS like this:

export KAFKA_OPTS="-Djava.security.auth.login.config=/usr/hdf/current/kafka-broker/config/kafka_server_jaas.conf"

With this settings, kafka broker can start up.

6,911 Views
0 Kudos
Announcements
Community Announcements
Announcing the Launch of Cloudera Community Blogs
Community Announcements
October / November 2025 Community Highlights
What's New @ Cloudera
Announcing Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
Announcing Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
Welcome to the Cloudera Community!
View More Announcements