Created 11-08-2017 01:07 PM
Hi,
how can I enable Kafka SASL_PLAINTEXT auth, without enabling Kerberos in general ?!?!
Right now I added the additional "listener" entry and populated the "advanced kafka_jaas_conf" as well as "advanced kafka_client_jaas_conf".
After that the KafkaBrokers won't start up, because of error:
FATAL [Kafka Server 1001], Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer) org.apache.kafka.common.KafkaException: java.lang.IllegalArgumentException: Could not find a 'KafkaServer' entry in the JAAS configuration. System property 'java.security.auth.login.config' is not set
What else needs to be done to provide the required properties to Broker startup as well as to distribute the .jaas files ?
Also it looks like the .jaas files are not being deployed to the kafka nodes, they are not under /usr/hdp/current/kafka-broker/config. Is this functionality missing because of Kerberos is disabled ?!?! I am sure after enabling Kerberos the defined .jaas entries in Ambari will be deployed to the nodes, hence there must be some "hidden" functionality missing in non-Kerberos mode....
Any help appreciated, thanks in advance...
Created 11-08-2017 02:30 PM
In Ambari you cannot pick and choose, either the whole cluster uses kerberos or not and that trigger a number of configuration and keytab creation done automatically.
The only non hacky solution I see is to have a separate ambari cluster for kafka but it's not ideal since each node can only belong to one cluster
Created 05-17-2018 02:23 PM
I also came across this error.
I created the kafka_server_jass.conf manually and put it under directory /usr/hdf/current/kafka-broker/config/. And then In Ambari kafka-env template, add the path to file kafka_server_jass.conf to environment variable KAFKA_OPTS like this:
export KAFKA_OPTS="-Djava.security.auth.login.config=/usr/hdf/current/kafka-broker/config/kafka_server_jaas.conf"
With this settings, kafka broker can start up.