Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Ambari Kafka config, how to enable SASL_PLAINTEXT?

Labels:
avatar
author-rank geko
Guru

Created ‎11-08-2017 01:07 PM

Hi,

how can I enable Kafka SASL_PLAINTEXT auth, without enabling Kerberos in general ?!?!

Right now I added the additional "listener" entry and populated the "advanced kafka_jaas_conf" as well as "advanced kafka_client_jaas_conf".

After that the KafkaBrokers won't start up, because of error:

FATAL [Kafka Server 1001], Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)
org.apache.kafka.common.KafkaException: java.lang.IllegalArgumentException: Could not find a 'KafkaServer' entry in the JAAS configuration. System property 'java.security.auth.login.config' is not set

What else needs to be done to provide the required properties to Broker startup as well as to distribute the .jaas files ?

Also it looks like the .jaas files are not being deployed to the kafka nodes, they are not under /usr/hdp/current/kafka-broker/config. Is this functionality missing because of Kerberos is disabled ?!?! I am sure after enabling Kerberos the defined .jaas entries in Ambari will be deployed to the nodes, hence there must be some "hidden" functionality missing in non-Kerberos mode....

Any help appreciated, thanks in advance...

5,849 Views
0 Kudos
2 REPLIES 2

avatar
author-rank gonzalo_herrero
Contributor

Created ‎11-08-2017 02:30 PM

In Ambari you cannot pick and choose, either the whole cluster uses kerberos or not and that trigger a number of configuration and keytab creation done automatically.

The only non hacky solution I see is to have a separate ambari cluster for kafka but it's not ideal since each node can only belong to one cluster

4,393 Views
0 Kudos

avatar
author-rank fanhaiqiang
Contributor

Created ‎05-17-2018 02:23 PM

I also came across this error.

I created the kafka_server_jass.conf manually and put it under directory /usr/hdf/current/kafka-broker/config/. And then In Ambari kafka-env template, add the path to file kafka_server_jass.conf to environment variable KAFKA_OPTS like this:

export KAFKA_OPTS="-Djava.security.auth.login.config=/usr/hdf/current/kafka-broker/config/kafka_server_jaas.conf"

With this settings, kafka broker can start up.

4,393 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements