Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Advanced Search
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

HDF 3.2.0 Kerberos wrong default config for Kafka

Highlighted

HDF 3.2.0 Kerberos wrong default config for Kafka

rsg
Contributor

Created ‎08-28-2018 12:15 PM

Hello,

it seems like on HDF 3.2.0 installing kerberos and other services afterwards automatically updates security.inter.broker.protocol to the value "PLAINTEXTSASL" which leads to an error while starting Kafka.

The correct value would be SASL_PLAINTEXT.

Probable steps to reproduce, Install HDF, Enable Kerberos, Install Knox, try to start Kafka.

Update: While changing any configuration this message appears in Ambari (and it's clearly an error):

If kerberos is enabled listeners need to contain PLAINTEXTSASL as one of the protocol host and port where kafka broker will be accepting connections. localhost will be substituted with hostname.

Reply
786 Views
0 Kudos
2 REPLIES 2

Re: HDF 3.2.0 Kerberos wrong default config for Kafka

sandyy006
Guru

Created ‎08-29-2018 07:17 AM

@Raffaele S

PLAINTEXTSASL and SASL_PLAINTEXT are actually same. That shouldn't cause broker to go down. Could you please let us know what is the error you saw while starting broker?

Reply
222 Views
0 Kudos

Re: HDF 3.2.0 Kerberos wrong default config for Kafka

rsg
Contributor

Created ‎08-29-2018 08:24 AM

Hello @Sandeep Nemuri

This is the error that I received:

ERROR Exiting Kafka due to fatal exception (kafka.Kafka$) java.lang.IllegalArgumentException: requirement failed: inter.broker.listener.name must be a listener name defined in advertised.listeners. The valid options based on currently configured listeners are SASL_PLAINTEXT,SASL_SSL at scala.Predef$.require(Predef.scala:224) at kafka.server.KafkaConfig.validateValues(KafkaConfig.scala:1374) at kafka.server.KafkaConfig.<init>(KafkaConfig.scala:1350) at kafka.server.KafkaConfig.<init>(KafkaConfig.scala:1010) at kafka.server.KafkaConfig$.fromProps(KafkaConfig.scala:990) at kafka.server.KafkaServerStartable$.fromProps(KafkaServerStartable.scala:28) at kafka.Kafka$.main(Kafka.scala:59) at kafka.Kafka.main(Kafka.scala)

Seems that the two values are not completely interchangeable.

When Ambari automatically changes the configuration, it changes only "security.inter.broker.protocol" and not "listeners". If I manually change "listeners" to the same value included in "security.inter.broker.protocol" everything works.

Let me be more clear:

  1. I started with a Kerberized cluster where Kafka configuration is the following:
    1. "listeners" contains "SASL_PLAINTEXT" and "SASL_SSL"
    2. "security.inter.broker.protocol" contains "SASL_PLAINTEXT"
  2. I installed Knox with the default configuration
  3. Ambari believes "SASL_PLAINTEXT" is not a correct value for "security.inter.broker.protocol" and forcefully changes it to "PLAINTEXTSASL".
  4. Restarting Kafka will lead to the above mentioned error.
  5. Manually modifying "security.inter.broker.protocol" to "SASL_PLAINTEXT" solves the problem (in alternative modifying "listeners" also works)

Thanks

Reply
222 Views
0 Kudos
Don't have an account?
Register
Coming from Hortonworks? Activate your account here