Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

HDF 3.2.0 Kerberos wrong default config for Kafka

rsg
Contributor

Created ‎08-28-2018 12:15 PM

Hello,

it seems like on HDF 3.2.0 installing kerberos and other services afterwards automatically updates security.inter.broker.protocol to the value "PLAINTEXTSASL" which leads to an error while starting Kafka.

The correct value would be SASL_PLAINTEXT.

Probable steps to reproduce, Install HDF, Enable Kerberos, Install Knox, try to start Kafka.

Update: While changing any configuration this message appears in Ambari (and it's clearly an error):

If kerberos is enabled listeners need to contain PLAINTEXTSASL as one of the protocol host and port where kafka broker will be accepting connections. localhost will be substituted with hostname.

1,638 Views
0 Kudos
2 REPLIES 2

sandyy006
Guru

Created ‎08-29-2018 07:17 AM

@Raffaele S

PLAINTEXTSASL and SASL_PLAINTEXT are actually same. That shouldn't cause broker to go down. Could you please let us know what is the error you saw while starting broker?

1,074 Views
0 Kudos

rsg
Contributor

Created ‎08-29-2018 08:24 AM

Hello @Sandeep Nemuri

This is the error that I received:

ERROR Exiting Kafka due to fatal exception (kafka.Kafka$) java.lang.IllegalArgumentException: requirement failed: inter.broker.listener.name must be a listener name defined in advertised.listeners. The valid options based on currently configured listeners are SASL_PLAINTEXT,SASL_SSL at scala.Predef$.require(Predef.scala:224) at kafka.server.KafkaConfig.validateValues(KafkaConfig.scala:1374) at kafka.server.KafkaConfig.<init>(KafkaConfig.scala:1350) at kafka.server.KafkaConfig.<init>(KafkaConfig.scala:1010) at kafka.server.KafkaConfig$.fromProps(KafkaConfig.scala:990) at kafka.server.KafkaServerStartable$.fromProps(KafkaServerStartable.scala:28) at kafka.Kafka$.main(Kafka.scala:59) at kafka.Kafka.main(Kafka.scala)

Seems that the two values are not completely interchangeable.

When Ambari automatically changes the configuration, it changes only "security.inter.broker.protocol" and not "listeners". If I manually change "listeners" to the same value included in "security.inter.broker.protocol" everything works.

Let me be more clear:

  1. I started with a Kerberized cluster where Kafka configuration is the following:
    1. "listeners" contains "SASL_PLAINTEXT" and "SASL_SSL"
    2. "security.inter.broker.protocol" contains "SASL_PLAINTEXT"
  2. I installed Knox with the default configuration
  3. Ambari believes "SASL_PLAINTEXT" is not a correct value for "security.inter.broker.protocol" and forcefully changes it to "PLAINTEXTSASL".
  4. Restarting Kafka will lead to the above mentioned error.
  5. Manually modifying "security.inter.broker.protocol" to "SASL_PLAINTEXT" solves the problem (in alternative modifying "listeners" also works)

Thanks

1,074 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
Community Announcements
January 2023 Community Highlights
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector 2.6.30 for Impala is Released
What's New @ Cloudera
Cloudera Operational Database (COD) provides a CLI option to enable HBase region canaries
What's New @ Cloudera
Cloudera Operational Database (COD) supports creating an operational database using a predefined Data Lake template
What's New @ Cloudera
Cloudera Operational Database (COD) supports configuring JWT authentication for your HBase clients
View More Announcements