Support Questions
Find answers, ask questions, and share your expertise
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

HDF 3.2.0 Kerberos wrong default config for Kafka


HDF 3.2.0 Kerberos wrong default config for Kafka



it seems like on HDF 3.2.0 installing kerberos and other services afterwards automatically updates to the value "PLAINTEXTSASL" which leads to an error while starting Kafka.

The correct value would be SASL_PLAINTEXT.

Probable steps to reproduce, Install HDF, Enable Kerberos, Install Knox, try to start Kafka.

Update: While changing any configuration this message appears in Ambari (and it's clearly an error):

If kerberos is enabled listeners need to contain PLAINTEXTSASL as one of the protocol host and port where kafka broker will be accepting connections. localhost will be substituted with hostname.


Re: HDF 3.2.0 Kerberos wrong default config for Kafka

@Raffaele S

PLAINTEXTSASL and SASL_PLAINTEXT are actually same. That shouldn't cause broker to go down. Could you please let us know what is the error you saw while starting broker?

Re: HDF 3.2.0 Kerberos wrong default config for Kafka


Hello @Sandeep Nemuri

This is the error that I received:

ERROR Exiting Kafka due to fatal exception (kafka.Kafka$) java.lang.IllegalArgumentException: requirement failed: must be a listener name defined in advertised.listeners. The valid options based on currently configured listeners are SASL_PLAINTEXT,SASL_SSL at scala.Predef$.require(Predef.scala:224) at kafka.server.KafkaConfig.validateValues(KafkaConfig.scala:1374) at kafka.server.KafkaConfig.<init>(KafkaConfig.scala:1350) at kafka.server.KafkaConfig.<init>(KafkaConfig.scala:1010) at kafka.server.KafkaConfig$.fromProps(KafkaConfig.scala:990) at kafka.server.KafkaServerStartable$.fromProps(KafkaServerStartable.scala:28) at kafka.Kafka$.main(Kafka.scala:59) at kafka.Kafka.main(Kafka.scala)

Seems that the two values are not completely interchangeable.

When Ambari automatically changes the configuration, it changes only "" and not "listeners". If I manually change "listeners" to the same value included in "" everything works.

Let me be more clear:

  1. I started with a Kerberized cluster where Kafka configuration is the following:
    1. "listeners" contains "SASL_PLAINTEXT" and "SASL_SSL"
    2. "" contains "SASL_PLAINTEXT"
  2. I installed Knox with the default configuration
  3. Ambari believes "SASL_PLAINTEXT" is not a correct value for "" and forcefully changes it to "PLAINTEXTSASL".
  4. Restarting Kafka will lead to the above mentioned error.
  5. Manually modifying "" to "SASL_PLAINTEXT" solves the problem (in alternative modifying "listeners" also works)


Don't have an account?
Coming from Hortonworks? Activate your account here