Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

HDF 3.2.0 Kerberos wrong default config for Kafka

Highlighted

HDF 3.2.0 Kerberos wrong default config for Kafka

Contributor

Hello,

it seems like on HDF 3.2.0 installing kerberos and other services afterwards automatically updates security.inter.broker.protocol to the value "PLAINTEXTSASL" which leads to an error while starting Kafka.

The correct value would be SASL_PLAINTEXT.

Probable steps to reproduce, Install HDF, Enable Kerberos, Install Knox, try to start Kafka.

Update: While changing any configuration this message appears in Ambari (and it's clearly an error):

If kerberos is enabled listeners need to contain PLAINTEXTSASL as one of the protocol host and port where kafka broker will be accepting connections. localhost will be substituted with hostname.

2 REPLIES 2

Re: HDF 3.2.0 Kerberos wrong default config for Kafka

@Raffaele S

PLAINTEXTSASL and SASL_PLAINTEXT are actually same. That shouldn't cause broker to go down. Could you please let us know what is the error you saw while starting broker?

Re: HDF 3.2.0 Kerberos wrong default config for Kafka

Contributor

Hello @Sandeep Nemuri

This is the error that I received:

ERROR Exiting Kafka due to fatal exception (kafka.Kafka$) java.lang.IllegalArgumentException: requirement failed: inter.broker.listener.name must be a listener name defined in advertised.listeners. The valid options based on currently configured listeners are SASL_PLAINTEXT,SASL_SSL at scala.Predef$.require(Predef.scala:224) at kafka.server.KafkaConfig.validateValues(KafkaConfig.scala:1374) at kafka.server.KafkaConfig.<init>(KafkaConfig.scala:1350) at kafka.server.KafkaConfig.<init>(KafkaConfig.scala:1010) at kafka.server.KafkaConfig$.fromProps(KafkaConfig.scala:990) at kafka.server.KafkaServerStartable$.fromProps(KafkaServerStartable.scala:28) at kafka.Kafka$.main(Kafka.scala:59) at kafka.Kafka.main(Kafka.scala)

Seems that the two values are not completely interchangeable.

When Ambari automatically changes the configuration, it changes only "security.inter.broker.protocol" and not "listeners". If I manually change "listeners" to the same value included in "security.inter.broker.protocol" everything works.

Let me be more clear:

  1. I started with a Kerberized cluster where Kafka configuration is the following:
    1. "listeners" contains "SASL_PLAINTEXT" and "SASL_SSL"
    2. "security.inter.broker.protocol" contains "SASL_PLAINTEXT"
  2. I installed Knox with the default configuration
  3. Ambari believes "SASL_PLAINTEXT" is not a correct value for "security.inter.broker.protocol" and forcefully changes it to "PLAINTEXTSASL".
  4. Restarting Kafka will lead to the above mentioned error.
  5. Manually modifying "security.inter.broker.protocol" to "SASL_PLAINTEXT" solves the problem (in alternative modifying "listeners" also works)

Thanks

Don't have an account?
Coming from Hortonworks? Activate your account here