Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Multiple listeners of Kafka in Kerberozied Cluster

Solved Go to solution

Multiple listeners of Kafka in Kerberozied Cluster

1] Can I configure both PLAINTEXT and PLAINTEXTSASL as the communication type with Kakfa broker in a kerberozied cluster ?

If above is possible -- How I achieve the same from Ambari configuration ?

2] If above is not possible, can I do only PLAINTEXT in kerberozied cluster?

Thanks

Santhosh

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Multiple listeners of Kafka in Kerberozied Cluster

@sgowda Yes its possible. You can go to ambari kafka config page and add PLAINTEXTSASL://localhost:6667, PLAINTEXT://localhost:6668. Make sure the ports are unique.

In PLAINTEXT connections user's identity set to Anonymous. You need to make sure you set the right ACLs using kafka-acls.sh command to give permissions to Anonymous user.

4 REPLIES 4

Re: Multiple listeners of Kafka in Kerberozied Cluster

found below text in doc.hortonworks.com

"The broker can only accept SASL (Kerberos) connections, and there is no wire encryption applied. (Note: For a non-secure cluster, <protocol> should be set to PLAINTEXT.)"

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.2/bk_secure-kafka-ambari/content/ch_secure-ka...

Re: Multiple listeners of Kafka in Kerberozied Cluster

@sgowda Yes its possible. You can go to ambari kafka config page and add PLAINTEXTSASL://localhost:6667, PLAINTEXT://localhost:6668. Make sure the ports are unique.

In PLAINTEXT connections user's identity set to Anonymous. You need to make sure you set the right ACLs using kafka-acls.sh command to give permissions to Anonymous user.

Re: Multiple listeners of Kafka in Kerberozied Cluster

@Sriharsha Chintalapani thanks -- worked after adding acl permission for ANONYMOUS user !

Re: Multiple listeners of Kafka in Kerberozied Cluster

New Contributor

Can this be done when the authorizer class being used is RangerKafkaAuthorizer and not SimpleAclAuthorizer?

Don't have an account?
Coming from Hortonworks? Activate your account here