Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Problem of Creating Topics in Kafka with Kerberos

Solved Go to solution
Highlighted

Re: Problem of Creating Topics in Kafka with Kerberos

Contributor

@yjiang

If you try to create a topic as a non kafka user, it creates a topic but with no Leader and ISR. This is a known issue. According to me, the reason behind this could be the zookeeper acl's. Once topic is created in zookeeper, its acl's will not allow kafka to read details about it.

If you want to create a topic as a non kafka user you need to workaround by following below steps :

If you are not using Ranger :

1. Make sure "auto.create.topic.enable = true"

2. Give acl's for the user from which you want to create a topic, for ex :

# bin/kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:Bob --producer --topic Test-topic

3. Do a kinit as a user from which you want to create topic.

4. Now try to produce messages to topic as that user :

# ./kafka-console-producer.sh --broker-list <hostname-broker>:6667 --topic Test-topic --security-protocol PLAINTEXTSASL

If you are using Ranger :

Instead of point 2 in above steps you will need to add a policy for the topic in ranger. Allow permissions for that user to produce, create, consumer. Restart kafka service. Then follow step 3 and 4 as mentioned above.

Hope this helps !!

Don't have an account?
Coming from Hortonworks? Activate your account here