Do you have any reference on how to enable ranger for kafka sitting in a separate cluster in CDP? ... View more

Hi  @Jonas Straub ,do as your article ,i create collection by curl command,and got the 401 error: curl –negotiate –u :  ‘http://myhost:8983/solr/admin/collections?action=CREATE&name=col&numShards=1&replicationFactor=1&collection.configName=_default&wt=json’ {   “responseHeader”:{ “status”:0, “QTime”:31818},   “failure”:{     “myhost:8983_solr”:”org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException:Error from server at http://myhost:8983/solr:Excepted mime type application/octet-stream but got text/html. <html> <head> <meta http-equiv=\”Content-Type\” content=\”text/html;charset=utf-8\”/>” <title> Error 401 Authentication required </title>   </head>   <body> <h2>HTTP ERROR 401</h2> <p> Problem accessing /solr/admin/cores.Reason:   <pre> Authentication required</pre> </p>   </body> </html> } }   When I debug the solr source code, found this exception is returned by “coreContainer.getZKController().getOverseerCollectionQueue().offer(Utils.toJson(m), timeout)”,so I doubt maybe the solr don’t authenticate zookeeper info and I use a no-kerberos zookeeper to replace the Kerberos zookeeper, solr collection can be created successfully. How to solve the problem with Kerberos ZK? ... View more

@Jonas Straub has this been resolved? Can you post your solution or accept best answer :)? ... View more

I am having similar issue We have non Kerberiozed Hadoop Kafka environment . I am testing integrating Ranger Kafak to secure the environment. HDP Version: HDP-2.3.4.0-3485 This is what I did. -- Enables Kafka plugin in Ranger. -- Restarted Ranger -- Create following policies in Ranger ( see the image ) ( Important : Added group Public left policy condition blank ) -- Logged in to server 21 to Produce and consume message's -- I was able to produce and consume messages from any server . What we want is to secure our Kafka environment through ranger by ip address. I understand that the identity of client user over a non-secure channel is not possible. I followed the following article to secure or Kafka environment. https://cwiki.apache.org/confluence/display/RANGER/Kafka+Plugin#KafkaPlugin-WhydowehavetospecifypublicusergrouponallpoliciesitemscreatedforauthorizingKafkaaccessovernon-securechannel Please let me know what I am missing. ... View more

I know this is an old post. However, I did send out a support inquiry as to WHEN 5.7 will be supported and got the response that it was being tested for Ambari v2.5. That was very early this year. There are various vulnerabilities identified by Oracle related to not running higher than 5.7.11. In particular, the vulnerabilities cover: MySQL Server 5.6.29 and earlier, 5.7.11 and earlier. There are no workarounds or alternatives for this issue...Not good. I am referring to Oracle Support Note 2120034.1 for the preferred solution. This issue was identified by our security team in May 2016. So, my question is this. WHEN will 5.7.11+ be supported? ... View more