@yjiang @Pardeep @khireswar Kalita @rmaruthiyodan I am having an issue starting up kafka from kafka trying to connect to zookeeper. We have the jaas file on kafka setup as others have shown with KafkaServer and Client (Ex https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.1/bk_security/content/secure-kafka-config-options.html) and have the zookeeper nodes with jaas specified for Server. We are setting -Djava.security.auth.login.config to the jaas file locations and -Djava.security.krb5.conf to the krb5.conf file location for the startup of both zookeeper and kafka. From both zookeeper and kafka the keytabs were generated and can be used to kinit against kdc. Updated zookeeper.properties to be secured and zookeeper starts up fine. On startup, Kafka is able to generate a valid "Client" tgt from the jaas and we can also see in the logs "Socket connection established to <zkserver>". Then, zookeeper state changes and the error "Server not found in Kerberos database" exception is seen. Kafka fails to start. Do you know of any other parameters that need to be set in order to overcome this error? Please let me know if you would like me to clarify any configs/etc. Thanks. .... INFO Waiting for keeper state SaslAuthenticated (org.I0Itec.zkclient.ZkClient) INFO Client successfully logged in. (org.apache.zookeeper.Login) INFO TGT refresh thread started. (org.apache.zookeeper.Login) INFO TGT valid starting at: ....(org.apache.zookeeper.Login) INFO Session establishment complete on server .... INFO zookeeper state changed (SyncConnected) (org.I0Itec.zkclient.ZkClient) ERROR An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - LOOKING_UP_SERVER)]) occurred when evaluating Zookeeper Quorum Member's received SASL token. Zookeeper Client will go to AUTH_FAILED state. (org.apache.zookeeper.client.ZooKeeperSaslClient) .... ... View more

Hi all, I am currently using minifi 0.1.0 with HandleHttpRequest and HandleHttpResponse, and these two processors are declared as supported processors of this release (I would rather not use ListenHttp). I am able to declare the SSL Context Service within the yaml, but am unable to correctly declare the HTTP Context Map. How does the HTTP Context Map need to be declared in the template xml and/or yaml file in order to properly use the HandleHttpRequest/Response in minifi? Are controller services other than SSL Context Service supported in the yaml file, and if so how should they be formatted? Thanks in advance, and please let me know if I can supply any more information to help in the solution. ... View more