ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sumit Mohanty (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (AMBARI-17694) Kafka listeners property does not show SASL_PLAINTEXT protocol when Kerberos is enabled
Date Sat, 06 Aug 2016 04:44:20 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-17694?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15410436#comment-15410436
] 

Sumit Mohanty edited comment on AMBARI-17694 at 8/6/16 4:43 AM:
----------------------------------------------------------------

[~anitajebaraj] sorry, had to revert it. After deployment and some user operations the configurations
went out of sync
{code}
...
listeners=PLAINTEXT://nat-r7-kxqs-xaagents-re-3.openstacklocal:6667,SSL://nat-r7-kxqs-xaagents-re-3.openstacklocal:6666
security.inter.broker.protocol=PLAINTEXTSASL
...
{code}

The over all approach is sound - works for fresh deployments blueprint and UI. Looked through
the patch and here are some additional changes (by the way, I am not very familiar with Kafka):
* Existing deployments (that will go through Ambari upgrade to 2.4.0) will either need 1)
code to replace PLAINTEXT to PLAINTEXTSASL in kafka.py or, 2) UpgradeCatalog code to fix the
configs stored in the DB. The later is a better approach.
* Stack advisor code to ensure "listeners" and "security.inter.broker.protocol" values are
in sync. E.g. error if one is PLAINTEXTSASL and one isn't
* Stack advisor code to recommend changes to revert to PLAINTEXT if not kerberized. _I did
not try but I was not sure if config will revert back properly when unkerberized_.

Sorry, could not get to it during code review.

Can we move this JIRA to 2.5.0, next release. It appears that some more test scenarios need
to be covered. Its too close for the 2.4.0 release to get all paths tested.


was (Author: sumitmohanty):
[~anitajebaraj] sorry, had to revert it. It appears that if one uses blueprint to deploy a
secured cluster then the "replace" construct does not take effect. After deployment the configurations
were
{code}
...
listeners=PLAINTEXT://nat-r7-kxqs-xaagents-re-3.openstacklocal:6667,SSL://nat-r7-kxqs-xaagents-re-3.openstacklocal:6666
security.inter.broker.protocol=PLAINTEXTSASL
...
{code}

> Kafka listeners property does not show SASL_PLAINTEXT protocol when Kerberos is enabled
> ---------------------------------------------------------------------------------------
>
>                 Key: AMBARI-17694
>                 URL: https://issues.apache.org/jira/browse/AMBARI-17694
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: trunk
>            Reporter: Anita Gnanamalar Jebaraj
>            Assignee: Anita Gnanamalar Jebaraj
>            Priority: Critical
>             Fix For: 2.4.0
>
>         Attachments: AMBARI-17694-1.patch, AMBARI-17694-Aug3.patch, AMBARI-17694-Jul26.patch,
AMBARI-17694.patch
>
>
> When kerberos is enabled,  the protocol for listeners in /etc/kafka/conf/server.properties
is updated from PLAINTEXT to PLAINTEXTSASL, even though the Ambari UI shows otherwise 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message