ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yolanda M. Davis (JIRA)" <>
Subject [jira] [Updated] (AMBARI-22505) Kafka service check fails when using a non-root user in kerberized environment
Date Tue, 23 Jan 2018 21:09:04 GMT


Yolanda M. Davis updated AMBARI-22505:
       Resolution: Fixed
    Fix Version/s: 2.6.1
           Status: Resolved  (was: Patch Available)

This patch was merged on 11/30/2017

> Kafka service check fails when using a non-root user in kerberized environment
> ------------------------------------------------------------------------------
>                 Key: AMBARI-22505
>                 URL:
>             Project: Ambari
>          Issue Type: Bug
>          Components: stacks
>    Affects Versions: 2.6.0
>            Reporter: Yolanda M. Davis
>            Assignee: Yolanda M. Davis
>            Priority: Major
>             Fix For: 2.6.1
>         Attachments: AMBARI-22505.patch
> When Ambari agents are configured to run with a non-root user, if kerberos is enabled,
Kafka service check experiences errors in the logs which indicate that the check is attempting
to create a topic that already exists.  However the true failure, which isn't in the logs
but captured in an error variable, demonstrates the culprit (see below):
> [2017-11-22 05:12:57,029] WARN SASL configuration failed:
No password provided Will continue connection to Zookeeper server without SASL authentication,
if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)
> Exception in thread "main" org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication
> 	at org.I0Itec.zkclient.ZkClient.waitForKeeperState(
> 	at org.I0Itec.zkclient.ZkClient.waitUntilConnected(
> 	at org.I0Itec.zkclient.ZkClient.connect(
> 	at org.I0Itec.zkclient.ZkClient.<init>(
> 	at org.I0Itec.zkclient.ZkClient.<init>(
> 	at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:115)
> 	at kafka.utils.ZkUtils$.apply(ZkUtils.scala:97)
> 	at kafka.admin.TopicCommand$.main(TopicCommand.scala:56)
> 	at kafka.admin.TopicCommand.main(TopicCommand.scala)
> This occurs because a prior check to see if the topic exists is not executed as the kafka
user. A subsequent call to create the topic does execute as that user.  The first check should
also execute as the kakfa user.  Also Ambari should immediately raise a failure if an error
occurs during the topic check and show that error in the logs.

This message was sent by Atlassian JIRA

View raw message