Why Ambari is setting the security protocol of the kafka to PLAINTEXTSASL instead of SASL_PLAINTEXT?

个问题,截止 Param NC 2017年02月26日 08:36 kerberosKafka

Hi All ,

During Kerboraizing the kafka using the Ambari , it is setting the kafka security protocol to PLAINTEXTSASL instead of SASL_PLAINTEXT, but everywhere in the document is it mentioned that it must be SASL_PLAINTEXT , I have few questions regarding this .

1. Why Ambari setting the security protocol to PLAINTEXTSASL , is it a bug ?

2. Even though we are able to produce and consume the messages from program written in java.

But in the producer we are setting the security protocol to PLAINTEXTSASL, and in the consumer SASL_PLAINTEXT , it is working fine , Question is how come it is working fine when actual protocol is just PLAINTEXTSASL.

Thanks in Advance ,

Param.

 
 
 1
最佳解答

个解答,截止Sriharsha Chintalapani  · 2017年02月26日 18:20

@Param NC Kafka security is developed by Hortonworks. Before it shipped into Apache Kafka we shipped it in HDP. At that time we called the SASL protocol as PLAINTEXTSASL which later changed SASL_PLAINTEXT. These protocols are synonymous so you can use them interchangeably. Older version of AMBARI still calls it as PLAINTEXTSASL which will be changing to SASL_PLAINTEXT in upcoming version.

In your case, producer & consumer are working because PLAINTEXTSASL or SASL_PLAINTEXT means the same thing and can be used interchangeably. For consistency purpose , we recommend you to use SASL_PLAINTEXT everywhere.

 
 
 3  隐藏 2 · 分享
 

Thanks for the response I very much agree to you answer .

 

Hello Sriharsha, just a quick question. When I use confluentinc kafka rest proxy in company's HDP 2.5.3 cluster, I run into the error "No security protocol defined for listener PLAINTEXTSASL" and "broker info from zookeeper cannot be parsed". I guess that is because PLAINTEXTSASL cannot be recognized by other frameworks, though producer and consumer can work within HDP. Is there any way solving this problem?

 

个解答,截止bpreachuk  · 2017年06月28日 11:17

We encountered a similar issue when upgrading our Ambari from 2.4 to 2.5. Our Kafka brokers would not restart.

Here was the error message:

  1. /var/log/kafka/server.log.2017-06-27-19:java.lang.IllegalArgumentException: requirement failed: security.inter.broker.protocol must be a protocol in the configured set of advertised.listeners. The valid options based on currently configured protocols are Set(SASL_PLAINTEXT)

We had specified PLAINTEXTSASL as the SASL protocol in the configuration.

To fix this we changed the following configuration in Custom kafka-broker:

  1. security.inter.broker.protocol=SASL_PLAINTEXT
 
 
 0 · 分享
 
 

个解答,截止Sriharsha Chintalapani  · 2017年03月14日 21:38

@Qingyang Kong

Kafka rest proxy uses old client apis, which are not supported in secure cluster in Apache. However HDP kafka supports security in old consumer apis. To enable this you need to build kafka rest proxy code with HDP kafka_core dependency and pass a KafkaClient jaas config to your kafka rest server JVM.

 
 

Why Ambari is setting the security protocol of the kafka to PLAINTEXTSASL instead of SASL_PLAINTEXT?的更多相关文章

  1. Scyther-Semantics and verification of Security Protocol

    1 .本书前一节主要是介作者自己的生平经历(读完感觉作者是个神童),目标明确作者13岁代码已经写的很溜了.自己也开了网络公司,但是后面又专注于自己的计算机基础理论,修了哲学的博士学位(不得不说很多专业 ...

  2. Scyther-Semantics and verification of Security Protocol 翻译 (第二章 2.2.2----2.3)

    2.2.2  事件顺序 协议中的每个角色对应于事件列表,换句话说, 在属于角色 R 的协议事件集上施加结构,总的排序表示为 $ \prec $ , 如此任何角色 R∈Role 和 $\varepsil ...

  3. 【翻译】Flume 1.8.0 User Guide(用户指南) Sink

    翻译自官网flume1.8用户指南,原文地址:Flume 1.8.0 User Guide 篇幅限制,分为以下5篇: [翻译]Flume 1.8.0 User Guide(用户指南) [翻译]Flum ...

  4. flume1.9 用户指南(中文版)

    概述 Apache Flume是一个分布式,可靠且可用的系统,用于有效地从许多不同的source收集,聚合和移动大量日志数据到集中式数据存储. Apache Flume的使用不仅限于日志数据聚合.由于 ...

  5. 一次flume exec source采集日志到kafka因为单条日志数据非常大同步失败的踩坑带来的思考

    本次遇到的问题描述,日志采集同步时,当单条日志(日志文件中一行日志)超过2M大小,数据无法采集同步到kafka,分析后,共踩到如下几个坑.1.flume采集时,通过shell+EXEC(tail -F ...

  6. Internet protocol security (ipsec) packet processing for multiple clients sharing a single network address

    Embodiments of the present invention address deficiencies of the art in respect to secure communicat ...

  7. IBM developer:Setting up the Kafka plugin for Ranger

    Follow these steps to enable and configure the Kafka plugin for Ranger. Before you begin The default ...

  8. Configuring Apache Kafka Security

    This topic describes additional steps you can take to ensure the safety and integrity of your data s ...

  9. [不错]A step-by-step guide to enabling security, TLS/SSL, and PKI authentication in Elasticsearch

    Now posted on the Elastic blog December 12, 2018 update: This article has been published on Elastic’ ...

随机推荐

  1. Linux系统优化脚本

    #!/bin/bash ############################################################################## # File Na ...

  2. PowerShell禁止执行脚本解决方法

    无法加载文件 C:\***.p s1,因为在此系统中禁止执行脚本.有关详细信息,请参阅 "get-help about_signing". 所在位置 行:1 字符: 18 + .\ ...

  3. LeetCode算法题-Rotated Digits(Java实现)

    这是悦乐书的第316次更新,第337篇原创 01 看题和准备 今天介绍的是LeetCode算法题中Easy级别的第185题(顺位题号是788).如果一个数字经过180度旋转后,变成了一个与原数字不同的 ...

  4. pytest框架之命令行参数2

    前言 上篇博客说到命令行执行测试用例的部分参数如何使用?今天将继续更新其他一些命令选项的使用,和pytest收集测试用例的规则! pytest执行用例命令行参数 --collect-only:罗列出所 ...

  5. gittalk报错Error

    最近通过github和jekyll搭了一个博客,申请使用了gittalk的评论. 但是博客的页面一直报Error:Not found,如下 发现是gittalk中的信息填写错了,name随便写:Hom ...

  6. CMake简介

    目录 一.CMake简介 二.CMake典型示例 源代码 demo.cpp cmake脚本 CMakeLists.txt 编译流程 三.CMake常用命令 常用命令介绍 设置编译目标类型 指定编译包含 ...

  7. 从壹开始前后端分离【 .NET Core2.0 +Vue2.0 】框架之六 || API项目整体搭建 6.1 仓储模式

    前言 1.@LearningCoding 小伙伴关于用Sqlsugar在mysql数据库上的研究成果: sqlsugarcore支持mysql等数据库,在DbContext里面只需要设置dbtype为 ...

  8. js数组去重常用方法

    js数组去重是面试中经常会碰到的问题,无论是前端还是node.js数组常见的有两种形式,一种是数组各元素均为基本数据类型,常见的为数组字符串格式,形如['a','b','c'];一种是数组各元素不定, ...

  9. Vue.js-03:第三章 - 事件修饰符的使用

    一.前言 熟悉了 Vue 的指令系统后,在实际开发中,不可避免的会使用到对于事件的操作,如何处理 DOM 事件流,成为我们必须要掌握的技能.不同于传统的前端开发,在 Vue 中给我们提供了事件修饰符这 ...

  10. docker 部署aps.net MVC到windows容器

    前提:已安装docker for windows,并且已经切换到Windows 容器 1.新建一个asp.net mvc 项目 2.项目有件=>添加=>添加容器业务流程协调程序支持 可以看 ...