Follow these steps to enable and configure the Kafka plugin for Ranger.

Before you begin

The default policy user (ambari-qa) used for a plug-in should be an existing valid user on the system which is configured for Ranger.

Procedure

  1. From the Ambari web interface, select the Ranger service and then open the Configs tab. Select the Ranger Plugin tab.

  2. In the Ranger Plugin section, enable the Kafka Ranger Plugin, and then click Save.
    Note
    1. The Kafka Ranger plugin requires Kerberos. You will see a warning if you try to enable Kafka on an non-Kerberized cluster. For details see the Kafka Plugin section of the Ranger FAQ.
    2. Topic creation can be authorized via Ranger, but only if the topic is being auto-created by consumers or producers. The recommended policy setup to authorize topic auto-creation for producers or consumers is as follows:
      1. Create a policy where resource is all topics, i.e. *.
      2. For producers, create a policy item under this policy which grants both Produce and Configure permissions to the relevant user or user-groups.
      3. For consumers, create a policy item under this policy which grants both Consume and Configure permissions to the relevant user or user-groups.

Example

The following is an example of how to use the Kafka Ranger plugin for authorization:
  1. Ensure that the default policy created when the plugin is enabled is enabled and synced.
  2. Ensure that Kerberos tickets are not expired by using the kinit command as the kafka user.
  3. Run the following command to create a topic in Kafka. Run the command as the kafka user and from the /usr/iop/current/kafka-broker/ directory: 
    bin/kafka-topics.sh --create --zookeeper hostname.fyre.ibm.com:2181 --replication-factor 1
    
--partitions 1 --topic test-topic

  4. Create files named producer.properties and consumer.properties, each with a single line with the value security.protocol=SASL_PLAINTEXT.
  5. Run the following command to start the producer. Run the command as the kafka user and from the /usr/iop/current/kafka-broker/ directory: 
    bin/kafka-console-producer.sh --broker-list <cluster url>:6667 --topic test-topic
    
--producer.config <path>/producer.properties

  6. In another window, run the following command to start the consumer. Run the command as the root user and from the /usr/iop/current/kafka-broker/ directory: 
    bin/kafka-console-consumer.sh --topic test-topic --from-beginning --bootstrap-server <cluster url>:6667
    
--consumer.config <path>/consumer.properties

  7. In the producer window, write some test messages and observe that they appear in the consumer window.
  8. Disable the policy and observe that error messages show up in both windows that they can no longer connect.
  9. Re-enable the policy and observe that messages can be sent and received properly again.

IBM developer:Setting up the Kafka plugin for Ranger的更多相关文章

  1. IBM Developer:Java 9 新特性概述

    Author: 成富 Date: Dec 28, 2017 Category: IBM-Developer (20) Tags: Java (27) 原文地址:https://www.ibm.com/ ...

  2. IBM developer:Kafka ACLs

    Overview In Apache Kafka, the security feature is supported from version 0.9. When Kerberos is enabl ...

  3. ​Installing the Ranger Kafka Plug-in

    This section describes how to install and enable the Ranger Kafka plug-in. The Ranger Kafka plug-in ...

  4. 高并发面试必问:分布式消息系统Kafka简介

    转载:https://blog.csdn.net/caisini_vc/article/details/48007297 Kafka是分布式发布-订阅消息系统.它最初由LinkedIn公司开发,之后成 ...

  5. 【原】无脑操作:Windows下搭建Kafka运行环境

    Kafka是一种高吞吐量的分布式发布订阅消息系统 1.优点:① 通过磁盘数据结构提供消息的持久化,这种结构对于即使数以TB的消息存储也能够保持长时间的稳定性能.② 高吞吐量:即使是非常普通的硬件Kaf ...

  6. Maven------报错:Error resolving version for plugin

    配置Maven插件时报错:Error resolving version for plugin 'org.springframeboot.boot:spring-boot-maven-plugin' ...

  7. kafka之一:Windows上搭建Kafka运行环境

    搭建环境 1. 安装JDK 1.1 安装文件:http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-213315 ...

  8. 微信小程序 报错:Setting data field "xxx" to undefined is invalid

    通过网络请求获取的数据,当返回的数据没有xxx(变量名)这个变量时,此时xxx是undefined 若使用setData进行赋值,则会报如下的错误: Setting data field " ...

  9. [转帖]IBM报告:多国央行考虑发行数字货币 最快5年内问世

    IBM报告:多国央行考虑发行数字货币 最快5年内问世 https://news.cnblogs.com/n/646001/ DCEP 中国央行可能是第一家发布 数字货币的央行 DCEP 是基于 UTX ...

随机推荐

  1. SQLServer之附加数据库

    附加数据库注意事项 必须首先分离数据库. 尝试附加未分离的数据库将返回错误. 附加数据库时,所有数据文件(MDF 文件和 LDF 文件)都必须可用. 如果任何数据文件的路径不同于首次创建数据库或上次附 ...

  2. MongoDB安装与使用体验

    1.获取并安装 具体的安装包可以到官方网站下载:http://www.mongodb.org/downloads 我看着教程就下载了linux版本吧,也不是很复杂.包的体积有点大. 安装过程比较简单, ...

  3. C++ 最简单的日志类

    最近搞一个 C++ 项目的二次开发,没玩过 C++,可谓步履维艰.自己写个简单的日志类都被各种坑折磨.终于搞定了. 参考了这篇博客,并且进一步简化:https://www.cnblogs.com/Ds ...

  4. shell打印 倒等腰三角形

    #!/bin/bash read -p "input the length: " n方法一:内循环中的一个for循环shell写法for i in `seq 1 $n`do    ...

  5. C/C++性能测试工具GNU gprof

    代码剖析(Code profiling)程序员在优化软件性能时要注意应尽量优化软件中被频繁调用的部分,这样才能对程序进行有效优化.使用真实的数据,精确的分析应用程序在时间上的花费的行为就成为_代码剖析 ...

  6. 在macos上基于python2.7安装PyQt5

    在python3上面安装PyQt5是十分简单的,可是,在python2.7上安装这个东西,着实让人折腾了一把.要总结一下,年纪大了,记性不好. 首先要安装最新版的Qt和python2,命令如下: br ...

  7. Docker & ASP.NET Core (5):Docker Compose

    第一篇:把代码连接到容器 第二篇:定制Docker镜像 第三篇:发布镜像 第四篇:容器间的连接 Docker Compose简介 Compose是一个用来定义和运行多容器Docker应用的工具.使用C ...

  8. Visual Studio 2019 正式发布,重磅更新,支持live share

    如约而至,微软已于今天推出 Visual Studio 2019 正式版,一同发布的还有 Visual Studio 2019 for Mac. Visual Studio 2019 下载地址:htt ...

  9. 04-创建kubeconfig认证文件

    本文档记录自己的学习历程! 创建 kubeconfig 文件 kubelet.kube-proxy 等 Node 机器上的进程与 Master 机器的 kube-apiserver 进程通信时需要认证 ...

  10. java基础(五):谈谈java中的多线程

    1.多线程 1.1.多线程介绍 学习多线程之前,我们先要了解几个关于多线程有关的概念. 进程:正在运行的程序.确切的来说,当一个程序进入内存运行,即变成一个进程,进程是处于运行过程中的程序,并且具有一 ...