You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Hadoop QA (JIRA)" <ji...@apache.org> on 2016/07/06 00:21:11 UTC
[jira] [Commented] (AMBARI-17479) authorizer.class.name not being
set on secure kafka clusters
[ https://issues.apache.org/jira/browse/AMBARI-17479?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15363535#comment-15363535 ]
Hadoop QA commented on AMBARI-17479:
------------------------------------
{color:green}+1 overall{color}. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12816328/AMBARI-17479_trunk_01.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author tags.
{color:green}+1 tests included{color}. The patch appears to include 1 new or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings.
{color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in ambari-server.
Test results: https://builds.apache.org/job/Ambari-trunk-test-patch/7700//testReport/
Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/7700//console
This message is automatically generated.
> authorizer.class.name not being set on secure kafka clusters
> ------------------------------------------------------------
>
> Key: AMBARI-17479
> URL: https://issues.apache.org/jira/browse/AMBARI-17479
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.4.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Blocker
> Labels: kerberos, kerberos_descriptor, stack_advisor
> Fix For: 2.4.0
>
> Attachments: AMBARI-17479_branch-2.4_01.patch, AMBARI-17479_trunk_01.patch
>
>
> The {{kafka-broker/authorizer.class.name}} property is not being set properly when Kerberos is enabled.
> The following logic should be followed:
> {noformat}
> if Kerberos is enabled
> if ranger-kafka-plugin-properties/ranger-kafka-plugin-enabled == yes
> set authorizer.class.name to "org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer"
> else
> set authorizer.class.name to "kafka.security.auth.SimpleAclAuthorizer"
> else
> remove authorizer.class.name
> {noformat}
> This should be updated in the stack advisor code.
> While at it, configurations from Kafka's {{kerberos.json}} file should be moved to the stack advisor to help ensure properties are set in the the same place to help with code maintenance and consistency.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)