You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "Ron Dagostino (Jira)" <ji...@apache.org> on 2020/08/31 17:17:00 UTC
[jira] [Created] (KAFKA-10451) system tests send large command over
ssh instead of using remote file for security config
Ron Dagostino created KAFKA-10451:
-------------------------------------
Summary: system tests send large command over ssh instead of using remote file for security config
Key: KAFKA-10451
URL: https://issues.apache.org/jira/browse/KAFKA-10451
Project: Kafka
Issue Type: Improvement
Components: system tests
Reporter: Ron Dagostino
In `kafka.py` the pattern used to supply security configuration information to remote CLI tools is to send the information as part of the ssh command. For example, see this --command-config definition:
{{Running ssh command: export KAFKA_OPTS="-Djava.security.auth.login.config=/mnt/security/admin_client_as_broker_jaas.conf -Djava.security.krb5.conf=/mnt/security/krb5.conf"; /opt/kafka-dev/bin/kafka-configs.sh --bootstrap-server worker2:9095 --command-config <(echo '
ssl.endpoint.identification.algorithm=HTTPS
sasl.kerberos.service.name=kafka
security.protocol=SASL_SSL
ssl.keystore.location=/mnt/security/test.keystore.jks
ssl.truststore.location=/mnt/security/test.truststore.jks
ssl.keystore.password=test-ks-passwd
sasl.mechanism=SCRAM-SHA-256
ssl.truststore.password=test-ts-passwd
ssl.key.password=test-ks-passwd
sasl.mechanism.inter.broker.protocol=GSSAPI
') --entity-name kafka-client --entity-type users --alter --add-config SCRAM-SHA-256=[password=client-secret]}}
This ssh command length is getting pretty big. It would be best if this referred to a file as opposed to sending in the file contents as part of the ssh command.
This happens in a few places in `kafka/py` and should be rectified.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)