You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@metron.apache.org by prakash r <rp...@gmail.com> on 2018/01/10 02:20:03 UTC

Metron Rest Kerberos -- Kafka topic ACL

Hello,

We have kerberosed Hadoop Cluster.

Metron is trying to access all the Kafka topics (ir-respective of Kafka
topics which needed for Metron)

Since it does not have access to all topics, in UI Kafka related infos are
not displayed.

For Ex :

Kafka has some other topics like (checking123) Metron need authorization
for those topic as well.

2018-01-10T11:17:39.576 DEBUG
[org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor]
- Written [{timestamp=Wed Jan 10 11:17:39 AEDT 2018, status=500,
error=Internal Server Error,
exception=org.apache.kafka.common.errors.TopicAuthorizationException,
message=Not authorized to access topics: [checking123],
path=/api/v1/kafka/topic/snort}] as "application/json" using
[org.springframework.http.converter.json.MappingJackson2HttpMessageConverter@ab327c
]


Can Metron Rest restrict access only to those topics which is needed for
the same, thanks

Regards,
Prakash R

Re: Metron Rest Kerberos -- Kafka topic ACL

Posted by Simon Elliston Ball <si...@simonellistonball.com>.

The ansible roles and playbooks included with Metron install Ambari to handle the setup of the Metron and the Hadoop, Kafka etc. components, so yes. 

> On 10 Jan 2018, at 03:18, varsha mordi <va...@gmail.com> wrote:
> 
> Can Ambari UI work with Ansible?
> 
> On Wed, Jan 10, 2018 at 3:46 PM, Mohan Venkateshaiah <mvenkateshaiah@hortonworks.com <ma...@hortonworks.com>> wrote:
> Srikanth,
> 
>  
> 
> There is no way you can list all topics to particular user, there is PR for adding REST endpoints to provide required ACL to topic.
> 
>  
> 
> Thanks
> 
> Mohan DV
> 
>  
> 
> From: prakash r <rprakashdoss@gmail.com <ma...@gmail.com>>
> Reply-To: "user@metron.apache.org <ma...@metron.apache.org>" <user@metron.apache.org <ma...@metron.apache.org>>
> Date: Wednesday, January 10, 2018 at 7:50 AM
> To: "user@metron.apache.org <ma...@metron.apache.org>" <user@metron.apache.org <ma...@metron.apache.org>>
> Subject: Metron Rest Kerberos -- Kafka topic ACL
> 
>  
> 
> Hello,
> 
>  
> 
> We have kerberosed Hadoop Cluster.
> 
>  
> 
> Metron is trying to access all the Kafka topics (ir-respective of Kafka topics which needed for Metron)
> 
>  
> 
> Since it does not have access to all topics, in UI Kafka related infos are not displayed.
> 
>  
> 
> For Ex :
> 
>  
> 
> Kafka has some other topics like (checking123) Metron need authorization for those topic as well.
> 
>  
> 
> 2018-01-10T11:17:39.576 DEBUG [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] - Written [{timestamp=Wed Jan 10 11:17:39 AEDT 2018, status=500, error=Internal Server Error, exception=org.apache.kafka.common.errors.TopicAuthorizationException, message=Not authorized to access topics: [checking123], path=/api/v1/kafka/topic/snort}] as "application/json" using [org.springframework.http.converter.json.MappingJackson2HttpMessageConverter@ab327c]
> 
>  
> 
>  
> 
> Can Metron Rest restrict access only to those topics which is needed for the same, thanks
> 
> 
> Regards,
> 
> Prakash R
> 
> 
> 
> 
> -- 
> Thanks & Regards,
> Varsha Mordi
> Prodevans Technologies LLP.
> M: +91 9637109734  | L: +91 80 64533365 | www.prodevans.com <http://www.prodevans.com/>
>

Re: Metron Rest Kerberos -- Kafka topic ACL

Posted by varsha mordi <va...@gmail.com>.

Can Ambari UI work with Ansible?

On Wed, Jan 10, 2018 at 3:46 PM, Mohan Venkateshaiah <
mvenkateshaiah@hortonworks.com> wrote:

> Srikanth,
>
>
>
> There is no way you can list all topics to particular user, there is PR
> for adding REST endpoints to provide required ACL to topic.
>
>
>
> Thanks
>
> Mohan DV
>
>
>
> *From: *prakash r <rp...@gmail.com>
> *Reply-To: *"user@metron.apache.org" <us...@metron.apache.org>
> *Date: *Wednesday, January 10, 2018 at 7:50 AM
> *To: *"user@metron.apache.org" <us...@metron.apache.org>
> *Subject: *Metron Rest Kerberos -- Kafka topic ACL
>
>
>
> Hello,
>
>
>
> We have kerberosed Hadoop Cluster.
>
>
>
> Metron is trying to access all the Kafka topics (ir-respective of Kafka
> topics which needed for Metron)
>
>
>
> Since it does not have access to all topics, in UI Kafka related infos are
> not displayed.
>
>
>
> For Ex :
>
>
>
> Kafka has some other topics like (checking123) Metron need authorization
> for those topic as well.
>
>
>
> 2018-01-10T11:17:39.576 DEBUG [org.springframework.web.
> servlet.mvc.method.annotation.HttpEntityMethodProcessor] - Written
> [{timestamp=Wed Jan 10 11:17:39 AEDT 2018, status=500, error=Internal
> Server Error, exception=org.apache.kafka.common.errors.TopicAuthorizationException,
> message=Not authorized to access topics: [checking123],
> path=/api/v1/kafka/topic/snort}] as "application/json" using
> [org.springframework.http.converter.json.MappingJackson2HttpMessageConv
> erter@ab327c]
>
>
>
>
>
> Can Metron Rest restrict access only to those topics which is needed for
> the same, thanks
>
>
> Regards,
>
> Prakash R
>



-- 
Thanks & Regards,

Varsha Mordi

Prodevans Technologies LLP.

M: +91 9637109734  *| *L: +91 80 64533365 *|* www.prodevans.com

Re: Metron Rest Kerberos -- Kafka topic ACL

Posted by Mohan Venkateshaiah <mv...@hortonworks.com>.

Srikanth,

There is no way you can list all topics to particular user, there is PR for adding REST endpoints to provide required ACL to topic.

Thanks
Mohan DV

From: prakash r <rp...@gmail.com>
Reply-To: "user@metron.apache.org" <us...@metron.apache.org>
Date: Wednesday, January 10, 2018 at 7:50 AM
To: "user@metron.apache.org" <us...@metron.apache.org>
Subject: Metron Rest Kerberos -- Kafka topic ACL

Hello,

We have kerberosed Hadoop Cluster.

Metron is trying to access all the Kafka topics (ir-respective of Kafka topics which needed for Metron)

Since it does not have access to all topics, in UI Kafka related infos are not displayed.

For Ex :

Kafka has some other topics like (checking123) Metron need authorization for those topic as well.

2018-01-10T11:17:39.576 DEBUG [org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor] - Written [{timestamp=Wed Jan 10 11:17:39 AEDT 2018, status=500, error=Internal Server Error, exception=org.apache.kafka.common.errors.TopicAuthorizationException, message=Not authorized to access topics: [checking123], path=/api/v1/kafka/topic/snort}] as "application/json" using [org.springframework.http.converter.json.MappingJackson2HttpMessageConverter@ab327c]


Can Metron Rest restrict access only to those topics which is needed for the same, thanks

Regards,
Prakash R