[
https://issues.apache.org/jira/browse/RANGER-3781?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Shevchenko updated RANGER-3781:
--------------------------------------
Description:
Unable to connect to Kafka
instance.org.apache.kafka.common.errors.SaslAuthenticationException:
Authentication failed during authentication due to invalid credentials with
SASL mechanism GSSAPI
We cannot retrieve topics list in RangerAdmin from our SSL+kerberized Kafka
instance with customized Kafka-service name. "TestConnection" from the
RangerAdmin UI fails for our instance:
[2022-06-05 10:17:54,761] INFO [SocketServer listenerType=ZK_BROKER, nodeId=1]
Failed authentication with /10.120.74.248 (Authentication failed during
authentication due to invalid credentials with SASL mechanism GSSAPI)
(org.apache.kafka.common.network.Selector)
!kafka-in-rangerAdmin.JPG!
!kafka-log-rangerAdmin.JPG!
At the same time standard kafka-console consumer working good:
kafkaServer.out (fragment):
[2022-06-05 09:56:15,543] INFO Successfully authenticated client:
[email protected];
[email protected].
(org.apache.kafka.common.security.authenticator.SaslServerCallbackHandler)
[2022-06-05 09:56:18,744] INFO
\{"repoType":9,"repo":"kafkats","reqUser":"dl-etl","evtTime":"2022-06-05
09:56:15.582","access":"consume","resource":"test","resType":"topic","action":"consume","result":1,"agent":"kafka","policy":7,"enforcer":"ranger-acl","cliIP":"10.120.74.22","reqData":"test","agentHost":"stal-dtl-109","logType":"RangerAudit","id":"cda2610d-6643-48c3-a4f8-df326c1dee9d-11","seq_num":23,"event_count":2,"event_dur_ms":75,"tags":[],"cluster_name":"","policy_version":4}
(xaaudit)
[2022-06-05 09:56:18,744] INFO
\{"repoType":9,"repo":"kafkats","reqUser":"dl-etl","evtTime":"2022-06-05
09:56:15.289","access":"describe","resource":"test","resType":"topic","action":"describe","result":1,"agent":"kafka","policy":7,"enforcer":"ranger-acl","cliIP":"10.120.74.22","reqData":"test","agentHost":"stal-dtl-109","logType":"RangerAudit","id":"cda2610d-6643-48c3-a4f8-df326c1dee9d-3","seq_num":7,"event_count":3,"event_dur_ms":261,"tags":[],"cluster_name":"","policy_version":4}
(xaaudit)
[2022-06-05 09:56:18,745] INFO
\{"repoType":9,"repo":"kafkats","reqUser":"dl-etl","evtTime":"2022-06-05
09:56:15.309","access":"describe","resource":"console-consumer-12414","resType":"consumergroup","action":"describe","result":1,"agent":"kafka","policy":6,"enforcer":"ranger-acl","cliIP":"10.120.74.22","reqData":"console-consumer-12414","agentHost":"stal-dtl-109","logType":"RangerAudit","id":"cda2610d-6643-48c3-a4f8-df326c1dee9d-4","seq_num":9,"event_count":2,"event_dur_ms":180,"tags":[],"cluster_name":"","policy_version":1}
(xaaudit)
[2022-06-05 09:56:18,745] INFO
\{"repoType":9,"repo":"kafkats","reqUser":"dl-etl","evtTime":"2022-06-05
09:56:15.355","access":"consume","resource":"console-consumer-12414","resType":"consumergroup","action":"consume","result":1,"agent":"kafka","policy":6,"enforcer":"ranger-acl","cliIP":"10.120.74.22","reqData":"console-consumer-12414","agentHost":"stal-dtl-109","logType":"RangerAudit","id":"cda2610d-6643-48c3-a4f8-df326c1dee9d-5","seq_num":11,"event_count":3,"event_dur_ms":47,"tags":[],"cluster_name":"","policy_version":1}
(xaaudit)
[2022-06-05 09:56:21,744] INFO
\{"repoType":9,"repo":"kafkats","reqUser":"dl-etl","evtTime":"2022-06-05
09:56:16.169","access":"consume","resource":"test","resType":"topic","action":"consume","result":1,"agent":"kafka","policy":7,"enforcer":"ranger-acl","cliIP":"10.120.74.22","reqData":"test","agentHost":"stal-dtl-109","logType":"RangerAudit","id":"cda2610d-6643-48c3-a4f8-df326c1dee9d-13","seq_num":27,"event_count":10,"event_dur_ms":4546,"tags":[],"cluster_name":"","policy_version":4}
(xaaudit)
[2022-06-05 09:56:21,744] INFO
\{"repoType":9,"repo":"kafkats","reqUser":"dl-etl","evtTime":"2022-06-05
09:56:18.483","access":"consume","resource":"console-consumer-12414","resType":"consumergroup","action":"consume","result":1,"agent":"kafka","policy":6,"enforcer":"ranger-acl","cliIP":"10.120.74.22","reqData":"console-consumer-12414","agentHost":"stal-dtl-109","logType":"RangerAudit","id":"cda2610d-6643-48c3-a4f8-df326c1dee9d-18","seq_num":37,"event_count":1,"event_dur_ms":1,"tags":[],"cluster_name":"","policy_version":1}
(xaaudit)
!kafkaConsoleConsumer.JPG!
was:
Unable to connect to Kafka
instance.org.apache.kafka.common.errors.SaslAuthenticationException:
Authentication failed during authentication due to invalid credentials with
SASL mechanism GSSAPI
We cannot retrieve topics list in RangerAdmin from our SSL+kerberized Kafka
instance with customized Kafka-service name. "TestConnection" from the
RangerAdmin UI fails for our instance:
[2022-06-05 10:17:54,761] INFO [SocketServer listenerType=ZK_BROKER, nodeId=1]
Failed authentication with /10.120.74.248 (Authentication failed during
authentication due to invalid credentials with SASL mechanism GSSAPI)
(org.apache.kafka.common.network.Selector)
!kafka-in-rangerAdmin.JPG!
At the same time standard kafka-console consumer working good:
kafkaServer.out (fragment):
[2022-06-05 09:56:15,543] INFO Successfully authenticated client:
[email protected];
[email protected].
(org.apache.kafka.common.security.authenticator.SaslServerCallbackHandler)
[2022-06-05 09:56:18,744] INFO
\{"repoType":9,"repo":"kafkats","reqUser":"dl-etl","evtTime":"2022-06-05
09:56:15.582","access":"consume","resource":"test","resType":"topic","action":"consume","result":1,"agent":"kafka","policy":7,"enforcer":"ranger-acl","cliIP":"10.120.74.22","reqData":"test","agentHost":"stal-dtl-109","logType":"RangerAudit","id":"cda2610d-6643-48c3-a4f8-df326c1dee9d-11","seq_num":23,"event_count":2,"event_dur_ms":75,"tags":[],"cluster_name":"","policy_version":4}
(xaaudit)
[2022-06-05 09:56:18,744] INFO
\{"repoType":9,"repo":"kafkats","reqUser":"dl-etl","evtTime":"2022-06-05
09:56:15.289","access":"describe","resource":"test","resType":"topic","action":"describe","result":1,"agent":"kafka","policy":7,"enforcer":"ranger-acl","cliIP":"10.120.74.22","reqData":"test","agentHost":"stal-dtl-109","logType":"RangerAudit","id":"cda2610d-6643-48c3-a4f8-df326c1dee9d-3","seq_num":7,"event_count":3,"event_dur_ms":261,"tags":[],"cluster_name":"","policy_version":4}
(xaaudit)
[2022-06-05 09:56:18,745] INFO
\{"repoType":9,"repo":"kafkats","reqUser":"dl-etl","evtTime":"2022-06-05
09:56:15.309","access":"describe","resource":"console-consumer-12414","resType":"consumergroup","action":"describe","result":1,"agent":"kafka","policy":6,"enforcer":"ranger-acl","cliIP":"10.120.74.22","reqData":"console-consumer-12414","agentHost":"stal-dtl-109","logType":"RangerAudit","id":"cda2610d-6643-48c3-a4f8-df326c1dee9d-4","seq_num":9,"event_count":2,"event_dur_ms":180,"tags":[],"cluster_name":"","policy_version":1}
(xaaudit)
[2022-06-05 09:56:18,745] INFO
\{"repoType":9,"repo":"kafkats","reqUser":"dl-etl","evtTime":"2022-06-05
09:56:15.355","access":"consume","resource":"console-consumer-12414","resType":"consumergroup","action":"consume","result":1,"agent":"kafka","policy":6,"enforcer":"ranger-acl","cliIP":"10.120.74.22","reqData":"console-consumer-12414","agentHost":"stal-dtl-109","logType":"RangerAudit","id":"cda2610d-6643-48c3-a4f8-df326c1dee9d-5","seq_num":11,"event_count":3,"event_dur_ms":47,"tags":[],"cluster_name":"","policy_version":1}
(xaaudit)
[2022-06-05 09:56:21,744] INFO
\{"repoType":9,"repo":"kafkats","reqUser":"dl-etl","evtTime":"2022-06-05
09:56:16.169","access":"consume","resource":"test","resType":"topic","action":"consume","result":1,"agent":"kafka","policy":7,"enforcer":"ranger-acl","cliIP":"10.120.74.22","reqData":"test","agentHost":"stal-dtl-109","logType":"RangerAudit","id":"cda2610d-6643-48c3-a4f8-df326c1dee9d-13","seq_num":27,"event_count":10,"event_dur_ms":4546,"tags":[],"cluster_name":"","policy_version":4}
(xaaudit)
[2022-06-05 09:56:21,744] INFO
\{"repoType":9,"repo":"kafkats","reqUser":"dl-etl","evtTime":"2022-06-05
09:56:18.483","access":"consume","resource":"console-consumer-12414","resType":"consumergroup","action":"consume","result":1,"agent":"kafka","policy":6,"enforcer":"ranger-acl","cliIP":"10.120.74.22","reqData":"console-consumer-12414","agentHost":"stal-dtl-109","logType":"RangerAudit","id":"cda2610d-6643-48c3-a4f8-df326c1dee9d-18","seq_num":37,"event_count":1,"event_dur_ms":1,"tags":[],"cluster_name":"","policy_version":1}
(xaaudit)
!kafkaConsoleConsumer.JPG!
> Unable to connect to Kafka
> instance.org.apache.kafka.common.errors.SaslAuthenticationException:
> Authentication failed during authentication due to invalid credentials with
> SASL mechanism GSSAPI
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-3781
> URL: https://issues.apache.org/jira/browse/RANGER-3781
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 3.0.0
> Environment: Centos-7 & Ubuntu-20.04
> ConfluentKafka-7.1.0
> Ranger-3.0.0-Snapshot (22 may 2022)
> Reporter: Sergey Shevchenko
> Priority: Major
> Attachments: kafka-in-rangerAdmin.JPG, kafka-log-rangerAdmin.JPG,
> kafkaConsoleConsumer.JPG
>
>
> Unable to connect to Kafka
> instance.org.apache.kafka.common.errors.SaslAuthenticationException:
> Authentication failed during authentication due to invalid credentials with
> SASL mechanism GSSAPI
> We cannot retrieve topics list in RangerAdmin from our SSL+kerberized Kafka
> instance with customized Kafka-service name. "TestConnection" from the
> RangerAdmin UI fails for our instance:
> [2022-06-05 10:17:54,761] INFO [SocketServer listenerType=ZK_BROKER,
> nodeId=1] Failed authentication with /10.120.74.248 (Authentication failed
> during authentication due to invalid credentials with SASL mechanism GSSAPI)
> (org.apache.kafka.common.network.Selector)
> !kafka-in-rangerAdmin.JPG!
> !kafka-log-rangerAdmin.JPG!
> At the same time standard kafka-console consumer working good:
> kafkaServer.out (fragment):
> [2022-06-05 09:56:15,543] INFO Successfully authenticated client:
> [email protected];
> [email protected].
> (org.apache.kafka.common.security.authenticator.SaslServerCallbackHandler)
> [2022-06-05 09:56:18,744] INFO
> \{"repoType":9,"repo":"kafkats","reqUser":"dl-etl","evtTime":"2022-06-05
> 09:56:15.582","access":"consume","resource":"test","resType":"topic","action":"consume","result":1,"agent":"kafka","policy":7,"enforcer":"ranger-acl","cliIP":"10.120.74.22","reqData":"test","agentHost":"stal-dtl-109","logType":"RangerAudit","id":"cda2610d-6643-48c3-a4f8-df326c1dee9d-11","seq_num":23,"event_count":2,"event_dur_ms":75,"tags":[],"cluster_name":"","policy_version":4}
> (xaaudit)
> [2022-06-05 09:56:18,744] INFO
> \{"repoType":9,"repo":"kafkats","reqUser":"dl-etl","evtTime":"2022-06-05
> 09:56:15.289","access":"describe","resource":"test","resType":"topic","action":"describe","result":1,"agent":"kafka","policy":7,"enforcer":"ranger-acl","cliIP":"10.120.74.22","reqData":"test","agentHost":"stal-dtl-109","logType":"RangerAudit","id":"cda2610d-6643-48c3-a4f8-df326c1dee9d-3","seq_num":7,"event_count":3,"event_dur_ms":261,"tags":[],"cluster_name":"","policy_version":4}
> (xaaudit)
> [2022-06-05 09:56:18,745] INFO
> \{"repoType":9,"repo":"kafkats","reqUser":"dl-etl","evtTime":"2022-06-05
> 09:56:15.309","access":"describe","resource":"console-consumer-12414","resType":"consumergroup","action":"describe","result":1,"agent":"kafka","policy":6,"enforcer":"ranger-acl","cliIP":"10.120.74.22","reqData":"console-consumer-12414","agentHost":"stal-dtl-109","logType":"RangerAudit","id":"cda2610d-6643-48c3-a4f8-df326c1dee9d-4","seq_num":9,"event_count":2,"event_dur_ms":180,"tags":[],"cluster_name":"","policy_version":1}
> (xaaudit)
> [2022-06-05 09:56:18,745] INFO
> \{"repoType":9,"repo":"kafkats","reqUser":"dl-etl","evtTime":"2022-06-05
> 09:56:15.355","access":"consume","resource":"console-consumer-12414","resType":"consumergroup","action":"consume","result":1,"agent":"kafka","policy":6,"enforcer":"ranger-acl","cliIP":"10.120.74.22","reqData":"console-consumer-12414","agentHost":"stal-dtl-109","logType":"RangerAudit","id":"cda2610d-6643-48c3-a4f8-df326c1dee9d-5","seq_num":11,"event_count":3,"event_dur_ms":47,"tags":[],"cluster_name":"","policy_version":1}
> (xaaudit)
> [2022-06-05 09:56:21,744] INFO
> \{"repoType":9,"repo":"kafkats","reqUser":"dl-etl","evtTime":"2022-06-05
> 09:56:16.169","access":"consume","resource":"test","resType":"topic","action":"consume","result":1,"agent":"kafka","policy":7,"enforcer":"ranger-acl","cliIP":"10.120.74.22","reqData":"test","agentHost":"stal-dtl-109","logType":"RangerAudit","id":"cda2610d-6643-48c3-a4f8-df326c1dee9d-13","seq_num":27,"event_count":10,"event_dur_ms":4546,"tags":[],"cluster_name":"","policy_version":4}
> (xaaudit)
> [2022-06-05 09:56:21,744] INFO
> \{"repoType":9,"repo":"kafkats","reqUser":"dl-etl","evtTime":"2022-06-05
> 09:56:18.483","access":"consume","resource":"console-consumer-12414","resType":"consumergroup","action":"consume","result":1,"agent":"kafka","policy":6,"enforcer":"ranger-acl","cliIP":"10.120.74.22","reqData":"console-consumer-12414","agentHost":"stal-dtl-109","logType":"RangerAudit","id":"cda2610d-6643-48c3-a4f8-df326c1dee9d-18","seq_num":37,"event_count":1,"event_dur_ms":1,"tags":[],"cluster_name":"","policy_version":1}
> (xaaudit)
> !kafkaConsoleConsumer.JPG!
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
