[
https://issues.apache.org/jira/browse/AMBARI-17694?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15410436#comment-15410436
]
Sumit Mohanty edited comment on AMBARI-17694 at 8/6/16 4:43 AM:
----------------------------------------------------------------
[~anitajebaraj] sorry, had to revert it. After deployment and some user
operations the configurations went out of sync
{code}
...
listeners=PLAINTEXT://nat-r7-kxqs-xaagents-re-3.openstacklocal:6667,SSL://nat-r7-kxqs-xaagents-re-3.openstacklocal:6666
security.inter.broker.protocol=PLAINTEXTSASL
...
{code}
The over all approach is sound - works for fresh deployments blueprint and UI.
Looked through the patch and here are some additional changes (by the way, I am
not very familiar with Kafka):
* Existing deployments (that will go through Ambari upgrade to 2.4.0) will
either need 1) code to replace PLAINTEXT to PLAINTEXTSASL in kafka.py or, 2)
UpgradeCatalog code to fix the configs stored in the DB. The later is a better
approach.
* Stack advisor code to ensure "listeners" and "security.inter.broker.protocol"
values are in sync. E.g. error if one is PLAINTEXTSASL and one isn't
* Stack advisor code to recommend changes to revert to PLAINTEXT if not
kerberized. _I did not try but I was not sure if config will revert back
properly when unkerberized_.
Sorry, could not get to it during code review.
Can we move this JIRA to 2.5.0, next release. It appears that some more test
scenarios need to be covered. Its too close for the 2.4.0 release to get all
paths tested.
was (Author: sumitmohanty):
[~anitajebaraj] sorry, had to revert it. It appears that if one uses blueprint
to deploy a secured cluster then the "replace" construct does not take effect.
After deployment the configurations were
{code}
...
listeners=PLAINTEXT://nat-r7-kxqs-xaagents-re-3.openstacklocal:6667,SSL://nat-r7-kxqs-xaagents-re-3.openstacklocal:6666
security.inter.broker.protocol=PLAINTEXTSASL
...
{code}
> Kafka listeners property does not show SASL_PLAINTEXT protocol when Kerberos
> is enabled
> ---------------------------------------------------------------------------------------
>
> Key: AMBARI-17694
> URL: https://issues.apache.org/jira/browse/AMBARI-17694
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: trunk
> Reporter: Anita Gnanamalar Jebaraj
> Assignee: Anita Gnanamalar Jebaraj
> Priority: Critical
> Fix For: 2.4.0
>
> Attachments: AMBARI-17694-1.patch, AMBARI-17694-Aug3.patch,
> AMBARI-17694-Jul26.patch, AMBARI-17694.patch
>
>
> When kerberos is enabled, the protocol for listeners in
> /etc/kafka/conf/server.properties is updated from PLAINTEXT to PLAINTEXTSASL,
> even though the Ambari UI shows otherwise
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
