[ https://issues.apache.org/jira/browse/AMBARI-22715?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sean Roberts updated AMBARI-22715: ---------------------------------- Description: https://issues.apache.org/jira/browse/AMBARI-22715 Kafka brokers will fail to start when Kerberos is set with: case_insensitive_username_rules=true This is due to Kafka not supporting the lower case (/L) functionality. How to reproduce: 1. Deploy a cluster which includes Kafka 2. Kerberize cluster 3. Ensure following is set in 'kerberos-env': {code} case_insensitive_username_rules=true manage_auth_to_local=true {code} 4. Start Kafka brokers 5. They will fail to start. This is due to Kafka not supporting lowercase rules ("/L)" rules. Note the /Ls in the configuration which Ambari applied: {code} "sasl.kerberos.principal.to.local.rules" : "RULE:[1:$1@$0](ambari-qa-mytestclus...@cluster.test.com)s/.*/ambari-qa/,RULE:[1:$1@$0](hbase-mytestclus...@cluster.test.com)s/.*/hbase/,RULE:[1:$1@$0](hdfs-mytestclus...@cluster.test.com)s/.*/hdfs/,RULE:[1:$1@$0](spark-mytestclus...@cluster.test.com)s/.*/spark/,RULE:[1:$1@$0](zeppelin-mytestclus...@cluster.test.com)s/.*/zeppelin/,RULE:[1:$1@$0](.*@CLUSTER.TEST.COM)s/@.*///L,RULE:[2:$1@$0](activity_analy...@cluster.test.com)s/.*/activity_analyzer/,RULE:[2:$1@$0](activity_explo...@cluster.test.com)s/.*/activity_explorer/,RULE:[2:$1@$0](amshb...@cluster.test.com)s/.*/ams/,RULE:[2:$1@$0](am...@cluster.test.com)s/.*/ams/,RULE:[2:$1@$0](at...@cluster.test.com)s/.*/atlas/,RULE:[2:$1@$0](d...@cluster.test.com)s/.*/hdfs/,RULE:[2:$1@$0](hb...@cluster.test.com)s/.*/hbase/,RULE:[2:$1@$0](h...@cluster.test.com)s/.*/hive/,RULE:[2:$1@$0](j...@cluster.test.com)s/.*/mapred/,RULE:[2:$1@$0](j...@cluster.test.com)s/.*/hdfs/,RULE:[2:$1@$0](k...@cluster.test.com)s/.*/knox/,RULE:[2:$1@$0](l...@cluster.test.com)s/.*/livy/,RULE:[2:$1@$0](n...@cluster.test.com)s/.*/yarn/,RULE:[2:$1@$0](n...@cluster.test.com)s/.*/hdfs/,RULE:[2:$1@$0](oo...@cluster.test.com)s/.*/oozie/,RULE:[2:$1@$0](rangerad...@cluster.test.com)s/.*/ranger/,RULE:[2:$1@$0](ranger...@cluster.test.com)s/.*/keyadmin/,RULE:[2:$1@$0](rangertags...@cluster.test.com)s/.*/rangertagsync/,RULE:[2:$1@$0](rangerusers...@cluster.test.com)s/.*/rangerusersync/,RULE:[2:$1@$0](r...@cluster.test.com)s/.*/yarn/,RULE:[2:$1@$0](y...@cluster.test.com)s/.*/yarn/,DEFAULT", {code} was: Kafka brokers will fail to start when Kerberos is set with: case_insensitive_username_rules=true This is due to Kafka not supporting the lower case (/L) functionality. How to reproduce: 1. Deploy a cluster which includes Kafka 2. Kerberize cluster 3. Ensure following is set in 'kerberos-env': {code} case_insensitive_username_rules=true manage_auth_to_local=true {code} 4. Start Kafka brokers 5. They will fail due to "/L" rules in 'kafka-broker: sasl.kerberos.principal.to.local.rules' > Kafka broken by auth_to_local rules when case_insensitive_username_rules=true > ----------------------------------------------------------------------------- > > Key: AMBARI-22715 > URL: https://issues.apache.org/jira/browse/AMBARI-22715 > Project: Ambari > Issue Type: Bug > Reporter: Sean Roberts > > https://issues.apache.org/jira/browse/AMBARI-22715 > Kafka brokers will fail to start when Kerberos is set with: > case_insensitive_username_rules=true > This is due to Kafka not supporting the lower case (/L) functionality. > How to reproduce: > 1. Deploy a cluster which includes Kafka > 2. Kerberize cluster > 3. Ensure following is set in 'kerberos-env': > {code} > case_insensitive_username_rules=true > manage_auth_to_local=true > {code} > 4. Start Kafka brokers > 5. They will fail to start. > This is due to Kafka not supporting lowercase rules ("/L)" rules. > Note the /Ls in the configuration which Ambari applied: > {code} > "sasl.kerberos.principal.to.local.rules" : > "RULE:[1:$1@$0](ambari-qa-mytestclus...@cluster.test.com)s/.*/ambari-qa/,RULE:[1:$1@$0](hbase-mytestclus...@cluster.test.com)s/.*/hbase/,RULE:[1:$1@$0](hdfs-mytestclus...@cluster.test.com)s/.*/hdfs/,RULE:[1:$1@$0](spark-mytestclus...@cluster.test.com)s/.*/spark/,RULE:[1:$1@$0](zeppelin-mytestclus...@cluster.test.com)s/.*/zeppelin/,RULE:[1:$1@$0](.*@CLUSTER.TEST.COM)s/@.*///L,RULE:[2:$1@$0](activity_analy...@cluster.test.com)s/.*/activity_analyzer/,RULE:[2:$1@$0](activity_explo...@cluster.test.com)s/.*/activity_explorer/,RULE:[2:$1@$0](amshb...@cluster.test.com)s/.*/ams/,RULE:[2:$1@$0](am...@cluster.test.com)s/.*/ams/,RULE:[2:$1@$0](at...@cluster.test.com)s/.*/atlas/,RULE:[2:$1@$0](d...@cluster.test.com)s/.*/hdfs/,RULE:[2:$1@$0](hb...@cluster.test.com)s/.*/hbase/,RULE:[2:$1@$0](h...@cluster.test.com)s/.*/hive/,RULE:[2:$1@$0](j...@cluster.test.com)s/.*/mapred/,RULE:[2:$1@$0](j...@cluster.test.com)s/.*/hdfs/,RULE:[2:$1@$0](k...@cluster.test.com)s/.*/knox/,RULE:[2:$1@$0](l...@cluster.test.com)s/.*/livy/,RULE:[2:$1@$0](n...@cluster.test.com)s/.*/yarn/,RULE:[2:$1@$0](n...@cluster.test.com)s/.*/hdfs/,RULE:[2:$1@$0](oo...@cluster.test.com)s/.*/oozie/,RULE:[2:$1@$0](rangerad...@cluster.test.com)s/.*/ranger/,RULE:[2:$1@$0](ranger...@cluster.test.com)s/.*/keyadmin/,RULE:[2:$1@$0](rangertags...@cluster.test.com)s/.*/rangertagsync/,RULE:[2:$1@$0](rangerusers...@cluster.test.com)s/.*/rangerusersync/,RULE:[2:$1@$0](r...@cluster.test.com)s/.*/yarn/,RULE:[2:$1@$0](y...@cluster.test.com)s/.*/yarn/,DEFAULT", > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)