[jira] [Created] (METRON-1187) Indexing/Profiler Kafka ACL Groups Not Setup Correctly

Nick Allen (JIRA) Thu, 14 Sep 2017 12:45:19 -0700

Nick Allen created METRON-1187:
----------------------------------

             Summary: Indexing/Profiler Kafka ACL Groups Not Setup Correctly
                 Key: METRON-1187
                 URL: https://issues.apache.org/jira/browse/METRON-1187
             Project: Metron
          Issue Type: Bug
    Affects Versions: 0.4.0
            Reporter: Nick Allen
            Assignee: Nick Allen
             Fix For: Next + 1



When kerberizing Metron using the MPack, either the Profiler or the Indexing 
Kafka ACL groups will not authorize the 'metron' user.  This will only work 
correctly for the component which is executed first.

This can lead to an error in either the Profiler or Indexing topology that 
looks like the following.
{code}
2017-09-14 07:29:52.984 o.a.s.util [ERROR] Async loop died!
org.apache.kafka.common.errors.GroupAuthorizationException: Not authorized to 
access group: indexing
{code}

Manually checking confirms the problem.
{code}
[root@XXX ambari-server]# /usr/hdp/current/kafka-broker/bin/kafka-acls.sh 
--authorizer-properties zookeeper.connect=${ZOOKEEPER} --list
[2017-09-14 12:09:26,284] WARN read null data from 
/kafka-acl-changes/acl_changes_0000000004 when processing notification 
acl_changes_0000000004 (kafka.common.ZkNodeChangeNotificationListener)
[2017-09-14 12:09:26,304] WARN read null data from 
/kafka-acl-changes/acl_changes_0000000005 when processing notification 
acl_changes_0000000005 (kafka.common.ZkNodeChangeNotificationListener)
[2017-09-14 12:09:26,315] WARN read null data from 
/kafka-acl-changes/acl_changes_0000000006 when processing notification 
acl_changes_0000000006 (kafka.common.ZkNodeChangeNotificationListener)
[2017-09-14 12:09:26,321] WARN read null data from 
/kafka-acl-changes/acl_changes_0000000007 when processing notification 
acl_changes_0000000007 (kafka.common.ZkNodeChangeNotificationListener)
[2017-09-14 12:09:26,323] WARN read null data from 
/kafka-acl-changes/acl_changes_0000000008 when processing notification 
acl_changes_0000000008 (kafka.common.ZkNodeChangeNotificationListener)
[2017-09-14 12:09:26,325] WARN read null data from 
/kafka-acl-changes/acl_changes_0000000009 when processing notification 
acl_changes_0000000009 (kafka.common.ZkNodeChangeNotificationListener)
[2017-09-14 12:09:26,327] WARN read null data from 
/kafka-acl-changes/acl_changes_0000000010 when processing notification 
acl_changes_0000000010 (kafka.common.ZkNodeChangeNotificationListener)
[2017-09-14 12:09:26,337] WARN read null data from 
/kafka-acl-changes/acl_changes_0000000011 when processing notification 
acl_changes_0000000011 (kafka.common.ZkNodeChangeNotificationListener)
Current ACLs for resource `Group:bro_parser`:
        User:metron has Allow permission for operations: All from hosts: *

Current ACLs for resource `Topic:ambari_kafka_service_check`:
        User:metron has Allow permission for operations: All from hosts: *

Current ACLs for resource `Group:profiler`:
        User:metron has Allow permission for operations: All from hosts: *

[2017-09-14 12:09:26,349] WARN read null data from 
/kafka-acl-changes/acl_changes_0000000012 when processing notification 
acl_changes_0000000012 (kafka.common.ZkNodeChangeNotificationListener)
Current ACLs for resource `Group:metron-rest`:
        User:metron has Allow permission for operations: All from hosts: *

Current ACLs for resource `Topic:enrichments`:
        User:metron has Allow permission for operations: All from hosts: *

Current ACLs for resource `Topic:snort`:
        User:metron has Allow permission for operations: All from hosts: *

Current ACLs for resource `Topic:yaf`:
        User:metron has Allow permission for operations: All from hosts: *

Current ACLs for resource `Group:enrichments`:
        User:metron has Allow permission for operations: All from hosts: *

[2017-09-14 12:09:26,351] WARN read null data from 
/kafka-acl-changes/acl_changes_0000000013 when processing notification 
acl_changes_0000000013 (kafka.common.ZkNodeChangeNotificationListener)
Current ACLs for resource `Topic:__consumer_offsets`:
        User:metron has Allow permission for operations: All from hosts: *

Current ACLs for resource `Topic:bro`:
        User:metron has Allow permission for operations: All from hosts: *

Current ACLs for resource `Topic:escalation`:
        User:metron has Allow permission for operations: All from hosts: *

Current ACLs for resource `Group:yaf_parser`:
        User:metron has Allow permission for operations: All from hosts: *

Current ACLs for resource `Group:snort_parser`:
        User:metron has Allow permission for operations: All from hosts: *

Current ACLs for resource `Topic:indexing`:
        User:metron has Allow permission for operations: All from hosts: *
{code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (METRON-1187) Indexing/Profiler Kafka ACL Groups Not Setup Correctly

Reply via email to