[ https://issues.apache.org/jira/browse/METRON-1187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16166975#comment-16166975 ]
ASF GitHub Bot commented on METRON-1187: ---------------------------------------- Github user nickwallen commented on a diff in the pull request: https://github.com/apache/metron/pull/759#discussion_r139013691 --- Diff: metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/indexing_commands.py --- @@ -46,6 +46,7 @@ def __init__(self, params): self.__acl_configured = os.path.isfile(self.__params.indexing_acl_configured_flag_file) self.__hbase_configured = os.path.isfile(self.__params.indexing_hbase_configured_flag_file) self.__hbase_acl_configured = os.path.isfile(self.__params.indexing_hbase_acl_configured_flag_file) + self.__hdfs_perm_configured = os.path.isfile(self.__params.indexing_hdfs_perm_configured_flag_file) --- End diff -- This is another issue that I found. I am not sure what the impact is, but seems like we would just always set the HDFS perms. > Indexing/Profiler Kafka ACL Groups Not Setup Correctly > ------------------------------------------------------ > > Key: METRON-1187 > URL: https://issues.apache.org/jira/browse/METRON-1187 > Project: Metron > Issue Type: Bug > Affects Versions: 0.4.0 > Reporter: Nick Allen > Assignee: Nick Allen > Fix For: Next + 1 > > > When kerberizing Metron using the MPack, either the Profiler or the Indexing > Kafka ACL groups will not authorize the 'metron' user. This will only work > correctly for the component which is executed first. > This can lead to an error in either the Profiler or Indexing topology that > looks like the following. > {code} > 2017-09-14 07:29:52.984 o.a.s.util [ERROR] Async loop died! > org.apache.kafka.common.errors.GroupAuthorizationException: Not authorized to > access group: indexing > {code} > Manually checking confirms the problem. > {code} > [root@XXX ambari-server]# /usr/hdp/current/kafka-broker/bin/kafka-acls.sh > --authorizer-properties zookeeper.connect=${ZOOKEEPER} --list > [2017-09-14 12:09:26,284] WARN read null data from > /kafka-acl-changes/acl_changes_0000000004 when processing notification > acl_changes_0000000004 (kafka.common.ZkNodeChangeNotificationListener) > [2017-09-14 12:09:26,304] WARN read null data from > /kafka-acl-changes/acl_changes_0000000005 when processing notification > acl_changes_0000000005 (kafka.common.ZkNodeChangeNotificationListener) > [2017-09-14 12:09:26,315] WARN read null data from > /kafka-acl-changes/acl_changes_0000000006 when processing notification > acl_changes_0000000006 (kafka.common.ZkNodeChangeNotificationListener) > [2017-09-14 12:09:26,321] WARN read null data from > /kafka-acl-changes/acl_changes_0000000007 when processing notification > acl_changes_0000000007 (kafka.common.ZkNodeChangeNotificationListener) > [2017-09-14 12:09:26,323] WARN read null data from > /kafka-acl-changes/acl_changes_0000000008 when processing notification > acl_changes_0000000008 (kafka.common.ZkNodeChangeNotificationListener) > [2017-09-14 12:09:26,325] WARN read null data from > /kafka-acl-changes/acl_changes_0000000009 when processing notification > acl_changes_0000000009 (kafka.common.ZkNodeChangeNotificationListener) > [2017-09-14 12:09:26,327] WARN read null data from > /kafka-acl-changes/acl_changes_0000000010 when processing notification > acl_changes_0000000010 (kafka.common.ZkNodeChangeNotificationListener) > [2017-09-14 12:09:26,337] WARN read null data from > /kafka-acl-changes/acl_changes_0000000011 when processing notification > acl_changes_0000000011 (kafka.common.ZkNodeChangeNotificationListener) > Current ACLs for resource `Group:bro_parser`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Topic:ambari_kafka_service_check`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Group:profiler`: > User:metron has Allow permission for operations: All from hosts: * > [2017-09-14 12:09:26,349] WARN read null data from > /kafka-acl-changes/acl_changes_0000000012 when processing notification > acl_changes_0000000012 (kafka.common.ZkNodeChangeNotificationListener) > Current ACLs for resource `Group:metron-rest`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Topic:enrichments`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Topic:snort`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Topic:yaf`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Group:enrichments`: > User:metron has Allow permission for operations: All from hosts: * > [2017-09-14 12:09:26,351] WARN read null data from > /kafka-acl-changes/acl_changes_0000000013 when processing notification > acl_changes_0000000013 (kafka.common.ZkNodeChangeNotificationListener) > Current ACLs for resource `Topic:__consumer_offsets`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Topic:bro`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Topic:escalation`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Group:yaf_parser`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Group:snort_parser`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Topic:indexing`: > User:metron has Allow permission for operations: All from hosts: * > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)