Ron Dagostino created KAFKA-10451: ------------------------------------- Summary: system tests send large command over ssh instead of using remote file for security config Key: KAFKA-10451 URL: https://issues.apache.org/jira/browse/KAFKA-10451 Project: Kafka Issue Type: Improvement Components: system tests Reporter: Ron Dagostino
In `kafka.py` the pattern used to supply security configuration information to remote CLI tools is to send the information as part of the ssh command. For example, see this --command-config definition: {{Running ssh command: export KAFKA_OPTS="-Djava.security.auth.login.config=/mnt/security/admin_client_as_broker_jaas.conf -Djava.security.krb5.conf=/mnt/security/krb5.conf"; /opt/kafka-dev/bin/kafka-configs.sh --bootstrap-server worker2:9095 --command-config <(echo ' ssl.endpoint.identification.algorithm=HTTPS sasl.kerberos.service.name=kafka security.protocol=SASL_SSL ssl.keystore.location=/mnt/security/test.keystore.jks ssl.truststore.location=/mnt/security/test.truststore.jks ssl.keystore.password=test-ks-passwd sasl.mechanism=SCRAM-SHA-256 ssl.truststore.password=test-ts-passwd ssl.key.password=test-ks-passwd sasl.mechanism.inter.broker.protocol=GSSAPI ') --entity-name kafka-client --entity-type users --alter --add-config SCRAM-SHA-256=[password=client-secret]}} This ssh command length is getting pretty big. It would be best if this referred to a file as opposed to sending in the file contents as part of the ssh command. This happens in a few places in `kafka/py` and should be rectified. -- This message was sent by Atlassian Jira (v8.3.4#803005)