This is an automatically generated e-mail. To reply, visit:
Review request for Ambari, Di Li, Jonathan Hurley, Nate Cole, Robert Levas,
Sumit Mohanty, and Sriharsha Chintalapani.
This is a continuation of the review request
https://reviews.apache.org/r/50047/ . Opening a new request for clarity.
When kerberos is enabled, the protocol for listeners in
/etc/kafka/conf/server.properties is updated from PLAINTEXT to PLAINTEXTSASL,
even though the Ambari UI shows otherwise
Updated the patch based on comments from Sumit, A follow up JIRA Ambari-17929
was reverted earlier, included the code for upgrade from the patch with some
minor changes. Included code for validation in stack_advisor based on which a
warning will be thrown in the UI, when the listeners and
security.inter.broker.protocol values are not in sync.
"Stack advisor code to recommend changes to revert to PLAINTEXT if not
kerberized" --> All the values get reverted back to default when kerberos is
disabled, so I didn't make any changes to this.
Including Sumit's comment here for reference.
sorry, had to revert it. After deployment and some user operations the
configurations went out of sync
The over all approach is sound - works for fresh deployments blueprint and UI.
Looked through the patch and here are some additional changes (by the way, I am
not very familiar with Kafka):
Existing deployments (that will go through Ambari upgrade to 2.4.0) will
1) code to replace PLAINTEXT to PLAINTEXTSASL in kafka.py or,
2) UpgradeCatalog code to fix the configs stored in the DB. The later is a
Stack advisor code to ensure "listeners" and
"security.inter.broker.protocol" values are in sync. E.g. error if one is
PLAINTEXTSASL and one isn't
Stack advisor code to recommend changes to revert to PLAINTEXT if not
kerberized. I did not try but I was not sure if config will revert back
properly when unkerberized.
Sorry, could not get to it during code review.
Can we move this JIRA to 2.5.0, next release. It appears that some more test
scenarios need to be covered. Its too close for the 2.4.0 release to get all
Added 2 new test case,
Ran mvn test
Tested in Ambari UI, by enabling kerberos, listeners protocol is updated and
kafka started successfully
Deployed Ambari 2.2.2 enabled kerberos and then did an update, the kafka
listeners value got updated
Changed the value in the UI, a warning is thrown on save.
Disabled kerberos, value got reset to default PLAINTEXT://localhost:6667
Sumit, please let me know if any other scenarios need to be tested.