No, you're right ;) Il sab 20 mag 2023, 18:38 George Goh <george...@spodon.com> ha scritto:
> Thanks Davide for the super speedy response :-) > > Googling a little further on this, I find the following config[1]: > <property> > <name>ranger.plugin.kafka.policy.cache.dir</name> > <value>/etc/ranger/kafkadev/policycache</value> > <description> > Directory where Ranger policies are cached after successful retrieval > from the source > </description> > </property> > > Seems safe to say, as long as the directory defined in the property > "ranger.plugin.kafka.policy.cache.dir" is healthy and not out of disk > space, then I can be reasonably confident that existing authorizations are > ok. > > Would I be making any wrong assumption here? > > [1] > https://github.com/apache/ranger/blob/master/plugin-kafka/conf/ranger-kafka-security.xml > > > On Sun, May 21, 2023 at 12:22 AM Davide Vergari <vergari.dav...@gmail.com> > wrote: > >> No. Policies are cached on the hosts running the plugin (your Kafka >> broker). If Ranger admin become unavailable (i.e. because of a failover of >> the backend DB) you are unable to create new policies or manage existing, >> but authorizations on topics are not affected >> >> Il sab 20 mag 2023, 18:15 George Goh <george...@spodon.com> ha scritto: >> >>> Hi, >>> >>> I'm pretty new to the Ranger ecosystem and learning about how it works >>> with the Apache Kafka project. >>> >>> One of the projects I'm working with, uses Ranger to provide ACL to >>> Kafka topics, and uses an external postgres for datastore. >>> >>> What is the effect to existing producers and consumers when/if postgres >>> is temporarily unavailable to Ranger (e.g., failover to secondary instance)? >>> >>> Will there be a need to 'reconnect' and re-authorize to topics in this >>> case? >>> >>> Thanks in advance! >>> >>