PROBLEM DESCRIPTION

When creating or deleting topics in Kafka, they cannot be authorized through the Ranger policies. The following errors are displayed while creating the topics:

[ADM_xxxx@xxxx-oc-had102 ~]$ /usr/hdp/current/kafka-broker/bin/kafka-topics.sh --zookeeper xxxx-oc-had101.example.local:,

xxxx-oc-had201.example.local:,xxxx-oc-had102.example.local:  --create --topic test --partition  --replication-factor

Error while executing topic command : org.apache.zookeeper.KeeperException$NoAuthException:

KeeperErrorCode = NoAuth for /config/topics/test

[-- ::,] ERROR org.I0Itec.zkclient.exception.ZkException:

org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /config/topics/test

.

.

Caused by: org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /config/topics/test

ROOT CAUSE

Kafka with Ranger is only recommended in secure clusters. The above errors are displayed while creating or deleting topic from an ordinary user. This is because only the process owner of Kafka service such as root, can write to Zookeeper znodes (/configs/topics). Ranger policies do not get enforced when a non privileged user creates a topic. This is because kafka-topics.sh script talks directly to Zookeeper to create the topic. It will add entries into the Zookeeper nodes and the watchers on the broker side will monitor and create topics accordingly. Due to the script talking to Zookeeper directly, the authorization cannot be done through the ranger plugin.

RESOLUTION

For the users to create topics, run a script called kafka-acls.sh which will allow or deny users on topics and provide other options.

Note

This is applicable only in secure environment only. The more details on this see the Authorizing Access when Kerberos is Enabled documentation.

About:
This article created by Hortonworks Support (Article: 000005366) on 2017-06-27 05:17
OS: Linux
Type: Configuration, Cluster_Administration
Version: HDP

Support ID: 000005366

ERROR:"org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /config/topics/test" when creating or deleting Kafka operations authorized through the Ranger policies的更多相关文章

  1. alimama open source mdrill启动后访问蓝鲸任务时出错:Caused by:org.apache.zookeeper.KeeperException$ConnectionLossException: KeeperErrorCode = ConnectionLoss

    启动后,访问:http://IP:1107/mdrill.jsp  蓝鲸任务

  2. org.apache.zookeeper.KeeperException$ConnectionLossException: KeeperErrorCode = ConnectionLoss for /eclipse20171118

    1:如果有一天,你有幸看到了这个错误,也许你像我一样low,因为此时,你已经准备开发Zookeeper程序了,却还没有把Zookeeper的服务启动起来. org.apache.zookeeper.K ...

  3. ERROR org.apache.zookeeper.ClientCnxn:532 - Error while calling watcher

    一.背景 使用zookeeper操作时提示这个错误信息 ERROR org.apache.zookeeper.ClientCnxn: - Error while calling watcher jav ...

  4. java.lang.reflect.UndeclaredThrowableException: null Caused by: org.apache.zookeeper.KeeperException$UnimplementedException: KeeperErrorCode = Unimplemented for

    java.lang.reflect.UndeclaredThrowableException: null    at org.springframework.util.ReflectionUtils. ...

  5. cygwin org/apache/zookeeper/KeeperException

    以前用cdh3-0.20的hbase,在windows下面直接启动就行了,但是最近安装0.94以上的,就不行了. 报标题的错误,搜遍网络,几乎都是要加HBASE_CLASSPATH的,后来看老外的文章 ...

  6. Apache Zookeeper Java客户端Curator使用及权限模式详解

    这篇文章是让大家了解Zookeeper基于Java客户端Curator的基本操作,以及如何使用Zookeeper解决实际问题. Zookeeper基于Java访问 针对zookeeper,比较常用的J ...

  7. Kafka自带zookeeper报错INFO Got user-level KeeperException when processing xxx Error Path:/brokers Error:KeeperErrorCode = NodeExists for /brokers (org.apache.zookeeper.server.PrepRequestProcessor)

    问题描述: 按照kafka官方文档的操作步骤,解压kafka压缩包后.依次启动zookeeper,和kafka服务 kafka服务启动后,查看到zookeeper日志里有以下异常 问题原因及解决办法: ...

  8. WARN Session 0x0 for server null, unexpected error, closing socket connection and attempting reconnect (org.apache.zookeeper.ClientCnxn)

    [2017-05-19 13:32:14,933] INFO Waiting for keeper state SyncConnected (org.I0Itec.zkclient.ZkClient) ...

  9. Download and Install Apache Zookeeper on Ubuntu

    http://www.techburps.com/misc/download-and-install-apache-zookeepr/36 In previous article of this Bi ...

随机推荐

  1. windows下gitbash安装教程

    下载安装 1.从git官网下载一个git安装包,官网下载地址http://www.git-scm.com/download/ 2.双击安装程序,进入欢迎界面点击[Next >] 3.阅读协议,点 ...

  2. vue 中 vue-router、transition、keep-alive 怎么结合使用?

    <transition :name="name" mode="out-in" name="fade"> <keep-ali ...

  3. WEB框架-Django框架学习-关联管理器(RelatedManager)

    一.class RelatedManager "关联管理器"是在一对多或者多对多的关联上下文中使用的管理器.它存在于下面两种情况: 1.一对多 ForeignKey关系的“另一边” ...

  4. Javascript高级编程学习笔记(97)—— WebGL(3) WebGL上下文(1)

    WebGL上下文 在支持WebGL的浏览器中,WebGL的名字为 "experimental-webgl",这是由于 webgl 的规范仍未制定完成 制定完成后名字就会改为简单的 ...

  5. [Err] 1055 - Expression #1 of ORDER BY clause is not in GROUP BY clause 的问题 MySQL

    问题:[Err] 1055 - Expression #1 of ORDER BY clause is not in GROUP BY clause and contains nonaggregate ...

  6. Python基础(reduce,filter,map函数)

    map函数: map函数特点:对可迭代对象中的每个元素进行相同的操作(例如每个元素+1等等) #————————————————map函数———————————————————— #对列表的各个元素实 ...

  7. Ubuntu|ython3 :ImportError: cannot import name 'main'

    1.问题 root@stephen-K55VD:/usr/bin# pip3 Traceback (most recent call last): File "/usr/bin/pip3&q ...

  8. vue里如何灵活的绑定class以及内联style

    在我们平常的前端开发中少不了对DOM的操作,以及样式的动态控制,那我们在使用vue的时候该如何灵活的绑定class呢 1.最简单一个class绑定 v-bind:class设置一个对象,可以动态地切换 ...

  9. c#多线程总结(纯干货)

    线程基础 创建线程 static void Main(string[] args) { Thread t = new Thread(PrintNumbers); t.Start();//线程开始执行 ...

  10. 利用StackExchange.Redis和Log4Net构建日志队列

    简介:本文是一个简单的demo用于展示利用StackExchange.Redis和Log4Net构建日志队列,为高并发日志处理提供一些思路. 0.先下载安装Redis服务,然后再服务列表里启动服务(R ...