PROBLEM DESCRIPTION

When creating or deleting topics in Kafka, they cannot be authorized through the Ranger policies. The following errors are displayed while creating the topics:

[ADM_xxxx@xxxx-oc-had102 ~]$ /usr/hdp/current/kafka-broker/bin/kafka-topics.sh --zookeeper xxxx-oc-had101.example.local:,

xxxx-oc-had201.example.local:,xxxx-oc-had102.example.local:  --create --topic test --partition  --replication-factor

Error while executing topic command : org.apache.zookeeper.KeeperException$NoAuthException:

KeeperErrorCode = NoAuth for /config/topics/test

[-- ::,] ERROR org.I0Itec.zkclient.exception.ZkException:

org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /config/topics/test

.

.

Caused by: org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /config/topics/test

ROOT CAUSE

Kafka with Ranger is only recommended in secure clusters. The above errors are displayed while creating or deleting topic from an ordinary user. This is because only the process owner of Kafka service such as root, can write to Zookeeper znodes (/configs/topics). Ranger policies do not get enforced when a non privileged user creates a topic. This is because kafka-topics.sh script talks directly to Zookeeper to create the topic. It will add entries into the Zookeeper nodes and the watchers on the broker side will monitor and create topics accordingly. Due to the script talking to Zookeeper directly, the authorization cannot be done through the ranger plugin.

RESOLUTION

For the users to create topics, run a script called kafka-acls.sh which will allow or deny users on topics and provide other options.

Note

This is applicable only in secure environment only. The more details on this see the Authorizing Access when Kerberos is Enabled documentation.

About:
This article created by Hortonworks Support (Article: 000005366) on 2017-06-27 05:17
OS: Linux
Type: Configuration, Cluster_Administration
Version: HDP

Support ID: 000005366

ERROR:"org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /config/topics/test" when creating or deleting Kafka operations authorized through the Ranger policies的更多相关文章

  1. alimama open source mdrill启动后访问蓝鲸任务时出错:Caused by:org.apache.zookeeper.KeeperException$ConnectionLossException: KeeperErrorCode = ConnectionLoss

    启动后,访问:http://IP:1107/mdrill.jsp  蓝鲸任务

  2. org.apache.zookeeper.KeeperException$ConnectionLossException: KeeperErrorCode = ConnectionLoss for /eclipse20171118

    1:如果有一天,你有幸看到了这个错误,也许你像我一样low,因为此时,你已经准备开发Zookeeper程序了,却还没有把Zookeeper的服务启动起来. org.apache.zookeeper.K ...

  3. ERROR org.apache.zookeeper.ClientCnxn:532 - Error while calling watcher

    一.背景 使用zookeeper操作时提示这个错误信息 ERROR org.apache.zookeeper.ClientCnxn: - Error while calling watcher jav ...

  4. java.lang.reflect.UndeclaredThrowableException: null Caused by: org.apache.zookeeper.KeeperException$UnimplementedException: KeeperErrorCode = Unimplemented for

    java.lang.reflect.UndeclaredThrowableException: null    at org.springframework.util.ReflectionUtils. ...

  5. cygwin org/apache/zookeeper/KeeperException

    以前用cdh3-0.20的hbase,在windows下面直接启动就行了,但是最近安装0.94以上的,就不行了. 报标题的错误,搜遍网络,几乎都是要加HBASE_CLASSPATH的,后来看老外的文章 ...

  6. Apache Zookeeper Java客户端Curator使用及权限模式详解

    这篇文章是让大家了解Zookeeper基于Java客户端Curator的基本操作,以及如何使用Zookeeper解决实际问题. Zookeeper基于Java访问 针对zookeeper,比较常用的J ...

  7. Kafka自带zookeeper报错INFO Got user-level KeeperException when processing xxx Error Path:/brokers Error:KeeperErrorCode = NodeExists for /brokers (org.apache.zookeeper.server.PrepRequestProcessor)

    问题描述: 按照kafka官方文档的操作步骤,解压kafka压缩包后.依次启动zookeeper,和kafka服务 kafka服务启动后,查看到zookeeper日志里有以下异常 问题原因及解决办法: ...

  8. WARN Session 0x0 for server null, unexpected error, closing socket connection and attempting reconnect (org.apache.zookeeper.ClientCnxn)

    [2017-05-19 13:32:14,933] INFO Waiting for keeper state SyncConnected (org.I0Itec.zkclient.ZkClient) ...

  9. Download and Install Apache Zookeeper on Ubuntu

    http://www.techburps.com/misc/download-and-install-apache-zookeepr/36 In previous article of this Bi ...

随机推荐

  1. Mongo之架构部署(Replica Sets+Sharding)

    一.环境 要构建一个 MongoDB Sharding Cluster,需要三种角色: •Shard Server: mongod 实例,用于存储实际的数据块. •Config Server: mon ...

  2. Sql server数据库定时任务,数据库作业,数据库定时任务

    当需要周期性的去执行一个方法时,我们可以先写好方法,然后交给数据库去完成就可以的. 步骤:首先打开SQL数据库中SQLServer代理-->右键作业-->新建作业: 如果SQL Serve ...

  3. Windows系统配置OutLook邮箱教程一

    本示例演示Windows系统中OutLook邮箱设置 1.打开控制面板->类型选择小图标->找到Mail(Microsoft OutLook 2016). 2.鼠标左键双击Mail. 3. ...

  4. Python爬虫 【requests】request for humans

    安装 pip install requests 源码 git clone git://github.com/kennethreitz/requests.git 导入 import requests 发 ...

  5. 宝塔面板设置腾迅COS自动备份网站

    之前写了如何配置腾迅云COS并挂载到服务器中,今天看到宝塔面板中有腾迅云COS的插件,不过研究了下,只是将COS绑定在宝塔面板中,不能自动备份,需要用到宝塔的计划任务功能 1.下载腾迅云COS插件 2 ...

  6. 打开ubantu报错(invalid environment block. Press any key to continue)

    今天向往常一样打开ubantu ,却无法正常打开,如下图 意思是无效的环境模块,随意按键继续,按任意键后如下图 折腾了许久问题也没有得到解决,后来在某篇博客中找到了答案 https://blog.cs ...

  7. 震惊!计算机连0.3+0.6都算不对?浅谈IEEE754浮点数算数标准

    >>> 0.3+0.6 0.8999999999999999 >>> 1-0.9 0.09999999999999998 >>> 0.1+0.1+ ...

  8. win10下 anaconda 环境下python2和python3版本转换

    在cmd的环境下,输入以下命令安装Python2.7的环境 conda create -n python27 python=2.7 anaconda 上面的代码创建了一个名为python27的pyth ...

  9. 5.Flask-Migrate

    1.1.项目结构重构 (1)config.py DB_URI = "mysql+pymysql://root:123456@127.0.0.1:3306/flask_migrate?char ...

  10. redis的hash类型!!!!

    Hash类型 redsi的hash是基本类型之一,键值本身又是一对键值结构,是string类型的field和value的映射表,或者说是集合,适合存储对象. Hash的增操作 127.0.0.1:63 ...