PROBLEM DESCRIPTION

When creating or deleting topics in Kafka, they cannot be authorized through the Ranger policies. The following errors are displayed while creating the topics:

[ADM_xxxx@xxxx-oc-had102 ~]$ /usr/hdp/current/kafka-broker/bin/kafka-topics.sh --zookeeper xxxx-oc-had101.example.local:,

xxxx-oc-had201.example.local:,xxxx-oc-had102.example.local:  --create --topic test --partition  --replication-factor

Error while executing topic command : org.apache.zookeeper.KeeperException$NoAuthException:

KeeperErrorCode = NoAuth for /config/topics/test

[-- ::,] ERROR org.I0Itec.zkclient.exception.ZkException:

org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /config/topics/test

.

.

Caused by: org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /config/topics/test

ROOT CAUSE

Kafka with Ranger is only recommended in secure clusters. The above errors are displayed while creating or deleting topic from an ordinary user. This is because only the process owner of Kafka service such as root, can write to Zookeeper znodes (/configs/topics). Ranger policies do not get enforced when a non privileged user creates a topic. This is because kafka-topics.sh script talks directly to Zookeeper to create the topic. It will add entries into the Zookeeper nodes and the watchers on the broker side will monitor and create topics accordingly. Due to the script talking to Zookeeper directly, the authorization cannot be done through the ranger plugin.

RESOLUTION

For the users to create topics, run a script called kafka-acls.sh which will allow or deny users on topics and provide other options.

Note

This is applicable only in secure environment only. The more details on this see the Authorizing Access when Kerberos is Enabled documentation.

About:
This article created by Hortonworks Support (Article: 000005366) on 2017-06-27 05:17
OS: Linux
Type: Configuration, Cluster_Administration
Version: HDP

Support ID: 000005366

ERROR:"org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /config/topics/test" when creating or deleting Kafka operations authorized through the Ranger policies的更多相关文章

  1. alimama open source mdrill启动后访问蓝鲸任务时出错:Caused by:org.apache.zookeeper.KeeperException$ConnectionLossException: KeeperErrorCode = ConnectionLoss

    启动后,访问:http://IP:1107/mdrill.jsp  蓝鲸任务

  2. org.apache.zookeeper.KeeperException$ConnectionLossException: KeeperErrorCode = ConnectionLoss for /eclipse20171118

    1:如果有一天,你有幸看到了这个错误,也许你像我一样low,因为此时,你已经准备开发Zookeeper程序了,却还没有把Zookeeper的服务启动起来. org.apache.zookeeper.K ...

  3. ERROR org.apache.zookeeper.ClientCnxn:532 - Error while calling watcher

    一.背景 使用zookeeper操作时提示这个错误信息 ERROR org.apache.zookeeper.ClientCnxn: - Error while calling watcher jav ...

  4. java.lang.reflect.UndeclaredThrowableException: null Caused by: org.apache.zookeeper.KeeperException$UnimplementedException: KeeperErrorCode = Unimplemented for

    java.lang.reflect.UndeclaredThrowableException: null    at org.springframework.util.ReflectionUtils. ...

  5. cygwin org/apache/zookeeper/KeeperException

    以前用cdh3-0.20的hbase,在windows下面直接启动就行了,但是最近安装0.94以上的,就不行了. 报标题的错误,搜遍网络,几乎都是要加HBASE_CLASSPATH的,后来看老外的文章 ...

  6. Apache Zookeeper Java客户端Curator使用及权限模式详解

    这篇文章是让大家了解Zookeeper基于Java客户端Curator的基本操作,以及如何使用Zookeeper解决实际问题. Zookeeper基于Java访问 针对zookeeper,比较常用的J ...

  7. Kafka自带zookeeper报错INFO Got user-level KeeperException when processing xxx Error Path:/brokers Error:KeeperErrorCode = NodeExists for /brokers (org.apache.zookeeper.server.PrepRequestProcessor)

    问题描述: 按照kafka官方文档的操作步骤,解压kafka压缩包后.依次启动zookeeper,和kafka服务 kafka服务启动后,查看到zookeeper日志里有以下异常 问题原因及解决办法: ...

  8. WARN Session 0x0 for server null, unexpected error, closing socket connection and attempting reconnect (org.apache.zookeeper.ClientCnxn)

    [2017-05-19 13:32:14,933] INFO Waiting for keeper state SyncConnected (org.I0Itec.zkclient.ZkClient) ...

  9. Download and Install Apache Zookeeper on Ubuntu

    http://www.techburps.com/misc/download-and-install-apache-zookeepr/36 In previous article of this Bi ...

随机推荐

  1. Python之路【第八篇】:Python模块

    阅读目录 一.模块和包 模块(module)的概念: 在计算机程序的开发过程中,随着程序代码越写越多,在一个文件里代码会越来越长,越来越不容易维护. 为了编写可维护的代码,我们把很多函数分组,分别放到 ...

  2. SqlServer 递归查询

    --查询部门及下属部门列表 WITH TEMP --递归 AS (SELECT Id, Code, Name, ParentId FROM [dbo].[AspSysDepartments] --查询 ...

  3. Error:"MetaStoreClient lost connection. Attempting to reconnect (1 of 24) after 5s. getCurrentNotificationEventId" occurs as HiveServer2 fails to start as it cannot connect to Metastore in HDP 3.0

    SupportKB Problem Description:After upgrading to HDP 3.0, the HiveServer2 fails to start and the fol ...

  4. mapbox.gl源码解析——基本架构与数据渲染流程

    加载地图 Mapbox GL JS是一个JavaScript库,使用WebGL渲染交互式矢量瓦片地图和栅格瓦片地图.WebGL渲染意味着高性能,MapboxGL能够渲染大量的地图要素,拥有流畅的交互以 ...

  5. 知识科普:IM聊天应用是如何将消息发送给对方的?(非技术篇)

    1.引言 沟通是人类的最基本需求,复杂多变的沟通内容.沟通方式,正是人类文明之所以如此璀璨的关键所在.   在自然界中,要完成一件事情的沟通,我们可以直接通过声音传递给对方,这是再平常不过的事了(靠“ ...

  6. 《前端之路》之二:数据类型转换 && 隐式转换 || 显式转换

    目录 02:数据类型转换 && 隐式转换 || 显式转换 02:数据类型转换 && 隐式转换 || 显式转换 在上一个章节中,我们介绍了 JavaScript 的基本的 ...

  7. [逆向工程] 二进制拆弹Binary Bombs 快乐拆弹 详解

    二进制拆弹 binary bombs 教你最快速解题,成功拆弹 最近计算机基础课,的实验lab2,二进制拆弹,可以说是拆的我很快乐了(sub n, %hair) 此处头发减n 我刚开始做的时候很是懵逼 ...

  8. JSP 内置对象(上)

    JSP 内置对象是 Web 容器创建的一组对象,不使用 new 关键字就可以直接使用的对象.如上一章中使用脚本实现打印九九乘法表中的out对象 <%-- 脚本:out对象是JSPWriter类的 ...

  9. NodeJs之邮件(email)发送

    NodeJs之邮件(email)发送 一,介绍与需求 1.1,介绍 1,Nodemailer简介 Nodemailer是一个简单易用的Node.js邮件发送插件 github地址 Nodemailer ...

  10. TensorFlow实现XOR

    TensorFlow基础 1.概念 TF使用图表示计算任务,图包括数据(Data).流(Flow).图(Graph) 图中节点称为op,一个op获得多个Tensor Tensor为张量,TF中用到的数 ...