ERROR:"org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /config/topics/test" when creating or deleting Kafka operations authorized through the Ranger policies

微信-大数据从业者 2024-08-25 15:53:19 原文

PROBLEM DESCRIPTION

When creating or deleting topics in Kafka, they cannot be authorized through the Ranger policies. The following errors are displayed while creating the topics:

[ADM_xxxx@xxxx-oc-had102 ~]$ /usr/hdp/current/kafka-broker/bin/kafka-topics.sh --zookeeper xxxx-oc-had101.example.local:,

xxxx-oc-had201.example.local:,xxxx-oc-had102.example.local:  --create --topic test --partition  --replication-factor

Error while executing topic command : org.apache.zookeeper.KeeperException$NoAuthException:

KeeperErrorCode = NoAuth for /config/topics/test

[-- ::,] ERROR org.I0Itec.zkclient.exception.ZkException:

org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /config/topics/test

.

.

Caused by: org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /config/topics/test

ROOT CAUSE

Kafka with Ranger is only recommended in secure clusters. The above errors are displayed while creating or deleting topic from an ordinary user. This is because only the process owner of Kafka service such as root, can write to Zookeeper znodes (/configs/topics). Ranger policies do not get enforced when a non privileged user creates a topic. This is because kafka-topics.sh script talks directly to Zookeeper to create the topic. It will add entries into the Zookeeper nodes and the watchers on the broker side will monitor and create topics accordingly. Due to the script talking to Zookeeper directly, the authorization cannot be done through the ranger plugin.

RESOLUTION

For the users to create topics, run a script called kafka-acls.sh which will allow or deny users on topics and provide other options.

Note

This is applicable only in secure environment only. The more details on this see the Authorizing Access when Kerberos is Enabled documentation.

About:
This article created by Hortonworks Support (Article: 000005366) on 2017-06-27 05:17
OS: Linux
Type: Configuration, Cluster_Administration
Version: HDP

Support ID: 000005366

ERROR:"org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /config/topics/test" when creating or deleting Kafka operations authorized through the Ranger policies的更多相关文章

alimama open source mdrill启动后访问蓝鲸任务时出错：Caused by:org.apache.zookeeper.KeeperException$ConnectionLossException: KeeperErrorCode = ConnectionLoss
启动后,访问:http://IP:1107/mdrill.jsp 蓝鲸任务
org.apache.zookeeper.KeeperException$ConnectionLossException: KeeperErrorCode = ConnectionLoss for /eclipse20171118
1:如果有一天,你有幸看到了这个错误,也许你像我一样low,因为此时,你已经准备开发Zookeeper程序了,却还没有把Zookeeper的服务启动起来. org.apache.zookeeper.K ...
ERROR org.apache.zookeeper.ClientCnxn:532 - Error while calling watcher
一.背景使用zookeeper操作时提示这个错误信息 ERROR org.apache.zookeeper.ClientCnxn: - Error while calling watcher jav ...
java.lang.reflect.UndeclaredThrowableException: null Caused by: org.apache.zookeeper.KeeperException$UnimplementedException: KeeperErrorCode = Unimplemented for
java.lang.reflect.UndeclaredThrowableException: null at org.springframework.util.ReflectionUtils. ...
cygwin org/apache/zookeeper/KeeperException
以前用cdh3-0.20的hbase,在windows下面直接启动就行了,但是最近安装0.94以上的,就不行了. 报标题的错误,搜遍网络,几乎都是要加HBASE_CLASSPATH的,后来看老外的文章 ...
Apache Zookeeper Java客户端Curator使用及权限模式详解
这篇文章是让大家了解Zookeeper基于Java客户端Curator的基本操作,以及如何使用Zookeeper解决实际问题. Zookeeper基于Java访问针对zookeeper,比较常用的J ...
Kafka自带zookeeper报错INFO Got user-level KeeperException when processing xxx Error Path:/brokers Error:KeeperErrorCode = NodeExists for /brokers (org.apache.zookeeper.server.PrepRequestProcessor)
问题描述: 按照kafka官方文档的操作步骤,解压kafka压缩包后.依次启动zookeeper,和kafka服务 kafka服务启动后,查看到zookeeper日志里有以下异常问题原因及解决办法: ...
WARN Session 0x0 for server null, unexpected error, closing socket connection and attempting reconnect (org.apache.zookeeper.ClientCnxn)
[2017-05-19 13:32:14,933] INFO Waiting for keeper state SyncConnected (org.I0Itec.zkclient.ZkClient) ...
Download and Install Apache Zookeeper on Ubuntu
http://www.techburps.com/misc/download-and-install-apache-zookeepr/36 In previous article of this Bi ...

随机推荐

RFID和QRCODE对比
1.技术介绍 1.1 RFID 射频识别,RFID(Radio Frequency Identification)技术,又称无线射频识别,是一种通信技术,可通过无线电讯号识别特定目标并读写相关数据,而 ...
windows下nginx的安装及使用
安装过程比较简单 1.下载nginx http://nginx.org/en/download.html 下载稳定版本,以nginx/Windows-1.14.2为例,直接下载 nginx-1.14. ...
5个常常被大家忽略的Python小技巧
下面我挑选出的这几个技巧常常会被人们忽略,但它们在日常编程中能真正的给我们带来不少帮助. 1. 字典推导(Dictionary comprehensions)和集合推导(Set comprehensi ...
PHP全栈学习笔记6
php能做什么,它是运行在服务器端的,web网站大部分数据都是存储在服务器上的,PHP就是用来处理这些存储在服务器的数据.跨平台,服务器可以是多种平台上的服务器,脚本语言,免费. wampserver ...
爬虫框架之Scrapy(一)
scrapy简介 scrapy是一个用python实现为了爬取网站数据,提取结构性数据而编写的应用框架,功能非常的强大. scrapy常应用在包括数据挖掘,信息处理或者储存历史数据的一系列程序中. s ...
C语言中的神兽strdup
C语言的确博大精深,在C语言的世界中遨游了那么多年,发现自己仍是菜鸟一枚,很多利器没有能够驾驭,今天介绍一个神兽,威力无比,但是却很少人能用得好. 函数原型: #include <string. ...
jdk各个版本的新特性（jdk1.7，1.8，1.9）
用了这么久的jdk,应该会有很多人和我一样,不知道各个版本的jdk的一些新特性,这里简单总结一下.. jdk1.7新特性: 1.在Switch中可以用String字符串 2.对Java集合(Colle ...
死磕 java集合之ConcurrentHashMap源码分析（一）
开篇问题 (1)ConcurrentHashMap与HashMap的数据结构是否一样? (2)HashMap在多线程环境下何时会出现并发安全问题? (3)ConcurrentHashMap是怎么解决并 ...
《IDEO，设计改变一切》（Change By Design）- 读书笔记
一.关于IDEO与设计思维 IDEO是一家世界顶级创意公司,而作者蒂姆布朗是IDEO的CEO.当然,在未阅读本书之前,我都是不知道的,也不会主动去了解IDEO和蒂姆布朗的.那么,我为什么要去读这样一本 ...
从零开始学习PYTHON3讲义（九）字典类型和插入排序
<从零开始PYTHON3>第九讲第六讲.上一讲我们都介绍了列表类型.列表类型是编程中最常用的一种类型,但也有挺明显的缺陷,比如: data = [5,22,34,12,87,67,3,4 ...