Follow these steps to enable and configure the Kafka plugin for Ranger.

Before you begin

The default policy user (ambari-qa) used for a plug-in should be an existing valid user on the system which is configured for Ranger.

Procedure

  1. From the Ambari web interface, select the Ranger service and then open the Configs tab. Select the Ranger Plugin tab.

  2. In the Ranger Plugin section, enable the Kafka Ranger Plugin, and then click Save.
    Note
    1. The Kafka Ranger plugin requires Kerberos. You will see a warning if you try to enable Kafka on an non-Kerberized cluster. For details see the Kafka Plugin section of the Ranger FAQ.
    2. Topic creation can be authorized via Ranger, but only if the topic is being auto-created by consumers or producers. The recommended policy setup to authorize topic auto-creation for producers or consumers is as follows:
      1. Create a policy where resource is all topics, i.e. *.
      2. For producers, create a policy item under this policy which grants both Produce and Configure permissions to the relevant user or user-groups.
      3. For consumers, create a policy item under this policy which grants both Consume and Configure permissions to the relevant user or user-groups.

Example

The following is an example of how to use the Kafka Ranger plugin for authorization:
  1. Ensure that the default policy created when the plugin is enabled is enabled and synced.
  2. Ensure that Kerberos tickets are not expired by using the kinit command as the kafka user.
  3. Run the following command to create a topic in Kafka. Run the command as the kafka user and from the /usr/iop/current/kafka-broker/ directory: 
    bin/kafka-topics.sh --create --zookeeper hostname.fyre.ibm.com:2181 --replication-factor 1
    
--partitions 1 --topic test-topic

  4. Create files named producer.properties and consumer.properties, each with a single line with the value security.protocol=SASL_PLAINTEXT.
  5. Run the following command to start the producer. Run the command as the kafka user and from the /usr/iop/current/kafka-broker/ directory: 
    bin/kafka-console-producer.sh --broker-list <cluster url>:6667 --topic test-topic
    
--producer.config <path>/producer.properties

  6. In another window, run the following command to start the consumer. Run the command as the root user and from the /usr/iop/current/kafka-broker/ directory: 
    bin/kafka-console-consumer.sh --topic test-topic --from-beginning --bootstrap-server <cluster url>:6667
    
--consumer.config <path>/consumer.properties

  7. In the producer window, write some test messages and observe that they appear in the consumer window.
  8. Disable the policy and observe that error messages show up in both windows that they can no longer connect.
  9. Re-enable the policy and observe that messages can be sent and received properly again.

IBM developer:Setting up the Kafka plugin for Ranger的更多相关文章

  1. IBM Developer:Java 9 新特性概述

    Author: 成富 Date: Dec 28, 2017 Category: IBM-Developer (20) Tags: Java (27) 原文地址:https://www.ibm.com/ ...

  2. IBM developer:Kafka ACLs

    Overview In Apache Kafka, the security feature is supported from version 0.9. When Kerberos is enabl ...

  3. ​Installing the Ranger Kafka Plug-in

    This section describes how to install and enable the Ranger Kafka plug-in. The Ranger Kafka plug-in ...

  4. 高并发面试必问:分布式消息系统Kafka简介

    转载:https://blog.csdn.net/caisini_vc/article/details/48007297 Kafka是分布式发布-订阅消息系统.它最初由LinkedIn公司开发,之后成 ...

  5. 【原】无脑操作:Windows下搭建Kafka运行环境

    Kafka是一种高吞吐量的分布式发布订阅消息系统 1.优点:① 通过磁盘数据结构提供消息的持久化,这种结构对于即使数以TB的消息存储也能够保持长时间的稳定性能.② 高吞吐量:即使是非常普通的硬件Kaf ...

  6. Maven------报错:Error resolving version for plugin

    配置Maven插件时报错:Error resolving version for plugin 'org.springframeboot.boot:spring-boot-maven-plugin' ...

  7. kafka之一:Windows上搭建Kafka运行环境

    搭建环境 1. 安装JDK 1.1 安装文件:http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-213315 ...

  8. 微信小程序 报错:Setting data field "xxx" to undefined is invalid

    通过网络请求获取的数据,当返回的数据没有xxx(变量名)这个变量时,此时xxx是undefined 若使用setData进行赋值,则会报如下的错误: Setting data field " ...

  9. [转帖]IBM报告:多国央行考虑发行数字货币 最快5年内问世

    IBM报告:多国央行考虑发行数字货币 最快5年内问世 https://news.cnblogs.com/n/646001/ DCEP 中国央行可能是第一家发布 数字货币的央行 DCEP 是基于 UTX ...

随机推荐

  1. Python算法练习--把搜索树转成双向链表

    本文目前分享的题目都是来自于July的分享,然后把具体算法实现.搜索树转双向链表主要的实现逻辑是在中序遍历时,调整节点的左右子树:因为中序遍历是递归调用,所以在调整时一定要注意调整的位置,如果写错了, ...

  2. Ubuntu16 Nginx的安装与基本配置

    关于Nginx 它是一个轻量级.高性能.稳定性高.并发性好的HTTP和反向代理服务器,当我们搭建自己的应用时,通常用它作为反向代理服务器,图片服务器和负载均衡. 1.Ubuntu 16安装 Nginx ...

  3. 爬虫框架之Scrapy(四 ImagePipeline)

    ImagePipeline 使用scrapy框架我们除了要下载文本,还有可能需要下载图片,scrapy提供了ImagePipeline来进行图片的下载. ImagePipeline还支持以下特别的功能 ...

  4. Spring 进入Controller前参数校验

    在进入Controller前完成参数的校验,针对对象参数 分为两个验证方式 (1)直接使用已定义的校验方式 1.在需要进行校验的属性上增加校验类型注解 import java.util.Date; i ...

  5. scala获取某个时间间隔的时间

    原始 dataFrame : //获取前7天的时间long类型 def getDaytimeTime(day:Int): Long = { val cal = Calendar.getInstance ...

  6. 让VS2019支持.NET Core WinForms和WPF设计器的临时办法(比微软给出的办法更方便)

    参考以下代码片段,给项目添加NET Framework目标框架,切换到NET472运行时重新生成项目,然后打开设计器界面. 如果遇到设计器报错,尝试以NET472运行时为目标重新生成项目,并重新打开V ...

  7. ActivityJump+ActivityManager【Activity之间的跳转和Activity任务栈管理】

    版权声明:本文为HaiyuKing原创文章,转载请注明出处! 前言 封装Activity跳转的方法以及实现Activity任务栈管理. 效果图   代码分析 ActivityJump:封装Activi ...

  8. 高性能消息队列NSQ

    前言 最近我再网上寻找使用golang实现的mq,因为我知道golang一般实现的应用部署起来很方便,所以我就找到了一个叫做nsq的mq,其实它并不能完全称为队列,但是它的轻量和性能的高效,让我真的大 ...

  9. RESTful 规范

    RESTful 规范 前言 rest 是一种软件架构风格,如果使用的是 rest 接口,那么就可以说你的接口是 restful. rest接口是围绕''资源''展开的,利用 HTTP 的协议,其实 r ...

  10. [转帖]无网络离线安装 vs2017

    无网络离线安装 vs2017 公司电脑禁止,只有一个老的vs2017的安装目录(之前通过 --layout 安装时生成的离线文件).找了一圈百度,没能解决问题,最后,问bing,查微软的官方网站命令, ...