Follow these steps to enable and configure the Kafka plugin for Ranger.

Before you begin

The default policy user (ambari-qa) used for a plug-in should be an existing valid user on the system which is configured for Ranger.

Procedure

  1. From the Ambari web interface, select the Ranger service and then open the Configs tab. Select the Ranger Plugin tab.

  2. In the Ranger Plugin section, enable the Kafka Ranger Plugin, and then click Save.
    Note
    1. The Kafka Ranger plugin requires Kerberos. You will see a warning if you try to enable Kafka on an non-Kerberized cluster. For details see the Kafka Plugin section of the Ranger FAQ.
    2. Topic creation can be authorized via Ranger, but only if the topic is being auto-created by consumers or producers. The recommended policy setup to authorize topic auto-creation for producers or consumers is as follows:
      1. Create a policy where resource is all topics, i.e. *.
      2. For producers, create a policy item under this policy which grants both Produce and Configure permissions to the relevant user or user-groups.
      3. For consumers, create a policy item under this policy which grants both Consume and Configure permissions to the relevant user or user-groups.

Example

The following is an example of how to use the Kafka Ranger plugin for authorization:
  1. Ensure that the default policy created when the plugin is enabled is enabled and synced.
  2. Ensure that Kerberos tickets are not expired by using the kinit command as the kafka user.
  3. Run the following command to create a topic in Kafka. Run the command as the kafka user and from the /usr/iop/current/kafka-broker/ directory: 
    bin/kafka-topics.sh --create --zookeeper hostname.fyre.ibm.com:2181 --replication-factor 1
    
--partitions 1 --topic test-topic

  4. Create files named producer.properties and consumer.properties, each with a single line with the value security.protocol=SASL_PLAINTEXT.
  5. Run the following command to start the producer. Run the command as the kafka user and from the /usr/iop/current/kafka-broker/ directory: 
    bin/kafka-console-producer.sh --broker-list <cluster url>:6667 --topic test-topic
    
--producer.config <path>/producer.properties

  6. In another window, run the following command to start the consumer. Run the command as the root user and from the /usr/iop/current/kafka-broker/ directory: 
    bin/kafka-console-consumer.sh --topic test-topic --from-beginning --bootstrap-server <cluster url>:6667
    
--consumer.config <path>/consumer.properties

  7. In the producer window, write some test messages and observe that they appear in the consumer window.
  8. Disable the policy and observe that error messages show up in both windows that they can no longer connect.
  9. Re-enable the policy and observe that messages can be sent and received properly again.

IBM developer:Setting up the Kafka plugin for Ranger的更多相关文章

  1. IBM Developer:Java 9 新特性概述

    Author: 成富 Date: Dec 28, 2017 Category: IBM-Developer (20) Tags: Java (27) 原文地址:https://www.ibm.com/ ...

  2. IBM developer:Kafka ACLs

    Overview In Apache Kafka, the security feature is supported from version 0.9. When Kerberos is enabl ...

  3. ​Installing the Ranger Kafka Plug-in

    This section describes how to install and enable the Ranger Kafka plug-in. The Ranger Kafka plug-in ...

  4. 高并发面试必问:分布式消息系统Kafka简介

    转载:https://blog.csdn.net/caisini_vc/article/details/48007297 Kafka是分布式发布-订阅消息系统.它最初由LinkedIn公司开发,之后成 ...

  5. 【原】无脑操作:Windows下搭建Kafka运行环境

    Kafka是一种高吞吐量的分布式发布订阅消息系统 1.优点:① 通过磁盘数据结构提供消息的持久化,这种结构对于即使数以TB的消息存储也能够保持长时间的稳定性能.② 高吞吐量:即使是非常普通的硬件Kaf ...

  6. Maven------报错:Error resolving version for plugin

    配置Maven插件时报错:Error resolving version for plugin 'org.springframeboot.boot:spring-boot-maven-plugin' ...

  7. kafka之一:Windows上搭建Kafka运行环境

    搭建环境 1. 安装JDK 1.1 安装文件:http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-213315 ...

  8. 微信小程序 报错:Setting data field "xxx" to undefined is invalid

    通过网络请求获取的数据,当返回的数据没有xxx(变量名)这个变量时,此时xxx是undefined 若使用setData进行赋值,则会报如下的错误: Setting data field " ...

  9. [转帖]IBM报告:多国央行考虑发行数字货币 最快5年内问世

    IBM报告:多国央行考虑发行数字货币 最快5年内问世 https://news.cnblogs.com/n/646001/ DCEP 中国央行可能是第一家发布 数字货币的央行 DCEP 是基于 UTX ...

随机推荐

  1. Java提取URL某个参数的值

    Java提取Url中某个参数的值. public static String getParam(String url, String name) { String params = url.subst ...

  2. spring framework体系结构及内部各模块jar之间的maven依赖关系

    很多人都在用spring开发java项目,但是配置maven依赖的时候并不能明确要配置哪些spring的jar,经常是胡乱添加一堆,编译或运行报错就继续配置jar依赖,导致spring依赖混乱,甚至下 ...

  3. JavaScript 中的四舍五入

    在 JavaScript 中,对数值进行四舍五入操作的场景有以下几种: 向上取整:ceil 向下取整:floor 四舍五入:round 固定精度:toFixed 固定长度:toPrecision 取整 ...

  4. 两篇文章带你走入.NET Core 世界:Kestrel+Nginx+Supervisor 部署上云服务器(二)

    背景: 上一篇:两篇文章带你走入.NET Core 世界:CentOS+Kestrel+Ngnix 虚拟机先走一遍(一) 已经交待了背景,这篇就省下背景了,这是第二篇文章了,看完就木有下篇了. 直接进 ...

  5. perl学习笔记--搭建开发环境

    windows下perl开发环境搭建 perl下载地址:http://www.activestate.com/developer-tools 各个插件的安装方法:(通过代理上网的方法) 方法一:pad ...

  6. mysql error 2005 - Unknown MySQL server host 'localhost'(11001)

    有的时候偶尔会出现这个问题 2005 Unknown MySQL server host 'localhost' (11001),刚开始重启电脑ok了,但是不能每次出现这个问题就重启电脑吧,太麻烦了, ...

  7. IDEA同步上传lua代码,方便开发。

    因项目是Java和lua一起开发的,以前用Notepad++插件连接,每次关掉得重新寻找目录.有点耗时间,所以用idea提供的工具很是便利,再此做个笔记. 点击上面的绿色”+“号,添加 在配置mapp ...

  8. Python:游戏:贪吃蛇原理及代码实现

    一.游戏介绍 贪吃蛇是个非常简单的游戏,适合练手.先来看一下我的游戏截图: 玩法介绍:回车键:开始游戏空格键:暂停 / 继续↑↓←→方向键 或 WSAD 键:控制移动方向. 食物分红.绿.蓝三种,分别 ...

  9. 使用strace命令跟踪系统调用

    一.是什么strace? strace常用来跟踪进程执行时的系统调用和所接收的信号. 在Linux世界,进程不能直接访问硬件设备,当进程需要访问硬件设备(比如读取磁盘文件,接收网络数据等等)时,必须由 ...

  10. JavaScript小记二则:接上一节:用.net写Textbox控件关于数字的判断的另一则方法

    方法二.通过写JS进行判断控制输入的只能为数字,源码如下: <!DOCTYPE html> <html> <body> <h1></h1> ...