Follow these steps to enable and configure the Kafka plugin for Ranger.

Before you begin

The default policy user (ambari-qa) used for a plug-in should be an existing valid user on the system which is configured for Ranger.

Procedure

  1. From the Ambari web interface, select the Ranger service and then open the Configs tab. Select the Ranger Plugin tab.

  2. In the Ranger Plugin section, enable the Kafka Ranger Plugin, and then click Save.
    Note
    1. The Kafka Ranger plugin requires Kerberos. You will see a warning if you try to enable Kafka on an non-Kerberized cluster. For details see the Kafka Plugin section of the Ranger FAQ.
    2. Topic creation can be authorized via Ranger, but only if the topic is being auto-created by consumers or producers. The recommended policy setup to authorize topic auto-creation for producers or consumers is as follows:
      1. Create a policy where resource is all topics, i.e. *.
      2. For producers, create a policy item under this policy which grants both Produce and Configure permissions to the relevant user or user-groups.
      3. For consumers, create a policy item under this policy which grants both Consume and Configure permissions to the relevant user or user-groups.

Example

The following is an example of how to use the Kafka Ranger plugin for authorization:
  1. Ensure that the default policy created when the plugin is enabled is enabled and synced.
  2. Ensure that Kerberos tickets are not expired by using the kinit command as the kafka user.
  3. Run the following command to create a topic in Kafka. Run the command as the kafka user and from the /usr/iop/current/kafka-broker/ directory: 
    bin/kafka-topics.sh --create --zookeeper hostname.fyre.ibm.com:2181 --replication-factor 1
    
--partitions 1 --topic test-topic

  4. Create files named producer.properties and consumer.properties, each with a single line with the value security.protocol=SASL_PLAINTEXT.
  5. Run the following command to start the producer. Run the command as the kafka user and from the /usr/iop/current/kafka-broker/ directory: 
    bin/kafka-console-producer.sh --broker-list <cluster url>:6667 --topic test-topic
    
--producer.config <path>/producer.properties

  6. In another window, run the following command to start the consumer. Run the command as the root user and from the /usr/iop/current/kafka-broker/ directory: 
    bin/kafka-console-consumer.sh --topic test-topic --from-beginning --bootstrap-server <cluster url>:6667
    
--consumer.config <path>/consumer.properties

  7. In the producer window, write some test messages and observe that they appear in the consumer window.
  8. Disable the policy and observe that error messages show up in both windows that they can no longer connect.
  9. Re-enable the policy and observe that messages can be sent and received properly again.

IBM developer:Setting up the Kafka plugin for Ranger的更多相关文章

  1. IBM Developer:Java 9 新特性概述

    Author: 成富 Date: Dec 28, 2017 Category: IBM-Developer (20) Tags: Java (27) 原文地址:https://www.ibm.com/ ...

  2. IBM developer:Kafka ACLs

    Overview In Apache Kafka, the security feature is supported from version 0.9. When Kerberos is enabl ...

  3. ​Installing the Ranger Kafka Plug-in

    This section describes how to install and enable the Ranger Kafka plug-in. The Ranger Kafka plug-in ...

  4. 高并发面试必问:分布式消息系统Kafka简介

    转载:https://blog.csdn.net/caisini_vc/article/details/48007297 Kafka是分布式发布-订阅消息系统.它最初由LinkedIn公司开发,之后成 ...

  5. 【原】无脑操作:Windows下搭建Kafka运行环境

    Kafka是一种高吞吐量的分布式发布订阅消息系统 1.优点:① 通过磁盘数据结构提供消息的持久化,这种结构对于即使数以TB的消息存储也能够保持长时间的稳定性能.② 高吞吐量:即使是非常普通的硬件Kaf ...

  6. Maven------报错:Error resolving version for plugin

    配置Maven插件时报错:Error resolving version for plugin 'org.springframeboot.boot:spring-boot-maven-plugin' ...

  7. kafka之一:Windows上搭建Kafka运行环境

    搭建环境 1. 安装JDK 1.1 安装文件:http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-213315 ...

  8. 微信小程序 报错:Setting data field "xxx" to undefined is invalid

    通过网络请求获取的数据,当返回的数据没有xxx(变量名)这个变量时,此时xxx是undefined 若使用setData进行赋值,则会报如下的错误: Setting data field " ...

  9. [转帖]IBM报告:多国央行考虑发行数字货币 最快5年内问世

    IBM报告:多国央行考虑发行数字货币 最快5年内问世 https://news.cnblogs.com/n/646001/ DCEP 中国央行可能是第一家发布 数字货币的央行 DCEP 是基于 UTX ...

随机推荐

  1. 【English Teradata】Strategizing Vantage Technology

    strategy部署;谋略;战略[ˈstrætədʒi]  strategize制定战略 Strategizing战略化  Technology科技;工艺;工程技术 [tekˈnɑːlədʒi] St ...

  2. canvas百分比加载动画

    window.onload = function(){ var canvas = document.getElementById('canvas'), //获取canvas元素 context = c ...

  3. 又双叒叕换,微软这次换Edge了

    http://tech.sina.com.cn/it/2018-12-06/doc-ihmutuec6481129.shtml 其实两个月前跟一个微软的前同事聊天已经听说过微软要基于Chromiun来 ...

  4. IoC和AOP的理解

    spring 的优点?1.降低了组件之间的耦合性 ,实现了软件各层之间的解耦 2.可以使用容易提供的众多服务,如事务管理,消息服务等 3.容器提供单例模式支持 4.容器提供了AOP技术,利用它很容易实 ...

  5. 简单读!zookeeper单机模式的启动逻辑

    zk用处如此之多,以至于每个地方都要你理解zk原理! 请按如下操作姿势打开: 1. 打开zk的git仓库地址:https://github.com/apache/zookeeper , 确认过眼神,它 ...

  6. 分享一些 Kafka 消费数据的小经验

    前言 之前写过一篇<从源码分析如何优雅的使用 Kafka 生产者> ,有生产者自然也就有消费者. 建议对 Kakfa 还比较陌生的朋友可以先看看. 就我的使用经验来说,大部分情况都是处于数 ...

  7. 【工利其器】必会工具之(一)Source Insight篇

    前言         “Source Insight(以下简称SI)是世界上最好的编辑器”,说这句话不知道会不会出门被打呢?-_- 中国古话说得好,“文无第一,武无第二”,所以不敢说SI是最好的,但是 ...

  8. java~springboot~ibatis数组in查询的实现

    在ibatis的xml文件里,我们去写sql语句,对应mapper类的方法,这些sql语句与控制台上没什么两样,但在有些功能上需要注意,如where in这种从数组里查询符合条件的集合里,需要在xml ...

  9. Linux自定义分隔符IFS引发的文本处理问题

    需求是检查指定应用的某些配置所以就写了个脚本,数据文件的内容是这样的:应用名称|IP|端口    多个IP用空格,这样可以生成数组.这个文件的数据是通过部署平台的API获取后自己组装的. #!/bin ...

  10. Matlab图像处理常用基本函数

    之前用Matlab做图像处理工作时,用到什么函数就查什么函数,从没做过系统的总结,再做的时候又要去查,所以总结还是有必要的~ 为了方便,在此只列出函数名和基本用法,如不特别指出,不详细说明参数,辅助h ...