java ranger rest_kafka ranger integration issuse

kafka-ranger

ranger-1.0.0 kafka-1.0.0(confluent-4.0.0)

安装ranger-1.0.0-kafka-plugin

下面是安装过程中遇到的一些问题

下载并解压 ranger-1.0.0-kafka-plugin.tar.gz

修改配置文件install.properties

COMPONENT_INSTALL_DIR_NAME=/usr/local/confluent/

POLICY_MGR_URL=http://192.168.206.144:6080

REPOSITORY_NAME=kafkadev

CUSTOM_USER=kafka

CUSTOM_GROUP=hadoop

增加kafka的configs和libs的软连接

ln -s /usr/local/confluent/etc/kafka /usr/local/confluent/config

ln -s /usr/local/confluent/share/java/kafka /usr/local/confluent/libs

把kafka的配置文件目录加到CLASSPATH

reason: the program will only load server.properties when kafka starting, so we need to do this that program could find the configuration files of ranger-kafka.

export CLASSPATH=/usr/local/confluent/etc/kafka

ERROR: Server not found in Kerberos database

one reason: the kafka-host must be in advertised.listeners

Server not found in Kerberos database

[2018-07-05 15:48:03,763] DEBUG Accepted connection from /172.17.0.15:38950 on /172.17.0.15:9093 and assigned it to processor 0, sendBu

fferSize [actual|requested]: [102400|102400] recvBufferSize [actual|requested]: [102400|102400] (kafka.network.Acceptor)

[2018-07-05 15:48:03,770] DEBUG Processor 0 listening to new connection from /172.17.0.15:38950 (kafka.network.Processor)

[2018-07-05 15:48:03,771] DEBUG Set SASL client state to SEND_APIVERSIONS_REQUEST (org.apache.kafka.common.security.authenticator.SaslC

lientAuthenticator)

[2018-07-05 15:48:03,774] DEBUG Creating SaslClient: client=kafka/master.mesos@LINKTIME.CLOUD;service=kafka;serviceHostname=e318e3a9e22

c;mechs=[GSSAPI] (org.apache.kafka.common.security.authenticator.SaslClientAuthenticator)

[2018-07-05 15:48:03,783] DEBUG [Controller id=2, targetBrokerId=2] Created socket with SO_RCVBUF = 530904, SO_SNDBUF = 1313280, SO_TIM

EOUT = 0 to node 2 (org.apache.kafka.common.network.Selector)

[2018-07-05 15:48:03,796] DEBUG Set SASL client state to RECEIVE_APIVERSIONS_RESPONSE (org.apache.kafka.common.security.authenticator.S

aslClientAuthenticator)

[2018-07-05 15:48:03,798] DEBUG [Controller id=2, targetBrokerId=2] Completed connection to node 2. Ready. (org.apache.kafka.clients.Ne

tworkClient)

[2018-07-05 15:48:03,803] DEBUG Set SASL server state to HANDSHAKE_OR_VERSIONS_REQUEST (org.apache.kafka.common.security.authenticator.

SaslServerAuthenticator)

[2018-07-05 15:48:03,803] DEBUG Handling Kafka request API_VERSIONS (org.apache.kafka.common.security.authenticator.SaslServerAuthentic

ator)

[2018-07-05 15:48:03,816] DEBUG Set SASL server state to HANDSHAKE_REQUEST (org.apache.kafka.common.security.authenticator.SaslServerAu

thenticator)

[2018-07-05 15:48:03,827] DEBUG Set SASL client state to SEND_HANDSHAKE_REQUEST (org.apache.kafka.common.security.authenticator.SaslCli

entAuthenticator)

[2018-07-05 15:48:03,829] DEBUG Set SASL client state to RECEIVE_HANDSHAKE_RESPONSE (org.apache.kafka.common.security.authenticator.Sas

lClientAuthenticator)

[2018-07-05 15:48:03,829] DEBUG Handling Kafka request SASL_HANDSHAKE (org.apache.kafka.common.security.authenticator.SaslServerAuthent

icator)

[2018-07-05 15:48:03,830] DEBUG Using SASL mechanism 'GSSAPI' provided by client (org.apache.kafka.common.security.authenticator.SaslSe

rverAuthenticator)

[2018-07-05 15:48:03,831] DEBUG Set SASL client state to INITIAL (org.apache.kafka.common.security.authenticator.SaslClientAuthenticato

r)

[2018-07-05 15:48:03,835] DEBUG Creating SaslServer for kafka/master.mesos@LINKTIME.CLOUD with mechanism GSSAPI (org.apache.kafka.commo

n.security.authenticator.SaslServerAuthenticator)

[2018-07-05 15:48:03,847] DEBUG Set SASL server state to AUTHENTICATE (org.apache.kafka.common.security.authenticator.SaslServerAuthent

icator)

[2018-07-05 15:48:03,869] DEBUG [Controller id=2, targetBrokerId=2] Connection with e318e3a9e22c/172.17.0.15 disconnected due to authen

tication exception (org.apache.kafka.common.network.Selector)

org.apache.kafka.common.errors.SaslAuthenticationException: An error: (java.security.PrivilegedActionException: javax.security.sasl.Sas

lException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos d

atabase (7) - LOOKING_UP_SERVER)]) occurred when evaluating SASL token received from the Kafka Broker. Kafka Client will go to AUTHENTICATION_FAILED state.

Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - LOOKING_UP_SERVER)]

schema-registry restart fail

[2018-07-06 04:01:58,149] INFO Shutting down schema registry (io.confluent.kafka.schemaregistry.storage.KafkaSchemaRegistry:719)

[2018-07-06 04:01:58,152] ERROR Server died unexpectedly: (io.confluent.kafka.schemaregistry.rest.SchemaRegistryMain:51)

java.lang.NullPointerException

at io.confluent.kafka.schemaregistry.storage.KafkaStore.close(KafkaStore.java:366)

at io.confluent.kafka.schemaregistry.storage.KafkaSchemaRegistry.close(KafkaSchemaRegistry.java:720)

at io.confluent.kafka.schemaregistry.rest.SchemaRegistryRestApplication.onShutdown(SchemaRegistryRestApplication.java:111)

at io.confluent.kafka.schemaregistry.rest.SchemaRegistryRestApplication.setupResources(SchemaRegistryRestApplication.java:66)

at io.confluent.kafka.schemaregistry.rest.SchemaRegistryRestApplication.setupResources(SchemaRegistryRestApplication.java:42)

at io.confluent.rest.Application.createServer(Application.java:157)

at io.confluent.kafka.schemaregistry.rest.SchemaRegistryMain.main(SchemaRegistryMain.java:43)

kafka error log:

...

[2018-07-06 04:01:58,070] ERROR Unsupported access type. operation=DescribeConfigs (org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer)

[2018-07-06 04:01:58,070] FATAL Unsupported access type. session=Session(User:schemaRegistry,/172.17.0.1), operation=DescribeConfigs, resource=Topic:__schemas (org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer)

[2018-07-06 04:01:58,070] ERROR Unsupported access type. operation=DescribeConfigs, request=RangerAccessRequestImpl={resource={RangerResourceImpl={ownerUser={null} elements={topic=__schemas; } }} accessType={_any} user={schemaRegistry} userGroups={} accessTime={Fri Jul 06 04:01:58 CST 2018} clientIPAddress={172.17.0.1} forwardedAddresses={} remoteIPAddress={null} clientType={null} action={null} requestData={__schemas} sessionId={null} resourceMatchingScope={SELF} clusterName={} context={} } (org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer)

...

notice

Must add all permissions of topics(*) for user kafka that is the same as sasl.kerberos.service.name.

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/news/269669.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

vuejs组件通信

<body><div id"example"><father></father></div> </body> <script>Vue.component(child, {// 声明 propsprops: [message],// 就像 data 一样&#xff0c;prop 可以用在模板内// 同样也可以在 vm 实例中像 “this.messag…

Windows 10 Creators Update [ISO官方镜像][15063][1703][x64][x86][创意者更新正式版]

请把下载地址手动复制到迅雷里面去,谢谢! 【64 位简体中文专业/家庭版】 文件名&#xff1a;cn_windows_10_multiple_editions_version_1703_updated_march_2017_x64_dvd_10194190.iso SHA1&#xff1a;054C741DED8989F4D0D419946EB37182F20E4482 文件大小&#xff1a;4.27GB 下…

@PostConstruct注解学习

PostConstruct注解好多人以为是Spring提供的。其实是Java自己的注解。 Java中该注解的说明&#xff1a;PostConstruct该注解被用来修饰一个非静态的void&#xff08;&#xff09;方法。被PostConstruct修饰的方法会在服务器加载Servlet的时候运行&#xff0c;并且只会被服务器…

java mathematica_用Java获取Mathematica图像

我试图使用J / Link从Mathematica获取图像到Java.我可以在Mathematica中打印图像,如下所示&#xff1a;Print[ Graphics[Raster[ img[[1]] ], AspectRatio->Automatic, ImageSize->530 ] ];我试过以各种方式从Mathematica函数返回数据&#xff1a;Return [ Image[Graphic…

C语言 · 出栈次序

标题&#xff1a;出栈次序 X星球特别讲究秩序&#xff0c;所有道路都是单行线。一个甲壳虫车队&#xff0c;共16辆车&#xff0c;按照编号先后发车&#xff0c; 夹在其它车流中&#xff0c;缓缓前行。 路边有个死胡同&#xff0c;只能容一辆车通过&#xff0c;是临时的检查站&a…

idea for mac 控制台 mvn command not found

一&#xff1a;现在的IDEA 自带maven库maven库的地址如下图查看 二:完idea 需要配置maven库的环境变量才能找到该命令 Mac系统的环境变量&#xff0c;加载顺序为&#xff1a; a. /etc/profile b. /etc/paths c. ~/.bash_profile d. ~/.bash_login e. ~/.profile f. ~/.bashrc 其…

java swing 总结_java实验之swing图形用户界面程序设计及总结

8.1组件和容器顶层容器有小应用程序(Applet和JApplet)、对话框(Dialog和JDialog)、框架(Frame和JFrame)。这些容器都存在于java.swing*;中.一般容器有面板(JPanel)、滚动窗格(JScrollPane)、分裂窗格(JSplitPane)、选项卡窗格(JTabbedPane)和工具条(JToolBar).专用容器有什么作…

06jQuery-04-DOM操作

jQuery既然是为了帮助你能从js的繁琐中解脱出来&#xff0c;自然在DOM操作上也有自己的一套。1、修改Text和HTML之前我们提到过&#xff0c;如果用JS的话&#xff0c;你要修改Text或者HTML需要用到其innerHTML和innerText属性&#xff0c;但是放在jQuery里面&#xff0c;你需要…

解决 swap file “*.swp”already exists!问题

Linux下难免要开启多个vim共同编辑同一个文件&#xff0c;这时再次保存就会出现&#xff1a; swap file "*.swp" already exists! [O]pen Read-Only, (E)dit anyway, (R)ecover, (D)elete it, (Q)uit, (A)bort:原因&#xff1a; 使用vim编辑文件实际是先copy一份临…

java天气预报webservice_webservice之实现天气预报

前通过传智的视频自学了webservice的基本使用&#xff0c;也了解到webservice就是一种跨编程语言和跨操作系统平台的远程调用技术。对于这些理论知识在这里也不再做过多的解释&#xff0c;本次主要就是记录与分享使用cxf 框架完成远程调用气象局提供的接口&#xff0c;来实现天…

CSS下拉菜单

例子&#xff1a; 鼠标移动到按钮上打开下拉菜单。&#xff08;在这里我将下拉菜单的内容的链接设置为百度首页&#xff09; 下拉菜单 菜单内容 1 菜单内容 2 菜单内容 3HTML 部分&#xff1a; 制作下拉菜单可以使用任何的 HTML元素来打开下拉菜单&#xff0c;如&#xff1a;&l…

maven跳过单元测试-maven.test.skip和skipTests的区别

第一种 -Dmaven.test.skiptrue&#xff0c;不执行测试用例&#xff0c;也不编译测试用例类。 一 使用maven.test.skip&#xff0c;不但跳过单元测试的运行&#xff0c;也跳过测试代码的编译。 mvn package -Dmaven.test.skiptrue<plugin> <groupId>org.apache.m…

linux下java命令行参数_Java调用Linux命令行

Java调用Linux命令行Java语言以其跨平台性和简易性而著称&#xff0c;在Java里面的lang包里(java.lang.Runtime)提供了一个允许Java程序与该程序所运行的环境交互的接口&#xff0c;这就是Runtime类&#xff0c;在Runtime类里提供了获取当前运行环境的接口。那么java怎么调用Li…

BZOJ 4810 莫队+bitset

思路&#xff1a; 看完这道题根本没有思路啊.... 然后我就膜拜了一波题解... 这神tm乱搞思路 维护两个bitset 第一个bitset代表当前区间哪些数出现过 第二个bitset是 maxp-p出现过 差为x的时候 就用第一个bitset与一下它右移x就好了 和为x的时候 就第一个bitset与一下第二个bi…

java -p_javap命令详解 - JackieYeah的个人空间 - OSCHINA - 中文开源技术交流社区

一、用法javap [ 选项 ] classes二、描述javap命令反汇编一个或多个类文件。它的输出由使用的选项决定。如果没有使用选项&#xff0c;javap命令将打印输出传递给它的类的包&#xff0c; protected和public属性和方法。javap打印输出到标准输出。选项命令行选项。classes一个或…

初识RPC概念

什么是RPC RPC 全称 Remote Procedure Call——远程过程调用。在学校学编程&#xff0c;我们写一个函数都是在本地调用就行了。但是在互联网公司&#xff0c;服务都是部署在不同服务器上的分布式系统&#xff0c;如何调用呢&#xff1f; RPC技术简单说就是为了解决远程调用服务…

JAVA编码(41)—— 线程池队列执行任务(ThreadPoolQueue)(1)

废话少说&#xff0c;上代码 package com.sinosoft;import java.util.concurrent.*;/*** Created by xushuyi on 2017/4/9.*/ public class ThreadPoolQueue {/*** 定义线程池中最大的线程数量*/private static final Integer THREADPOOLSIZE 100;/*** 创建线程队列*/private …

Dubbo介绍

1:什是Dubbo 2&#xff1a;架构图 3:节点角色说明 4&#xff1a;调用关系说明

一键去除网页BOM属性【解决乱码,头部空白,#65279问题】

几个常出现的问题&#xff1a; 1.网站打开空白 2.页面头部出现多余的空白 3.网站出现乱码&#xff0c;如“锘&#xfffd;” 解决方法可以是&#xff1a; 1.选用专业的编辑器&#xff0c;例如notepad&#xff0c;sublime&#xff0c;editplus这样不会自动签名。 2.sublime通过如…