apache-ranger - Kafka Ranger SSL 集成问题
问题描述
我们正在尝试启用 Apache Ranger 和 Kafka 集群之间的 SSL 连接。在为 Kafka 和 Ranger 创建密钥库和信任库后,我们无法将 Kafka 连接到 Ranger,并且我们收到以下错误消息:
[2020-06-25 20:47:40,013] ERROR Unable to get the Credential Provider from the Configuration (org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider)
java.lang.IllegalArgumentException: The value of property hadoop.security.credential.provider.path must not be null
at com.google.common.base.Preconditions.checkArgument(Preconditions.java:122)
at org.apache.hadoop.conf.Configuration.set(Configuration.java:1134)
at org.apache.hadoop.conf.Configuration.set(Configuration.java:1115)
at org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider.getCredentialProviders(RangerCredentialProvider.java:68)
at org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider.getCredentialString(RangerCredentialProvider.java:46)
at org.apache.ranger.plugin.util.RangerRESTClient.getCredential(RangerRESTClient.java:386)
at org.apache.ranger.plugin.util.RangerRESTClient.getKeyManagers(RangerRESTClient.java:272)
at org.apache.ranger.plugin.util.RangerRESTClient.buildClient(RangerRESTClient.java:188)
at org.apache.ranger.plugin.util.RangerRESTClient.getClient(RangerRESTClient.java:176)
at org.apache.ranger.plugin.util.RangerRESTClient.getResource(RangerRESTClient.java:156)
at org.apache.ranger.admin.client.RangerAdminRESTClient.createWebResource(RangerAdminRESTClient.java:275)
at org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:126)
at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:264)
at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:202)
at org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:171)
[2020-06-25 20:47:40,013] ERROR PolicyRefresher(serviceName=KafkaTest): failed to refresh policies. Will continue to use last known version of policies (51) (org.apache.ranger.plugin.util.PolicyRefresher)
java.lang.IllegalArgumentException: TrustManager is not specified
at org.apache.commons.lang.Validate.notNull(Validate.java:192)
at org.apache.ranger.plugin.util.RangerRESTClient.getSSLContext(RangerRESTClient.java:369)
at org.apache.ranger.plugin.util.RangerRESTClient.buildClient(RangerRESTClient.java:190)
at org.apache.ranger.plugin.util.RangerRESTClient.getClient(RangerRESTClient.java:176)
at org.apache.ranger.plugin.util.RangerRESTClient.getResource(RangerRESTClient.java:156)
at org.apache.ranger.admin.client.RangerAdminRESTClient.createWebResource(RangerAdminRESTClient.java:275)
at org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:126)
at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:264)
at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:202)
at org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:171)
在 Kafka-Ranger 插件中,我在 install.properites 中配置了以下属性
COMPONENT_INSTALL_DIR_NAME=/home/ec2-user/kafka
POLICY_MGR_URL=https://public-dns-of-ec2:6182
REPOSITORY_NAME=KafkaTest
SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/<keystore>.jks
SSL_KEYSTORE_PASSWORD=<password
>
SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/<truststore>.jks
SSL_TRUSTSTORE_PASSWORD=<password>
注意:我们没有使用 Ambari
解决方案
确保设置了以下属性:-
xasecure.policymgr.clientssl.keystore.credential.file=jceks://file/{{credential_file}}
xasecure.policymgr.clientssl.truststore.credential.file=jceks://file/{{credential_file}}
xasecure.policymgr.clientssl.truststore=/path/to/truststore
推荐阅读
- python - 相同的 dockerfile 构建在两台不同的机器上。一个正确构建并运行,另一个使用 pip 安装 python 包时出错
- python-3.x - 在python中将图像黑色背景转换为白色,将白色转换为黑色
- angular - 打字稿 - 在过滤器中添加动态字段
- c# - 从 C# 中缺少键的列表创建完整集
- dfa - 将用于电子邮件验证的 NFA 转换为 DFA
- material-ui - 如何从商店获取主题并在 react-admin 上切换应用主题?
- firebase - 在 Firebase 云函数中解压缩 OAuth2 响应
- javascript - 将参数从一个函数传递到另一个函数
- c# - 针对特定选项卡的 C# 打开 URL
- c# - 使用 dotnet run 时无法将 -p 参数传递给 .NET 应用程序