Major Description
When Ambari agents are configured to run with a non-root user, if kerberos is enabled, Kafka service check experiences errors in the logs which indicate that the check is attempting to create a topic that already exists. However the true failure, which isn't in the logs but captured in an error variable, demonstrates the culprit (see below):
[2017-11-22 05:12:57,029] WARN SASL configuration failed: javax.security.auth.login.LoginException: No password provided Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)
Exception in thread "main" org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure
at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:947)
at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:924)
at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1231)
at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:157)
at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:131)
at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:115)
at kafka.utils.ZkUtils$.apply(ZkUtils.scala:97)
at kafka.admin.TopicCommand$.main(TopicCommand.scala:56)
at kafka.admin.TopicCommand.main(TopicCommand.scala)
This occurs because a prior check to see if the topic exists is not executed as the kafka user. A subsequent call to create the topic does execute as that user. The first check should also execute as the kakfa user. Also Ambari should immediately raise a failure if an error occurs during the topic check and show that error in the logs.
Attachments
Attachments
Issue Links
- links to
