[GitHub] incubator-metron issue #507: METRON-819: Document kafka console producer par...

[nickwallen]

Github user nickwallen commented on the issue:

    https://github.com/apache/incubator-metron/pull/507
  
    The issues that I am having currently are with Quick Dev.  But I have 
actually been able to do this on a separate cluster in a slightly different 
way.  On the other cluster, I did not use the `--group` option when setting the 
ACL.  If I did set the group, then I had to ensure that the group matched what 
was used by the `kafka-console-producer`.
    
    So as a test, I granted access without the `--group`.
    
    1. Grant access.  Look ma, no group.
    ```
    [root@node1 ~]# kafka-acls.sh --authorizer 
kafka.security.auth.SimpleAclAuthorizer --authorizer-properties 
zookeeper.connect=node1:2181 --add --allow-principal User:metron --topic yaf
    Adding ACLs for resource `Topic:yaf`:
        User:metron has Allow permission for operations: All from hosts: *
    
    Current ACLs for resource `Topic:yaf`:
        User:metron has Allow permission for operations: All from hosts: *
    ```
    
    2. Validate the ACL.  Looks good this time.
    ```
    [root@node1 ~]# kafka-acls.sh --list --topic yaf --authorizer-properties 
zookeeper.connect=node1:2181 --authorizer 
kafka.security.auth.SimpleAclAuthorizer
    Current ACLs for resource `Topic:yaf`:
        User:metron has Allow permission for operations: All from hosts: *
    
    ```
    
    3. And now I can send data successfully.
    ```
    [root@node1 ~]# echo "foo" | kafka-console-producer.sh --broker-list 
node1:6667 --topic yaf --security-protocol SASL_PLAINTEXT
    [2017-04-07 17:05:28,830] WARN The TGT cannot be renewed beyond the next 
expiry date: Sat Apr 08 16:11:26 UTC 2017.This process will not be able to 
authenticate new SASL connections after that time (for example, it will not be 
able to authenticate a new connection with a Kafka Broker).  Ask your system 
administrator to either increase the 'renew until' time by doing : 'modprinc 
-maxrenewlife null ' within kadmin, or instead, to generate a keytab for null. 
Because the TGT's expiry cannot be further extended by refreshing, exiting 
refresh thread now. (org.apache.kafka.common.security.kerberos.KerberosLogin)
    ```
    



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---