Greetings!
I am trying to make Atlas work on our experimental Cloudera
Cluster and need some help.
Our cluster does not have Hbase nor Solr, so I've built Atlas
with those embedded services.
We have a functional Kafka instance, so I'm trying to leverage the existing
service instead of going with embedded Kafka.
Since this is the experimental cluster, the authentication is
based on the Linux local users and groups.
When Atlas starts running, I get this in the logs:
WARN - [NotificationHookConsumer thread-0:] Error while fetching metadata with
correlation id 114 : {ATLAS_HOOK=TOPIC_AUTHORIZATION_FAILED}
WARN - [NotificationHookConsumer thread-0:] Exception in
NotificationHookConsumer
org.apache.kafka.common.errors.GroupAuthorizationException: Not authorized to
access group: atlas
Kafka log in the cluster gives me this:
unable to return groups for user ANONYMOUS
PartialGroupNameException The user name 'ANONYMOUS' is not found. id:
ANONYMOUS: no such user
id: ANONYMOUS: no such user
Why Atlas is trying to authenticate as ANONYMOUS? I thought it would pass the
process owner of the service.
I understand that I must configure JAAS to authenticate with Kafka. I tried
this in atlas-application.properties:
atlas.jaas.KafkaClient.loginModuleName = com.sun.security.auth.module.UnixSystem
atlas.jaas.KafkaClient.option.username = atlas
Is this supported? Is it Kerberos the only way to authenticate using JAAS?
My regards,
Bernardo
