I managed to replicate this issue using the default provided config for
kafka/zookeeper in the binary artifact and using the console producer to
write a message

On Thu, Aug 4, 2016 at 10:23 AM Bryan Baugher <bjb...@gmail.com> wrote:

> Using the --producer option in kafka-acls.sh it looks to have allowed
> create operations on the cluster. Turning on trace logging for
> authorization shows repeated mentions of my user and that its allowed to
> create on the cluster and describe the topic.
>
> Looks like I might not be the only one with this issue[1] so I'm wondering
> if its not kerberos related
>
> [1] -
> http://mail-archives.apache.org/mod_mbox/kafka-users/201608.mbox/%3CBLU184-W1930FDD3A39241FFDA0E6AB3040%40phx.gbl%3E
>
> On Wed, Aug 3, 2016 at 11:09 PM Manikumar Reddy <manikumar.re...@gmail.com>
> wrote:
>
>> Hi,
>>
>> Can you enable Authorization debug logs and check for logs related to
>> denied operations..
>> we should also enable operations on Cluster resource.
>>
>>
>> Thanks,
>> Manikumar
>>
>> On Thu, Aug 4, 2016 at 1:51 AM, Bryan Baugher <bjb...@gmail.com> wrote:
>>
>> > Hi everyone,
>> >
>> > I was trying out kerberos on Kafka 0.10.0.0 by creating a single node
>> > cluster. I managed to get everything setup and past all the
>> authentication
>> > errors but whenever I try to use the console producer I get 'Error while
>> > fetching metadata ... LEADER_NOT_AVAILABLE'. In this case I've created
>> the
>> > topic ahead of time (1 replica, 1 partition) and I can see that broker
>> 0 is
>> > in the ISR and is the leader. I have also opened an ACL to the topic
>> for my
>> > user to produce and was previously seeing authentication errors prior. I
>> > don't see any errors or helpful logs on the broker side even after
>> turning
>> > on debug logging. Turning on debug logging on the client the only thing
>> > that stands out is that it lists the broker as 'node -1' instead of 0.
>> It
>> > does mention the correct hostname/port and that it was able to
>> successfully
>> > connect. Any ideas?
>> >
>> > Bryan
>> >
>>
>

Reply via email to