Skip to content

Commit

Permalink
Adding basic kerberos
Browse files Browse the repository at this point in the history
  • Loading branch information
@ambud
ambud committed May 3, 2017
1 parent 08784d9 commit 2fdde98
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 1 deletion.
4 changes: 4 additions & 0 deletions Dockerfile
View file
Expand Up @@ -12,11 +12,15 @@ RUN yum -y install gettext
RUN mkdir -p /etc/mirror-maker/
ADD ./consumer.config /tmp/mirror-maker/
ADD ./producer.config /tmp/mirror-maker/
ADD ./kafka_jaas.conf /tmp/mirror-maker/
ADD ./run.sh /etc/mirror-maker/
RUN chmod +x /etc/mirror-maker/run.sh

ENV DESTINATION "localhost:6667"
ENV SOURCE "localhost:6667"
ENV SECURITY "PLAINTEXT"
ENV GROUPID "_mirror_maker"
ENV PRINCIPAL "kafka/localhost@EXAMPLE.COM"
ENV KEYTAB_FILENAME "mirror.keytab"

CMD /etc/mirror-maker/run.sh
1 change: 1 addition & 0 deletions consumer.config
View file
@@ -1,2 +1,3 @@
security.protocol=${SECURITY}
bootstrap.servers=${SOURCE}
group.id=${GROUPID}
27 changes: 27 additions & 0 deletions kafka_jaas.conf
View file
@@ -0,0 +1,27 @@
KafkaServer {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/etc/security/keytabs/${KEYTAB_FILENAME}"
storeKey=true
useTicketCache=false
serviceName="kafka"
principal="${PRINCIPAL}";
};
KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/etc/security/keytabs/${KEYTAB_FILENAME}"
storeKey=true
useTicketCache=false
serviceName="kafka"
principal="${PRINCIPAL}";
};
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/etc/security/keytabs/${KEYTAB_FILENAME}"
storeKey=true
useTicketCache=false
serviceName="zookeeper"
principal="${PRINCIPAL}";
};
13 changes: 12 additions & 1 deletion run.sh
View file
Expand Up @@ -9,5 +9,16 @@ set -eu

envsubst < /tmp/mirror-maker/producer.config > /etc/mirror-maker/producer.config
envsubst < /tmp/mirror-maker/consumer.config > /etc/mirror-maker/consumer.config
envsubst < /tmp/mirror-maker/kafka_jaas.conf > /etc/mirror-maker/kafka_jaas.conf

/usr/hdp/current/kafka-broker/bin/kafka-mirror-maker.sh --whitelist ${WHITELIST} --abort.on.send.failure false --new.consumer --producer.config /etc/mirror-maker/producer.config --consumer.config /etc/mirror-maker/consumer.config
cat /etc/mirror-maker/producer.config
cat /etc/mirror-maker/consumer.config
cat /etc/mirror-maker/kafka_jaas.conf

echo "SASL_PLAINTEXT" | grep -q "${SECURITY}"

if [ $? -eq 0 ];then
export JVM_OPTS="$JVM_OPTS -Djava.security.auth.login.config=/etc/mirror-maker/kafka_jaas.conf"
fi

/usr/hdp/current/kafka-broker/bin/kafka-mirror-maker.sh --whitelist ${WHITELIST} --abort.on.send.failure true --new.consumer --producer.config /etc/mirror-maker/producer.config --consumer.config /etc/mirror-maker/consumer.config

0 comments on commit 2fdde98

Please sign in to comment.