Im trying to set up kafka with Apache Ranger but haven’t been able to find any resources or guidance regarding that. Im running into errors even while using the orignal apache ranger github repo. Any help?
Hi Aleezeh, welcome to the forum!
If you’re getting an error with Kafka, perhaps you can post more details about it. If the problem is with Ranger, then you might be better off posting to one of their mailing lists: Apache Ranger – Project Mailing Lists.
Dave
I have set up kafka in a docker system using ranger/dev-support/ranger-docker at master · apache/ranger · GitHub, i separated all the kafka related components and built the containers through this GitHub - aleezeh611/Kafka-Ranger-Demo repository, its communicating with apache ranger and I am able to run simple producer consumer messages how ever my user is set as ANONYMOUS and I get this error:
[2023-01-18 06:02:06,348] WARN unable to return groups for user ANONYMOUS (org.apache.hadoop.security.ShellBasedUnixGroupsMapping)
PartialGroupNameException The user name ‘ANONYMOUS’ is not found. id: ‘ANONYMOUS’: no such user
id: ‘ANONYMOUS’: no such user
at org.apache.hadoop.security.ShellBasedUnixGroupsMapping.resolvePartialGroupNames(ShellBasedUnixGroupsMapping.java:294)
at org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getUnixGroups(ShellBasedUnixGroupsMapping.java:207)
at org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getGroups(ShellBasedUnixGroupsMapping.java:97)
at org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback.getGroups(JniBasedUnixGroupsMappingWithFallback.java:51)
at org.apache.hadoop.security.Groups$GroupCacheLoader.fetchGroupList(Groups.java:387)
at org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:321)
at org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:270)
at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3528)
at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2277)
at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2154)
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2044)
at com.google.common.cache.LocalCache.get(LocalCache.java:3952)
at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3974)
at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4958)
at org.apache.hadoop.security.Groups.getGroups(Groups.java:228)
at org.apache.hadoop.security.UserGroupInformation.getGroups(UserGroupInformation.java:1701)
at org.apache.hadoop.security.UserGroupInformation.getGroupNames(UserGroupInformation.java:1689)
at org.apache.ranger.audit.provider.MiscUtil.getGroupsForRequestUser(MiscUtil.java:602)
at org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer.wrappedAuthorization(RangerKafkaAuthorizer.java:257)
at org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer.authorize(RangerKafkaAuthorizer.java:246)
at org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer.authorize(RangerKafkaAuthorizer.java:136)
at kafka.server.KafkaApis.$anonfun$authorize$1(KafkaApis.scala:2806)
at kafka.server.KafkaApis.authorize(KafkaApis.scala:2803)
at kafka.server.KafkaApis.authorizeClusterOperation(KafkaApis.scala:2833)
at kafka.server.KafkaApis.handleUpdateMetadataRequest(KafkaApis.scala:271)
at kafka.server.KafkaApis.handle(KafkaApis.scala:134)
at kafka.server.KafkaRequestHandler.run(KafkaRequestHandler.scala:70)
at java.lang.Thread.run(Thread.java:750)