All Products
Search
Document Center

Kafka Configuration

Last Updated: Apr 01, 2019

Starting from EMR-3.12.0 version, E-MapReduce Kafka allows you to configure permissions with Ranger.

Integrate Ranger into Kafka

The previous section introduced how to create a cluster with Ranger service in E-MapReduce and some preparation work. This section describes the step-by-step process for integrating Ranger into Kafka.

Enable Kakfa Plugin

  1. On Cluster Management page, click Manage after the cluster you want to operate in the Operation column.
  2. Click RANGER in the service list to enter the Ranger Management page.
  3. Click Operation at the upper right corner of the page and select Enable Kafka PLUGIN.Enable Kakfa Plugin
  4. Enter record information in the prompt box, and then click OK.

    You can check the progress by clicking View Operation History at the upper right corner of the page.

Restart Kafka Broker

After the preceding task is completed, it is necessary to restart the broker to make it take effect. To restart Kafka broker, take the following steps:

  1. In the Ranger management page, click the inverted triangle icon behind RANGER in the upper left corner to switch to Kafka.
  2. Click Operation at the upper right corner of the page and select RESTART Broker.
  3. You can check the progress by clicking View Operation History at the upper right corner of the page.Restart Broker

Add Kafka service on Ranger WebUI

For information about how to go to Ranger WebUI, see Ranger Introdcution.

Add the Kafka service on Ranger WebUI:

Figure 4.png

Configure Kafka service:Kafka serviceZooKeeper Connect String: The “kafka-1.0.1” section depends on your actual Kafka version.

Permission Configuration Example

The preceding section has integrated Ranger into Kafka, which allows you to set relevant permissions.

Note:

In a standard cluster, Ranger generates the all - topic rule by default after the Kafka service is added. This rule means no restriction on permissions (that is, allow all users to perform all actions). In this case, Ranger cannot identify permissions through the user.

Use user test as an example to add the Publish permission:

AuthorizationUser/Group will be automatically synchronized from the cluster, which takes about a minute. You can add to the cluster in advance.

After you add a policy by following the preceding steps, the permissions are granted to user test. The test user can perform the write operation on the topic of test.

Note:

The policy takes effect 1 minute later after it is added.