Comments (4)
@rudolfvavra this is out of scope for this playbook because we do not set up a KDC and so this would not be verifiable within the scope of the playbook. Please note that these playbooks are intended as a guideline and not to cover all cases. However, you can easily extend the SASL_SSL example to use the GSSAPI sasl.mechanism
and provide a JAAS configuration that is suitable for kerberos. If you have your own keytabs and can access the KDC from all machines then you can use configuration overrides to accomplish your goal.
from cp-ansible.
Thank you very much, please are there any deployment scripts with kerberos or ldap?
Maybe for your testing lab I can imagine that default KDC configuration should be verifiable within the scope of the playbook - Or how did you create any documentation about GSSAPI (https://docs.confluent.io/current/kafka/authentication_sasl/authentication_sasl_gssapi.html ) on the first place? In the lab there must be some GSSAPI lab configuration deployment for the cluster across multiple nodes. Or how testing of GSSAPI configuration or this role is done? This ansible role can be refactor, more variables for principal, all jaas parameters ( keytab, debug, useTicketCache, useKeyTab) ... - could be listed in defaults/main.yml. In this way we can build the playbook for different KDC settings. Also SSL path to keystore and truststore is defined on multiple places and it's hardcoded - this should be also rewritten. In ideal case i could just change my hosts.cfg, my credentials and some paths in my playbook ...
from cp-ansible.
@rudolfvavra as I mentioned, setting up a KDC is out of scope for these as a KDC is not part of Confluent Platform. However, I could see adding templates for the GSSAPI mechanism, so if you would like to contribute to that work I would be happy to review it.
from cp-ansible.
Closing this issue out as it appears to have been answered.
from cp-ansible.
Related Issues (20)
- Confluent Install - Generated certs - What is the password HOT 1
- [question] Unable to create SASL-SCRAM users in KRaft mode HOT 4
- controller start fails when scram protocol enabled HOT 1
- handle combined nodes HOT 1
- Renew TLS certificate of brokers with cp-ansible 7.0.1 HOT 1
- How to add multiple listeners on schema registry, and how to pass the ssl cert to schema registry role
- validate_hosts.yaml playbook failed to validate AlmaLinux 9 (a RHEL 9 compatible Linux distro) HOT 1
- Task "Assert that datadir is not present in the inventory" not skippable
- "confluent-kafka.service" file not found when installing with archive and not using confluent_server HOT 1
- ansible playbook to upgrade confluent platform 6.X missing HOT 2
- Upadate the docs/tag.d for certificate_authority tag
- Multiline string code in Yaml gives errors
- Install cryptography pip package in airgapped network HOT 3
- no property to disable rbac only for kafka controller HOT 1
- Tasks that use CLI that use Kraft cluster.id (ie. kafka-storage) fail when cluster.id that start with hyphen HOT 2
- Broker keyfile world-readable
- Chaning Restart=no to Restart=always HOT 2
- Support bearer auth (or custom headers) for repository URLs
- Support for Ubuntu 22.04 and/or 24.04 HOT 1
- Overriding KAFKA_OPTS HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cp-ansible.