Closed ctramnitz closed 6 years ago
Hi @ctramnitz
I believe it's already documented, are you having issues with these commands? to build:
sbt clean test
sbt universal:stage
To run:
target/universal/stage/bin/kafka-security-manager -Dconfig.file=path/to/config-file.conf
or with environment variables (like docker)
export AUTHORIZER_CLASS=....
export AUTHORIZER_ZOOKEEPER_CONNECT=...
target/universal/stage/bin/kafka-security-manager
And to add authentication to your KSM:
target/universal/stage/bin/kafka-security-manager -Dconfig.file=path/to/config-file.conf -Djava.security.auth.login.config=conf/jaas.conf
where conf/jaas.conf
:
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="/etc/kafka/secrets/zkclient1.keytab"
principal="zkclient/example.com@EXAMPLE.COM";
};
(or whatever your jaas looks like for your zookeeper setup)
Does that help? Otherwise please post the error messages you're getting
That's fine thank you. I just missed that part in the build instructions and was trying to work with the pre-compiled jar from sources like Maven and Sonatype.
Oh I see. The jars there are meant if you need to build your own source module and add that to your project Hope you find the project helpful !
Just one more question. Is there an existing config option to just run once instead of continuously run as daemon? i.e. sleep=0? I just want the csv-configured ACLs to be written to Zookeeper (with KSM_READONLY=false) for deployment purposes but not have kafka-security-manager run all the time.
This isn't meant for write once type of workflows, but I'll keep this in mind In the meantime, just launch KSM and then stop it. Be aware that's it's not "insert" pattern, it's "apply pattern", so your whole CSV will be what's in Zookeeper in the end
@ctramnitz if you want to add these functionalities, please do a PR and I'll gladly look at it
Could you please document the invocation without Docker? Either my java -jar oder java -cp attempts are wrong or I'm having a Scala version problem...
Thanks!