[question] Unable to create SASL-SCRAM users in KRaft mode

[Gianlu]

Hello, I'm using your collection in order to install Confluent Platform in KRaft mode and I tried to create SASL-SCRAM user but the playbook fail and, looking at your code, user cration is only upported in Zookeeper mode. Have you plan to support user creatin in KRaft mode? If yes, when? We are testing Confluent and I have to plan a rollout but I woluld like to deploy in Kraft mode.

Inventory File

all:
  hosts:
    localhost:
      ansible_become: false
      ansible_connection: local
  vars:
    ssl_enabled: true
    ssl_custom_certs: true
    ssl_ca_cert_filepath: "/tmp/ca-chain.cert.pem"
    ssl_signed_cert_filepath: '/tmp/cert.pem'
    ssl_key_filepath: '/tmp/cert.key'
    debian_java_package_name: openjdk-11-jdk
    confluent_server_enabled: false 
    telemetry_enabled: false
    sasl_protocol: scram
    mask_secrets: true
    sasl_scram_users:
      user1:
        principal: user1
        password: my-secret
  children:
    kafka_contoller:
      hosts:
        server01.domain.lcl:
          ansible_host: 192.168.0.201
        server03.domain.lcl:
          ansible_host: 192.168.0.199
        server03.domain.lcl:
          ansible_host: 192.168.0.200
    kafka_broker:
      vars:
        kafka_broker_custom_properties:
          log.dirs: /opt/data/kafka/data
      hosts:
        server01.domain.lcl:
        server01.domain.lcl:
        server01.domain.lcl:

Environment:

• OS: Debian 10.13
• CP-Ansible Branch: 7.5.1
• Ansible Version: ansible [core 2.15.3]

[piif]

I've got the same problem confluent/platform/roles/kafka_broker/tasks/main.yml file contains tasks "Create SCRAM Users" with a comment "Only supported when zookeeper is enabled" when statement should be completed with not kraft_enabled and another task must be added to handle KRaft case.

I'm new to KRaft usage. Documentation says to use following command : kafka-storage format --config CONFIG --cluster-id CLUSTER_ID --add-scram ADD_SCRAM But I don't know if there's a fact containing config path and cluster id at this playbook step.

If somebody can help me on this question, i can submit a patch

[piif]

Hi @Gianlu , could you please try a patch ? It's available here : https://github.com/piif/cp-ansible/tree/fix/issue-1495-scram-kraft I can't try it myself for the moment because the cluster I'm installing fails before, I have fix fix other problems before

If it works, I'll submit a pull request

[piif]

I still have to check how it works on cluster with KRaft installed on same nodes than Brokers

[piif]

It seems there's a problem with kafka-storage command (see https://issues.apache.org/jira/browse/KAFKA-15513) I made a new commit on #1505 to create all users at once when formatting log dir, else all user creation seems silently ignored