search

confluentinc / cp-ansible

Ansible playbooks for the Confluent Platform
Apache License 2.0
33 stars 406 forks source link

Basic Auth missing in "Get ActiveControllerCount" Handler #529

Closed dainesj closed 3 years ago

dainesj commented 3 years ago

For Kafka Brokers with Jolokia Basic Auth configured upgrade_kafka_broker.yml fails. The Get ActiveControllerCount play is failing as URL module is missing Basic Auth settings.

Broker Jolokia settings :

cat /etc/systemd/system/confluent-server.service.d/override.conf

[Service]
Environment="KAFKA_OPTS=-javaagent:/opt/jolokia/jolokia.jar=config=/etc/kafka/kafka_jolokia.properties"
Environment="KAFKA_HEAP_OPTS=-Xms6g -Xmx6g -XX:MetaspaceSize=96m -XX:+UseG1GC -XX:MaxGCPauseMillis=20 -XX:InitiatingHeapOccupancyPercent=35 -XX:G1HeapRegionSize=16M -XX:MinMetaspaceFreeRatio=50 -XX:MaxMetaspaceFreeRatio=80"
Environment="KAFKA_LOG4J_OPTS=-Dlog4j.configuration=file:/etc/kafka/kafka_server_log4j.properties"
Environment="LOG_DIR=/var/log/kafka/"

cat /etc/kafka/kafka_jolokia.properties

port=7771
host=0.0.0.0
authMode=basic
user=<USER>
password=<PASSWORD>

Failure

TASK [Get ActiveControllerCount] ****************************************************************************************************************************************************************************************************
task path: /home/ec2-user/cp-ansible/tasks/create_ordered_kafka_groups.yml:8
Wednesday 20 January 2021  07:15:20 +0000 (0:00:00.716)       0:00:18.611 *****
*** ommitted details ***
fatal: [ip-172-31-86-77.ec2.internal]: FAILED! => {
    "changed": false,
    "content": "",
    "content_length": "0",
    "date": "Wed, 20 Jan 2021 07:15:20 GMT",
    "elapsed": 0,
    "invocation": {
        "module_args": {
            "attributes": null,
            "backup": null,
            "body": null,
            "body_format": "raw",
            "client_cert": null,
            "client_key": null,
            "content": null,
            "creates": null,
            "delimiter": null,
            "dest": null,
            "directory_mode": null,
            "follow": false,
            "follow_redirects": "safe",
            "force": false,
            "force_basic_auth": false,
            "group": null,
            "headers": {},
            "http_agent": "ansible-httpget",
            "method": "GET",
            "mode": null,
            "owner": null,
            "regexp": null,
            "remote_src": null,
            "removes": null,
            "return_content": true,
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "src": null,
            "status_code": [
                "200"
            ],
            "timeout": 30,
            "unix_socket": null,
            "unsafe_writes": null,
            "url": "http://ip-172-31-86-77.ec2.internal:7771/jolokia/read/kafka.controller:type=KafkaController,name=ActiveControllerCount",
            "url_password": null,
            "url_username": null,
            "use_proxy": true,
            "validate_certs": false
        }
    },
    "msg": "Status code was 401 and not [200]: HTTP Error 401: Unauthorized",
For Kafka Brokers with Jolokia Basic Auth configured `upgrade_kafka_broker.yml` fails. The `Get ActiveControllerCount` play is failing as URL module is missing Basic Auth settings.
    "redirected": false,
    "status": 401,
    "url": "http://ip-172-31-86-77.ec2.internal:7771/jolokia/read/kafka.controller:type=KafkaController,name=ActiveControllerCount",
    "www_authenticate": "Basic realm=\"jolokia\""
}

Expected behavior :

Updated Handler as below :

- name: Get ActiveControllerCount
  uri:
    url: "{{ kafka_broker_jolokia_active_controller_url }}"
    validate_certs: false
    return_content: true
    status_code: 200

    # included basic auth information
    url_username: "{{kafka_broker_jolokia_user}}"
    url_password: "{{kafka_broker_jolokia_password}}"
    force_basic_auth: true

   register: active_controller_count_query
  check_mode: false

Output :

TASK [Get ActiveControllerCount] ****************************************************************************************************************************************************************************************************
task path: /home/ec2-user/cp-ansible/tasks/create_ordered_kafka_groups.yml:8
*** ommitted details ***
ok: [ip-172-31-86-77.ec2.internal] => {
    "cache_control": "no-cache", 
    "changed": false, 
    "content": "{\"request\":{\"mbean\":\"kafka.controller:name=ActiveControllerCount,type=KafkaController\",\"type\":\"read\"},\"value\":{\"Value\":1},\"timestamp\":1611126806,\"status\":200}", 
    "content_type": "text/plain; charset=utf-8", 
    "cookies": {}, 
    "cookies_string": "", 
    "date": "Wed, 20 Jan 2021 07:13:26 GMT", 
    "elapsed": 0, 
    "expires": "Wed, 20 Jan 2021 06:13:26 GMT", 
    "invocation": {
        "module_args": {
            "attributes": null, 
            "backup": null, 
            "body": null, 
            "body_format": "raw", 
            "client_cert": null, 
            "client_key": null, 
            "content": null, 
            "creates": null, 
            "delimiter": null, 
            "dest": null, 
            "directory_mode": null, 
            "follow": false, 
            "follow_redirects": "safe", 
            "force": false, 
            "force_basic_auth": true, 
            "group": null, 
            "headers": {}, 
            "http_agent": "ansible-httpget", 
            "method": "GET", 
            "mode": null, 
            "owner": null, 
            "regexp": null, 
            "remote_src": null, 
            "removes": null, 
            "return_content": true, 
            "selevel": null, 
            "serole": null, 
            "setype": null, 
            "seuser": null, 
            "src": null, 
            "status_code": [
                "200"
            ], 
            "timeout": 30, 
            "unix_socket": null, 
            "unsafe_writes": null, 
            "url": "http://ip-172-31-86-77.ec2.internal:7771/jolokia/read/kafka.controller:type=KafkaController,name=ActiveControllerCount", 
            "url_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", 
            "url_username": "justin", 
            "use_proxy": true, 
            "validate_certs": false
        }
    }, 
    "json": {
        "request": {
            "mbean": "kafka.controller:name=ActiveControllerCount,type=KafkaController", 
            "type": "read"
        }, 
        "status": 200, 
        "timestamp": 1611126806, 
        "value": {
            "Value": 1
        }
    }, 
    "msg": "OK (unknown bytes)", 
    "pragma": "no-cache", 
    "redirected": false, 
    "status": 200, 
    "transfer_encoding": "chunked", 
    "url": "http://ip-172-31-86-77.ec2.internal:7771/jolokia/read/kafka.controller:type=KafkaController,name=ActiveControllerCount"
}
domenicbove commented 3 years ago

Looks like the fix was added: https://github.com/confluentinc/cp-ansible/blob/6.0.1-post/tasks/create_ordered_kafka_groups.yml#L13

I'll close this unless you have objections