Closed Fobhep closed 2 years ago
Oh wow I think at some point along the way the logic changed on what the filename for that keytab file would be. I think the simplest solution is to set this variable under each host:
kafka_broker_keytab_path: /etc/security/keytabs/kafka-broker3.keytab
This is the variable used in the client.properties file generation. Its where cp-ansible cp's keytabs to on the kafka_broker hosts.
Thanks - that's a quick and helpful answer. Maybe an idea for a general fix would be setting the default value in roles/confluent.variables/defaults/main.yml kind of like this (not tested!)
kafka_broker_keytab_path: "/etc/security/keytabs/{{ kafka_broker_kerberos_keytab_path | default("kafka_broker.keytab") | basename }}"
Ya, that could work.
I think the logic behind the change was I wanted to standardize the keytab filenames like the keystore filenames are.
I think standardization makes generally a lot of sense :)
Also check this issue out: https://github.com/confluentinc/cp-ansible/issues/588
Starting in 6.1.2 and 6.2.0 we will have all.yml upgrading for you and you wont need the upgrade playbooks. This would handle changes to the keytab filename (and things will be way more idempotent). Downgrades even work with this new approach which is pretty cool.
yes - I am aware of and looking forward to that change :) I did not know it will be in 6.1.2 already. When will 6.1.2 be released? Is upgrading from 5.5.4 to 6.1.2 also possible then?
Ya to be more clear, the change is merged into the 6.1.x branch and that branch will become 6.1.2-post when 6.1.2 comes out. 6.2.0 should be out very soon.
5.5.4 -> 6.1.1 should work today if you want to try it out with the 6.1.x branch
Hey, closing this since it seems from the conversation that the later patches of 6.1 has the fix.
For Confluent Enterprise Support customers, we would strongly advise you to open a Support ticket which will be addressed within your Support contract SLA at
https://support.confluent.io
Describe the issue When using upgrade playbooks from 5.5.4 to 6.6.1 - admin-client call for detecting under replicated topics failes due to a wrong configure keytab path in the /etc/kafka/client.properties file.
To Reproduce Block from inventory for the brokers
block from created server.properties file on broker3
part of /etc/client.properties file on broker3
As you can see the paths in the listener config and the client.properties file differ.
Expected behaviour The keyTab paths should be equivalent
Environment (please complete the following information):
I guess I might be doing something wrong here?