When a Kafka Topic Fails to Be Created, "NoAuthException" Is Displayed
Symptom
When running the following command on the Kafka client to create topics, it is found that the topics cannot be created.
kafka-topics.sh --create --zookeeper 192.168.234.231:2181/kafka --replication-factor 1 --partitions 2 --topic test
Error messages "NoAuthException" and "KeeperErrorCode = NoAuth for /config/topics" are displayed.
Details are as follows:
Error while executing topic command org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /config/topicsorg.I0Itec.zkclient.exception.ZkException: org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /config/topicsat org.I0Itec.zkclient.exception.ZkException.create(ZkException.java:68)at org.I0Itec.zkclient.ZkClient.retryUntilConnected(ZkClient.java:685)at org.I0Itec.zkclient.ZkClient.create(ZkClient.java:304)at org.I0Itec.zkclient.ZkClient.createPersistent(ZkClient.java:213)at kafka.utils.ZkUtils$.createParentPath(ZkUtils.scala:215)at kafka.utils.ZkUtils$.updatePersistentPath(ZkUtils.scala:338)at kafka.admin.AdminUtils$.writeTopicConfig(AdminUtils.scala:247)
Possible Causes
The user does not belong to the kafkaadmin group. Kafka provides a secure access interface. Only users in the kafkaadmin group can delete topics.
Cause Analysis
- After the client command is run, the "NoAuthException" exception is reported.Error while executing topic command org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /config/topicsorg.I0Itec.zkclient.exception.ZkException: org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /config/topicsat org.I0Itec.zkclient.exception.ZkException.create(ZkException.java:68)at org.I0Itec.zkclient.ZkClient.retryUntilConnected(ZkClient.java:685)at org.I0Itec.zkclient.ZkClient.create(ZkClient.java:304)at org.I0Itec.zkclient.ZkClient.createPersistent(ZkClient.java:213)at kafka.utils.ZkUtils$.createParentPath(ZkUtils.scala:215)at kafka.utils.ZkUtils$.updatePersistentPath(ZkUtils.scala:338)at kafka.admin.AdminUtils$.writeTopicConfig(AdminUtils.scala:247)
- Run the client command klist to query the current authenticated user. [root@10-10-144-2 client]# klistTicket cache: FILE:/tmp/krb5cc_0Default principal: test@HADOOP.COMValid starting Expires Service principal01/25/17 11:06:48 01/26/17 11:06:45 krbtgt/HADOOP.COM@HADOOP.COM
The test user is used in this example.
- Run the id command to query the user group information.[root@10-10-144-2 client]# id testuid=20032(test) gid=10001(hadoop) groups=10001(hadoop),9998(ficommon),10003(kafka)
Solution
MRS Manager:
- Log in to MRS Manager.
- Choose System > Manage User.
- In the Operation column of the user, click Modify.
- Add the user to the kafkaadmin group.
- Run the id command to query the user group information.[root@10-10-144-2 client]# id testuid=20032(test) gid=10001(hadoop) groups=10001(hadoop),9998(ficommon),10002(kafkaadmin),10003(kafka)
FusionInsight Manager:
- Log in to FusionInsight Manager.
- Choose System > Permission > User.
- Locate the row that contains the target user, and click Modify.
- Add the user to the kafkaadmin group. Click OK.
- Run the id command to query the user group information.[root@10-10-144-2 client]# id testuid=20032(test) gid=10001(hadoop) groups=10001(hadoop),9998(ficommon),10002(kafkaadmin),10003(kafka)
Parent topic: Using Kafka
- Symptom
- Possible Causes
- Cause Analysis
- Solution