Server.properties key value pairs
Ambari configures the
following Kafka values during the installation process. Settings are stored as key-value pairs
stored in an underlying server.properties configuration file.
listeners
A comma-separated list of URIs that Kafka will listen on, and their protocols.
Required property with three parts:
<protocol>:<hostname>:<port>
Set
<protocol> to SASL_PLAINTEXT, to specify the protocol that
server accepts connections. SASL authentication will be used over a plaintext channel.
Once SASL authentication is established between client and server, the session will have
the client’s principal as an authenticated user. The broker can only accept SASL
(Kerberos) connections, and there is no wire encryption applied. (Note: For a non-secure
cluster, <protocol> should be set to PLAINTEXT.)
Set
hostname to the hostname associated with the node you are
installing. Kerberos uses this value and "principal" to construct the Kerberos service
name. Specify hostname 0.0.0.0 to bind to all interfaces. Leave
hostname empty to bind to the default interface.
Set port
to the Kafka service port. When Kafka is installed using Ambari, the default port number
is 6667.
Examples of legal listener lists::
listeners=SASL_PLAINTEXT://kafka1.host1.com:6667
listeners=PLAINTEXT://myhost:9092, TRACE://:9091,
SASL_PLAINTEXT://0.0.0.0:9093
advertised.listeners
A list of listeners to publish to ZooKeeper for clients to use, if different than the listeners specified in the preceding section.
In IaaS environments, this value might need to be different from the interface to which the broker binds.
If advertised.listeners is not set, the value for
listeners will be used.
Required value with three parts:
<protocol>:<hostname>:<port>
Set protocol to SASL_PLAINTEXT, to specify the
protocol that server accepts connections. SASL authentication will be used over a
plaintext channel. Once SASL authentication is established between client and server,
the session will have the client’s principal as an authenticated user. The broker can
only accept SASL (Kerberos) connections, and there is no wire encryption applied. (Note:
For a non-secure cluster, <protocol> should be set to
PLAINTEXT.)
Set hostname to the hostname associated with the node you are
installing. Kerberos uses this and "principal" to construct the Kerberos service
name.
Set port to the Kafka service port. When Kafka is installed using
Ambari, the default port number is 6667.
For example:
advertised.listeners=SASL_PLAINTEXT://kafka1.host1.com:6667
security.inter.broker.protocol
Specifies the inter-broker communication protocol. In a Kerberized cluster, brokers are
required to communicate over SASL. (This approach supports replication of topic data.)
Set the value to SASL_PLAINTEXT:
security.inter.broker.protocol=SASL_PLAINTEXT
authorizer.class.name
Configures the authorizer class.
Set this value to kafka.security.auth.SimpleAclAuthorizer:
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
For more information, see "Authorizing Access when Kerberos is Enabled."
principal.to.local.class
Transforms Kerberos principals to their local Unix usernames.
Set this value to kafka.security.auth.KerberosPrincipalToLocal:
principal.to.local.class=kafka.security.auth.KerberosPrincipalToLocal
super.users
Specifies a list of user accounts that will have all cluster permissions. By default,
these super users have all permissions that would otherwise need to be added through the
kafka-acls.sh script. Note, however, that their permissions do not
include the ability to create topics through kafka-topics.sh, as this
involves direct interaction with ZooKeeper.
Set this value to a list of user:<account> pairs separated by
semicolons. Note that Ambari adds user:kafka when Kerberos is
enabled.
Here is an example:
super.users=user:bob;user:alice