From c5d642c557b13e1fe30257e9920327b0ca35dc2f Mon Sep 17 00:00:00 2001 From: Georgi Ivanov Date: Thu, 22 Feb 2024 15:53:47 +0000 Subject: [PATCH 1/2] fix: use the correct zookeeper host for creating SCRAM users when hostname_aliasing_enabled=true Signed-off-by: Georgi Ivanov --- roles/kafka_broker/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kafka_broker/tasks/main.yml b/roles/kafka_broker/tasks/main.yml index 2db056c64..ea5dc0254 100644 --- a/roles/kafka_broker/tasks/main.yml +++ b/roles/kafka_broker/tasks/main.yml @@ -384,7 +384,7 @@ shell: | {% if kafka_broker_final_properties['zookeeper.set.acl']|default('false')|lower == 'true' %}KAFKA_OPTS='-Djava.security.auth.login.config={{kafka_broker.jaas_file}}'{% endif %} \ {{ binary_base_path }}/bin/kafka-configs {% if zookeeper_ssl_enabled|bool %}--zk-tls-config-file {{ kafka_broker.zookeeper_tls_client_config_file if kafka_broker_secrets_protection_enabled else kafka_broker.config_file }}{% endif %} \ - --zookeeper {{ groups['zookeeper'][0] }}:{{zookeeper_client_port}}{{zookeeper_chroot}} --alter \ + --zookeeper {{ hostvars[groups['zookeeper'][0]] | confluent.platform.resolve_hostname }}:{{zookeeper_client_port}}{{zookeeper_chroot}} --alter \ --add-config 'SCRAM-SHA-512=[password={{ item.value['password'] }}]' \ --entity-type users --entity-name {{ item.value['principal'] }} loop: "{{ sasl_scram_users_final|dict2items }}" @@ -398,7 +398,7 @@ shell: | {% if kafka_broker_final_properties['zookeeper.set.acl']|default('false')|lower == 'true' %}KAFKA_OPTS='-Djava.security.auth.login.config={{kafka_broker.jaas_file}}'{% endif %} \ {{ binary_base_path }}/bin/kafka-configs {% if zookeeper_ssl_enabled|bool %}--zk-tls-config-file {{ kafka_broker.zookeeper_tls_client_config_file if kafka_broker_secrets_protection_enabled else kafka_broker.config_file }}{% endif %} \ - --zookeeper {{ groups['zookeeper'][0] }}:{{zookeeper_client_port}}{{zookeeper_chroot}} --alter \ + --zookeeper {{ hostvars[groups['zookeeper'][0]] | confluent.platform.resolve_hostname }}:{{zookeeper_client_port}}{{zookeeper_chroot}} --alter \ --add-config 'SCRAM-SHA-256=[password={{ item.value['password'] }}]' \ --entity-type users --entity-name {{ item.value['principal'] }} loop: "{{ sasl_scram256_users_final|dict2items }}" From 9268a3af1e7d6ef2eba50061551bd69e405cb282 Mon Sep 17 00:00:00 2001 From: Georgi Ivanov Date: Tue, 10 Dec 2024 14:52:17 +0000 Subject: [PATCH 2/2] fix: apply zk aliasing fix when creating chroot Signed-off-by: Georgi Ivanov --- roles/kafka_broker/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kafka_broker/tasks/main.yml b/roles/kafka_broker/tasks/main.yml index 10f6f9d60..487002c55 100644 --- a/roles/kafka_broker/tasks/main.yml +++ b/roles/kafka_broker/tasks/main.yml @@ -412,7 +412,7 @@ # Only runs with zookeeper - name: Create Zookeeper chroot shell: > - {{ binary_base_path }}/bin/zookeeper-shell {{ groups['zookeeper'][0] }}:{{zookeeper_client_port}} \ + {{ binary_base_path }}/bin/zookeeper-shell {{ hostvars[groups['zookeeper'][0]] | confluent.platform.resolve_hostname }}:{{zookeeper_client_port}} \ {% if zookeeper_ssl_enabled|bool %}-zk-tls-config-file {{ kafka_broker.zookeeper_tls_client_config_file if kafka_broker_secrets_protection_enabled else kafka_broker.config_file }}{% endif %} \ create {{zookeeper_chroot}} "" register: create_chroot