cp-ansible
cp-ansible copied to clipboard
Default Password for sasl_plain_users
I am deploying Confluent platform using ansible playbooks and using confluent community edition ver 7.0.1. I am trying to incorporate custom passwords for the sasl_plain_users and any other principal which is getting configured by the ansible playbooks for confluent components such as zookeeper, broker, schema registry, connect, kafka rest and ksql. For e.g the default password for principal "kafka" is "admin-secret". I am trying to change the password to "admin-abcxyz" and similarly have custom password for other principals.
Here is the zookeeper jaas config file which has password as "admin-secret" for principal "admin". Can I change the password to "admin-abcxyz" by introduced some variable in the inventory file?
$ cat zookeeper_jaas.conf Server { org.apache.zookeeper.server.auth.DigestLoginModule required user_admin="admin-secret" user_kafka_broker="kafka_broker-secret"; };
QuorumServer { org.apache.zookeeper.server.auth.DigestLoginModule required user_admin="admin-secret"; };
QuorumLearner { org.apache.zookeeper.server.auth.DigestLoginModule required username="admin" password="admin-secret"; }; $
Similarly the Kafka server jaas config file has password as "kafka_broker-secret" for principal "kafka_broker". Need to change the password to let us say "kafka_broker-abcxyz".
$ cat kafka_server_jaas.conf
Client { org.apache.zookeeper.server.auth.DigestLoginModule required username="kafka_broker" password="kafka_broker-secret"; }; [kafkaadm@etsakci1s001 kafka]$
Hi @srkpers,
You can try something like that, I think it works :
sasl_plain_users:
admin:
principal: "admin"
password: "123"
kafka_connect:
principal: "kafka_connect"
password: "azerty"
# ... Same for client, schema_registry, kafka_rest, ksql, control_center and kafka_connect_replicator
If you use digest zookeeper authentification, you can override this variable zookeeper_digest_users
with the same syntax.
Example :
zookeeper_digest_users:
admin:
principal: admin
password: admin-secret
kafka_broker:
principal: kafka_broker
password: kafka_broker-secret
Kr,
Hi @srkpers,
You can try something like that, I think it works :
sasl_plain_users: admin: principal: "admin" password: "123" kafka_connect: principal: "kafka_connect" password: "azerty" # ... Same for client, schema_registry, kafka_rest, ksql, control_center and kafka_connect_replicator
If you use digest zookeeper authentification, you can override this variable
zookeeper_digest_users
with the same syntax. Example :zookeeper_digest_users: admin: principal: admin password: admin-secret kafka_broker: principal: kafka_broker password: kafka_broker-secret
Kr,
Thanks @LGouellec @srkpers Can you please confirm if the above suggestion works for you.
Closing this issue as we haven't heard back from the filer. Please reopen if there is any concern. Thanks!