Ron Dagostino created KAFKA-10451:
-------------------------------------
Summary: system tests send large command over ssh instead of using
remote file for security config
Key: KAFKA-10451
URL: https://issues.apache.org/jira/browse/KAFKA-10451
Project: Kafka
Issue Type: Improvement
Components: system tests
Reporter: Ron Dagostino
In `kafka.py` the pattern used to supply security configuration information to
remote CLI tools is to send the information as part of the ssh command. For
example, see this --command-config definition:
{{Running ssh command: export
KAFKA_OPTS="-Djava.security.auth.login.config=/mnt/security/admin_client_as_broker_jaas.conf
-Djava.security.krb5.conf=/mnt/security/krb5.conf";
/opt/kafka-dev/bin/kafka-configs.sh --bootstrap-server worker2:9095
--command-config <(echo '
ssl.endpoint.identification.algorithm=HTTPS
sasl.kerberos.service.name=kafka
security.protocol=SASL_SSL
ssl.keystore.location=/mnt/security/test.keystore.jks
ssl.truststore.location=/mnt/security/test.truststore.jks
ssl.keystore.password=test-ks-passwd
sasl.mechanism=SCRAM-SHA-256
ssl.truststore.password=test-ts-passwd
ssl.key.password=test-ks-passwd
sasl.mechanism.inter.broker.protocol=GSSAPI
') --entity-name kafka-client --entity-type users --alter --add-config
SCRAM-SHA-256=[password=client-secret]}}
This ssh command length is getting pretty big. It would be best if this
referred to a file as opposed to sending in the file contents as part of the
ssh command.
This happens in a few places in `kafka/py` and should be rectified.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
