Confluent Platform RPM installation user

0
votes

In Confluent Platform on-premise production rpm installations, why the installer creates most of the files & folders with "root" as the owner? see example;

drwxr-xr-x   2 root root     4096 Sep 20 15:53 confluent-rebalancer
drwxr-xr-x   2 root root     4096 Sep 20 15:53 kafka-connect-s3
drwxr-xr-x   2 root root     4096 Sep 20 15:53 kafka-connect-hdfs
drwxr-xr-x   2 root root     4096 Sep 20 15:53 kafka-rest
drwxr-xr-x   2 root root     4096 Sep 20 15:54 confluent-hub-client
drwxr-xr-x   2 root root     4096 Sep 20 15:54 kafka-connect-replicator
drwxr-xr-x   2 root root     4096 Sep 20 15:54 kafka-connect-elasticsearch
drwxr-xr-x   2 root root     4096 Sep 20 15:54 confluent-kafka-mqtt
drwxr-xr-x   2 root root     4096 Sep 20 15:54 kafka-connect-activemq
drwxr-xr-x   2 root root     4096 Sep 20 15:54 kafka-connect-ibmmq
drwxr-xr-x   2 root root     4096 Sep 20 15:54 kafka-connect-jms
drwxr-xr-x   2 root root     4096 Nov 28 14:19 kafka

/etc/kafka

-rw-r--r-- 1 root root 1169 Jul 29 00:52 trogdor.conf
-rw-r--r-- 1 root root 1032 Jul 29 00:52 tools-log4j.properties
-rw-r--r-- 1 root root 1919 Jul 29 00:52 producer.properties
-rw-r--r-- 1 root root 4727 Jul 29 00:52 log4j.properties
-rw-r--r-- 1 root root 1221 Jul 29 00:52 consumer.properties
-rw-r--r-- 1 root root 2276 Jul 29 00:52 connect-standalone.properties
-rw-r--r-- 1 root root  881 Jul 29 00:52 connect-file-source.properties
-rw-r--r-- 1 root root  883 Jul 29 00:52 connect-file-sink.properties
-rw-r--r-- 1 root root  909 Jul 29 00:52 connect-console-source.properties
-rw-r--r-- 1 root root  906 Jul 29 00:52 connect-console-sink.properties
-rw-r--r-- 1 root root 1483 Nov 14 22:46 connect-log4j.properties
-rw-r--r-- 1 root root 5356 Nov 16 10:41 connect-distributed.properties
-rw-r--r-- 1 root root 1243 Nov 28 11:07 zookeeper.properties
-rw-r--r-- 1 root root 8416 Nov 28 14:19 server.properties

installation doc - https://docs.confluent.io/current/installation/installing_cp/rhel-centos.html#systemd-rhel-centos-install

example install command:

sudo yum clean all && sudo yum install confluent-platform-2.11

The installer do create below users:

cp-schema-registry
cp-kafka-rest
cp-ksql
cp-kafka
cp-kafka-connect
cp-control-center

But, the appropriate permissions of users/owners of files and folders are not automatically applied after installation. And if you do not have "root" user privileges, you are screwed!

How can we make the installations inherit proper users/groups after the yum install is performed?

Please share best practices steps to be adhered before performing installations?
These small things become annoying if we do not document it in the product documentation.

1
apache-kafkarpmconfluent-platform
Personally, I've only tested the Deb packages, but I think those do chown the repos correctly... You might want to target this as a bug to groups.google.com/forum/m/#!topic/confluent-platform/… - OneCricketeer
I posted in confluent google group but no one replied till now.. - Tony

1 Answers

0
votes

This is because of the maintainer of the rpm package (kafka or Confluent - I do not know them). When you have something like this in the RPM spec file:

%files
/etc/kafka/

Then these files are owned by root:root, because that is the RPM default. The default is sane as you usually want the file to be owned by root (/usr/bin/*, libs, ...) It can be overridden by:

%files
/etc/root-ownded-file
%defattr(-,someuser,somegroup)
/some/datadir/owned/by/someuser
/other/file/owned/by/someuser

Or you can define it only for some file:

%files
/etc/root-ownded-file
%attr(0644, someuser, somegroup) /some/datadir/owned/by/someuser

This has sense for data files or config files with e.g., 0600 acl mode.

This needs to be done by the package manager, a user using this package cannot change or affect this.