Cloudera Docs

Enabling Basic Authentication for the Streams Replication Manager service

Basic Authentication (BA) can be enabled for the Streams Replication Manager Service in Cloudera Manager. After BA is enabled, the REST API of the Streams Replication Manager Service becomes secured. Any clients or services accessing the REST API will need to present valid credentials for access.

BA is set up for the Streams Replication Manager Service by creating Basic Authentication Credentials. A Basic Authentication Credential is an item that securely stores a username/password pair that can be used by the Streams Replication Manager Service for BA. Once the credential is defined, you must turn on BA for the Streams Replication Manager Service and reference the credentials you created in the configuration of Streams Replication Manager. After configuration is complete, the Streams Replication Manager Service and its Rest API will only be accessible by clients and services that present valid credentials.

In addition to the credentials configured with Basic Authentication Credentials, another username/password pair is generated automatically. This username and password pair is used by other services that depend on Streams Replication Manager and are deployed in the same cluster. These credentials are automatically passed to the dependent services. This way, any co-located dependent service automatically has access to the Streams Replication Manager REST API when BA is enabled. For example, Streams Messaging Manager is a service like this. It provides replication monitoring by accessing and gathering metrics from the Streams Replication Manager REST API. As a result it requires access to the REST API. If required, the automatically generated credentials can be updated. However their configuration is optional.

  1. Create Basic Authentication Credentials:

    Streams Replication Manager supports BA for multiple users. This means that you can create more than one credential. Cloudera recommends that you create at least two. One for any external services and clients, and one that can be used by Streams Replication Manager internally.

    1. In Cloudera Manager go to Administration > External Accounts > Basic Authentication Credentials.
    2. Click Add Basic Authentication Credentials.
    3. Configure the following properties:
      • Name

        Add a unique and easily identifiable name. Note down the name you configure, you will need to provide it in a later step.

      • Username and Password

        Add a username and password. These credentials will be accepted by Streams Replication Manager when an external client or service tries to access the REST API. Take note of the username and password that you configure. Depending on your cluster and setup, you might need to provide these credentials when configuring other Streams Replication Manager features or external clients and services that access the Streams Replication Manager REST API.

  2. Enable BA for the Streams Replication Manager Service:
    1. Go to Clusters and select the Streams Replication Manager Service.
    2. Go to Configuration.
    3. Find and enable the SRM Service Use Basic Authentication property.
    4. Find and configure the External Basic Authentication Accounts Accepted By SRM Service property.
      Add the names of all Basic Authentication Credentials that you created in Step 1. For example:
      external_1
external_2
internal_1
    5. Find and configure the SRM Service Intra Cluster Account Name property.
      This property controls which credential should be used by the individual Streams Replication Manager Service roles within the cluster to communicate with each other. Add one of the Basic Authentication Credential names that you added to the External Basic Authentication Accounts Accepted By SRM Service property. For example: 
      internal_1
  3. Optional: Configure the automatically generated credentials used by dependent services.
    The automatically generated username and password can be configured with the following properties:
    • SRM Service Co-Located Service Username
    • SRM Service Co-Located Service User Password
  4. Click Save Changes.
  5. Restart Streams Replication Manager.
BA is configured for the Streams Replication Manager Service
  • If you have previously enabled Remote Querying for a separate Streams Replication Manager Service that targets this Streams Replication Manager Service (the one that you enabled BA for) with Remote Querying, complete Configuring Basic Authentication for Remote Querying for the Streams Replication Manager Service that has Remote Querying enabled.

  • Query metrics. You can do either of the following:

    • Access the Replications page on the Streams Messaging Manager UI. Replications will be visible in the UI.
    • Query metrics using the Streams Replication Manager REST API. For example:
      1. Go to Streams Replication Manager > Web UI > SRM Service Swagger UI.
      2. Find and open the /v2/replications endpoint.
      3. Click Try it out then click Execute.

        You are prompted to enter a username and password.

      4. Enter the credentials you configured using Basic Authentication Credentials.

        The response includes all discovered replications, replicated topics, and various other metrics.