You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by Majed Al Zayer <ma...@gmail.com> on 2018/07/10 09:21:49 UTC
Kafka SASL handshake takes too long
Hello everyone,
I hope that someone could help me with this issue. I have already posted
this on:
- StackOverflow:
https://stackoverflow.com/questions/51249835/kafka-sasl-handshake-takes-too-long
- Confluent Kafka .Net @ Github:
https://github.com/confluentinc/confluent-kafka-dotnet/issues/564
No answers yet.
===
- Description: authentication using SASL/SCRAM or SASL/PLAINTEXT takes
around 9 seconds to complete. Is this normal?
- How to reproduce:
-- One Kafka broker instance (v1.1.0)
-- One C# producer (Confluent Kafka Client v0.11.4) that does the following:
/* producer code - start */
var producerConfig =
PropertiesUtils.ReadPropertiesFile("producer.properties");
using (var producer = new Producer(producerConfig, null, new
StringSerializer(Encoding.UTF8)))
{
while (true)
{
Console.Write("message: ");
string msg = Console.ReadLine();
producer.ProduceAsync("test-topic", null, msg);
}
}
/* producer code - end */
-- One C# consumer (Confluent Kafka Client v0.11.4) that does the following:
/* consumer code - start */
var config = PropertiesUtils.ReadPropertiesFile("consumer.properties");
using (var consumer = new Consumer(config, null, new
StringDeserializer(Encoding.UTF8)))
{
consumer.OnMessage += (_, msg)
=>
{
Console.WriteLine(msg.Value);
};
consumer.OnError += (_, error)
=> Console.WriteLine($"Error: {error}");
consumer.OnConsumeError += (_, msg)
=> Console.WriteLine($"Consume error
({msg.TopicPartitionOffset}): {msg.Error}");
consumer.Subscribe("test-topic");
while (true)
{
try
{
consumer.Poll(TimeSpan.FromMilliseconds(1000));
}
catch(Exception e)
{
Console.WriteLine(e.Message);
}
}
}
/* consumer code - end */
-- server.properties:
# server.properties - start #
broker.id=0
num.network.threads=3
num.io.threads=8
socket.send.buffer.bytes=102400
socket.receive.buffer.bytes=102400
socket.request.max.bytes=104857600
session.timeout.ms=1000
group.initial.rebalance.delay.ms=0
listeners=SASL_SSL://localhost:9093
ssl.keystore.type =JKS
ssl.keystore.location=...
ssl.keystore.password=...
ssl.key.password=...
ssl.truststore.type=JKS
ssl.truststore.location=...
ssl.truststore.password=...
ssl.protocol=TLS
ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1
ssl.client.auth=required
security.inter.broker.protocol=SASL_SSL
ssl.secure.random.implementation=SHA1PRNG
sasl.enabled.mechanisms=PLAIN,SCRAM-SHA-256
sasl.mechanism.inter.broker.protocol=PLAIN
log.dirs=...
num.partitions=1
num.recovery.threads.per.data.dir=1
offsets.topic.replication.factor=1
transaction.state.log.replication.factor=1
transaction.state.log.min.isr=1
log.retention.hours=168
log.retention.bytes=1073741824
log.segment.bytes=1073741824
log.retention.check.interval.ms=300000
num.replica.fetchers=1
zookeeper.connect=localhost:2181
zookeeper.connection.timeout.ms=6000
group.initial.rebalance.delay.ms=0
# server.properties - end #
-- consumer.properties:
# consumer.properties - start #
bootstrap.servers=localhost:9093
group.id=test-consumer-group
fetch.min.bytes=1
fetch.wait.max.ms=1
auto.offset.reset=latest
socket.blocking.max.ms=1
fetch.error.backoff.ms=1
ssl.ca.location=...
ssl.certificate.location=...
ssl.key.location=...
ssl.key.password=..
security.protocol=SASL_SSL
sasl.mechanisms=PLAIN
sasl.username=...
sasl.password=...
# consumer.properties - end #
- producer.properties
# poducer.properties - start #
bootstrap.servers=localhost:9093
compression.type=none
linger.ms=0
retries=0 acks=0
ssl.ca.location=...
ssl.certificate.location=...
ssl.key.location=...
ssl.key.password=...
security.protocol=SASL_SSL
sasl.mechanisms=PLAIN
sasl.username=...
sasl.password=...
# poducer.properties - end #
-- Run the consumer. It takes approximately 9 seconds to finish the SASL
handshake from request to completion. Here's the log:
[2018-07-06 17:03:37,673] DEBUG Set SASL server state to
HANDSHAKE_OR_VERSIONS_REQUEST
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
[2018-07-06 17:03:37,673] DEBUG Handling Kafka request API_VERSIONS
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
[2018-07-06 17:03:37,673] DEBUG Set SASL server state to HANDSHAKE_REQUEST
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
[2018-07-06 17:03:37,673] DEBUG Handling Kafka request SASL_HANDSHAKE
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
[2018-07-06 17:03:37,674] DEBUG Using SASL mechanism 'PLAIN' provided by
client
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
[2018-07-06 17:03:46,805] DEBUG Set SASL server state to AUTHENTICATE
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
[2018-07-06 17:03:46,807] DEBUG Set SASL server state to COMPLETE
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
- Remarks:
- I observed the same duration when running the producer as well
- I observed the same duration when authenticating using SCRAM-256
- I observed the same duration when running Java clients
(kafka-console-consumer and kafka-console-producer)
Thanks,
Majed