You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@kafka.apache.org by Giuseppe Ricci Sysman <ri...@sys-man.it> on 2021/11/17 15:38:09 UTC
Impossible to secure Kafka and SSL
Hi guys,
It seems the secure operation of a Kafka broker is very simple..but no for
me: it is very hard.
I hope in your help to solve my problem.
I want to show the steps to reproduce my error:
I generate CA and certificates and I store in a dir: /home/kafka/ssl.
I download and untar the file kafka_2.13-3.0.0.tgz, I moved and renamed this
directory in my home: /home/kafka/kafka2_13_3.
The clean kafka installation works.
To secure Kafka and use SSL protocol for communication broker-client (I have
only 1 broker on a remote Ubuntu server) I modify the config file
server.properties: I add this rows:
listeners=PLAINTEXT://localhost:9092,SSL://localhost:9093,SASL_SSL://localho
st:9094
ssl.keystore.location=/home/kafka/ssl/kafka.server.keystore.jks
ssl.keystore.password=mypwd
ssl.key.password=mypwd
ssl.truststore.location=/home/kafka/ssl/kafka.server.truststore.jks
ssl.truststore.password=mypwd
advertised.listeners=PLAINTEXT://localhost:9092,SSL://localhost:9093,SASL_SS
L://localhost:9094
zookeeper.connect=localhost:2181
#security.inter.broker.protocol=SSL
#ssl.client.auth=required
sasl.enabled.mechanisms=PLAIN
When I try to restart Kafka I receive this error:
[2021-11-17 14:45:30,961] ERROR [KafkaServer id=0] Fatal error during
KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)
java.lang.IllegalArgumentException: Could not find a 'KafkaServer' or
'sasl_ssl.KafkaServer' entry in the JAAS configuration. System property
'java.security.auth.login.config' is not set
According some tutorial I have read, there is any error of this type and at
this step jaas file it is not need.
So I create in the config dir the file kafka_server_jaas.conf with this
content:
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="kafkabroker"
password="mypwd"
user_kafkabroker="kafkabroker-secret"
user_client="client";
};
Client {
org.apache.zookeeper.server.auth.DigestLoginModule required
username="giuseppe"
password="mypwd";
};
I exported the KAFKA_OPTS and restart kafka:
export
KAFKA_OPTS="-Djava.security.auth.login.config=/home/kafka/kafka2_13_3config/
kafka_server_jaas.conf"
sudo bin/kafka-server-start.sh etc/kafka/server.properties
but any solution.
Can someone help me in configure Kafka in secure manner??
Any help is very appreciated.
Thanks.
Giuseppe.
--
Questa email รจ stata esaminata alla ricerca di virus da AVG.
http://www.avg.com