You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@kafka.apache.org by Giuseppe Ricci Sysman <ri...@sys-man.it> on 2021/11/17 15:38:09 UTC

Impossible to secure Kafka and SSL

Hi guys,

 

It seems the secure operation of a Kafka broker is very simple..but no for
me: it is very hard.

I hope in your help to solve my problem.

 

I want to show the steps to reproduce my error:

I generate CA and certificates and I store in a dir: /home/kafka/ssl.

 

I download and untar the file kafka_2.13-3.0.0.tgz, I moved and renamed this
directory in my home: /home/kafka/kafka2_13_3.

The clean kafka installation works.

To secure Kafka and use SSL protocol for communication broker-client (I have
only 1 broker on a remote Ubuntu server) I modify the config file
server.properties: I add this rows:

 

listeners=PLAINTEXT://localhost:9092,SSL://localhost:9093,SASL_SSL://localho
st:9094

 

ssl.keystore.location=/home/kafka/ssl/kafka.server.keystore.jks

ssl.keystore.password=mypwd

ssl.key.password=mypwd

ssl.truststore.location=/home/kafka/ssl/kafka.server.truststore.jks

ssl.truststore.password=mypwd

 

advertised.listeners=PLAINTEXT://localhost:9092,SSL://localhost:9093,SASL_SS
L://localhost:9094

zookeeper.connect=localhost:2181

 

#security.inter.broker.protocol=SSL

#ssl.client.auth=required

sasl.enabled.mechanisms=PLAIN

 

When I try to restart Kafka I receive this error:

 

[2021-11-17 14:45:30,961] ERROR [KafkaServer id=0] Fatal error during
KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)

java.lang.IllegalArgumentException: Could not find a 'KafkaServer' or
'sasl_ssl.KafkaServer' entry in the JAAS configuration. System property
'java.security.auth.login.config' is not set

 

According some tutorial I have read, there is any error of this type and at
this step jaas file it is not need.

So I create in the config dir the file kafka_server_jaas.conf with this
content:

 

KafkaServer {

   org.apache.kafka.common.security.plain.PlainLoginModule required

   username="kafkabroker"

   password="mypwd"

   user_kafkabroker="kafkabroker-secret"

   user_client="client";

};

Client {

   org.apache.zookeeper.server.auth.DigestLoginModule required

   username="giuseppe"

   password="mypwd";

};

 

I exported the KAFKA_OPTS and restart kafka:

 

export
KAFKA_OPTS="-Djava.security.auth.login.config=/home/kafka/kafka2_13_3config/
kafka_server_jaas.conf"

sudo bin/kafka-server-start.sh etc/kafka/server.properties

 

but any solution.

Can someone help me in configure Kafka in secure manner??

Any help is very appreciated.

Thanks.

Giuseppe.

 

 

 



-- 
Questa email รจ stata esaminata alla ricerca di virus da AVG.
http://www.avg.com