You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@kafka.apache.org by Manoj Murumkar <ma...@gmail.com> on 2017/10/18 20:19:32 UTC
Enabling SASL_PLAINTEXT for Kafka REST
Folks,
I am having trouble enabling SASL_PLAINTEXT protocol for Kafka REST
component to work with secure cluster (that also uses same protocol). I am
sure I am missing something trivial. If someone can help, I'd really
appreciate it.
Here're my configs:
Startup script:
cat /bin/kafka-rest-start
...
exec $(dirname $0)/kafka-rest-run-class
-Djava.security.auth.login.config=/etc/kafka-rest/kafka_rest_zk_jaas.properties
io.confluent.kafkarest.KafkaRestMain "$@"
[root@or1010050208015 kafka-rest]# cat
/etc/kafka-rest/kafka_rest_zk_jaas.properties
/* Zookeeper authentication, since REST proxy is a client */
Client {
org.apache.zookeeper.server.auth.DigestLoginModule required
username="zk_admin"
password="zk_admin_secret";
};
REST properties:
[root@or1010050208015 kafka-rest]# cat kafka-rest.properties
schema.registry.url=http://localhost:8081
zookeeper.connect=localhost:2181
bootstrap.servers=SASL_PLAINTEXT://or1010050208015:9092,SASL_PLAINTEXT://or1010050208016:9092,SASL_PLAINTEXT://or1010050208017:9092
# Kafka security
kafka.rest.resource.extension.class=io.confluent.kafkarest.security.KafkaRestSecurityResourceExtension
# The authentication mechanism for the incoming requests is determined by
following - Only SSL allowed
#confluent.rest.auth.propagate.method=SSL
#ssl.client.auth=TRUE
# Principal (that is passed from Client) propagation happens via SASL
client.security.protocol=SASL_PLAINTEXT
client.sasl.jaas.config=/etc/kafka-rest/kafka_rest_jaas.properties
client.sasl.mechanism=PLAIN
Kafka REST JAAS file:
[root@or1010050208015 kafka-rest]# cat
/etc/kafka-rest/kafka_rest_jaas.properties
/* Broker authentication, list all the logins that end users will use? */
KafkaClient {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="kafka_admin"
password="broker_secret";
};
I enabled DEBUG in logs and here's what I see (it's unable to talk to
broker):
[2017-10-18 19:47:37,851] TRACE Sending METADATA
{topics=[testacls],allow_auto_topic_creation=true} with correlation id 4 to
node -1 (org.apache.kafka.clients.NetworkClient:389)
[2017-10-18 19:47:37,852] DEBUG Connection with
or1010050208015.corp.adobe.com/10.50.208.15 disconnected
(org.apache.kafka.common.network.Selector:401)
java.io.EOFException
at
org.apache.kafka.common.network.NetworkReceive.readFromReadableChannel(NetworkReceive.java:87)
at
org.apache.kafka.common.network.NetworkReceive.readFrom(NetworkReceive.java:75)
at
org.apache.kafka.common.network.KafkaChannel.receive(KafkaChannel.java:203)
at
org.apache.kafka.common.network.KafkaChannel.read(KafkaChannel.java:167)
at
org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:381)
at org.apache.kafka.common.network.Selector.poll(Selector.java:326)
at
org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:433)
at
org.apache.kafka.clients.producer.internals.Sender.run(Sender.java:224)
at
org.apache.kafka.clients.producer.internals.Sender.run(Sender.java:162)
at java.lang.Thread.run(Thread.java:748)
[2017-10-18 19:47:37,852] DEBUG Node -1 disconnected.
(org.apache.kafka.clients.NetworkClient:704)