You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2020/02/15 12:58:11 UTC
[GitHub] [druid] MaxOrelus opened a new issue #9368: SSL handshake failed -
Kafka Index Service
MaxOrelus opened a new issue #9368: SSL handshake failed - Kafka Index Service
URL: https://github.com/apache/druid/issues/9368
```
[2020-02-15 12:45:32,705] INFO [SocketServer brokerId=0] Failed authentication with /54.147.244.29 (SSL handshake failed) (org.apache.kafka.common.network.Selector)
```
I have the extension:
```sh
druid_extensions_loadList=["druid-kafka-indexing-service", "druid-histogram", "druid-datasketches", "druid-lookups-cached-global", "druid-azure-extensions", "postgresql-metadata-storage"]
```
That's the error. After going through all the documentation and issues in github I'm not able to connect to a Kafka instance that is using TLS/SSL. These are the settings I have so far:
```json
{
"bootstrap.servers": "kafka001.domain.com:9093",
"ssl.truststore.password": "password",
"ssl.keystore.password": "password",
"ssl.key.password": "password"
}
```
The full blown spec looks like:
```json
{
"type": "kafka",
"ioConfig": {
"type": "kafka",
"consumerProperties": {
"bootstrap.servers": "kafka001.domain.com:9093",
"ssl.truststore.password": "password",
"ssl.keystore.password": "password",
"ssl.key.password": "password"
},
"topic": "my-topic"
},
"tuningConfig": {
"type": "kafka"
},
"dataSchema": {
"dataSource": "new-data-source",
"granularitySpec": {
"type": "uniform",
"segmentGranularity": "HOUR",
"queryGranularity": "HOUR"
}
}
}
```
The website is lacking information on how to setup up Kafka index services when you have TLS/SSL. I don't want to take up much of any one's time, but I'm just trying to figure out how to connect to my Kafka broker via druid. Is there something I'm missing here or is there any other steps I have to do to get this working?
Warm regards,
M
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[GitHub] [druid] MaxOrelus closed issue #9368: SSL handshake failed - Kafka
Index Service
Posted by GitBox <gi...@apache.org>.
MaxOrelus closed issue #9368: SSL handshake failed - Kafka Index Service
URL: https://github.com/apache/druid/issues/9368
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[GitHub] [druid] MaxOrelus commented on issue #9368: SSL handshake failed -
Kafka Index Service
Posted by GitBox <gi...@apache.org>.
MaxOrelus commented on issue #9368: SSL handshake failed - Kafka Index Service
URL: https://github.com/apache/druid/issues/9368#issuecomment-592298576
Thanks, but I wasn't using SASL_SSL, just the basic SSL. I was able to get it working with the following:
```sh
{
"bootstrap.servers": "<SERVER>:9093",
"security.protocol": "SSL",
"ssl.truststore.location": "/tmp/ssl/server.truststore.jks",
"ssl.truststore.password": "<PASSWORD>",
"ssl.truststore.type": "JKS",
"ssl.key.password": "<PASSWORD>",
"ssl.keystore.location": "/tmp/ssl/server.keystore.jks",
"ssl.keystore.password": "<PASSWORD>,
"ssl.keystore.type": "JKS",
"ssl.endpoint.identification.algorithm": ""
}
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org
[GitHub] [druid] jp707049 commented on issue #9368: SSL handshake failed -
Kafka Index Service
Posted by GitBox <gi...@apache.org>.
jp707049 commented on issue #9368: SSL handshake failed - Kafka Index Service
URL: https://github.com/apache/druid/issues/9368#issuecomment-587181086
Hello,
Try using following parameters. Let me know if this works.
```
bootstrap.servers: "hostname:port",
security.protocol: "SASL_SSL",
isolation.level: "read_committed",
sasl.mechanism: "PLAIN",
ssl.enabled.protocols: "TLSv1.2",
sasl.jaas.config: "org.apache.kafka.common.security.plain.PlainLoginModule required username='username_here' password='password_here';",
ssl.endpoint.identification.algorithm: ""
```
Thank you,
Jeet
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org