How to use a DNS alias name in bootstrap.servers property

["Ojha, Ashish" <As...@gs.com>]

Hi Team,

We are using Kafka 0.10 with Kerberos security . We have a use case where we want to use a DNS alias name instead of the physical hostnames in the "bootstrap.servers" property . Using DNS alias name is helpful from operational perspective ( ex : it's easy to add/remove new brokers in the cluster without any code change on the app side )
When we use the DNS alias name , the client is unable to authenticate to the Kafka broker .


props.put("bootstrap.servers", "kafka.vipTesting.test.kafka.nimbus.abc.com:XXXX");
props.put("security.protocol", "SASL_PLAINTEXT");
props.put("sasl.kerberos.service.name", "kafka");
props.put("group.id", "ashish-group");
props.put("key.deserializer", "org.apache.kafka.common.serialization.StringDeserializer");
props.put("value.deserializer", "org.apache.kafka.common.serialization.StringDeserializer");


We get below error :

16:02:03.924 [main] DEBUG o.a.k.c.c.i.AbstractCoordinator - Sending coordinator request for group ashish-group to broker kafka.vipTesting.test.kafka.nimbus.abc.com:XXXX (id: -1 rack: null)
16:02:04.011 [main] DEBUG o.apache.kafka.clients.NetworkClient - Initiating connection to node -1 at kafka.vipTesting.test.kafka.nimbus.abc.com:XXXX.
16:02:04.038 [main] DEBUG o.a.k.c.s.a.SaslClientAuthenticator - Set SASL client state to SEND_HANDSHAKE_REQUEST
16:02:04.045 [main] DEBUG o.a.k.c.s.a.SaslClientAuthenticator - Creating SaslClient: client=kafka_batch@XX.COM;service=kafka;serviceHostname=kafka.vipTesting.test.kafka.nimbus.abc.com;mechs=[GSSAPI]
16:02:04.117 [main] DEBUG o.a.kafka.common.metrics.Metrics - Added sensor with name node--1.bytes-sent
16:02:04.118 [main] DEBUG o.a.kafka.common.metrics.Metrics - Added sensor with name node--1.bytes-received
16:02:04.121 [main] DEBUG o.a.kafka.common.metrics.Metrics - Added sensor with name node--1.latency
16:02:04.180 [main] DEBUG o.a.k.c.s.a.SaslClientAuthenticator - Set SASL client state to RECEIVE_HANDSHAKE_RESPONSE
16:02:04.180 [main] DEBUG o.apache.kafka.clients.NetworkClient - Completed connection to node -1
16:02:04.311 [main] DEBUG o.a.k.c.s.a.SaslClientAuthenticator - Set SASL client state to INITIAL
16:02:04.352 [main] DEBUG o.a.kafka.common.network.Selector - Connection with kafka.vipTesting.test.kafka.nimbus.abc.com/XX.YY.BB.MMMM disconnected
javax.security.sasl.SaslException: An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - LOOKING_UP_SERVER)]) occurred when evaluating SASL token received from the Kafka Broker. Kafka Client will go to AUTH_FAILED state.
                at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.createSaslToken(SaslClientAuthenticator.java:293) ~[kafka-clients-0.10.0.0_2.jar:na]
                at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.sendSaslToken(SaslClientAuthenticator.java:210) ~[kafka-clients-0.10.0.0_2.jar:na]
                at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.authenticate(SaslClientAuthenticator.java:178) ~[kafka-clients-0.10.0.0_2.jar:na]
                at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:64) ~[kafka-clients-0.10.0.0_2.jar:na]
                at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:318) [kafka-clients-0.10.0.0_2.jar:na]
                at org.apache.kafka.common.network.Selector.poll(Selector.java:283) [kafka-clients-0.10.0.0_2.jar:na]
                at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:260) [kafka-clients-0.10.0.0_2.jar:na]
                at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.clientPoll(ConsumerNetworkClient.java:360) [kafka-clients-0.10.0.0_2.jar:na]
                at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.poll(ConsumerNetworkClient.java:224) [kafka-clients-0.10.0.0_2.jar:na]
                at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.poll(ConsumerNetworkClient.java:192) [kafka-clients-0.10.0.0_2.jar:na]
                at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.poll(ConsumerNetworkClient.java:163) [kafka-clients-0.10.0.0_2.jar:na]
                at org.apache.kafka.clients.consumer.internals.AbstractCoordinator.ensureCoordinatorReady(AbstractCoordinator.java:179) [kafka-clients-0.10.0.0_2.jar:na]
                at org.apache.kafka.clients.consumer.KafkaConsumer.pollOnce(KafkaConsumer.java:973) [kafka-clients-0.10.0.0_2.jar:na]
                at org.apache.kafka.clients.consumer.KafkaConsumer.poll(KafkaConsumer.java:937) [kafka-clients-0.10.0.0_2.jar:na]
                at main.java.Kafka.sasl.kerberos.KafkaConsumer_Kerberos.main(KafkaConsumer_Kerberos.java:42) [classes/:na]
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_11]
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_11]
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_11]
                at java.lang.reflect.Method.invoke(Method.java:483) ~[na:1.8.0_11]
                at com.intellij.rt.execution.application.AppMain.main(AppMain.java:134) [idea_rt.jar:na]
Caused by: javax.security.sasl.SaslException: GSS initiate failed