Zookeeper configuration with ACL using SSL

[Raghu B <ra...@gmail.com>]

Hi All,


I trying to enable ACL with SSL protocol and It is giving me below
exceptions(LEADER_NOT_AVAILABLE)

*[2016-12-19 16:16:47,078] WARN Error while fetching metadata with
correlation id 16 : {my-ssl-topic4=LEADER_NOT_AVAILABLE}
(org.apache.kafka.clients.NetworkClient)*

*[2016-12-19 16:16:47,231] WARN Error while fetching metadata with
correlation id 17 : {my-ssl-topic4=LEADER_NOT_AVAILABLE}
(org.apache.kafka.clients.NetworkClient)*


Did most of the debugging but no luck and I am able to send and receive
messages by using Super.User i.e when I configure in server.properties file


super.users=User:"CN=Unknown,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown"


but If I give any specific ACL's from command line, it is not working i.e

Eg: bin/kafka-acls.sh --authorizer-properties
zookeeper.connect=localhost:2181 --allow-principal User:ANONYMOUS
--allow-host 172.28.91.4 --consumer --topic my-ssl-topic4 --add --group
group4


Permissions given correctly and in kafka-authorizer.log I can see these
permissions


[2016-12-20 00:16:47,521] DEBUG Principal = User:ANONYMOUS is Allowed
Operation = Describe from host = 172.28.91.4 on resource =
Topic:my-ssl-topic4 (kafka.authorizer.logger)

[2016-12-20 00:16:47,522] DEBUG operation = Create on resource =
Cluster:kafka-cluster from host = 172.28.91.4 is Allow based on acl =
User:ANONYMOUS has Allow permission for operations: All from hosts:
172.28.91.4 (kafka.authorizer.logger)

[2016-12-20 00:16:47,522] DEBUG Principal = User:ANONYMOUS is Allowed
Operation = Create from host = 172.28.91.4 on resource =
Cluster:kafka-cluster (kafka.authorizer.logger)


Do I need to config any JAAS files for Zookeeper ?

Looks like I am missing something between *Kafka & Zookeeper *

Please suggest me, How can I Enable the ACL with SSL.


Thanks in advance.