You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@kafka.apache.org by Gerd König <ko...@googlemail.com> on 2017/05/31 11:46:31 UTC

Kafka not starting up after Kerberos, Zookeeper conn error

Hello,

I am currently stuck in enabling Kerberos and starting-up KafkaBroker
afterwards (confluent oss 3.2.1).
Zookeepers are running, but starting kafka
(/opt/confluent/bin/kafka-server-start /etc/kafka/server.properties) gives
me error:


*[2017-05-31 12:21:10,523] ERROR SASL authentication failed using login
context 'Client'. (org.apache.zookeeper.client.ZooKeeperSaslClient)*
*[2017-05-31 12:21:10,523] INFO zookeeper state changed (AuthFailed)
(org.I0Itec.zkclient.ZkClient)*
*[2017-05-31 12:21:10,523] INFO Terminate ZkClient event thread.
(org.I0Itec.zkclient.ZkEventThread)*
*[2017-05-31 12:21:10,524] FATAL Fatal error during KafkaServer startup.
Prepare to shutdown (kafka.server.KafkaServer)*


The corresponding log entry in *Zookeeper* is:

*ERROR cnxn.saslServer is null: cnxn object did not initialize its
saslServer properly*


feeling like "can't see the forest but the trees"....


*CONFIGS*

*kafka_server_jaas.conf:*
*KafkaServer {*
*    com.sun.security.auth.module.Krb5LoginModule required*
*    useKeyTab=true*
*    storeKey=true*
*    keyTab="/keytabs/kafka.user.keytab"*
*    principal="kafka/confluent-1.test.demo@test.demo";*
*};*

*// ZooKeeper client authentication*
*Client {*
*    com.sun.security.auth.module.Krb5LoginModule required*
*    useKeyTab=true*
*    storeKey=true*
*    keyTab="/keytabs/zookeeper.user.keytab"*
*    principal="zookeeper/confluent-1.test.demo@test.demo";*
*};*


*zookeeper_jaas.conf:*
*Server {*
*com.sun.security.auth.module.Krb5LoginModule required*
*useKeyTab=true*
*storeKey=true*
*useTicketCache=false*
*keyTab="/keytabs/zookeeper.user.keytab"*
*principal="zookeeper/confluent-1.test.demo@test.demo";*
*};*

*kafka server.properties:*
*zookeeper.connect=confluent-1.test.demo:2181,confluent-2.test.demo:2181,confluent-3.test.demo:2181*
*zookeeper.connection.timeout.ms
<http://zookeeper.connection.timeout.ms>=6000*
*broker.id <http://broker.id>=1*
*delete.topic.enable=true*
*listeners=PLAINTEXT://0.0.0.0:9092
<http://0.0.0.0:9092>,SASL_PLAINTEXT://0.0.0.0:9099 <http://0.0.0.0:9099>*
*sasl.enabled.mechanisms=GSSAPI,PLAIN*
*sasl.mechanism.inter.broker.protocol=PLAIN*
*num.network.threads=2*
*num.io.threads=2*
*socket.send.buffer.bytes=102400*
*socket.receive.buffer.bytes=102400*
*socket.request.max.bytes=104857600*
*zookeeper.set.acl=false*
*allow.everyone.if.no.acl.found=true*
*auto.create.topics.enable=false*
*super.users=User:kafka*
*sasl.kerberos.service.name <http://sasl.kerberos.service.name>=kafka*

*zookeeper.properties:*
*dataDir=/var/lib/zookeeper*
*clientPort=2181*
*maxClientCnxns=100*
*authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider*
*jaasLoginRenew=3600000*
*kerberos.removeHostFromPrincipal=true*
*kerberos.removeRealmFromPrincipal=true*
*initLimit=5*
*syncLimit=2*
*server.1=confluent-1.test.demo:2888:3888*
*server.2=confluent-2.test.demo:2888:3888*
*server.3=confluent-3.test.demo:2888:3888*

Any help highly appreciated to solve this issue and startup Kafka.

Thanks in advance...