You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by 無名 <lo...@qq.com> on 2016/07/23 19:06:26 UTC
I had a problem of kerberos,I try to solve for a long time can not be resolved。Please help me!
HI, My Frends:
Sorry,Just send pictures don't show.I change to text.
I come from China,
I had a problem, I try to solve for a long time can not be resolved.
I also found to a similar article, but did not answer.
http://permalink.gmane.org/gmane.comp.apache.kafka.devel/18545
My problems are as follows:
zookeeper log:
[2016-07-24 02:23:23,935] INFO Accepted socket connection from /10.211.55.5:41176 (org.apache.zookeeper.server.NIOServerCnxnFactory) [2016-07-24 02:23:23,944] DEBUG Session establishment request from client /10.211.55.5:41176 client's lastZxid is 0x0 (org.apache.zookeeper.server.ZooKeeperServer) [2016-07-24 02:23:23,944] INFO Client attempting to establish new session at /10.211.55.5:41176 (org.apache.zookeeper.server.ZooKeeperServer) [2016-07-24 02:23:23,949] DEBUG Processing request:: sessionid:0x15618f30b890001 type:createSession cxid:0x0 zxid:0x424b txntype:-10 reqpath:n/a (org.apache.zookeeper.server.FinalRequestProcessor) [2016-07-24 02:23:23,950] DEBUG sessionid:0x15618f30b890001 type:createSession cxid:0x0 zxid:0x424b txntype:-10 reqpath:n/a (org.apache.zookeeper.server.FinalRequestProcessor) [2016-07-24 02:23:23,950] INFO Established session 0x15618f30b890001 with negotiated timeout 6000 for client /10.211.55.5:41176 (org.apache.zookeeper.server.ZooKeeperServer) [2016-07-24 02:23:23,973] DEBUG Responding to client SASL token. (org.apache.zookeeper.server.ZooKeeperServer) [2016-07-24 02:23:23,973] DEBUG Size of client SASL token: 573 (org.apache.zookeeper.server.ZooKeeperServer) [2016-07-24 02:23:23,973] ERROR cnxn.saslServer is null: cnxn object did not initialize its saslServer properly. (org.apache.zookeeper.server.ZooKeeperServer) [2016-07-24 02:23:24,318] WARN caught end of stream exception (org.apache.zookeeper.server.NIOServerCnxn) EndOfStreamException: Unable to read additional data from client sessionid 0x15618f30b890001, likely client has closed socket at org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:228) at org.apache.zookeeper.server.NIOServerCnxnFactory.run(NIOServerCnxnFactory.java:208) at java.lang.Thread.run(Thread.java:745) [2016-07-24 02:23:24,318] INFO Closed socket connection for client /10.211.55.5:41176 which had sessionid 0x15618f30b890001 (org.apache.zookeeper.server.NIOServerCnxn) [2016-07-24 02:23:30,000] INFO Expiring session 0x15618f30b890001, timeout of 6000ms exceeded (org.apache.zookeeper.server.ZooKeeperServer) [2016-07-24 02:23:30,001] INFO Processed session termination for sessionid: 0x15618f30b890001 (org.apache.zookeeper.server.PrepRequestProcessor) [2016-07-24 02:23:30,004] DEBUG Processing request:: sessionid:0x15618f30b890001 type:closeSession cxid:0x0 zxid:0x424c txntype:-11 reqpath:n/a (org.apache.zookeeper.server.FinalRequestProcessor)
kafka log:
[2016-07-24 02:23:23,954] INFO zookeeper state changed (SyncConnected) (org.I0Itec.zkclient.ZkClient) [2016-07-24 02:23:23,954] DEBUG Leaving process event (org.I0Itec.zkclient.ZkClient) [2016-07-24 02:23:23,954] DEBUG ClientCnxn:sendSaslPacket:length=0 (org.apache.zookeeper.client.ZooKeeperSaslClient) [2016-07-24 02:23:23,955] DEBUG saslClient.evaluateChallenge(len=0) (org.apache.zookeeper.client.ZooKeeperSaslClient) [2016-07-24 02:23:23,973] ERROR SASL authentication failed using login context 'Client'. (org.apache.zookeeper.client.ZooKeeperSaslClient) [2016-07-24 02:23:23,974] DEBUG Received event: WatchedEvent state:AuthFailed type:None path:null (org.I0Itec.zkclient.ZkClient) [2016-07-24 02:23:23,974] INFO zookeeper state changed (AuthFailed) (org.I0Itec.zkclient.ZkClient) [2016-07-24 02:23:23,974] DEBUG Leaving process event (org.I0Itec.zkclient.ZkClient) [2016-07-24 02:23:23,974] DEBUG Closing ZkClient... (org.I0Itec.zkclient.ZkClient) [2016-07-24 02:23:23,974] INFO Terminate ZkClient event thread. (org.I0Itec.zkclient.ZkEventThread) [2016-07-24 02:23:23,974] DEBUG Closing ZooKeeper connected to 10.211.55.5:2181 (org.I0Itec.zkclient.ZkConnection) [2016-07-24 02:23:23,974] DEBUG Close called on already closed client (org.apache.zookeeper.ZooKeeper) [2016-07-24 02:23:23,974] DEBUG Closing ZkClient...done (org.I0Itec.zkclient.ZkClient) [2016-07-24 02:23:23,975] FATAL Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer) org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:946) at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:923) at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1230) at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:156) at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:130) at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:75) at kafka.utils.ZkUtils$.apply(ZkUtils.scala:57) at kafka.server.KafkaServer.initZk(KafkaServer.scala:294) at kafka.server.KafkaServer.startup(KafkaServer.scala:180) at kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:37) at kafka.Kafka$.main(Kafka.scala:67) at kafka.Kafka.main(Kafka.scala) [2016-07-24 02:23:23,978] INFO shutting down (kafka.server.KafkaServer) [2016-07-24 02:23:23,979] DEBUG Shutting down task scheduler. (kafka.utils.KafkaScheduler) [2016-07-24 02:23:23,981] INFO shut down completed (kafka.server.KafkaServer) [2016-07-24 02:23:23,982] FATAL Fatal error during KafkaServerStartable startup. Prepare to shutdown (kafka.server.KafkaServerStartable) org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:946) at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:923) at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1230) at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:156) at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:130) at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:75) at kafka.utils.ZkUtils$.apply(ZkUtils.scala:57) at kafka.server.KafkaServer.initZk(KafkaServer.scala:294) at kafka.server.KafkaServer.startup(KafkaServer.scala:180) at kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:37) at kafka.Kafka$.main(Kafka.scala:67) at kafka.Kafka.main(Kafka.scala) [2016-07-24 02:23:23,985] INFO shutting down (kafka.server.KafkaServer)
krb5kdc log
Jul 24 02:23:23 weiwei krb5kdc[17652](info): AS_REQ (3 etypes {17 16 23}) 10.211.55.5: ISSUE: authtime 1469298203, etypes {rep=17 tkt=18 ses=17}, kafka/10.211.55.5@EXAMPLE.COM for krbtgt/EXAMPLE.COM@EXAMPLE.COM Jul 24 02:23:23 weiwei krb5kdc[17652](info): TGS_REQ (3 etypes {17 16 23}) 10.211.55.5: ISSUE: authtime 1469298203, etypes {rep=17 tkt=18 ses=17}, kafka/10.211.55.5@EXAMPLE.COM for zookeeper/10.211.55.5@EXAMPLE.COM
My configuration is as follows:
/etc/krb5.conf
[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] EXAMPLE.COM = { kdc = 10.211.55.5 admin_server = 10.211.55.5 } [domain_realm] 10.211.55.5 = EXAMPLE.COM
/etc/kafka/kafkaserverjaas.conf
KafkaServer { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true keyTab="/var/kerberos/krb5kdc/kafka.keytab" principal="kafka/10.211.55.5@EXAMPLE.COM"; }; // Zookeeper client authentication Client { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true keyTab="/var/kerberos/krb5kdc/kafka.keytab" principal="kafka/10.211.55.5@EXAMPLE.COM"; };
kadmin.local
Authenticating as principal root/admin@EXAMPLE.COM with password. kadmin.local: listprincs K/M@EXAMPLE.COM kadmin/admin@EXAMPLE.COM kadmin/changepw@EXAMPLE.COM kadmin/weiwei@EXAMPLE.COM kafka/10.211.55.5@EXAMPLE.COM kafka/weiwei@EXAMPLE.COM krbtgt/EXAMPLE.COM@EXAMPLE.COM root/admin@EXAMPLE.COM zookeeper/10.211.55.5@EXAMPLE.COM
JVM:
start the process:
zookeeper:
# ps -ef|grep zookeeper|grep --color=auto /etc/kafka/kafka_server_jaas.conf root 6172 20094 39 03:02 pts/5 00:00:00 /usr/java/jdk1.8.0_60/bin/java -Xmx512M -Xms512M -server -XX:+UseG1GC -XX:MaxGCPauseMillis=20 -XX:InitiatingHeapOccupancyPercent=35 -XX:+DisableExplicitGC -Djava.security.krb5.conf=/etc/krb5.conf -Djava.security.auth.login.config=/etc/kafka/kafka_server_jaas.conf -Djava.awt.headless=true -Xloggc:/tools/kafka_2.11-0.10.0.0/bin/../logs/zookeeper-gc.log -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dkafka.logs.dir=/tools/kafka_2.11-0.10.0.0/bin/../logs -Dlog4j.configuration=file:bin/../config/log4j.properties -cp .:/usr/java/jdk1.8.0_60/lib/dt.jar:/usr/java/jdk1.8.0_60/lib/tools.jar:/usr/java/jdk1.8.0_60/bin/java:/tools/kafka_2.11-0.10.0.0/bin/../libs/aopalliance-repackaged-2.4.0-b34.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/argparse4j-0.5.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/connect-api-0.10.0.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/connect-file-0.10.0.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/connect-json-0.10.0.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/connect-runtime-0.10.0.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/guava-18.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/hk2-api-2.4.0-b34.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/hk2-locator-2.4.0-b34.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/hk2-utils-2.4.0-b34.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jackson-annotations-2.6.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jackson-core-2.6.3.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jackson-databind-2.6.3.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jackson-jaxrs-base-2.6.3.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jackson-jaxrs-json-provider-2.6.3.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jackson-module-jaxb-annotations-2.6.3.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/javassist-3.18.2-GA.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/javax.annotation-api-1.2.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/javax.inject-1.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/javax.inject-2.4.0-b34.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/javax.servlet-api-3.1.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/javax.ws.rs-api-2.0.1.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jersey-client-2.22.2.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jersey-common-2.22.2.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jersey-container-servlet-2.22.2.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jersey-container-servlet-core-2.22.2.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jersey-guava-2.22.2.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jersey-media-jaxb-2.22.2.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jersey-server-2.22.2.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jetty-continuation-9.2.15.v20160210.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jetty-http-9.2.15.v20160210.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jetty-io-9.2.15.v20160210.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jetty-security-9.2.15.v20160210.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jetty-server-9.2.15.v20160210.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jetty-servlet-9.2.15.v20160210.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jetty-servlets-9.2.15.v20160210.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jetty-util-9.2.15.v20160210.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jopt-simple-4.9.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/kafka_2.11-0.10.0.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/kafka_2.11-0.10.0.0-sources.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/kafka_2.11-0.10.0.0-test-sources.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/kafka-clients-0.10.0.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/kafka-log4j-appender-0.10.0.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/kafka-streams-0.10.0.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/kafka-streams-examples-0.10.0.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/kafka-tools-0.10.0.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/log4j-1.2.17.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/lz4-1.3.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/metrics-core-2.2.0.jar:/tools/kafka_2.11-0.10.
My environment:
jdk
java -version java version "1.8.0_60" Java(TM) SE Runtime Environment (build 1.8.0_60-b27) Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)
System:
[root@weiwei kafka_2.11-0.10.0.0]# uname -a Linux weiwei 2.6.32-358.el6.x86_64 #1 SMP Fri Feb 22 00:31:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
ip
[root@weiwei kafka_2.11-0.10.0.0]# ifconfig eth0 Link encap:Ethernet HWaddr 00:1C:42:E4:B6:1E inet addr:10.211.55.5 Bcast:10.211.55.255 Mask:255.255.255.0 inet6 addr: fdb2:2c26:f4e4:0:21c:42ff:fee4:b61e/64 Scope:Global inet6 addr: fe80::21c:42ff:fee4:b61e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:80270 errors:0 dropped:0 overruns:0 frame:0 TX packets:45714 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:37037138 (35.3 MiB) TX bytes:7155183 (6.8 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:40532 errors:0 dropped:0 overruns:0 frame:0 TX packets:40532 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2811173 (2.6 MiB) TX bytes:2811173 (2.6 MiB) virbr0 Link encap:Ethernet HWaddr 52:54:00:56:6D:C8 inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
I was the first to write a message to foreign countries for help, I really have no idea of. Please help me, thanks very much!!
2016-07-13
段誉/魏巍
产品研发部
电话:13818659987
宝付网络科技(上海)有限公司
Baofoo Internet Technology (Shanghai) Co., Ltd.
官网:www.baofoo.com
地址: 上海市浦东新区居里路99号
Re: I had a problem of kerberos,I try to solve for a long time can not be resolved。Please help me!
Posted by Guozhang Wang <wa...@gmail.com>.
Hi,
From the entry "ERROR SASL authentication failed using login context
'Client'."
It seems your ZK cluster is guarded by SASL authentication mechanism, but
your brokers which are talking to ZK are not "authenticated".
Guozhang
On Sat, Jul 23, 2016 at 12:06 PM, 無名 <lo...@qq.com> wrote:
> HI, My Frends:
> Sorry,Just send pictures don't show.I change to text.
> I come from China,
> I had a problem, I try to solve for a long time can not be resolved.
> I also found to a similar article, but did not answer.
> http://permalink.gmane.org/gmane.comp.apache.kafka.devel/18545
>
> My problems are as follows:
>
> zookeeper log:
> [2016-07-24 02:23:23,935] INFO Accepted socket connection from /
> 10.211.55.5:41176 (org.apache.zookeeper.server.NIOServerCnxnFactory)
> [2016-07-24 02:23:23,944] DEBUG Session establishment request from client /
> 10.211.55.5:41176 client's lastZxid is 0x0
> (org.apache.zookeeper.server.ZooKeeperServer) [2016-07-24 02:23:23,944]
> INFO Client attempting to establish new session at /10.211.55.5:41176
> (org.apache.zookeeper.server.ZooKeeperServer) [2016-07-24 02:23:23,949]
> DEBUG Processing request:: sessionid:0x15618f30b890001 type:createSession
> cxid:0x0 zxid:0x424b txntype:-10 reqpath:n/a
> (org.apache.zookeeper.server.FinalRequestProcessor) [2016-07-24
> 02:23:23,950] DEBUG sessionid:0x15618f30b890001 type:createSession cxid:0x0
> zxid:0x424b txntype:-10 reqpath:n/a
> (org.apache.zookeeper.server.FinalRequestProcessor) [2016-07-24
> 02:23:23,950] INFO Established session 0x15618f30b890001 with negotiated
> timeout 6000 for client /10.211.55.5:41176
> (org.apache.zookeeper.server.ZooKeeperServer) [2016-07-24 02:23:23,973]
> DEBUG Responding to client SASL token.
> (org.apache.zookeeper.server.ZooKeeperServer) [2016-07-24 02:23:23,973]
> DEBUG Size of client SASL token: 573
> (org.apache.zookeeper.server.ZooKeeperServer) [2016-07-24 02:23:23,973]
> ERROR cnxn.saslServer is null: cnxn object did not initialize its
> saslServer properly. (org.apache.zookeeper.server.ZooKeeperServer)
> [2016-07-24 02:23:24,318] WARN caught end of stream exception
> (org.apache.zookeeper.server.NIOServerCnxn) EndOfStreamException: Unable to
> read additional data from client sessionid 0x15618f30b890001, likely client
> has closed socket at
> org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:228)
> at
> org.apache.zookeeper.server.NIOServerCnxnFactory.run(NIOServerCnxnFactory.java:208)
> at java.lang.Thread.run(Thread.java:745) [2016-07-24 02:23:24,318] INFO
> Closed socket connection for client /10.211.55.5:41176 which had
> sessionid 0x15618f30b890001 (org.apache.zookeeper.server.NIOServerCnxn)
> [2016-07-24 02:23:30,000] INFO Expiring session 0x15618f30b890001, timeout
> of 6000ms exceeded (org.apache.zookeeper.server.ZooKeeperServer)
> [2016-07-24 02:23:30,001] INFO Processed session termination for sessionid:
> 0x15618f30b890001 (org.apache.zookeeper.server.PrepRequestProcessor)
> [2016-07-24 02:23:30,004] DEBUG Processing request::
> sessionid:0x15618f30b890001 type:closeSession cxid:0x0 zxid:0x424c
> txntype:-11 reqpath:n/a (org.apache.zookeeper.server.FinalRequestProcessor)
> kafka log:
> [2016-07-24 02:23:23,954] INFO zookeeper state changed (SyncConnected)
> (org.I0Itec.zkclient.ZkClient) [2016-07-24 02:23:23,954] DEBUG Leaving
> process event (org.I0Itec.zkclient.ZkClient) [2016-07-24 02:23:23,954]
> DEBUG ClientCnxn:sendSaslPacket:length=0
> (org.apache.zookeeper.client.ZooKeeperSaslClient) [2016-07-24 02:23:23,955]
> DEBUG saslClient.evaluateChallenge(len=0)
> (org.apache.zookeeper.client.ZooKeeperSaslClient) [2016-07-24 02:23:23,973]
> ERROR SASL authentication failed using login context 'Client'.
> (org.apache.zookeeper.client.ZooKeeperSaslClient) [2016-07-24 02:23:23,974]
> DEBUG Received event: WatchedEvent state:AuthFailed type:None path:null
> (org.I0Itec.zkclient.ZkClient) [2016-07-24 02:23:23,974] INFO zookeeper
> state changed (AuthFailed) (org.I0Itec.zkclient.ZkClient) [2016-07-24
> 02:23:23,974] DEBUG Leaving process event (org.I0Itec.zkclient.ZkClient)
> [2016-07-24 02:23:23,974] DEBUG Closing ZkClient...
> (org.I0Itec.zkclient.ZkClient) [2016-07-24 02:23:23,974] INFO Terminate
> ZkClient event thread. (org.I0Itec.zkclient.ZkEventThread) [2016-07-24
> 02:23:23,974] DEBUG Closing ZooKeeper connected to 10.211.55.5:2181
> (org.I0Itec.zkclient.ZkConnection) [2016-07-24 02:23:23,974] DEBUG Close
> called on already closed client (org.apache.zookeeper.ZooKeeper)
> [2016-07-24 02:23:23,974] DEBUG Closing ZkClient...done
> (org.I0Itec.zkclient.ZkClient) [2016-07-24 02:23:23,975] FATAL Fatal error
> during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)
> org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication
> failure at
> org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:946) at
> org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:923) at
> org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1230) at
> org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:156) at
> org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:130) at
> kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:75) at
> kafka.utils.ZkUtils$.apply(ZkUtils.scala:57) at
> kafka.server.KafkaServer.initZk(KafkaServer.scala:294) at
> kafka.server.KafkaServer.startup(KafkaServer.scala:180) at
> kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:37)
> at kafka.Kafka$.main(Kafka.scala:67) at kafka.Kafka.main(Kafka.scala)
> [2016-07-24 02:23:23,978] INFO shutting down (kafka.server.KafkaServer)
> [2016-07-24 02:23:23,979] DEBUG Shutting down task scheduler.
> (kafka.utils.KafkaScheduler) [2016-07-24 02:23:23,981] INFO shut down
> completed (kafka.server.KafkaServer) [2016-07-24 02:23:23,982] FATAL Fatal
> error during KafkaServerStartable startup. Prepare to shutdown
> (kafka.server.KafkaServerStartable)
> org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication
> failure at
> org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:946) at
> org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:923) at
> org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1230) at
> org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:156) at
> org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:130) at
> kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:75) at
> kafka.utils.ZkUtils$.apply(ZkUtils.scala:57) at
> kafka.server.KafkaServer.initZk(KafkaServer.scala:294) at
> kafka.server.KafkaServer.startup(KafkaServer.scala:180) at
> kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:37)
> at kafka.Kafka$.main(Kafka.scala:67) at kafka.Kafka.main(Kafka.scala)
> [2016-07-24 02:23:23,985] INFO shutting down (kafka.server.KafkaServer)
> krb5kdc log
> Jul 24 02:23:23 weiwei krb5kdc[17652](info): AS_REQ (3 etypes {17 16 23})
> 10.211.55.5: ISSUE: authtime 1469298203, etypes {rep=17 tkt=18 ses=17},
> kafka/10.211.55.5@EXAMPLE.COM for krbtgt/EXAMPLE.COM@EXAMPLE.COM Jul 24
> 02:23:23 weiwei krb5kdc[17652](info): TGS_REQ (3 etypes {17 16 23})
> 10.211.55.5: ISSUE: authtime 1469298203, etypes {rep=17 tkt=18 ses=17},
> kafka/10.211.55.5@EXAMPLE.COM for zookeeper/10.211.55.5@EXAMPLE.COM
> My configuration is as follows:
>
> /etc/krb5.conf
> [logging] default = FILE:/var/log/krb5libs.log kdc =
> FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log
> [libdefaults] default_realm = EXAMPLE.COM dns_lookup_realm = false
> dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d
> forwardable = true [realms] EXAMPLE.COM = { kdc = 10.211.55.5
> admin_server = 10.211.55.5 } [domain_realm] 10.211.55.5 = EXAMPLE.COM
> /etc/kafka/kafkaserverjaas.conf
> KafkaServer { com.sun.security.auth.module.Krb5LoginModule required
> useKeyTab=true storeKey=true
> keyTab="/var/kerberos/krb5kdc/kafka.keytab" principal="kafka/
> 10.211.55.5@EXAMPLE.COM"; }; // Zookeeper client authentication Client
> { com.sun.security.auth.module.Krb5LoginModule required
> useKeyTab=true storeKey=true
> keyTab="/var/kerberos/krb5kdc/kafka.keytab" principal="kafka/
> 10.211.55.5@EXAMPLE.COM"; };
> kadmin.local
> Authenticating as principal root/admin@EXAMPLE.COM with password.
> kadmin.local: listprincs K/M@EXAMPLE.COM kadmin/admin@EXAMPLE.COM kadmin/
> changepw@EXAMPLE.COM kadmin/weiwei@EXAMPLE.COM kafka/
> 10.211.55.5@EXAMPLE.COM kafka/weiwei@EXAMPLE.COM krbtgt/
> EXAMPLE.COM@EXAMPLE.COM root/admin@EXAMPLE.COM zookeeper/
> 10.211.55.5@EXAMPLE.COM
> JVM:
>
> start the process:
>
> zookeeper:
> # ps -ef|grep zookeeper|grep --color=auto
> /etc/kafka/kafka_server_jaas.conf root 6172 20094 39 03:02 pts/5
> 00:00:00 /usr/java/jdk1.8.0_60/bin/java -Xmx512M -Xms512M -server
> -XX:+UseG1GC -XX:MaxGCPauseMillis=20 -XX:InitiatingHeapOccupancyPercent=35
> -XX:+DisableExplicitGC -Djava.security.krb5.conf=/etc/krb5.conf
> -Djava.security.auth.login.config=/etc/kafka/kafka_server_jaas.conf
> -Djava.awt.headless=true
> -Xloggc:/tools/kafka_2.11-0.10.0.0/bin/../logs/zookeeper-gc.log -verbose:gc
> -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps
> -Dcom.sun.management.jmxremote
> -Dcom.sun.management.jmxremote.authenticate=false
> -Dcom.sun.management.jmxremote.ssl=false
> -Dkafka.logs.dir=/tools/kafka_2.11-0.10.0.0/bin/../logs
> -Dlog4j.configuration=file:bin/../config/log4j.properties -cp
> .:/usr/java/jdk1.8.0_60/lib/dt.jar:/usr/java/jdk1.8.0_60/lib/tools.jar:/usr/java/jdk1.8.0_60/bin/java:/tools/kafka_2.11-0.10.0.0/bin/../libs/aopalliance-repackaged-2.4.0-b34.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/argparse4j-0.5.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/connect-api-0.10.0.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/connect-file-0.10.0.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/connect-json-0.10.0.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/connect-runtime-0.10.0.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/guava-18.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/hk2-api-2.4.0-b34.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/hk2-locator-2.4.0-b34.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/hk2-utils-2.4.0-b34.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jackson-annotations-2.6.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jackson-core-2.6.3.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jackson-databind-2.6.3.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jackson-jaxrs-base-2.6.3.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jackson-jaxrs-json-provider-2.6.3.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jackson-module-jaxb-annotations-2.6.3.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/javassist-3.18.2-GA.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/javax.annotation-api-1.2.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/javax.inject-1.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/javax.inject-2.4.0-b34.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/javax.servlet-api-3.1.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/javax.ws.rs-api-2.0.1.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jersey-client-2.22.2.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jersey-common-2.22.2.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jersey-container-servlet-2.22.2.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jersey-container-servlet-core-2.22.2.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jersey-guava-2.22.2.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jersey-media-jaxb-2.22.2.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jersey-server-2.22.2.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jetty-continuation-9.2.15.v20160210.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jetty-http-9.2.15.v20160210.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jetty-io-9.2.15.v20160210.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jetty-security-9.2.15.v20160210.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jetty-server-9.2.15.v20160210.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jetty-servlet-9.2.15.v20160210.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jetty-servlets-9.2.15.v20160210.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jetty-util-9.2.15.v20160210.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/jopt-simple-4.9.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/kafka_2.11-0.10.0.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/kafka_2.11-0.10.0.0-sources.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/kafka_2.11-0.10.0.0-test-sources.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/kafka-clients-0.10.0.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/kafka-log4j-appender-0.10.0.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/kafka-streams-0.10.0.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/kafka-streams-examples-0.10.0.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/kafka-tools-0.10.0.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/log4j-1.2.17.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/lz4-1.3.0.jar:/tools/kafka_2.11-0.10.0.0/bin/../libs/metrics-core-2.2.0.jar:/tools/kafka_2.11-0.10.
> My environment:
>
> jdk
> java -version java version "1.8.0_60" Java(TM) SE Runtime Environment
> (build 1.8.0_60-b27) Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23,
> mixed mode)
> System:
> [root@weiwei kafka_2.11-0.10.0.0]# uname -a Linux weiwei
> 2.6.32-358.el6.x86_64 #1 SMP Fri Feb 22 00:31:26 UTC 2013 x86_64 x86_64
> x86_64 GNU/Linux
> ip
> [root@weiwei kafka_2.11-0.10.0.0]# ifconfig eth0 Link
> encap:Ethernet HWaddr 00:1C:42:E4:B6:1E inet addr:10.211.55.5
> Bcast:10.211.55.255 Mask:255.255.255.0 inet6 addr:
> fdb2:2c26:f4e4:0:21c:42ff:fee4:b61e/64 Scope:Global inet6 addr:
> fe80::21c:42ff:fee4:b61e/64 Scope:Link UP BROADCAST RUNNING
> MULTICAST MTU:1500 Metric:1 RX packets:80270 errors:0 dropped:0
> overruns:0 frame:0 TX packets:45714 errors:0 dropped:0 overruns:0
> carrier:0 collisions:0 txqueuelen:1000 RX
> bytes:37037138 (35.3 MiB) TX bytes:7155183 (6.8 MiB) lo Link
> encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436
> Metric:1 RX packets:40532 errors:0 dropped:0 overruns:0 frame:0
> TX packets:40532 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0 RX bytes:2811173 (2.6 MiB) TX
> bytes:2811173 (2.6 MiB) virbr0 Link encap:Ethernet HWaddr
> 52:54:00:56:6D:C8 inet addr:192.168.122.1 Bcast:192.168.122.255
> Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500
> Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
> I was the first to write a message to foreign countries for help, I really
> have no idea of. Please help me, thanks very much!!
>
>
> 2016-07-13
> 段誉/魏巍
>
>
> 产品研发部
> 电话:13818659987
>
>
> 宝付网络科技(上海)有限公司
> Baofoo Internet Technology (Shanghai) Co., Ltd.
> 官网:www.baofoo.com
> 地址: 上海市浦东新区居里路99号
--
-- Guozhang