You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "Fangwei Duan (Jira)" <ji...@apache.org> on 2019/10/29 10:45:00 UTC
[jira] [Commented] (KAFKA-8353)
org.apache.kafka.common.errors.TimeoutException: Failed to update metadata
after 60000 ms after enabling SASL PLAINTEXT authentication
[ https://issues.apache.org/jira/browse/KAFKA-8353?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16961881#comment-16961881 ]
Fangwei Duan commented on KAFKA-8353:
-------------------------------------
I had this problem too. and finally it turn out the reason is the client server time diff with kdc server time more than 5mins. after the sync the time, we had solved this problem.
> org.apache.kafka.common.errors.TimeoutException: Failed to update metadata after 60000 ms after enabling SASL PLAINTEXT authentication
> --------------------------------------------------------------------------------------------------------------------------------------
>
> Key: KAFKA-8353
> URL: https://issues.apache.org/jira/browse/KAFKA-8353
> Project: Kafka
> Issue Type: Bug
> Components: documentation, security
> Affects Versions: 0.10.2.1
> Reporter: goutham
> Priority: Critical
> Labels: security
>
> I'm running into time out exception when i try to run producer and consumer through java or console.
>
> *kafka server.properties*
> [advertised.host.name|http://advertised.host.name/]=127.0.0.1
>
> listeners=SASL_PLAINTEXT://[127.0.0.1:9090|http://127.0.0.1:9090/]
> security.inter.broker.protocol=SASL_PLAINTEXT
> sasl.mechanism.inter.broker.protocol=PLAIN
> sasl.enabled.mechanisms=PLAIN
> advertised.listeners=SASL_PLAINTEXT://[127.0.0.1:9090|http://127.0.0.1:9090/]
>
> *kafka server jass conf*
>
> KafkaServer {
> org.apache.kafka.common.security.plain.PlainLoginModule required
> username="admin"
> password="admin"
> user_admin="admin"
> user_test="test";
>
> };
>
>
> *client producer/consumer properties*
>
>
> String jaasTemplate = "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"%s\" password=\"%s\";";
> String jaasCfg = String.format(jaasTemplate, "test", "test");
> brokers.delete(brokers.length() - 1, brokers.length());
> properties.put("bootstrap.servers", brokers.toString());
> properties.put("[retry.backoff.ms|http://retry.backoff.ms/]", "1000");
> properties.put("[reconnect.backoff.ms|http://reconnect.backoff.ms/]", "1000");
> properties.put("max.request.size", "5242880");
> properties.put("key.serializer", "org.apache.kafka.common.serialization.ByteArraySerializer");
> properties.put("value.serializer", "org.apache.kafka.common.serialization.ByteArraySerializer");
> // properties.put("[metadata.max.age.ms|http://metadata.max.age.ms/]", 15000); //Refresh topic partition leadership every 15 seconds
> properties.put("sasl.jaas.config", jaasCfg);
> properties.put("security.protocol", "SASL_PLAINTEXT");
> properties.put("sasl.mechanism", "PLAIN");
> properties.put("ssl.client.auth", "none"); Also added env variable for KAKFA_OPTS with jass config location so console consumer can use that login module.i am running single node kafka (0.10.2) with zookeeper (3.4.9). with these setting both broker and zookeeper comes up.But clients with valid credential not able to write/read from the broker.pretty much used steps in documentation from apache Kafka.Pls advice?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)