I'm trying to configure a kafka client to authenticate against a secure kafkaserver. I've set up the jaas and ssl configs, but it's complaining about serviceNames.
I am not using Kerberos.
command
KAFKA_OPTS="-Djava.security.auth.login.config=./jaas.conf" \
kafka-console-producer --broker-list k0:9092,k1:9092,k2:9092 \
--topic test-topic
--producer.config ./ssl.properties
error
org.apache.kafka.common.KafkaException: Failed to construct kafka producer
at org.apache.kafka.clients.producer.KafkaProducer.<init>
[ ... ]
Caused by: java.lang.IllegalArgumentException: No serviceName defined in either JAAS or Kafka config
jaas.conf
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
serviceName="kafka"
password="broker-secret"
user_broker="broker-secret"
sasl.enabled.mechanisms=PLAIN
sasl.mechanism.inter.broker.protocol=PLAIN
confluent.metrics.reporter.sasl.mechanism=PLAIN
user_username1="password1";
};
ssl.properties
bootstrap.servers=k0:9092,k1:9092,k2:9092
security.protocol=SASL_PLAINTEXT
ssl.truststore.location=/var/ssl/private/client.truststore.jks
ssl.truststore.password=confluent
ssl.keystore.location=/var/ssl/private/client.keystore.jks
ssl.keystore.password=confluent
ssl.key.password=confluent
producer.bootstrap.servers=k0:9092,1:9092,k2:9092
producer.security.protocol=SASL_PLAINTEXT
producer.ssl.truststore.location=/var/private/ssl/kafka.client.truststore.jks
producer.ssl.truststore.location=/var/ssl/private/client.truststore.jks
producer.ssl.truststore.password=confluent
producer.ssl.keystore.location=/var/ssl/private/client.keystore.jks
producer.ssl.keystore.password=confluent
producer.ssl.key.password=confluent
org.apache.kafka.common.security.plain.PlainLoginModule required
password="broker-secret"
user_broker="broker-secret"
sasl.enabled.mechanisms=PLAIN
sasl.mechanism.inter.broker.protocol=PLAIN
confluent.metrics.reporter.sasl.mechanism=PLAIN
user_username1="password";
serviceName="Kafka"
The Java Authentication and Authorization Service (JAAS) API supplies user authentication and authorization services for Java applications. After enabling Kerberos, Ambari sets up a JAAS login configuration file for the Kafka server. This file is used to authenticate the Kafka broker against Kerberos.
SASL/PLAIN Overview. PLAIN, or SASL/PLAIN, is a simple username/password authentication mechanism that is typically used with TLS for encryption to implement secure authentication. Apache Kafka® supports a default implementation for SASL/PLAIN, which can be extended for production use.
The useKeytab value is the full path to the Kerberos keytab file. The principal value is the Kerberos principal, for example user/host@REALM. Here, host is the host of the center for key distribution and REALM is the Kerberos REALM.
This error indicates that jaas configuration is not visible to your kafka producer. To solve this issue, you either need to include
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="(username)" password="(password)";
in your ssl.properties
file, or export it in your path
export KAFKA_OPTS="-Djava.security.auth.login.config=path/to/jaas.conf"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With