kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian <engr...@gmail.com>
Subject Re: Problem connecting to ZooKeeper with Kafka SASL enabled
Date Sat, 07 Jan 2017 15:58:14 GMT
I figured it out. I am using Confluent 3.1.1's docker images. There is a
file in
https://github.com/confluentinc/cp-docker-images/blob/master/debian/base/include/cub
which looks for an environment variable of "ZOOKEEPER_SASL_ENABLED" which
defaults to true if using jaas. I simply set that var to false and I got
past the problem.



On Sat, Jan 7, 2017 at 7:54 AM, Christian <engrean@gmail.com> wrote:

> Hi,
>
> I'm trying to set up SASL_PLAINTEXT authentication between the
> producer/consumer clients and the Kafka brokers only. I am not too worried
> about the broker to broker SASL nor do I want Kafka Broker to ZooKeeper
> SASL Authentication. I would prefer the just require authentication for the
> clients to Kafka and that's it.
>
> The problem I am having is that when I turn on SASL, my broker to zk
> connection times out.
>
> Initiating client connection, connectString=ZK1:2181,ZK2:2181,ZK3:2181
> sessionTimeout=40000 watcher=io.confluent.admin.utils.
> ZookeeperConnectionWatcher@5a2e4553
> Opening socket connection to server ZK1:2181
> Socket connection established to ZK1:2181, initiating session
> Session establishment complete on server ZK1:2181  sessionid =
> 0x15976c66b690106, negotiated timeout = 40000
> Timed out waiting for connection to Zookeeper server
> [ZK1:2181,ZK2:2181,ZK3:2181].
> Session: 0x15976c66b690106 closed
> EventThread shut down
>
> I am using Kafka 0.10.1.0 and ZooKeeper 3.4.9
>
> The following are the settings I have for SASL:
>
> KAFKA_OPTS="-Djava.security.auth.login.config=/var/lib/
> kafka/config/kafka_server_jaas.conf -Dzookeeper.sasl.client=false"
>
> inter.broker.protocol=SASL_PLAINTEXT
>
> sasl.enabled.mechanisms=PLAIN
>
> *Kafka.listeners=S*ASL_PLAINTEXT://0.0.0.0:92
>
>
> my kafka_server_jaas.conf file looks like the following:
>
> KafkaServer {
>
>    org.apache.kafka.common.security.plain.PlainLoginModule required
>
>    username="admin"
>
>    password="admin-secret"
>
>    user_admin="admin-secret"
>
>    user_alice="alice-secret";
>
> };
>
> Do you have any suggestions? I have tried many combinations. Without setting zookeeper.sasl.client=false,
I get a SASL error that says I need to define the Client portion of the jaas config file to
talk with ZooKeeper. setting it to false, gives me this timeout, but only when I also set
the -Djava.security.auth... property.
>
> I know, I'm missing a small thing.
>
> Thanks,
>
> Christian
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message