Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Connecting SASL_SSL Kafka Cluster

See original GitHub issue

I’m using Security Protocol set to “SASL_SSL” which means I need to specify all the JKS and JAAS in order to connect to the Cluster. I’m providing those information through the property file, but I found out that when the KafkaAdminClient runs it gets wrong SSL configuration because of this :

// Configure SSL configs (if security protocol is SSL)
      if (securityProtocol.equals(SecurityProtocol.SSL.name)) {
        setStringConfigIfExists(configs, adminClientConfigs, SslConfigs.SSL_TRUSTMANAGER_ALGORITHM_CONFIG);
        setStringConfigIfExists(configs, adminClientConfigs, SslConfigs.SSL_KEYMANAGER_ALGORITHM_CONFIG);
        setStringConfigIfExists(configs, adminClientConfigs, SslConfigs.SSL_KEYSTORE_TYPE_CONFIG);
        setStringConfigIfExists(configs, adminClientConfigs, SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG);
        setStringConfigIfExists(configs, adminClientConfigs, SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG);
        setStringConfigIfExists(configs, adminClientConfigs, SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG);
        setStringConfigIfExists(configs, adminClientConfigs, SslConfigs.SSL_SECURE_RANDOM_IMPLEMENTATION_CONFIG);
        setPasswordConfigIfExists(configs, adminClientConfigs, SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG);
        setPasswordConfigIfExists(configs, adminClientConfigs, SslConfigs.SSL_KEY_PASSWORD_CONFIG);
        setPasswordConfigIfExists(configs, adminClientConfigs, SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG);
      }

I’m not using SSL but SASL_SSL and I still need those properties to be set in the KafkaClientAdmin configurations.

The class where i found that code portion is KafkaCruiseControlUtils.java.

This is the error I’m facing :

org.apache.kafka.common.KafkaException: Failed create new KafkaAdminClient
	at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:370)
	at org.apache.kafka.clients.admin.AdminClient.create(AdminClient.java:62)
	at com.linkedin.kafka.cruisecontrol.KafkaCruiseControlUtils.createAdminClient(KafkaCruiseControlUtils.java:176)
	at com.linkedin.kafka.cruisecontrol.KafkaCruiseControlUtils.describeLogDirs(KafkaCruiseControlUtils.java:161)
	at com.linkedin.kafka.cruisecontrol.servlet.response.KafkaClusterState.populateKafkaBrokerLogDirState(KafkaClusterState.java:323)
	at com.linkedin.kafka.cruisecontrol.servlet.response.KafkaClusterState.getJsonStructure(KafkaClusterState.java:252)
	at com.linkedin.kafka.cruisecontrol.servlet.response.KafkaClusterState.getJSONString(KafkaClusterState.java:85)
	at com.linkedin.kafka.cruisecontrol.servlet.response.KafkaClusterState.discardIrrelevantAndCacheRelevant(KafkaClusterState.java:454)
	at com.linkedin.kafka.cruisecontrol.servlet.response.AbstractCruiseControlResponse.discardIrrelevantResponse(AbstractCruiseControlResponse.java:43)
	at com.linkedin.kafka.cruisecontrol.servlet.response.AbstractCruiseControlResponse.writeSuccessResponse(AbstractCruiseControlResponse.java:34)
	at com.linkedin.kafka.cruisecontrol.servlet.KafkaCruiseControlServletUtils.syncRequest(KafkaCruiseControlServletUtils.java:118)
	at com.linkedin.kafka.cruisecontrol.servlet.KafkaCruiseControlServlet.doGet(KafkaCruiseControlServlet.java:159)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:841)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:535)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
	at org.eclipse.jetty.server.Server.handle(Server.java:564)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:317)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110)
	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124)
	at org.eclipse.jetty.util.thread.Invocable.invokePreferred(Invocable.java:128)
	at org.eclipse.jetty.util.thread.Invocable$InvocableExecutor.invoke(Invocable.java:222)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:294)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:199)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:673)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:591)
	at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.kafka.common.KafkaException: java.lang.IllegalArgumentException: No serviceName defined in either JAAS or Kafka config
	at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:153)
	at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:140)
	at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:65)
	at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:88)
	at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:346)
	... 39 more
Caused by: java.lang.IllegalArgumentException: No serviceName defined in either JAAS or Kafka config
	at org.apache.kafka.common.security.kerberos.KerberosLogin.getServiceName(KerberosLogin.java:303)
	at org.apache.kafka.common.security.kerberos.KerberosLogin.configure(KerberosLogin.java:92)
	at org.apache.kafka.common.security.authenticator.LoginManager.<init>(LoginManager.java:63)
	at org.apache.kafka.common.security.authenticator.LoginManager.acquireLoginManager(LoginManager.java:114)
	at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:142)
	... 43 more

Tag Cruise Control version is 2.0.36. Kafka Version is 1.1.x.

Issue Analytics

  • State:open
  • Created 5 years ago
  • Comments:25 (7 by maintainers)

github_iconTop GitHub Comments

1reaction
tommyJimmy87commented, Mar 8, 2019

@efeg Ok as I thought. If you want I can contribute on this.

0reactions
Arullaldivakarcommented, Mar 30, 2021

Does cruise control support TLS SASL/Scram enabled Kafka secure cluster?

Read more comments on GitHub >

github_iconTop Results From Across the Web

Configuring Confluent Platform SASL Authentication using JAAS
You can learn more about authentication with SASL in Kafka Authentication with SSL and SASL_SSL (module of Apache Kafka Security) free course.
Read more >
Securing Apache Kafka Cluster using SSL, SASL and ACL
This article focuses more on one of the ways of securing Kafka Cluster using simple in built authorizer, java keystore, truststore SSL and...
Read more >
Configuring SASL_SSL authentication for a Cloud Confluent ...
Configuring SASL_SSL authentication for a Cloud Confluent Kafka cluster ... authentication, configure the Kafka connection properties. To override the properties ...
Read more >
How to connect to Kafka server using SASL SSL protocol
The video provides the steps to connect to the Kafka server using SASL_SSL protocol.First, we will see the Ambari configuration needed to ...
Read more >
Connecting to Kafka over SSL with username and password ...
Add truststore and security protocol properties to the Content event emitter configuration file. The security protocol is SASL_SSL.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Cruise control doesn't auto rebalance even with appropriate goals

Next page

KeeperErrorCode = NoAuth for /config/topics/__KafkaCruiseControlPartitionMetricSamples