kafka-jira mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stephane Maarek (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KAFKA-5993) Kafka AdminClient does not support standard security settings
Date Wed, 04 Oct 2017 04:47:00 GMT

    [ https://issues.apache.org/jira/browse/KAFKA-5993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16190808#comment-16190808
] 

Stephane Maarek commented on KAFKA-5993:
----------------------------------------

[~ijuma] Indeed it does support security settings. The log still shows that WARN, which is
what was misleading on my end.

See full log here:

{code:java}
15:42:18.548 [main] INFO  org.apache.kafka.clients.admin.AdminClientConfig - AdminClientConfig
values: 
	bootstrap.servers = [localhost:9092]
	client.id = 
	connections.max.idle.ms = 300000
	metadata.max.age.ms = 300000
	metric.reporters = []
	metrics.num.samples = 2
	metrics.recording.level = INFO
	metrics.sample.window.ms = 30000
	receive.buffer.bytes = 65536
	reconnect.backoff.max.ms = 1000
	reconnect.backoff.ms = 50
	request.timeout.ms = 120000
	retries = 5
	retry.backoff.ms = 100
	sasl.jaas.config = [hidden]
	sasl.kerberos.kinit.cmd = /usr/bin/kinit
	sasl.kerberos.min.time.before.relogin = 60000
	sasl.kerberos.service.name = null
	sasl.kerberos.ticket.renew.jitter = 0.05
	sasl.kerberos.ticket.renew.window.factor = 0.8
	sasl.mechanism = GSSAPI
	security.protocol = PLAINTEXT
	send.buffer.bytes = 131072
	ssl.cipher.suites = null
	ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1]
	ssl.endpoint.identification.algorithm = null
	ssl.key.password = null
	ssl.keymanager.algorithm = SunX509
	ssl.keystore.location = null
	ssl.keystore.password = null
	ssl.keystore.type = JKS
	ssl.protocol = TLS
	ssl.provider = null
	ssl.secure.random.implementation = null
	ssl.trustmanager.algorithm = PKIX
	ssl.truststore.location = null
	ssl.truststore.password = null
	ssl.truststore.type = JKS

15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name
connections-closed:
15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name
connections-created:
15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name
bytes-sent-received:
15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name
bytes-sent:
15:42:18.549 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name
bytes-received:
15:42:18.549 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name
select-time:
15:42:18.549 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name
io-time:
15:42:18.549 [main] DEBUG org.apache.kafka.clients.Metadata - Updated cluster metadata version
1 to Cluster(id = null, nodes = [localhost:9092 (id: -1 rack: null)], partitions = [])
15:42:18.550 [main] WARN  org.apache.kafka.clients.admin.AdminClientConfig - The configuration
'sasl.jaas.config' was supplied but isn't a known config.
15:42:18.550 [main] INFO  org.apache.kafka.common.utils.AppInfoParser - Kafka version : 0.11.0.1
15:42:18.550 [main] INFO  org.apache.kafka.common.utils.AppInfoParser - Kafka commitId : c2a0d5f9b1f45bf5
{code}

My code to generate my admin client is:
  
{code:java}
  public static AdminClient getAdminClient() {

        Properties adminProps = new Properties();
        adminProps.put(AdminClientConfig.BOOTSTRAP_SERVERS_CONFIG,
                Optional.ofNullable(System.getenv("KAFKA_BOOTSTRAP_SERVERS")).orElse("localhost:9092"));
        adminProps.put(AdminClientConfig.SECURITY_PROTOCOL_CONFIG,
                Optional.ofNullable(System.getenv("SECURITY_PROTOCOL")).orElse("PLAINTEXT"));
        adminProps.put(SaslConfigs.SASL_JAAS_CONFIG,
                Optional.ofNullable(System.getenv("SASL_JAAS_CONFIG")).orElse(""));

        return AdminClient.create(adminProps);
    }

{code}

If you feel that WARN is okay, we can close the JIRA, otherwise maybe we should rename the
JIRA and address the WARN?

> Kafka AdminClient does not support standard security settings
> -------------------------------------------------------------
>
>                 Key: KAFKA-5993
>                 URL: https://issues.apache.org/jira/browse/KAFKA-5993
>             Project: Kafka
>          Issue Type: Bug
>    Affects Versions: 0.11.0.1
>            Reporter: Stephane Maarek
>
> Kafka Admin Client does not support basic security configurations, such as "sasl.jaas.config".
> Therefore it makes it impossible to use against a secure cluster
> ```
> 14:12:12.948 [main] WARN  org.apache.kafka.clients.admin.AdminClientConfig - The configuration
'sasl.jaas.config' was supplied but isn't a known config.
> ```



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message