kafka-jira mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stephane Maarek (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (KAFKA-5993) Kafka AdminClient does not support standard security settings
Date Wed, 04 Oct 2017 04:53:00 GMT

    [ https://issues.apache.org/jira/browse/KAFKA-5993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16190808#comment-16190808
] 

Stephane Maarek edited comment on KAFKA-5993 at 10/4/17 4:52 AM:
-----------------------------------------------------------------

[~ijuma] Indeed it does support security settings. The log still shows that WARN, which is
what was misleading on my end.

See full log here (it's using the PLAINTEXT protocol on purpose for now):

{code:java}
15:42:18.548 [main] INFO  org.apache.kafka.clients.admin.AdminClientConfig - AdminClientConfig
values: 
	bootstrap.servers = [localhost:9092]
	client.id = 
	connections.max.idle.ms = 300000
	metadata.max.age.ms = 300000
	metric.reporters = []
	metrics.num.samples = 2
	metrics.recording.level = INFO
	metrics.sample.window.ms = 30000
	receive.buffer.bytes = 65536
	reconnect.backoff.max.ms = 1000
	reconnect.backoff.ms = 50
	request.timeout.ms = 120000
	retries = 5
	retry.backoff.ms = 100
	sasl.jaas.config = [hidden]
	sasl.kerberos.kinit.cmd = /usr/bin/kinit
	sasl.kerberos.min.time.before.relogin = 60000
	sasl.kerberos.service.name = null
	sasl.kerberos.ticket.renew.jitter = 0.05
	sasl.kerberos.ticket.renew.window.factor = 0.8
	sasl.mechanism = GSSAPI
	security.protocol = PLAINTEXT
	send.buffer.bytes = 131072
	ssl.cipher.suites = null
	ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1]
	ssl.endpoint.identification.algorithm = null
	ssl.key.password = null
	ssl.keymanager.algorithm = SunX509
	ssl.keystore.location = null
	ssl.keystore.password = null
	ssl.keystore.type = JKS
	ssl.protocol = TLS
	ssl.provider = null
	ssl.secure.random.implementation = null
	ssl.trustmanager.algorithm = PKIX
	ssl.truststore.location = null
	ssl.truststore.password = null
	ssl.truststore.type = JKS

15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name
connections-closed:
15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name
connections-created:
15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name
bytes-sent-received:
15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name
bytes-sent:
15:42:18.549 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name
bytes-received:
15:42:18.549 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name
select-time:
15:42:18.549 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name
io-time:
15:42:18.549 [main] DEBUG org.apache.kafka.clients.Metadata - Updated cluster metadata version
1 to Cluster(id = null, nodes = [localhost:9092 (id: -1 rack: null)], partitions = [])
15:42:18.550 [main] WARN  org.apache.kafka.clients.admin.AdminClientConfig - The configuration
'sasl.jaas.config' was supplied but isn't a known config.
15:42:18.550 [main] INFO  org.apache.kafka.common.utils.AppInfoParser - Kafka version : 0.11.0.1
15:42:18.550 [main] INFO  org.apache.kafka.common.utils.AppInfoParser - Kafka commitId : c2a0d5f9b1f45bf5
{code}

My code to generate my admin client is:
  
{code:java}
  public static AdminClient getAdminClient() {

        Properties adminProps = new Properties();
        adminProps.put(AdminClientConfig.BOOTSTRAP_SERVERS_CONFIG,
                Optional.ofNullable(System.getenv("KAFKA_BOOTSTRAP_SERVERS")).orElse("localhost:9092"));
        adminProps.put(AdminClientConfig.SECURITY_PROTOCOL_CONFIG,
                Optional.ofNullable(System.getenv("SECURITY_PROTOCOL")).orElse("PLAINTEXT"));
        adminProps.put(SaslConfigs.SASL_JAAS_CONFIG,
                Optional.ofNullable(System.getenv("SASL_JAAS_CONFIG")).orElse(""));

        return AdminClient.create(adminProps);
    }

{code}

If you feel that WARN is okay, we can close the JIRA, otherwise maybe we should rename the
JIRA and address the WARN?


was (Author: stephane.maarek@gmail.com):
[~ijuma] Indeed it does support security settings. The log still shows that WARN, which is
what was misleading on my end.

See full log here:

{code:java}
15:42:18.548 [main] INFO  org.apache.kafka.clients.admin.AdminClientConfig - AdminClientConfig
values: 
	bootstrap.servers = [localhost:9092]
	client.id = 
	connections.max.idle.ms = 300000
	metadata.max.age.ms = 300000
	metric.reporters = []
	metrics.num.samples = 2
	metrics.recording.level = INFO
	metrics.sample.window.ms = 30000
	receive.buffer.bytes = 65536
	reconnect.backoff.max.ms = 1000
	reconnect.backoff.ms = 50
	request.timeout.ms = 120000
	retries = 5
	retry.backoff.ms = 100
	sasl.jaas.config = [hidden]
	sasl.kerberos.kinit.cmd = /usr/bin/kinit
	sasl.kerberos.min.time.before.relogin = 60000
	sasl.kerberos.service.name = null
	sasl.kerberos.ticket.renew.jitter = 0.05
	sasl.kerberos.ticket.renew.window.factor = 0.8
	sasl.mechanism = GSSAPI
	security.protocol = PLAINTEXT
	send.buffer.bytes = 131072
	ssl.cipher.suites = null
	ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1]
	ssl.endpoint.identification.algorithm = null
	ssl.key.password = null
	ssl.keymanager.algorithm = SunX509
	ssl.keystore.location = null
	ssl.keystore.password = null
	ssl.keystore.type = JKS
	ssl.protocol = TLS
	ssl.provider = null
	ssl.secure.random.implementation = null
	ssl.trustmanager.algorithm = PKIX
	ssl.truststore.location = null
	ssl.truststore.password = null
	ssl.truststore.type = JKS

15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name
connections-closed:
15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name
connections-created:
15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name
bytes-sent-received:
15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name
bytes-sent:
15:42:18.549 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name
bytes-received:
15:42:18.549 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name
select-time:
15:42:18.549 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name
io-time:
15:42:18.549 [main] DEBUG org.apache.kafka.clients.Metadata - Updated cluster metadata version
1 to Cluster(id = null, nodes = [localhost:9092 (id: -1 rack: null)], partitions = [])
15:42:18.550 [main] WARN  org.apache.kafka.clients.admin.AdminClientConfig - The configuration
'sasl.jaas.config' was supplied but isn't a known config.
15:42:18.550 [main] INFO  org.apache.kafka.common.utils.AppInfoParser - Kafka version : 0.11.0.1
15:42:18.550 [main] INFO  org.apache.kafka.common.utils.AppInfoParser - Kafka commitId : c2a0d5f9b1f45bf5
{code}

My code to generate my admin client is:
  
{code:java}
  public static AdminClient getAdminClient() {

        Properties adminProps = new Properties();
        adminProps.put(AdminClientConfig.BOOTSTRAP_SERVERS_CONFIG,
                Optional.ofNullable(System.getenv("KAFKA_BOOTSTRAP_SERVERS")).orElse("localhost:9092"));
        adminProps.put(AdminClientConfig.SECURITY_PROTOCOL_CONFIG,
                Optional.ofNullable(System.getenv("SECURITY_PROTOCOL")).orElse("PLAINTEXT"));
        adminProps.put(SaslConfigs.SASL_JAAS_CONFIG,
                Optional.ofNullable(System.getenv("SASL_JAAS_CONFIG")).orElse(""));

        return AdminClient.create(adminProps);
    }

{code}

If you feel that WARN is okay, we can close the JIRA, otherwise maybe we should rename the
JIRA and address the WARN?

> Kafka AdminClient does not support standard security settings
> -------------------------------------------------------------
>
>                 Key: KAFKA-5993
>                 URL: https://issues.apache.org/jira/browse/KAFKA-5993
>             Project: Kafka
>          Issue Type: Bug
>    Affects Versions: 0.11.0.1
>            Reporter: Stephane Maarek
>
> Kafka Admin Client does not support basic security configurations, such as "sasl.jaas.config".
> Therefore it makes it impossible to use against a secure cluster
> ```
> 14:12:12.948 [main] WARN  org.apache.kafka.clients.admin.AdminClientConfig - The configuration
'sasl.jaas.config' was supplied but isn't a known config.
> ```



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message