Hi All, I am trying to enable ACL's in my Kafka cluster with along with SSL Protocol.
I tried with each and every parameters but no luck, so I need help to enable the SSL(without Kerberos) and I am attaching all the configuration details in this. Kindly Help me. *I tested SSL without ACL, it worked fine (listeners=SSL://10.247.195.122:9093 <http://10.247.195.122:9093>)* *This is my Kafka server properties file:* *############################# ACL SETTINGS #############################* *auto.create.topics.enable=true* *authorizer.class.name <http://authorizer.class.name>=kafka.security.auth.SimpleAclAuthorizer* *security.inter.broker.protocol=SSL* *#allow.everyone.if.no.acl.found=true* *#principal.builder.class=CustomizedPrincipalBuilderClass* *#super.users=User:"CN=writeuser,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown"* *#super.users=User:Raghu;User:Admin* *#offsets.storage=kafka* *#dual.commit.enabled=true* *listeners=SSL://10.247.195.122:9093 <http://10.247.195.122:9093>* *#listeners=PLAINTEXT://10.247.195.122:9092 <http://10.247.195.122:9092>* *#listeners=PLAINTEXT://10.247.195.122:9092 <http://10.247.195.122:9092>,SSL://10.247.195.122:9093 <http://10.247.195.122:9093>* *#advertised.listeners=PLAINTEXT://10.247.195.122:9092 <http://10.247.195.122:9092>* * ssl.keystore.location=/home/raghu/kafka/security/server.keystore.jks* * ssl.keystore.password=123456* * ssl.key.password=123456* * ssl.truststore.location=/home/raghu/kafka/security/server.truststore.jks* * ssl.truststore.password=123456* *Set the ACL from Authorizer CLI:* > *bin/kafka-acls.sh --authorizer-properties zookeeper.connect=10.247.195.122:2181 <http://10.247.195.122:2181> --list --topic ssltopic* *Current ACLs for resource `Topic:ssltopic`: * * User:CN=writeuser, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown has Allow permission for operations: Write from hosts: * * *XXXWMXXX-7:kafka_2.11-0.10.1.0 rbaddam$ bin/kafka-console-producer.sh --broker-list 10.247.195.122:9093 <http://10.247.195.122:9093> --topic ssltopic --producer.config client-ssl.properties* *[2016-12-13 14:53:45,839] WARN Error while fetching metadata with correlation id 0 : {ssltopic=UNKNOWN_TOPIC_OR_PARTITION} (org.apache.kafka.clients.NetworkClient)* *[2016-12-13 14:53:45,984] WARN Error while fetching metadata with correlation id 1 : {ssltopic=UNKNOWN_TOPIC_OR_PARTITION} (org.apache.kafka.clients.NetworkClient)* *XXXWMXXX-7:kafka_2.11-0.10.1.0 rbaddam$ cat client-ssl.properties* *#group.id <http://group.id>=sslgroup* *security.protocol=SSL* *ssl.truststore.location=/Users/rbaddam/Desktop/Dev/kafka_2.11-0.10.1.0/ssl/client.truststore.jks* *ssl.truststore.password=123456* * #Configure Below if you use Client Auth* *ssl.keystore.location=/Users/rbaddam/Desktop/Dev/kafka_2.11-0.10.1.0/ssl/client.keystore.jks* *ssl.keystore.password=123456* *ssl.key.password=123456* *XXXWMXXX-7:kafka_2.11-0.10.1.0 rbaddam$ bin/kafka-console-consumer.sh --bootstrap-server 10.247.195.122:9093 <http://10.247.195.122:9093> --new-consumer --consumer.config client-ssl.properties --topic ssltopic --from-beginning* *[2016-12-13 14:53:28,817] WARN Error while fetching metadata with correlation id 1 : {ssltopic=UNKNOWN_TOPIC_OR_PARTITION} (org.apache.kafka.clients.NetworkClient)* *[2016-12-13 14:53:28,819] ERROR Unknown error when running consumer: (kafka.tools.ConsoleConsumer$)* *org.apache.kafka.common.errors.GroupAuthorizationException: Not authorized to access group: console-consumer-52826* Thanks in advance, Raghu - raghu98...@gmail.com
