[
https://issues.apache.org/jira/browse/KAFKA-5993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16190808#comment-16190808
]
Stephane Maarek edited comment on KAFKA-5993 at 10/4/17 4:52 AM:
-----------------------------------------------------------------
[~ijuma] Indeed it does support security settings. The log still shows that
WARN, which is what was misleading on my end.
See full log here (it's using the PLAINTEXT protocol on purpose for now):
{code:java}
15:42:18.548 [main] INFO org.apache.kafka.clients.admin.AdminClientConfig -
AdminClientConfig values:
bootstrap.servers = [localhost:9092]
client.id =
connections.max.idle.ms = 300000
metadata.max.age.ms = 300000
metric.reporters = []
metrics.num.samples = 2
metrics.recording.level = INFO
metrics.sample.window.ms = 30000
receive.buffer.bytes = 65536
reconnect.backoff.max.ms = 1000
reconnect.backoff.ms = 50
request.timeout.ms = 120000
retries = 5
retry.backoff.ms = 100
sasl.jaas.config = [hidden]
sasl.kerberos.kinit.cmd = /usr/bin/kinit
sasl.kerberos.min.time.before.relogin = 60000
sasl.kerberos.service.name = null
sasl.kerberos.ticket.renew.jitter = 0.05
sasl.kerberos.ticket.renew.window.factor = 0.8
sasl.mechanism = GSSAPI
security.protocol = PLAINTEXT
send.buffer.bytes = 131072
ssl.cipher.suites = null
ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1]
ssl.endpoint.identification.algorithm = null
ssl.key.password = null
ssl.keymanager.algorithm = SunX509
ssl.keystore.location = null
ssl.keystore.password = null
ssl.keystore.type = JKS
ssl.protocol = TLS
ssl.provider = null
ssl.secure.random.implementation = null
ssl.trustmanager.algorithm = PKIX
ssl.truststore.location = null
ssl.truststore.password = null
ssl.truststore.type = JKS
15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added
sensor with name connections-closed:
15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added
sensor with name connections-created:
15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added
sensor with name bytes-sent-received:
15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added
sensor with name bytes-sent:
15:42:18.549 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added
sensor with name bytes-received:
15:42:18.549 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added
sensor with name select-time:
15:42:18.549 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added
sensor with name io-time:
15:42:18.549 [main] DEBUG org.apache.kafka.clients.Metadata - Updated cluster
metadata version 1 to Cluster(id = null, nodes = [localhost:9092 (id: -1 rack:
null)], partitions = [])
15:42:18.550 [main] WARN org.apache.kafka.clients.admin.AdminClientConfig -
The configuration 'sasl.jaas.config' was supplied but isn't a known config.
15:42:18.550 [main] INFO org.apache.kafka.common.utils.AppInfoParser - Kafka
version : 0.11.0.1
15:42:18.550 [main] INFO org.apache.kafka.common.utils.AppInfoParser - Kafka
commitId : c2a0d5f9b1f45bf5
{code}
My code to generate my admin client is:
{code:java}
public static AdminClient getAdminClient() {
Properties adminProps = new Properties();
adminProps.put(AdminClientConfig.BOOTSTRAP_SERVERS_CONFIG,
Optional.ofNullable(System.getenv("KAFKA_BOOTSTRAP_SERVERS")).orElse("localhost:9092"));
adminProps.put(AdminClientConfig.SECURITY_PROTOCOL_CONFIG,
Optional.ofNullable(System.getenv("SECURITY_PROTOCOL")).orElse("PLAINTEXT"));
adminProps.put(SaslConfigs.SASL_JAAS_CONFIG,
Optional.ofNullable(System.getenv("SASL_JAAS_CONFIG")).orElse(""));
return AdminClient.create(adminProps);
}
{code}
If you feel that WARN is okay, we can close the JIRA, otherwise maybe we should
rename the JIRA and address the WARN?
was (Author: stephane.maa...@gmail.com):
[~ijuma] Indeed it does support security settings. The log still shows that
WARN, which is what was misleading on my end.
See full log here:
{code:java}
15:42:18.548 [main] INFO org.apache.kafka.clients.admin.AdminClientConfig -
AdminClientConfig values:
bootstrap.servers = [localhost:9092]
client.id =
connections.max.idle.ms = 300000
metadata.max.age.ms = 300000
metric.reporters = []
metrics.num.samples = 2
metrics.recording.level = INFO
metrics.sample.window.ms = 30000
receive.buffer.bytes = 65536
reconnect.backoff.max.ms = 1000
reconnect.backoff.ms = 50
request.timeout.ms = 120000
retries = 5
retry.backoff.ms = 100
sasl.jaas.config = [hidden]
sasl.kerberos.kinit.cmd = /usr/bin/kinit
sasl.kerberos.min.time.before.relogin = 60000
sasl.kerberos.service.name = null
sasl.kerberos.ticket.renew.jitter = 0.05
sasl.kerberos.ticket.renew.window.factor = 0.8
sasl.mechanism = GSSAPI
security.protocol = PLAINTEXT
send.buffer.bytes = 131072
ssl.cipher.suites = null
ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1]
ssl.endpoint.identification.algorithm = null
ssl.key.password = null
ssl.keymanager.algorithm = SunX509
ssl.keystore.location = null
ssl.keystore.password = null
ssl.keystore.type = JKS
ssl.protocol = TLS
ssl.provider = null
ssl.secure.random.implementation = null
ssl.trustmanager.algorithm = PKIX
ssl.truststore.location = null
ssl.truststore.password = null
ssl.truststore.type = JKS
15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added
sensor with name connections-closed:
15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added
sensor with name connections-created:
15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added
sensor with name bytes-sent-received:
15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added
sensor with name bytes-sent:
15:42:18.549 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added
sensor with name bytes-received:
15:42:18.549 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added
sensor with name select-time:
15:42:18.549 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added
sensor with name io-time:
15:42:18.549 [main] DEBUG org.apache.kafka.clients.Metadata - Updated cluster
metadata version 1 to Cluster(id = null, nodes = [localhost:9092 (id: -1 rack:
null)], partitions = [])
15:42:18.550 [main] WARN org.apache.kafka.clients.admin.AdminClientConfig -
The configuration 'sasl.jaas.config' was supplied but isn't a known config.
15:42:18.550 [main] INFO org.apache.kafka.common.utils.AppInfoParser - Kafka
version : 0.11.0.1
15:42:18.550 [main] INFO org.apache.kafka.common.utils.AppInfoParser - Kafka
commitId : c2a0d5f9b1f45bf5
{code}
My code to generate my admin client is:
{code:java}
public static AdminClient getAdminClient() {
Properties adminProps = new Properties();
adminProps.put(AdminClientConfig.BOOTSTRAP_SERVERS_CONFIG,
Optional.ofNullable(System.getenv("KAFKA_BOOTSTRAP_SERVERS")).orElse("localhost:9092"));
adminProps.put(AdminClientConfig.SECURITY_PROTOCOL_CONFIG,
Optional.ofNullable(System.getenv("SECURITY_PROTOCOL")).orElse("PLAINTEXT"));
adminProps.put(SaslConfigs.SASL_JAAS_CONFIG,
Optional.ofNullable(System.getenv("SASL_JAAS_CONFIG")).orElse(""));
return AdminClient.create(adminProps);
}
{code}
If you feel that WARN is okay, we can close the JIRA, otherwise maybe we should
rename the JIRA and address the WARN?
> Kafka AdminClient does not support standard security settings
> -------------------------------------------------------------
>
> Key: KAFKA-5993
> URL: https://issues.apache.org/jira/browse/KAFKA-5993
> Project: Kafka
> Issue Type: Bug
> Affects Versions: 0.11.0.1
> Reporter: Stephane Maarek
>
> Kafka Admin Client does not support basic security configurations, such as
> "sasl.jaas.config".
> Therefore it makes it impossible to use against a secure cluster
> ```
> 14:12:12.948 [main] WARN org.apache.kafka.clients.admin.AdminClientConfig -
> The configuration 'sasl.jaas.config' was supplied but isn't a known config.
> ```
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
