Hello,
Having trouble when publishing and consuming from a topic with
SASL_PLAINTEXT.
Both ZK and Kafka start successfully, in logs I see SASL_PLAINTEXT on 9093
as being available.
kafka.log:[2018-08-20 03:31:08,202] INFO Registered broker 1 at path
/brokers/ids/1 with addresses:
EndPoint(kafkabroker1,9092,ListenerName(SSL),SSL),EndPoint(kafkabroker1,9093,ListenerName(SASL_PLAINTEXT),SASL_PLAINTEXT)
(kafka.utils.ZkUtils:70)
When i try to publish, e.g.
bin/kafka-console-producer --broker-list kafkabroker1:9093 \
--topic testtopic1 --producer.config /tmp/sasl-producer.properties
I get:
[2018-08-20 08:37:35,075] WARN Error while fetching metadata with
correlation id 3 : {testtopic1=UNKNOWN_TOPIC_OR_PARTITION}
(org.apache.kafka.clients.NetworkClient)
[2018-08-20 08:37:35,176] WARN Error while fetching metadata with
correlation id 4 : {testtopic1=UNKNOWN_TOPIC_OR_PARTITION}
(org.apache.kafka.clients.NetworkClient)
[2018-08-20 08:37:35,277] WARN Error while fetching metadata with
correlation id 5 : {testtopic1=UNKNOWN_TOPIC_OR_PARTITION}
(org.apache.kafka.clients.NetworkClient)
What I've verified:
1) Client can resolve advertisted.listeners on all brokers. (prior to
enabling SASL, PLAINTEXT and SSL work with my set advertisted.listerners)
2) In my sasl-producer.properties, im authenticating with user Kafka. Kafka
has been set as super user and in kafka-authorizer.log, I see "
[2018-08-20 08:27:19,971] DEBUG principal = User:kafka is a super user,
allowing operation without checking acls. (kafka.authorizer.logger)
[2018-08-20 08:27:19,971] DEBUG Principal = User:kafka is Allowed Operation
= Describe from host = 10.10.52.1 on resource = Topic:testtopic1
(kafka.authorizer.logger)
[2018-08-20 08:27:20,072] DEBUG operation = Read on resource = Topic:
testtopic1 from host = 10.10.52.1 is Allow based on acl = User:kafka has
Allow permission for operations: All from hosts: * (kafka.authorizer.logger)
and from the kafka.log's in DEBUG:
[2018-08-20 09:35:48,364] DEBUG principal = User:kafka is a super user,
allowing operation without checking acls. (kafka.authorizer.logger:159)
[2018-08-20 09:35:48,364] DEBUG Principal = User:kafka is Allowed Operation
= Describe from host = 10.89.64.7 on resource = Topic:kerbtest1
(kafka.authorizer.logger:251)
[2018-08-20 09:35:48,364] DEBUG Completed
request:{api_key=3,api_version=4,correlation_id=186,client_id=console-producer}
-- {topics=[kerbtest1],allow_auto_topic_creation=true} from connection
10.10.52.1:9093-10.10.52.1:42752;totalTime:0.461000,requestQueueTime:0.033000,localTime:0.346000,remoteTime:0.000000,throttleTime:0.033000,responseQueueTime:0.030000,sendTime:0.066000,securityProtocol:SASL_PLAINTEXT,principal:User:kafka,listener:SASL_PLAINTEXT
(kafka.request.logger:193)
I'm assuming everything is okay from an ACL standpoint but when the client
cannot get the topic metadata from the returned advertisted listeners?
Any ideas on what I could be missing? Could this be something with ZK
setup/any authentication I am missing there? I had even tried " skipACL=yes"
but that did not change anything.
Thanks!
