SASL_SSL setup - Failed to create consumer for offset topic for cluster

[sparrovv]

Hi,

I'm trying to set up a SASL_SSL connection to Kafka cluster (0.10.2.0), but I'm getting an error message org.apache.kafka.common.KafkaException: Failed to construct kafka consumer which is the underlying problem for kafka-manager to display consumers information.

Anyways, this is what I have:

~/jaas.conf:

KafkaClient {
  org.apache.kafka.common.security.plain.PlainLoginModule required
  username="user"
  password="pass";
};

conf/consumer.properties:

security.protocol=SASL_SSL
sasl.mechanism=PLAIN
ssl.truststore.location=/home/user/kafka.client.truststore.jks
ssl.truststore.password=verysecretpass

This how I start the service:

ZK_HOSTS="..." bin/kafka-manager -Dhttp.port=8080 -Djava.security.auth.login.config=/home/user/jaas.conf

And that's what I'm getting in the log:

2017-08-28 14:11:21,788 - [ERROR] - from kafka.manager.actor.cluster.package$TryLogErrorHelper in KafkaManagedOffsetCache
Failed to create consumer for offset topic for cluster integration-ssl
org.apache.kafka.common.KafkaException: Failed to construct kafka consumer
        at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:702) ~[org.apache.kafka.kafka-clients-0.10.0.1.jar:na]
        at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:587) ~[org.apache.kafka.kafka-clients-0.10.0.1.jar:na]
        at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:569) ~[org.apache.kafka.kafka-clients-0.10.0.1.jar:na]
        at kafka.manager.actor.cluster.KafkaManagedOffsetCache.kafka$manager$actor$cluster$KafkaManagedOffsetCache$$createKafkaConsumer(KafkaStateActor.scala:216) ~[kafka-manager.kafka-manager-1.3.3.13-sans-externalized.jar:na]
        at kafka.manager.actor.cluster.KafkaManagedOffsetCache$$anonfun$run$1.apply(KafkaStateActor.scala:260) ~[kafka-manager.kafka-manager-1.3.3.13-sans-externalized.jar:na]
        at kafka.manager.actor.cluster.KafkaManagedOffsetCache$$anonfun$run$1.apply(KafkaStateActor.scala:259) ~[kafka-manager.kafka-manager-1.3.3.13-sans-externalized.jar:na]
        at scala.util.Try$.apply(Try.scala:192) ~[org.scala-lang.scala-library-2.11.8.jar:na]
        at kafka.manager.actor.cluster.KafkaManagedOffsetCache.run(KafkaStateActor.scala:259) ~[kafka-manager.kafka-manager-1.3.3.13-sans-externalized.jar:na]
        at java.lang.Thread.run(Thread.java:748) [na:1.8.0_141]
Caused by: org.apache.kafka.common.KafkaException: java.lang.IllegalArgumentException: No serviceName defined in either JAAS or Kafka config
        at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:86) ~[org.apache.kafka.kafka-clients-0.10.0.1.jar:na]
        at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:70) ~[org.apache.kafka.kafka-clients-0.10.0.1.jar:na]
        at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:83) ~[org.apache.kafka.kafka-clients-0.10.0.1.jar:na]
        at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:623) ~[org.apache.kafka.kafka-clients-0.10.0.1.jar:na]
        ... 8 common frames omitted
Caused by: java.lang.IllegalArgumentException: No serviceName defined in either JAAS or Kafka config
        at org.apache.kafka.common.security.kerberos.KerberosLogin.getServiceName(KerberosLogin.java:313) ~[org.apache.kafka.kafka-clients-0.10.0.1.jar:na]
        at org.apache.kafka.common.security.kerberos.KerberosLogin.configure(KerberosLogin.java:103) ~[org.apache.kafka.kafka-clients-0.10.0.1.jar:na]
        at org.apache.kafka.common.security.authenticator.LoginManager.<init>(LoginManager.java:45) ~[org.apache.kafka.kafka-clients-0.10.0.1.jar:na]
        at org.apache.kafka.common.security.authenticator.LoginManager.acquireLoginManager(LoginManager.java:68) ~[org.apache.kafka.kafka-clients-0.10.0.1.jar:na]
        at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:78) ~[org.apache.kafka.kafka-clients-0.10.0.1.jar:na]
        ... 11 common frames omitted

2017-08-28 14:11:21,790 - [INFO] - from kafka.manager.actor.cluster.KafkaManagedOffsetCache in KafkaManagedOffsetCache
KafkaManagedOffsetCache shut down for cluster integration-ssl

I'd appreciate help with it and I'm happy to provide some documentation to the project once we know what the problem is.

[priashah]

I have configured it to use the sasl.mechanism to be 'PLAIN' as well , it seems to be using 'GSSAPI'. Were you able to figure out what is overriding here?

Edit: Seems like it doesnt have the option to provide the sasl.mechanism to be used, it defaults to GSSAPI.

[sparrovv]

@priashah No, I haven't looked at it since I logged that issue :( Although in the code it seems that it takes conf/consumer.properties into account when creating KafkaConsumer object: https://github.com/yahoo/kafka-manager/blob/33327659b64175780759fc4d10580198da649d73/app/kafka/manager/actor/cluster/KafkaStateActor.scala#L91-L97

[lllewellyn]

Please see my comment on #495; found that issue before this one.

[priashah]

Thanks @lllewellyn , I did make the enhancement to read the values from the cluster page. It works that way.

[jrevillard]

Hi all,

I'm facing the exact same issue... and cannot make it working. Is there a workaround ?

Best,
Jerome

[priashah]

Hi Jerome,
Did you take a look at IIIewellyn's comment of the #495 .
I too modified the code base on similar lines and got it to work.

[jrevillard]

Hi @priashah ,

Yes I saw it but did not try as I would refer to have it properly integrated here. Do you have a fork with your modifications ?

Best,
Jérôme

[jsargiot]

I think this will be fixed once #532 is merged.

[ChhatralaNirmal]

Can someone send me the full configuration steps or reference files to configure SASL_SSL/LDAP in Kafka-manager ?
We have secure kafka cluster with SASL_SSL settings.
How do we configure kafka-manager to use https:// ? like(jks keystore, password) ..
I want to configure below in Kafka manager >>

1. https://
2. Integrate with LDAP
3. integrate with secure kafka cluster on SASL_SSL

if you have configured in the past, please share your settings that would be really helpful!