Login/Register
Kafka Server - Could not find a 'KafkaServer' in JAAS
Asked Answered
Solved apache-kafkajaassasl
R

3

6

I have a standalone kafka broker that I'm trying to configure SASL for. Configurations are below. I'm trying to set up SASL_PLAIN authentication on the broker.

My understanding is that with the listener.name... configuration in the server.properties, I shouldn't need the jaas file. But I've experimented with one to see if that might be a better approach.

I have experimented with each of these commands, but both result in the same exception.

  • sudo bin/kafka-server-start etc/kafka/server.properties
  • sudo -Djava.security.auth.login.config=etc/kafka/kafka_server_jaas.conf bin/kafka-server-start etc/kafka/server.properties

the exception displayed is:

Fatal error during KafkaServer startup. Prepare to shutdown... Could not find a 'KafkaServer' or 'sasl_plaintext.KafkaServer' entry in the JAAS configuration. System property 'java.security.auth.login.config' is not set

server.properties:

listeners=SASL_PLAINTEXT://0.0.0.0:9092
listener.security.protocol.map: SASL_PLAINTEXT:SASL_PLAINTEXT
listener.name.SASL_PLAINTEXT.plain.sasl.jaas.config:
            org.apache.kafka.common.security.plain.PlainLoginModule required /
username="username" /
password="Password" /
user_username="Password";  

advertised.listeners=SASL_PLAINTEXT://[ipaddress]:9092
sasl.enabled.mechanisms=PLAIN
sasl.mechanism.inter.broker.protocol=PLAIN
secutiy.inter.broker.protocol=SASL_PLAINTEXT

kafka_server_jaas.conf:

KafkaServer {
  org.apache.kafka.common.security.plain.PlainLoginModule required
   username="username"
   password="Password"
   user_username="Password";
};

I've spent a day looking at this already - has anyone else had experience with this problem?

Recruitment answered 8/1, 2019 at 21:40 Comment(1)
sudo -Djava... doesn't do anything (you shouldn't even need sudo to run Kafka)... Are you sure you setup that correctly?Relapse
R
4

Putting my mistakes here for austerity:

  • Don't do your startup commands from the cli, put them in a .sh file and run from there: For example, something like this:

zkstart 

export KAFKA_OPTS="-Djava.security.auth.login.config=etc/kafka/zookeeper_jaas.conf"
bin/zookeeper-server-start etc/kafka/zookeeper.properties &

kafkastart

export KAFKA_OPTS=-Djava.security.auth.login.config=etc/kafka/kafka_server_jaas.conf
bin/kafka-server-start etc/kafka/server.properties
  • If you still encounter an error related to the configs, check your _jaas files to ensure all the configuration sections in the error messages are present. If they are, it's likely the format isn't quite correct - check for the two semi-colons in each section and if that fails, try recreating the file entirely from scratch (or from a c&p from the documentation).

edit So, the final solution for me was to add the export.... lines to the beginning of the corresponding kafka-server-start and zookeeper-server-start files. It took me a while before the 'everything is a file' finally clicked and I realized the script files were the actual basis for the services.

Recruitment answered 9/1, 2019 at 15:19 Comment(2)
BTW, if you install Confluent Platform, then it offers systemctl startup/stop scriptsRelapse
I tried the same command but unable to run kafka server. Can you please look into the details? #60927705Perfectionism
R
6

You need to export a variable, not in-line the config to kafka-server-start (or sudo). 

export KAFKA_OPTS="-Djava.security.auth.login.config=/path/to/kafka_server_jaas.conf"
bin/kafka-server-start /path/to/server.properties

Ref. Confluent's sections on Kafka security

Relapse answered 9/1, 2019 at 3:26 Comment(1)
I would recommend the full tutorial, too docs.confluent.io/current/tutorials/security_tutorial.htmlRelapse
R
4

Putting my mistakes here for austerity:

  • Don't do your startup commands from the cli, put them in a .sh file and run from there: For example, something like this:

zkstart 

export KAFKA_OPTS="-Djava.security.auth.login.config=etc/kafka/zookeeper_jaas.conf"
bin/zookeeper-server-start etc/kafka/zookeeper.properties &

kafkastart

export KAFKA_OPTS=-Djava.security.auth.login.config=etc/kafka/kafka_server_jaas.conf
bin/kafka-server-start etc/kafka/server.properties
  • If you still encounter an error related to the configs, check your _jaas files to ensure all the configuration sections in the error messages are present. If they are, it's likely the format isn't quite correct - check for the two semi-colons in each section and if that fails, try recreating the file entirely from scratch (or from a c&p from the documentation).

edit So, the final solution for me was to add the export.... lines to the beginning of the corresponding kafka-server-start and zookeeper-server-start files. It took me a while before the 'everything is a file' finally clicked and I realized the script files were the actual basis for the services.

Recruitment answered 9/1, 2019 at 15:19 Comment(2)
BTW, if you install Confluent Platform, then it offers systemctl startup/stop scriptsRelapse
I tried the same command but unable to run kafka server. Can you please look into the details? #60927705Perfectionism
N
0

This is in line with other accepted answers, but incase you are on docker or using more environment variables to pass the SASL JAAS configuration, you need this environment variable :

environment:
      KAFKA_LISTENER_NAME_SASL_LISTENER_PLAIN_SASL_JAAS_CONFIG: org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="admin-secret" user_admin="admin-secret" ;

(username and password needs to be updated according to your setup)

IMPORTANT: Here _SASL_LISTENER_ is the name of the SASL listener, it needs to be updated as per your configuration - can refer from mostly value of this variable KAFKA_LISTENER_SECURITY_PROTOCOL_MAP

Narration answered 10/6 at 8:51 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.