Hi,
I have configured the brokers and zookeepers as below to enable SSL and
authentication with SASL/Kerberos. I have tried with and without
advertised.listeners, advertised.host.name, host.name, port.
*server.properties*
listeners=SASL_SSL://<hostname>:9092
advertised.listeners=SASL_SSL://<hostname>:9092
advertised.host.name=<hostname>
host.name=<hostname>
port=9092
ssl.truststore.location=kafka.server.truststore.jks
ssl.truststore.password=password
ssl.keystore.location=kafka.server.keystore.jks
ssl.keystore.password=password
ssl.key.password=password
security.inter.broker.protocol=SASL_SSL
sasl.mechanism.inter.broker.protocol=GSSAPI
sasl.enabled.mechanisms=GSSAPI
sasl.kerberos.service.name=HTTP
allow.everyone.if.no.acl.found=true
zookeeper.set.acl=true
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
super.users=User:kafka;User:admin
*zookeeper.properties*
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
requireClientAuthScheme=sasl
jaasLoginRenew=3600000
quorum.auth.enableSasl=true
quorum.auth.learnerRequireSasl=true
quorum.auth.serverRequireSasl=true
quorum.auth.learner.loginContext=QuorumLearner
quorum.auth.server.loginContext=QuorumServer
quorum.cnxn.threads.size=20
I have all the brokers and zookeepers configured similarly except for the
hostname.
Unfortunately I am unable to run my client. Below is error with consumer
kafkacat -b <hostname> -P -X security.protocol=SASL_SSL -X
sasl.mechanisms=GSSAPI -X sasl.kerberos.keytab=krb5.keytab -X
sasl.kerberos.service.name=HTTP -X
sasl.kerberos.principal=HTTP/<hostname>/<domain> -t test -C
% ERROR: Topic test error: Broker: Leader not available
Any suggestions?
Thanks
AA
I have configured the brokers and zookeepers as below to enable SSL and
authentication with SASL/Kerberos. I have tried with and without
advertised.listeners, advertised.host.name, host.name, port.
*server.properties*
listeners=SASL_SSL://<hostname>:9092
advertised.listeners=SASL_SSL://<hostname>:9092
advertised.host.name=<hostname>
host.name=<hostname>
port=9092
ssl.truststore.location=kafka.server.truststore.jks
ssl.truststore.password=password
ssl.keystore.location=kafka.server.keystore.jks
ssl.keystore.password=password
ssl.key.password=password
security.inter.broker.protocol=SASL_SSL
sasl.mechanism.inter.broker.protocol=GSSAPI
sasl.enabled.mechanisms=GSSAPI
sasl.kerberos.service.name=HTTP
allow.everyone.if.no.acl.found=true
zookeeper.set.acl=true
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
super.users=User:kafka;User:admin
*zookeeper.properties*
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
requireClientAuthScheme=sasl
jaasLoginRenew=3600000
quorum.auth.enableSasl=true
quorum.auth.learnerRequireSasl=true
quorum.auth.serverRequireSasl=true
quorum.auth.learner.loginContext=QuorumLearner
quorum.auth.server.loginContext=QuorumServer
quorum.cnxn.threads.size=20
I have all the brokers and zookeepers configured similarly except for the
hostname.
Unfortunately I am unable to run my client. Below is error with consumer
kafkacat -b <hostname> -P -X security.protocol=SASL_SSL -X
sasl.mechanisms=GSSAPI -X sasl.kerberos.keytab=krb5.keytab -X
sasl.kerberos.service.name=HTTP -X
sasl.kerberos.principal=HTTP/<hostname>/<domain> -t test -C
% ERROR: Topic test error: Broker: Leader not available
Any suggestions?
Thanks
AA
Comments
Post a Comment