Hello ,
I have configured Kafka ( CF community edition ) with Kraft, SSL, SASL_PLAINTEXT using docker compose along with KLAW containers. I have configured DEV1_KAFKASASL_JAASCONFIG.PLAIN as environment variable. but still i am getting
following exception Caused by: java.lang.IllegalArgumentException: Could not find a ‘KafkaClient’ entry in the JAAS configuration. System property ‘java.security.auth.login.config’ is not set.
How to configure system variable using Klaw docker installation ?
Hey @seeaganesh thanks for reaching out.
there are two ways to configure variables in docker.
you can add them to the docker compose as environment variables for example
java.security.auth.login.config will become JAVA_SECURITY_AUTH_LOGIN_CONFIG
Here is some example documentation on how to add different types of values to the docker compose. Run Klaw in Docker | Klaw: Apache Kafka governance toolkit
The second option is to point to a application.properties file and add the configuration there.
example: add SPRING_CONFIG_LOCATION
services:
klaw-core:
image: klaw-core:latest
container_name: klaw-core
environment:
KLAW_UIAPI_SERVERS: "http://klaw-core:9097"
KLAW_CLUSTERAPI_URL: "http://klaw-cluster-api:9343"
SPRING_CONFIG_LOCATION: "/klaw/klaw-application.properties"
volumes:
- "klaw_data:/klaw"
extra_hosts:
- "moby:127.0.0.1"
ports:
- 9097:9097
volumes:
klaw_data:
driver: local
Let me know if this answers your question or if you need more specific help with JAAS Config.
Thanks,
Aindriú
hello i am trying following, but still it is not working.
if i am using default login module for the PLAIN mechanism. I want to connect Klaw to this broker(s) and manage the ACL, users.
Do you have any working docker compose?
volumes:
#kraft-ct0: {}
#kraft-ct1: {}
kraft-bk1: {}
#kraft-bk2: {}
klaw_data:
driver: local
services:
broker-1:
image: confluentinc/cp-kafka:${VERSION}
hostname: broker-1
container_name: kraft-broker-1
stop_grace_period: 60s
healthcheck:
test: nc -z localhost 9092 || exit 1
start_period: 5s
interval: 5s
timeout: 5s
retries: 3
#depends_on:
# controller-0:
# condition: service_healthy
#controller-1:
# condition: service_healthy
ports:
- '19092:19092'
- '17071:7071'
volumes:
- kraft-bk1:/var/lib/kafka/data
- ./jmx_prometheus:/opt/jmx_prometheus
- ./secrets:/etc/kafka/secrets
- ./broker.sh:/tmp/broker.sh
- ./config/:/opt/kafka/config/
command: "bash -c '/tmp/broker.sh && /etc/confluent/docker/run'"
environment:
KAFKA_NODE_ID: 10
KAFKA_SECURITY_INTER_BROKER_LISTENER_NAME: SSL
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:SASL_PLAINTEXT,CONTROLLER:SASL_PLAINTEXT,SSL:SASL_SSL
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://broker-1:9092,SSL://localhost:19092
KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER
KAFKA_MIN_INSYNC_REPLICAS: 1
KAFKA_NUM_PARTITIONS: 1
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 500
KAFKA_DEFAULT_REPLICATION_FACTOR: 1
KAFKA_METRIC_REPORTERS:
KAFKA_OPTS: -javaagent:/opt/jmx_prometheus/jmx_prometheus_javaagent.jar=7071:/opt/jmx_prometheus/kafka-config.yml -javaagent:/opt/jmx_prometheus/jolokia-agent.jar=port=7072,host=* -Djava.security.auth.login.config=/opt/kafka/config/jaas-kafka-server.conf
CONFLUENT_METRICS_ENABLE: 'false'
KAFKA_SUPER_USERS: User:admin
KAFKA_AUTHORIZER_CLASS_NAME: org.apache.kafka.metadata.authorizer.StandardAuthorizer
KAFKA_SSL_KEYSTORE_FILENAME: kafka.broker1.keystore.jks
KAFKA_SSL_KEYSTORE_CREDENTIALS: broker1_keystore_creds
KAFKA_SSL_KEY_CREDENTIALS: broker1_sslkey_creds
KAFKA_SSL_TRUSTSTORE_FILENAME: kafka.broker1.truststore.jks
KAFKA_SSL_TRUSTSTORE_CREDENTIALS: broker1_truststore_creds
KAFKA_SSL_CLIENT_AUTH: "required"
KAFKA_LISTENERS: CONTROLLER://:9093,PLAINTEXT://:9092,SSL://:19092
#KAFKA_CFG_LISTENERS=SECURED://:9093,CONTROLLER://:9094,INTERBROKER://:9092
KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER
KAFKA_PROCESS_ROLES: controller,broker
KAFKA_CONTROLLER_QUORUM_VOTERS: 10@broker-1:9093
KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
KAFKA_SASL_ENABLED_MECHANISMS: PLAIN
KAFKA_SASL_MECHANISM: PLAIN
KAFKA_SASL_MECHANISM_CONTROLLER_PROTOCOL: PLAIN
klaw-core:
image: aivenoy/klaw-core:latest
container_name: klaw-core
environment:
KLAW_CLUSTERAPI_ACCESS_BASE64_SECRET: VGhpc0lzRXhhY3RseUEzMkNoYXJTdHJpbmdTZWNyZXRHYW5lc2gK
SPRING_DATASOURCE_URL: "jdbc:h2:file:/klaw/klawprodb;DB_CLOSE_ON_EXIT=FALSE;DB_CLOSE_DELAY=-1;MODE=MySQL;CASE_INSENSITIVE_IDENTIFIERS=TRUE;"
KLAW_UIAPI_SERVERS: "http://localhost:9097"
DEV1_KAFKASSL_KEYSTORE_LOCATION: "/etc/kafka/secrets/kafka.broker2.keystore.jks"
DEV1_KAFKASSL_KEYSTORE_PWD: "confluent"
DEV1_KAFKASSL_KEY_PWD: "confluent"
DEV1_KAFKASSL_KEYSTORE_TYPE: "JKS"
DEV1_KAFKASSL_TRUSTSTORE_LOCATION: "/etc/kafka/secrets/kafka.broker1.truststore.jks"
DEV1_KAFKASSL_TRUSTSTORE_PWD: "confluent"
DEV1_KAFKASSL_TRUSTSTORE_TYPE: "JKS"
DEV1_KAFKASASL_JAASCONFIG.PLAIN: "org.apache.kafka.common.security.plain.PlainLoginModule required username='admin' password='admin';"
JAVA_SECURITY_AUTH_LOGIN_CONFIG: /etc/kafka/config/jaas-kafka-server.conf
volumes:
- "klaw_data:/klaw"
- ./secrets:/etc/kafka/secrets
- ./config:/etc/kafka/config
extra_hosts:
- "moby:127.0.0.1"
ports:
- 9097:9097
klaw-cluster-api:
image: aivenoy/klaw-cluster-api:latest
container_name: klaw-cluster-api
environment:
KLAW_CLUSTERAPI_ACCESS_BASE64_SECRET: VGhpc0lzRXhhY3RseUEzMkNoYXJTdHJpbmdTZWNyZXRHYW5lc2gK
DEV1_KAFKASSL_KEYSTORE_LOCATION: "/etc/kafka/secrets/kafka.broker2.keystore.jks"
DEV1_KAFKASSL_KEYSTORE_PWD: "confluent"
DEV1_KAFKASSL_KEY_PWD: "confluent"
DEV1_KAFKASSL_KEYSTORE_TYPE: "JKS"
DEV1_KAFKASSL_TRUSTSTORE_LOCATION: "/etc/kafka/secrets/kafka.broker1.truststore.jks"
DEV1_KAFKASSL_TRUSTSTORE_PWD: "confluent"
DEV1_KAFKASSL_TRUSTSTORE_TYPE: "JKS"
DEV1_KAFKASASL_JAASCONFIG.PLAIN: "org.apache.kafka.common.security.plain.PlainLoginModule required username='admin' password='admin';"
JAVA_SECURITY_AUTH_LOGIN_CONFIG: /etc/kafka/config/jaas-kafka-server.conf
volumes:
- "klaw_data:/klaw"
- ./secrets:/etc/kafka/secrets
- ./config:/etc/kafka/config
extra_hosts:
- "moby:127.0.0.1"
ports:
- 9343:9343
Hello
Thank you for your reply. i tried the config, but it is throwing same exception.
Here is my docker compose file
i am using default login module for plain. JAAS config is as standard documentation.
Is there any working example, video , explaining configuration on Kafka sider?
if i connect klaw to brokers like i shown in my docker compose, will Klaw help me in creating users, ACLs etc ?
volumes:
#kraft-ct0: {}
#kraft-ct1: {}
kraft-bk1: {}
#kraft-bk2: {}
klaw_data:
driver: local
services:
broker-1:
image: confluentinc/cp-kafka:${VERSION}
hostname: broker-1
container_name: kraft-broker-1
stop_grace_period: 60s
healthcheck:
test: nc -z localhost 9092 || exit 1
start_period: 5s
interval: 5s
timeout: 5s
retries: 3
#depends_on:
# controller-0:
# condition: service_healthy
#controller-1:
# condition: service_healthy
ports:
- '19092:19092'
- '17071:7071'
volumes:
- kraft-bk1:/var/lib/kafka/data
- ./jmx_prometheus:/opt/jmx_prometheus
- ./secrets:/etc/kafka/secrets
- ./broker.sh:/tmp/broker.sh
- ./config/:/opt/kafka/config/
command: "bash -c '/tmp/broker.sh && /etc/confluent/docker/run'"
environment:
KAFKA_NODE_ID: 10
KAFKA_SECURITY_INTER_BROKER_LISTENER_NAME: SSL
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:SASL_PLAINTEXT,CONTROLLER:SASL_PLAINTEXT,SSL:SASL_SSL
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://broker-1:9092,SSL://localhost:19092
KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER
KAFKA_MIN_INSYNC_REPLICAS: 1
KAFKA_NUM_PARTITIONS: 1
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 500
KAFKA_DEFAULT_REPLICATION_FACTOR: 1
KAFKA_METRIC_REPORTERS:
KAFKA_OPTS: -javaagent:/opt/jmx_prometheus/jmx_prometheus_javaagent.jar=7071:/opt/jmx_prometheus/kafka-config.yml -javaagent:/opt/jmx_prometheus/jolokia-agent.jar=port=7072,host=* -Djava.security.auth.login.config=/opt/kafka/config/jaas-kafka-server.conf
CONFLUENT_METRICS_ENABLE: 'false'
KAFKA_SUPER_USERS: User:admin
KAFKA_AUTHORIZER_CLASS_NAME: org.apache.kafka.metadata.authorizer.StandardAuthorizer
KAFKA_SSL_KEYSTORE_FILENAME: kafka.broker1.keystore.jks
KAFKA_SSL_KEYSTORE_CREDENTIALS: broker1_keystore_creds
KAFKA_SSL_KEY_CREDENTIALS: broker1_sslkey_creds
KAFKA_SSL_TRUSTSTORE_FILENAME: kafka.broker1.truststore.jks
KAFKA_SSL_TRUSTSTORE_CREDENTIALS: broker1_truststore_creds
KAFKA_SSL_CLIENT_AUTH: "required"
KAFKA_LISTENERS: CONTROLLER://:9093,PLAINTEXT://:9092,SSL://:19092
#KAFKA_CFG_LISTENERS=SECURED://:9093,CONTROLLER://:9094,INTERBROKER://:9092
KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER
KAFKA_PROCESS_ROLES: controller,broker
KAFKA_CONTROLLER_QUORUM_VOTERS: 10@broker-1:9093
KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
KAFKA_SASL_ENABLED_MECHANISMS: PLAIN
KAFKA_SASL_MECHANISM: PLAIN
KAFKA_SASL_MECHANISM_CONTROLLER_PROTOCOL: PLAIN
klaw-core:
image: aivenoy/klaw-core:latest
container_name: klaw-core
environment:
KLAW_CLUSTERAPI_ACCESS_BASE64_SECRET: VGhpc0lzRXhhY3RseUEzMkNoYXJTdHJpbmdTZWNyZXRHYW5lc2gK
SPRING_DATASOURCE_URL: "jdbc:h2:file:/klaw/klawprodb;DB_CLOSE_ON_EXIT=FALSE;DB_CLOSE_DELAY=-1;MODE=MySQL;CASE_INSENSITIVE_IDENTIFIERS=TRUE;"
KLAW_UIAPI_SERVERS: "http://localhost:9097"
DEV1_KAFKASSL_KEYSTORE_LOCATION: "/etc/kafka/secrets/kafka.broker2.keystore.jks"
DEV1_KAFKASSL_KEYSTORE_PWD: "confluent"
DEV1_KAFKASSL_KEY_PWD: "confluent"
DEV1_KAFKASSL_KEYSTORE_TYPE: "JKS"
DEV1_KAFKASSL_TRUSTSTORE_LOCATION: "/etc/kafka/secrets/kafka.broker1.truststore.jks"
DEV1_KAFKASSL_TRUSTSTORE_PWD: "confluent"
DEV1_KAFKASSL_TRUSTSTORE_TYPE: "JKS"
DEV1_KAFKASASL_JAASCONFIG.PLAIN: "org.apache.kafka.common.security.plain.PlainLoginModule required username='admin' password='admin';"
JAVA_SECURITY_AUTH_LOGIN_CONFIG: /etc/kafka/config/jaas-kafka-server.conf
volumes:
- "klaw_data:/klaw"
- ./secrets:/etc/kafka/secrets
- ./config:/etc/kafka/config
extra_hosts:
- "moby:127.0.0.1"
ports:
- 9097:9097
klaw-cluster-api:
image: aivenoy/klaw-cluster-api:latest
container_name: klaw-cluster-api
environment:
KLAW_CLUSTERAPI_ACCESS_BASE64_SECRET: VGhpc0lzRXhhY3RseUEzMkNoYXJTdHJpbmdTZWNyZXRHYW5lc2gK
DEV1_KAFKASSL_KEYSTORE_LOCATION: "/etc/kafka/secrets/kafka.broker2.keystore.jks"
DEV1_KAFKASSL_KEYSTORE_PWD: "confluent"
DEV1_KAFKASSL_KEY_PWD: "confluent"
DEV1_KAFKASSL_KEYSTORE_TYPE: "JKS"
DEV1_KAFKASSL_TRUSTSTORE_LOCATION: "/etc/kafka/secrets/kafka.broker1.truststore.jks"
DEV1_KAFKASSL_TRUSTSTORE_PWD: "confluent"
DEV1_KAFKASSL_TRUSTSTORE_TYPE: "JKS"
DEV1_KAFKASASL_JAASCONFIG.PLAIN: "org.apache.kafka.common.security.plain.PlainLoginModule required username='admin' password='admin';"
JAVA_SECURITY_AUTH_LOGIN_CONFIG: /etc/kafka/config/jaas-kafka-server.conf
volumes:
- "klaw_data:/klaw"
- ./secrets:/etc/kafka/secrets
- ./config:/etc/kafka/config
extra_hosts:
- "moby:127.0.0.1"
ports:
- 9343:9343
i tried your config , it failed for the same error.
volumes:
#kraft-ct0: {}
#kraft-ct1: {}
kraft-bk1: {}
#kraft-bk2: {}
klaw_data:
driver: local
services:
broker-1:
image: confluentinc/cp-kafka:${VERSION}
hostname: broker-1
container_name: kraft-broker-1
stop_grace_period: 60s
healthcheck:
test: nc -z localhost 9092 || exit 1
start_period: 5s
interval: 5s
timeout: 5s
retries: 3
#depends_on:
# controller-0:
# condition: service_healthy
#controller-1:
# condition: service_healthy
ports:
- '19092:19092'
- '17071:7071'
volumes:
- kraft-bk1:/var/lib/kafka/data
- ./jmx_prometheus:/opt/jmx_prometheus
- ./secrets:/etc/kafka/secrets
- ./broker.sh:/tmp/broker.sh
- ./config/:/opt/kafka/config/
command: "bash -c '/tmp/broker.sh && /etc/confluent/docker/run'"
environment:
KAFKA_NODE_ID: 10
KAFKA_SECURITY_INTER_BROKER_LISTENER_NAME: SSL
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:SASL_PLAINTEXT,CONTROLLER:SASL_PLAINTEXT,SSL:SASL_SSL
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://broker-1:9092,SSL://localhost:19092
KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER
KAFKA_MIN_INSYNC_REPLICAS: 1
KAFKA_NUM_PARTITIONS: 1
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 500
KAFKA_DEFAULT_REPLICATION_FACTOR: 1
KAFKA_METRIC_REPORTERS:
KAFKA_OPTS: -javaagent:/opt/jmx_prometheus/jmx_prometheus_javaagent.jar=7071:/opt/jmx_prometheus/kafka-config.yml -javaagent:/opt/jmx_prometheus/jolokia-agent.jar=port=7072,host=* -Djava.security.auth.login.config=/opt/kafka/config/jaas-kafka-server.conf
CONFLUENT_METRICS_ENABLE: 'false'
KAFKA_SUPER_USERS: User:admin
KAFKA_AUTHORIZER_CLASS_NAME: org.apache.kafka.metadata.authorizer.StandardAuthorizer
KAFKA_SSL_KEYSTORE_FILENAME: kafka.broker1.keystore.jks
KAFKA_SSL_KEYSTORE_CREDENTIALS: broker1_keystore_creds
KAFKA_SSL_KEY_CREDENTIALS: broker1_sslkey_creds
KAFKA_SSL_TRUSTSTORE_FILENAME: kafka.broker1.truststore.jks
KAFKA_SSL_TRUSTSTORE_CREDENTIALS: broker1_truststore_creds
KAFKA_SSL_CLIENT_AUTH: "required"
KAFKA_LISTENERS: CONTROLLER://:9093,PLAINTEXT://:9092,SSL://:19092
#KAFKA_CFG_LISTENERS=SECURED://:9093,CONTROLLER://:9094,INTERBROKER://:9092
KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER
KAFKA_PROCESS_ROLES: controller,broker
KAFKA_CONTROLLER_QUORUM_VOTERS: 10@broker-1:9093
KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
KAFKA_SASL_ENABLED_MECHANISMS: PLAIN
KAFKA_SASL_MECHANISM: PLAIN
KAFKA_SASL_MECHANISM_CONTROLLER_PROTOCOL: PLAIN
klaw-core:
image: aivenoy/klaw-core:latest
container_name: klaw-core
environment:
KLAW_CLUSTERAPI_ACCESS_BASE64_SECRET: VGhpc0lzRXhhY3RseUEzMkNoYXJTdHJpbmdTZWNyZXRHYW5lc2gK
SPRING_DATASOURCE_URL: "jdbc:h2:file:/klaw/klawprodb;DB_CLOSE_ON_EXIT=FALSE;DB_CLOSE_DELAY=-1;MODE=MySQL;CASE_INSENSITIVE_IDENTIFIERS=TRUE;"
KLAW_UIAPI_SERVERS: "http://localhost:9097"
DEV1_KAFKASSL_KEYSTORE_LOCATION: "/etc/kafka/secrets/kafka.broker2.keystore.jks"
DEV1_KAFKASSL_KEYSTORE_PWD: "confluent"
DEV1_KAFKASSL_KEY_PWD: "confluent"
DEV1_KAFKASSL_KEYSTORE_TYPE: "JKS"
DEV1_KAFKASSL_TRUSTSTORE_LOCATION: "/etc/kafka/secrets/kafka.broker1.truststore.jks"
DEV1_KAFKASSL_TRUSTSTORE_PWD: "confluent"
DEV1_KAFKASSL_TRUSTSTORE_TYPE: "JKS"
DEV1_KAFKASASL_JAASCONFIG.PLAIN: "org.apache.kafka.common.security.plain.PlainLoginModule required username='admin' password='admin';"
JAVA_SECURITY_AUTH_LOGIN_CONFIG: /etc/kafka/config/jaas-kafka-server.conf
volumes:
- "klaw_data:/klaw"
- ./secrets:/etc/kafka/secrets
- ./config:/etc/kafka/config
extra_hosts:
- "moby:127.0.0.1"
ports:
- 9097:9097
klaw-cluster-api:
image: aivenoy/klaw-cluster-api:latest
container_name: klaw-cluster-api
environment:
KLAW_CLUSTERAPI_ACCESS_BASE64_SECRET: VGhpc0lzRXhhY3RseUEzMkNoYXJTdHJpbmdTZWNyZXRHYW5lc2gK
DEV1_KAFKASSL_KEYSTORE_LOCATION: "/etc/kafka/secrets/kafka.broker2.keystore.jks"
DEV1_KAFKASSL_KEYSTORE_PWD: "confluent"
DEV1_KAFKASSL_KEY_PWD: "confluent"
DEV1_KAFKASSL_KEYSTORE_TYPE: "JKS"
DEV1_KAFKASSL_TRUSTSTORE_LOCATION: "/etc/kafka/secrets/kafka.broker1.truststore.jks"
DEV1_KAFKASSL_TRUSTSTORE_PWD: "confluent"
DEV1_KAFKASSL_TRUSTSTORE_TYPE: "JKS"
DEV1_KAFKASASL_JAASCONFIG.PLAIN: "org.apache.kafka.common.security.plain.PlainLoginModule required username='admin' password='admin';"
JAVA_SECURITY_AUTH_LOGIN_CONFIG: /etc/kafka/config/jaas-kafka-server.conf
volumes:
- "klaw_data:/klaw"
- ./secrets:/etc/kafka/secrets
- ./config:/etc/kafka/config
extra_hosts:
- "moby:127.0.0.1"
ports:
- 9343:9343
what am i missing? can klaw connect with defaul login module kafka brokers with kraft over SSL ?
Hey,
We have two docker compose files available as part of the documentation.
One for linux
One for windows and mac
the difference is just in the networking between linux and max/windows.
The one thing you might be missing is that Klaw might need to have ssl turned on.
you can do this by adding
SERVER_SSL_KEYSTORE: "/klaw/keystore.jks"
SERVER_SSL_TRUSTSTORE: "/klaw/truststore.jks"
SERVER_SSL_KEYSTOREPASSWORD: "klaw"
SERVER_SSL_KEYPASSWORD: "klaw"
SERVER_SSL_TRUSTSTOREPASSWORD: "klaw"
SERVER_SSL_KEYSTORETYPE: "jks"
I had this problem recently with another user who was trying to connect over ssl and it wouldn’t work.
or if you can attach the error message you see in the logs this might help me to decipher the issue a little better.
As for Kraft there should be no issue connecting to kraft as all the apis are the same and it should work as expected.
If you want we can have a quick meeting to discuss but this is actually my last day before the new year.
Here is a docker compose that i use myself for testing where I put all the config information for ssl and connectivity into the application.properties that is stored in the /klaw/ volume
---
services:
klaw-core-ha:
image: klaw-core:latest
container_name: klaw-core
environment:
KLAW_CLUSTERAPI_ACCESS_BASE64_SECRET: VGhpc0lzRXhhY3RseUEzMkNoYXJTdHJpbmdTZWNyZXQ=
KLAW_UIAPI_SERVERS: "http://klaw-core:9097"
KLAW_CLUSTERAPI_URL: "http://klaw-cluster-api:9343"
SPRING_CONFIG_LOCATION: "/klaw/klaw-application.properties"
SERVER_PORT: 9097
network_mode: "host"
volumes:
- "klaw_data:/klaw"
extra_hosts:
- "moby:127.0.0.1"
ports:
- 9197:9197
klaw-cluster-api:
image: klaw-cluster-api:latest
container_name: klaw-cluster-api
environment:
KLAW_CLUSTERAPI_ACCESS_BASE64_SECRET: VGhpc0lzRXhhY3RseUEzMkNoYXJTdHJpbmdTZWNyZXQ=
volumes:
- "klaw_data:/klaw"
extra_hosts:
- "moby:127.0.0.1"
ports:
- 9343:9343
volumes:
klaw_data:
driver: local
@seeaganesh Just wanted to check if you had a chance to look at my last post and see how that looked to you?
Hello
Happy new year…thank you for replying.
I tried your suggestions but the error is :
exception Caused by: java.lang.IllegalArgumentException: Could not find a ‘KafkaClient’ entry in the JAAS configuration. System property ‘java.security.auth.login.config’ is not set.
so i have kafka with standard authorizer, simple login module ( please check the docker compose from previous post ). I have SSL properly configured. i have tested it using java client producer/consumer. authentication anD SSL works.
When i try to connect klaw to this i get above error.
i tried docker compose way.
my question is how to configure klaw, if simple login module ( jaas ) is configured on Kafka.
do you have steps for this ?
should we configure Kafka to use authorizer and do not (or do ) configure any java.security.auth.login.config?
which login module should i use ?
I’m going to ave a chat with my colleague @muralibasani and see if we can find some next steps for you.
Thanks, and Happy New Year!
@seeaganesh Hope you have configured the below in module clusterapi properties example like below.
DEV1_KAFKASASL_JAASCONFIG_PLAIN: org.apache.kafka.common.security.plain.PlainLoginModule required username=‘kwuser’ password=‘kwuser-secret’;
I see a minor mistake (. instead of _) in your config may be.
Can you please replace DEV1_KAFKASASL_JAASCONFIG.PLAIN with DEV1_KAFKASASL_JAASCONFIG_PLAIN
Hope it works.
thank you @muralibasani, i corrected the minor mistake, still same error. klaw is not able to create adminclient.
Caused by: java.lang.IllegalArgumentException: Could not find a ‘KafkaClient’ entry in the JAAS configuration. System property ‘java.security.auth.login.config’ is not set
i have created cluster config in klaw using name DEV1.
Basically it is not able to find the jaas config entry from the properties. Is it possible to try this on a pc directly instead of docker ?
If it still doesn’t work that way, we can schedule and debug in a call if you prefer ?
It’s a working piece of code
if (!Strings.isNullOrEmpty(
env.getProperty(clusterIdentification.toLowerCase() + ".kafkasasl.jaasconfig.plain"))) {
props.put(
SaslConfigs.SASL_JAAS_CONFIG,
env.getProperty(clusterIdentification.toLowerCase() + ".kafkasasl.jaasconfig.plain"));
}
Pls let us know.