JAAS config error

Hello ,
I have configured Kafka ( CF community edition ) with Kraft, SSL, SASL_PLAINTEXT using docker compose along with KLAW containers. I have configured DEV1_KAFKASASL_JAASCONFIG.PLAIN as environment variable. but still i am getting
following exception Caused by: java.lang.IllegalArgumentException: Could not find a ‘KafkaClient’ entry in the JAAS configuration. System property ‘java.security.auth.login.config’ is not set.

How to configure system variable using Klaw docker installation ?

1 Like

Hey @seeaganesh thanks for reaching out.

there are two ways to configure variables in docker.

you can add them to the docker compose as environment variables for example
java.security.auth.login.config will become JAVA_SECURITY_AUTH_LOGIN_CONFIG

Here is some example documentation on how to add different types of values to the docker compose. Run Klaw in Docker | Klaw: Apache Kafka governance toolkit

The second option is to point to a application.properties file and add the configuration there.

example: add SPRING_CONFIG_LOCATION

services:
  klaw-core:
    image: klaw-core:latest
    container_name: klaw-core
    environment:
      KLAW_UIAPI_SERVERS: "http://klaw-core:9097"
      KLAW_CLUSTERAPI_URL: "http://klaw-cluster-api:9343"
      SPRING_CONFIG_LOCATION: "/klaw/klaw-application.properties"
    volumes:
      - "klaw_data:/klaw"
    extra_hosts:
      - "moby:127.0.0.1"
    ports:
      - 9097:9097
volumes:
  klaw_data:
    driver: local

Let me know if this answers your question or if you need more specific help with JAAS Config.

Thanks,
Aindriú

1 Like

hello i am trying following, but still it is not working.
if i am using default login module for the PLAIN mechanism. I want to connect Klaw to this broker(s) and manage the ACL, users.
Do you have any working docker compose?

volumes:
  #kraft-ct0: {}
  #kraft-ct1: {}
  kraft-bk1: {}
  #kraft-bk2: {}
  klaw_data:
    driver: local
 
services:

  broker-1:
    image: confluentinc/cp-kafka:${VERSION}
    hostname: broker-1
    container_name: kraft-broker-1
    stop_grace_period: 60s
    healthcheck:
      test: nc -z localhost 9092 || exit 1
      start_period: 5s
      interval: 5s
      timeout: 5s
      retries: 3
    #depends_on:
     # controller-0:
      #  condition: service_healthy
      #controller-1:
       # condition: service_healthy
    ports:
      - '19092:19092'
      
      - '17071:7071'
    volumes:
      - kraft-bk1:/var/lib/kafka/data
      - ./jmx_prometheus:/opt/jmx_prometheus
      - ./secrets:/etc/kafka/secrets
      - ./broker.sh:/tmp/broker.sh
      - ./config/:/opt/kafka/config/  
      
    command: "bash -c '/tmp/broker.sh && /etc/confluent/docker/run'"
    environment:
      KAFKA_NODE_ID: 10
      
      KAFKA_SECURITY_INTER_BROKER_LISTENER_NAME: SSL
      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:SASL_PLAINTEXT,CONTROLLER:SASL_PLAINTEXT,SSL:SASL_SSL
      KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://broker-1:9092,SSL://localhost:19092
      KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER
      KAFKA_MIN_INSYNC_REPLICAS: 1
      KAFKA_NUM_PARTITIONS: 1
      KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
      KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 500
      KAFKA_DEFAULT_REPLICATION_FACTOR: 1
      KAFKA_METRIC_REPORTERS:
      KAFKA_OPTS: -javaagent:/opt/jmx_prometheus/jmx_prometheus_javaagent.jar=7071:/opt/jmx_prometheus/kafka-config.yml -javaagent:/opt/jmx_prometheus/jolokia-agent.jar=port=7072,host=*  -Djava.security.auth.login.config=/opt/kafka/config/jaas-kafka-server.conf
      CONFLUENT_METRICS_ENABLE: 'false'
      KAFKA_SUPER_USERS: User:admin
      KAFKA_AUTHORIZER_CLASS_NAME: org.apache.kafka.metadata.authorizer.StandardAuthorizer
      KAFKA_SSL_KEYSTORE_FILENAME: kafka.broker1.keystore.jks
      KAFKA_SSL_KEYSTORE_CREDENTIALS: broker1_keystore_creds
      KAFKA_SSL_KEY_CREDENTIALS: broker1_sslkey_creds
      KAFKA_SSL_TRUSTSTORE_FILENAME: kafka.broker1.truststore.jks
      KAFKA_SSL_TRUSTSTORE_CREDENTIALS: broker1_truststore_creds
      
      KAFKA_SSL_CLIENT_AUTH: "required"
     
      KAFKA_LISTENERS: CONTROLLER://:9093,PLAINTEXT://:9092,SSL://:19092
    #KAFKA_CFG_LISTENERS=SECURED://:9093,CONTROLLER://:9094,INTERBROKER://:9092
      KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER
      KAFKA_PROCESS_ROLES: controller,broker
      KAFKA_CONTROLLER_QUORUM_VOTERS: 10@broker-1:9093
      KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
      KAFKA_SASL_ENABLED_MECHANISMS: PLAIN
      KAFKA_SASL_MECHANISM: PLAIN
      KAFKA_SASL_MECHANISM_CONTROLLER_PROTOCOL: PLAIN
  
  klaw-core:
    image: aivenoy/klaw-core:latest
    container_name: klaw-core
    environment:
      KLAW_CLUSTERAPI_ACCESS_BASE64_SECRET: VGhpc0lzRXhhY3RseUEzMkNoYXJTdHJpbmdTZWNyZXRHYW5lc2gK
      SPRING_DATASOURCE_URL: "jdbc:h2:file:/klaw/klawprodb;DB_CLOSE_ON_EXIT=FALSE;DB_CLOSE_DELAY=-1;MODE=MySQL;CASE_INSENSITIVE_IDENTIFIERS=TRUE;"
      KLAW_UIAPI_SERVERS: "http://localhost:9097"
      DEV1_KAFKASSL_KEYSTORE_LOCATION: "/etc/kafka/secrets/kafka.broker2.keystore.jks"
      DEV1_KAFKASSL_KEYSTORE_PWD: "confluent"
      DEV1_KAFKASSL_KEY_PWD: "confluent"
      DEV1_KAFKASSL_KEYSTORE_TYPE: "JKS"
      DEV1_KAFKASSL_TRUSTSTORE_LOCATION: "/etc/kafka/secrets/kafka.broker1.truststore.jks"
      DEV1_KAFKASSL_TRUSTSTORE_PWD: "confluent"
      DEV1_KAFKASSL_TRUSTSTORE_TYPE: "JKS"
      DEV1_KAFKASASL_JAASCONFIG.PLAIN: "org.apache.kafka.common.security.plain.PlainLoginModule required username='admin' password='admin';"
      JAVA_SECURITY_AUTH_LOGIN_CONFIG: /etc/kafka/config/jaas-kafka-server.conf
    volumes:
      - "klaw_data:/klaw"
      - ./secrets:/etc/kafka/secrets
      - ./config:/etc/kafka/config
    extra_hosts:
      - "moby:127.0.0.1"
    ports:
     - 9097:9097
  
  klaw-cluster-api:
    image: aivenoy/klaw-cluster-api:latest
    container_name: klaw-cluster-api
    environment:
      KLAW_CLUSTERAPI_ACCESS_BASE64_SECRET: VGhpc0lzRXhhY3RseUEzMkNoYXJTdHJpbmdTZWNyZXRHYW5lc2gK
      DEV1_KAFKASSL_KEYSTORE_LOCATION: "/etc/kafka/secrets/kafka.broker2.keystore.jks"
      DEV1_KAFKASSL_KEYSTORE_PWD: "confluent"
      DEV1_KAFKASSL_KEY_PWD: "confluent"
      DEV1_KAFKASSL_KEYSTORE_TYPE: "JKS"
      DEV1_KAFKASSL_TRUSTSTORE_LOCATION: "/etc/kafka/secrets/kafka.broker1.truststore.jks"
      DEV1_KAFKASSL_TRUSTSTORE_PWD: "confluent"
      DEV1_KAFKASSL_TRUSTSTORE_TYPE: "JKS"
      DEV1_KAFKASASL_JAASCONFIG.PLAIN: "org.apache.kafka.common.security.plain.PlainLoginModule required username='admin' password='admin';"
      JAVA_SECURITY_AUTH_LOGIN_CONFIG: /etc/kafka/config/jaas-kafka-server.conf
    volumes:
      - "klaw_data:/klaw"
      - ./secrets:/etc/kafka/secrets
      - ./config:/etc/kafka/config
    extra_hosts:
      - "moby:127.0.0.1"
    ports:
     - 9343:9343  
 

Hello
Thank you for your reply. i tried the config, but it is throwing same exception.
Here is my docker compose file

i am using default login module for plain. JAAS config is as standard documentation.
Is there any working example, video , explaining configuration on Kafka sider?
if i connect klaw to brokers like i shown in my docker compose, will Klaw help me in creating users, ACLs etc ?

volumes:
  #kraft-ct0: {}
  #kraft-ct1: {}
  kraft-bk1: {}
  #kraft-bk2: {}
  klaw_data:
    driver: local
 
services:

  broker-1:
    image: confluentinc/cp-kafka:${VERSION}
    hostname: broker-1
    container_name: kraft-broker-1
    stop_grace_period: 60s
    healthcheck:
      test: nc -z localhost 9092 || exit 1
      start_period: 5s
      interval: 5s
      timeout: 5s
      retries: 3
    #depends_on:
     # controller-0:
      #  condition: service_healthy
      #controller-1:
       # condition: service_healthy
    ports:
      - '19092:19092'
      
      - '17071:7071'
    volumes:
      - kraft-bk1:/var/lib/kafka/data
      - ./jmx_prometheus:/opt/jmx_prometheus
      - ./secrets:/etc/kafka/secrets
      - ./broker.sh:/tmp/broker.sh
      - ./config/:/opt/kafka/config/  
      
    command: "bash -c '/tmp/broker.sh && /etc/confluent/docker/run'"
    environment:
      KAFKA_NODE_ID: 10
      
      KAFKA_SECURITY_INTER_BROKER_LISTENER_NAME: SSL
      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:SASL_PLAINTEXT,CONTROLLER:SASL_PLAINTEXT,SSL:SASL_SSL
      KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://broker-1:9092,SSL://localhost:19092
      KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER
      KAFKA_MIN_INSYNC_REPLICAS: 1
      KAFKA_NUM_PARTITIONS: 1
      KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
      KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 500
      KAFKA_DEFAULT_REPLICATION_FACTOR: 1
      KAFKA_METRIC_REPORTERS:
      KAFKA_OPTS: -javaagent:/opt/jmx_prometheus/jmx_prometheus_javaagent.jar=7071:/opt/jmx_prometheus/kafka-config.yml -javaagent:/opt/jmx_prometheus/jolokia-agent.jar=port=7072,host=*  -Djava.security.auth.login.config=/opt/kafka/config/jaas-kafka-server.conf
      CONFLUENT_METRICS_ENABLE: 'false'
      KAFKA_SUPER_USERS: User:admin
      KAFKA_AUTHORIZER_CLASS_NAME: org.apache.kafka.metadata.authorizer.StandardAuthorizer
      KAFKA_SSL_KEYSTORE_FILENAME: kafka.broker1.keystore.jks
      KAFKA_SSL_KEYSTORE_CREDENTIALS: broker1_keystore_creds
      KAFKA_SSL_KEY_CREDENTIALS: broker1_sslkey_creds
      KAFKA_SSL_TRUSTSTORE_FILENAME: kafka.broker1.truststore.jks
      KAFKA_SSL_TRUSTSTORE_CREDENTIALS: broker1_truststore_creds
      
      KAFKA_SSL_CLIENT_AUTH: "required"
     
      KAFKA_LISTENERS: CONTROLLER://:9093,PLAINTEXT://:9092,SSL://:19092
    #KAFKA_CFG_LISTENERS=SECURED://:9093,CONTROLLER://:9094,INTERBROKER://:9092
      KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER
      KAFKA_PROCESS_ROLES: controller,broker
      KAFKA_CONTROLLER_QUORUM_VOTERS: 10@broker-1:9093
      KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
      KAFKA_SASL_ENABLED_MECHANISMS: PLAIN
      KAFKA_SASL_MECHANISM: PLAIN
      KAFKA_SASL_MECHANISM_CONTROLLER_PROTOCOL: PLAIN
  
  klaw-core:
    image: aivenoy/klaw-core:latest
    container_name: klaw-core
    environment:
      KLAW_CLUSTERAPI_ACCESS_BASE64_SECRET: VGhpc0lzRXhhY3RseUEzMkNoYXJTdHJpbmdTZWNyZXRHYW5lc2gK
      SPRING_DATASOURCE_URL: "jdbc:h2:file:/klaw/klawprodb;DB_CLOSE_ON_EXIT=FALSE;DB_CLOSE_DELAY=-1;MODE=MySQL;CASE_INSENSITIVE_IDENTIFIERS=TRUE;"
      KLAW_UIAPI_SERVERS: "http://localhost:9097"
      DEV1_KAFKASSL_KEYSTORE_LOCATION: "/etc/kafka/secrets/kafka.broker2.keystore.jks"
      DEV1_KAFKASSL_KEYSTORE_PWD: "confluent"
      DEV1_KAFKASSL_KEY_PWD: "confluent"
      DEV1_KAFKASSL_KEYSTORE_TYPE: "JKS"
      DEV1_KAFKASSL_TRUSTSTORE_LOCATION: "/etc/kafka/secrets/kafka.broker1.truststore.jks"
      DEV1_KAFKASSL_TRUSTSTORE_PWD: "confluent"
      DEV1_KAFKASSL_TRUSTSTORE_TYPE: "JKS"
      DEV1_KAFKASASL_JAASCONFIG.PLAIN: "org.apache.kafka.common.security.plain.PlainLoginModule required username='admin' password='admin';"
      JAVA_SECURITY_AUTH_LOGIN_CONFIG: /etc/kafka/config/jaas-kafka-server.conf
    volumes:
      - "klaw_data:/klaw"
      - ./secrets:/etc/kafka/secrets
      - ./config:/etc/kafka/config
    extra_hosts:
      - "moby:127.0.0.1"
    ports:
     - 9097:9097
  
  klaw-cluster-api:
    image: aivenoy/klaw-cluster-api:latest
    container_name: klaw-cluster-api
    environment:
      KLAW_CLUSTERAPI_ACCESS_BASE64_SECRET: VGhpc0lzRXhhY3RseUEzMkNoYXJTdHJpbmdTZWNyZXRHYW5lc2gK
      DEV1_KAFKASSL_KEYSTORE_LOCATION: "/etc/kafka/secrets/kafka.broker2.keystore.jks"
      DEV1_KAFKASSL_KEYSTORE_PWD: "confluent"
      DEV1_KAFKASSL_KEY_PWD: "confluent"
      DEV1_KAFKASSL_KEYSTORE_TYPE: "JKS"
      DEV1_KAFKASSL_TRUSTSTORE_LOCATION: "/etc/kafka/secrets/kafka.broker1.truststore.jks"
      DEV1_KAFKASSL_TRUSTSTORE_PWD: "confluent"
      DEV1_KAFKASSL_TRUSTSTORE_TYPE: "JKS"
      DEV1_KAFKASASL_JAASCONFIG.PLAIN: "org.apache.kafka.common.security.plain.PlainLoginModule required username='admin' password='admin';"
      JAVA_SECURITY_AUTH_LOGIN_CONFIG: /etc/kafka/config/jaas-kafka-server.conf
    volumes:
      - "klaw_data:/klaw"
      - ./secrets:/etc/kafka/secrets
      - ./config:/etc/kafka/config
    extra_hosts:
      - "moby:127.0.0.1"
    ports:
     - 9343:9343  
 

i tried your config , it failed for the same error.

volumes:
  #kraft-ct0: {}
  #kraft-ct1: {}
  kraft-bk1: {}
  #kraft-bk2: {}
  klaw_data:
    driver: local
 
services:

  broker-1:
    image: confluentinc/cp-kafka:${VERSION}
    hostname: broker-1
    container_name: kraft-broker-1
    stop_grace_period: 60s
    healthcheck:
      test: nc -z localhost 9092 || exit 1
      start_period: 5s
      interval: 5s
      timeout: 5s
      retries: 3
    #depends_on:
     # controller-0:
      #  condition: service_healthy
      #controller-1:
       # condition: service_healthy
    ports:
      - '19092:19092'
      
      - '17071:7071'
    volumes:
      - kraft-bk1:/var/lib/kafka/data
      - ./jmx_prometheus:/opt/jmx_prometheus
      - ./secrets:/etc/kafka/secrets
      - ./broker.sh:/tmp/broker.sh
      - ./config/:/opt/kafka/config/  
      
    command: "bash -c '/tmp/broker.sh && /etc/confluent/docker/run'"
    environment:
      KAFKA_NODE_ID: 10
      
      KAFKA_SECURITY_INTER_BROKER_LISTENER_NAME: SSL
      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:SASL_PLAINTEXT,CONTROLLER:SASL_PLAINTEXT,SSL:SASL_SSL
      KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://broker-1:9092,SSL://localhost:19092
      KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER
      KAFKA_MIN_INSYNC_REPLICAS: 1
      KAFKA_NUM_PARTITIONS: 1
      KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
      KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 500
      KAFKA_DEFAULT_REPLICATION_FACTOR: 1
      KAFKA_METRIC_REPORTERS:
      KAFKA_OPTS: -javaagent:/opt/jmx_prometheus/jmx_prometheus_javaagent.jar=7071:/opt/jmx_prometheus/kafka-config.yml -javaagent:/opt/jmx_prometheus/jolokia-agent.jar=port=7072,host=*  -Djava.security.auth.login.config=/opt/kafka/config/jaas-kafka-server.conf
      CONFLUENT_METRICS_ENABLE: 'false'
      KAFKA_SUPER_USERS: User:admin
      KAFKA_AUTHORIZER_CLASS_NAME: org.apache.kafka.metadata.authorizer.StandardAuthorizer
      KAFKA_SSL_KEYSTORE_FILENAME: kafka.broker1.keystore.jks
      KAFKA_SSL_KEYSTORE_CREDENTIALS: broker1_keystore_creds
      KAFKA_SSL_KEY_CREDENTIALS: broker1_sslkey_creds
      KAFKA_SSL_TRUSTSTORE_FILENAME: kafka.broker1.truststore.jks
      KAFKA_SSL_TRUSTSTORE_CREDENTIALS: broker1_truststore_creds
      
      KAFKA_SSL_CLIENT_AUTH: "required"
     
      KAFKA_LISTENERS: CONTROLLER://:9093,PLAINTEXT://:9092,SSL://:19092
    #KAFKA_CFG_LISTENERS=SECURED://:9093,CONTROLLER://:9094,INTERBROKER://:9092
      KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER
      KAFKA_PROCESS_ROLES: controller,broker
      KAFKA_CONTROLLER_QUORUM_VOTERS: 10@broker-1:9093
      KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
      KAFKA_SASL_ENABLED_MECHANISMS: PLAIN
      KAFKA_SASL_MECHANISM: PLAIN
      KAFKA_SASL_MECHANISM_CONTROLLER_PROTOCOL: PLAIN
  
  klaw-core:
    image: aivenoy/klaw-core:latest
    container_name: klaw-core
    environment:
      KLAW_CLUSTERAPI_ACCESS_BASE64_SECRET: VGhpc0lzRXhhY3RseUEzMkNoYXJTdHJpbmdTZWNyZXRHYW5lc2gK
      SPRING_DATASOURCE_URL: "jdbc:h2:file:/klaw/klawprodb;DB_CLOSE_ON_EXIT=FALSE;DB_CLOSE_DELAY=-1;MODE=MySQL;CASE_INSENSITIVE_IDENTIFIERS=TRUE;"
      KLAW_UIAPI_SERVERS: "http://localhost:9097"
      DEV1_KAFKASSL_KEYSTORE_LOCATION: "/etc/kafka/secrets/kafka.broker2.keystore.jks"
      DEV1_KAFKASSL_KEYSTORE_PWD: "confluent"
      DEV1_KAFKASSL_KEY_PWD: "confluent"
      DEV1_KAFKASSL_KEYSTORE_TYPE: "JKS"
      DEV1_KAFKASSL_TRUSTSTORE_LOCATION: "/etc/kafka/secrets/kafka.broker1.truststore.jks"
      DEV1_KAFKASSL_TRUSTSTORE_PWD: "confluent"
      DEV1_KAFKASSL_TRUSTSTORE_TYPE: "JKS"
      DEV1_KAFKASASL_JAASCONFIG.PLAIN: "org.apache.kafka.common.security.plain.PlainLoginModule required username='admin' password='admin';"
      JAVA_SECURITY_AUTH_LOGIN_CONFIG: /etc/kafka/config/jaas-kafka-server.conf
    volumes:
      - "klaw_data:/klaw"
      - ./secrets:/etc/kafka/secrets
      - ./config:/etc/kafka/config
    extra_hosts:
      - "moby:127.0.0.1"
    ports:
     - 9097:9097
  
  klaw-cluster-api:
    image: aivenoy/klaw-cluster-api:latest
    container_name: klaw-cluster-api
    environment:
      KLAW_CLUSTERAPI_ACCESS_BASE64_SECRET: VGhpc0lzRXhhY3RseUEzMkNoYXJTdHJpbmdTZWNyZXRHYW5lc2gK
      DEV1_KAFKASSL_KEYSTORE_LOCATION: "/etc/kafka/secrets/kafka.broker2.keystore.jks"
      DEV1_KAFKASSL_KEYSTORE_PWD: "confluent"
      DEV1_KAFKASSL_KEY_PWD: "confluent"
      DEV1_KAFKASSL_KEYSTORE_TYPE: "JKS"
      DEV1_KAFKASSL_TRUSTSTORE_LOCATION: "/etc/kafka/secrets/kafka.broker1.truststore.jks"
      DEV1_KAFKASSL_TRUSTSTORE_PWD: "confluent"
      DEV1_KAFKASSL_TRUSTSTORE_TYPE: "JKS"
      DEV1_KAFKASASL_JAASCONFIG.PLAIN: "org.apache.kafka.common.security.plain.PlainLoginModule required username='admin' password='admin';"
      JAVA_SECURITY_AUTH_LOGIN_CONFIG: /etc/kafka/config/jaas-kafka-server.conf
    volumes:
      - "klaw_data:/klaw"
      - ./secrets:/etc/kafka/secrets
      - ./config:/etc/kafka/config
    extra_hosts:
      - "moby:127.0.0.1"
    ports:
     - 9343:9343  
 

what am i missing? can klaw connect with defaul login module kafka brokers with kraft over SSL ?

Hey,

We have two docker compose files available as part of the documentation.

One for linux

One for windows and mac

the difference is just in the networking between linux and max/windows.

The one thing you might be missing is that Klaw might need to have ssl turned on.
you can do this by adding

    SERVER_SSL_KEYSTORE: "/klaw/keystore.jks"
    SERVER_SSL_TRUSTSTORE: "/klaw/truststore.jks"
    SERVER_SSL_KEYSTOREPASSWORD: "klaw"
    SERVER_SSL_KEYPASSWORD: "klaw"
    SERVER_SSL_TRUSTSTOREPASSWORD: "klaw"
    SERVER_SSL_KEYSTORETYPE: "jks"

I had this problem recently with another user who was trying to connect over ssl and it wouldn’t work.

or if you can attach the error message you see in the logs this might help me to decipher the issue a little better.

As for Kraft there should be no issue connecting to kraft as all the apis are the same and it should work as expected.

If you want we can have a quick meeting to discuss but this is actually my last day before the new year.

Here is a docker compose that i use myself for testing where I put all the config information for ssl and connectivity into the application.properties that is stored in the /klaw/ volume

---
services:
  klaw-core-ha:
    image: klaw-core:latest
    container_name: klaw-core
    environment:
      KLAW_CLUSTERAPI_ACCESS_BASE64_SECRET: VGhpc0lzRXhhY3RseUEzMkNoYXJTdHJpbmdTZWNyZXQ=
      KLAW_UIAPI_SERVERS: "http://klaw-core:9097"
      KLAW_CLUSTERAPI_URL: "http://klaw-cluster-api:9343"
      SPRING_CONFIG_LOCATION: "/klaw/klaw-application.properties"
      SERVER_PORT: 9097
    network_mode: "host"
    volumes:
      - "klaw_data:/klaw"
    extra_hosts:
      - "moby:127.0.0.1"
    ports:
      - 9197:9197
  klaw-cluster-api:
    image: klaw-cluster-api:latest
    container_name: klaw-cluster-api
    environment:
      KLAW_CLUSTERAPI_ACCESS_BASE64_SECRET: VGhpc0lzRXhhY3RseUEzMkNoYXJTdHJpbmdTZWNyZXQ=
    volumes:
      - "klaw_data:/klaw"
    extra_hosts:
      - "moby:127.0.0.1"
    ports:
      - 9343:9343
volumes:
  klaw_data:
    driver: local

@seeaganesh Just wanted to check if you had a chance to look at my last post and see how that looked to you?

Hello
Happy new year…thank you for replying.
I tried your suggestions but the error is :

exception Caused by: java.lang.IllegalArgumentException: Could not find a ‘KafkaClient’ entry in the JAAS configuration. System property ‘java.security.auth.login.config’ is not set.

so i have kafka with standard authorizer, simple login module ( please check the docker compose from previous post ). I have SSL properly configured. i have tested it using java client producer/consumer. authentication anD SSL works.
When i try to connect klaw to this i get above error.

i tried docker compose way.
my question is how to configure klaw, if simple login module ( jaas ) is configured on Kafka.

do you have steps for this ?
should we configure Kafka to use authorizer and do not (or do ) configure any java.security.auth.login.config?
which login module should i use ?

I’m going to ave a chat with my colleague @muralibasani and see if we can find some next steps for you.

Thanks, and Happy New Year!

@seeaganesh Hope you have configured the below in module clusterapi properties example like below.

DEV1_KAFKASASL_JAASCONFIG_PLAIN: org.apache.kafka.common.security.plain.PlainLoginModule required username=‘kwuser’ password=‘kwuser-secret’;

I see a minor mistake (. instead of _) in your config may be.
Can you please replace DEV1_KAFKASASL_JAASCONFIG.PLAIN with DEV1_KAFKASASL_JAASCONFIG_PLAIN

Hope it works.

thank you @muralibasani, i corrected the minor mistake, still same error. klaw is not able to create adminclient.
Caused by: java.lang.IllegalArgumentException: Could not find a ‘KafkaClient’ entry in the JAAS configuration. System property ‘java.security.auth.login.config’ is not set

i have created cluster config in klaw using name DEV1.

Basically it is not able to find the jaas config entry from the properties. Is it possible to try this on a pc directly instead of docker ?

If it still doesn’t work that way, we can schedule and debug in a call if you prefer ?

It’s a working piece of code

if (!Strings.isNullOrEmpty(
          env.getProperty(clusterIdentification.toLowerCase() + ".kafkasasl.jaasconfig.plain"))) {
        props.put(
            SaslConfigs.SASL_JAAS_CONFIG,
            env.getProperty(clusterIdentification.toLowerCase() + ".kafkasasl.jaasconfig.plain"));
      }

Pls let us know.