To provide access to only kafka for creating, deleting topics, I am creating a plaintext SASL security between kafka and zookeeper. I get the following error and can not figure out why.
zookeeper_1 | 2020-07-20 10:19:06,907 [myid:] - ERROR [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@1063] - cnxn.saslServer is null: cnxn object did not initialize its saslServer properly.
kafka_1 | [2020-07-20 10:19:06,909] ERROR SASL authentication failed using login context 'Client' with exception: {} (org.apache.zookeeper.client.ZooKeeperSaslClient)
kafka_1 | javax.security.sasl.SaslException: Error in authenticating with a Zookeeper
Quorum member: the quorum member's saslToken is null.
kafka_1 | at org.apache.zookeeper.client.ZooKeeperSaslClient.createSaslToken(ZooKeeperSaslClient.java:279)
kafka_1 | at org.apache.zookeeper.client.ZooKeeperSaslClient.respondToServer(ZooKeeperSaslClient.java:242)
kafka_1 | at org.apache.zookeeper.ClientCnxn$SendThread.readResponse(ClientCnxn.java:805)
kafka_1 | at org.apache.zookeeper.ClientCnxnSocketNIO.doIO(ClientCnxnSocketNIO.java:94)
kafka_1 | at org.apache.zookeeper.ClientCnxnSocketNIO.doTransport(ClientCnxnSocketNIO.java:366)
kafka_1 | at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1141)
kafka_1 | [2020-07-20 10:19:06,912] ERROR [ZooKeeperClient Kafka server] Auth failed. (kafka.zookeeper.ZooKeeperClient)
docker-compose-sasl-plaintext.yml
version: '3'
services:
zookeeper:
image: wurstmeister/zookeeper
ports:
- "2181:2181"
environment:
KAFKA_OPTS: '-Djava.security.auth.login.config=/opt/kafka/config/kafka_server_jaas.conf -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider'
volumes:
- ./sasl-plaintext/kafka_server_jaas.conf:/opt/kafka/config/kafka_server_jaas.conf
kafka:
build: .
ports:
- "9092:9092"
environment:
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
KAFKA_LISTENERS: "SASL_PLAINTEXT://kafka:9092"
KAFKA_ADVERTISED_LISTENERS: "SASL_PLAINTEXT://kafka:9092"
KAFKA_SECURITY_INTER_BROKER_PROTOCOL: "SASL_PLAINTEXT"
KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: "PLAIN"
KAFKA_SASL_ENABLED_MECHANISMS: "PLAIN"
KAFKA_OPTS: "-Djava.security.auth.login.config=/opt/kafka/config/kafka_server_jaas.conf"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./sasl-plaintext/kafka_server_jaas.conf:/opt/kafka/config/kafka_server_jaas.conf
kafka_server_jaas.conf
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="wl"
password="wl-secret"
user_wl="wl-secret";
};
Server {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="wl"
password="wl-secret"
user_wl="wl-secret";
};
Client {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="wl"
password="wl-secret";
};
your kafka_server_jaas.conf configured 'Client' option, it is used for kafka connect to zookeeper with sasl . but your zookeeper did't config server user & client user .