Hi
I have very similar problem that Raghu faced.
How can I enable the log4j debug mode ?
Thanks.
On Thu, Dec 15, 2016 at 3:32 PM, Raghu B wrote:
> Thanks Derar & Kiran, your suggestions are very useful.
>
> I enabled Log4J debug mode and found that my client is trying to connect to
> the Kafk
Raghu,
Only the principal used for inter broker communication needs to be a super
user. For other users, you can set ACLs based on their role. You will need
different keystores for broker and clients with different principals so
that you can configure different permissions. You can configure User:
Thanks Rajani for the above Info but I want to restrict a user from
performing all the operations (I think that defines ACL), I just want
User_1 to produce messages and User_2 to consume messages.
How can we achieve that.
Thanks in advance
On Mon, Dec 19, 2016 at 3:13 AM, Rajini Sivaram
wrote:
Raghu,
It could be because the principal used for inter broker communication
doesn't have all the necessary permissions. If you are using PLAINTEXT for
inter-broker, the principal is ANONYMOUS, if using SSL, it would be similar
to the one you are setting for client. You can configure broker princi
Thank you Rajani, your suggestion is really helpful.
[2016-12-16 21:55:36,720] DEBUG Principal =
User:CN=writeuser,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown is
Allowed Operation = Create from host = 172.28.89.63 on resource =
Cluster:kafka-cluster (kafka.authorizer.logger)
Finally I am
You need to set ssl.client.auth="required" in server.properties.
Regards,
Rajini
On Wed, Dec 14, 2016 at 12:12 AM, Raghu B wrote:
> Hi All,
>
> I am trying to enable ACL's in my Kafka cluster with along with SSL
> Protocol.
>
> I tried with each and every parameters but no luck, so I need help
Thanks Gerard & Derar for your valuable suggestions but I am able to send
and receive messages with SSL (Without ACL configuration).
I used only SSL port on 9093 and Enabled Inter broker communication as SSL
but If I enable SSL it is creating the Issues.
Anyway Let me try once again from side fr
Create proper JKS that has a certificate that is issued by a CA that is
trusted by the Kafka brokers, and you expect a principal with the DN in
your client cert. Spend more time on getting this done correctly and things
will work fine.
On Thu, Dec 15, 2016 at 9:11 PM, Gerard Klijs wrote:
> Most
Most likely something went wrong creating the keystores, causing the SSL
handshake to fail. Its important to have a valid chain, from the
certificate in the struststore, and then maybe intermediates tot the
keystore.
On Fri, Dec 16, 2016, 00:32 Raghu B wrote:
Thanks Derar & Kiran, your suggestio
Thanks Derar & Kiran, your suggestions are very useful.
I enabled Log4J debug mode and found that my client is trying to connect to
the Kafka server with the *User:ANONYMOUS, *It is really strange.
I added a new Super.User with the name *User:ANONYMOUS *then I am able to
send and receive the mes
I have just noticed that I am using the user which is not configured in the
kafka server jaas config file..
On Thu, Dec 15, 2016 at 6:38 PM, kiran kumar wrote:
> Hi Raghu,
>
> I am also facing the same issue but with the SASL_PLAINTEXT protocol.
>
> after enabling debugging I see that authenti
Hi Raghu,
I am also facing the same issue but with the SASL_PLAINTEXT protocol.
after enabling debugging I see that authentication is being completed. I
don't see any debug logs being generated for authorization part (I might be
missing something).
you can also set the log level to debug in prop
Make sure that the principal ID is exactly what Kafka sees. Guessing what
the principal ID is by using keytool or openssl is not going to help from
my experience. The best is to add some logging to output the SSL client ID
in the org.apache.kafka.common.network.SslTransportLayer.peerPrincipal() .
T
Thanks Shrikant for your reply, but I did consumer part also and more over
I am not facing this issue only with consumer, I am getting this errors
with producer as well as consumer
On Wed, Dec 14, 2016 at 3:53 PM, Shrikant Patel wrote:
> You need to execute kafka-acls.sh with --consumer to enabl
You need to execute kafka-acls.sh with --consumer to enable consumption from
kafka.
_
Shrikant Patel | 817.367.4302
Enterprise Architecture Team
PDX-NHIN
-Original Message-
From: Raghu B [mailto:raghu98...@gmail.com]
Sent: Wednesday, Dece
15 matches
Mail list logo
