Sidebar: -Dcom.sun.management.jmxremote.authenticate=false why did you disable authentication?
Martin ______________________________________________ > From: harsha...@gmail.com > Date: Fri, 8 Jul 2016 22:24:25 +0000 > Subject: Re: Error in znode creation after adding SASL digest on server and > client > To: users@kafka.apache.org > > Hi, > So we specifically kept the consumers to world writable in secure > mode. This is to allow zookeeper based consumers to create their own child > nodes under /consumers and they can add their own sasl based acls on top of > it. From the looks of it incase of zookeeper digest based connection it > expects all the nodes to have an ACL on it. This could be an issue with > ZkClient tha we use or we need to navigate this case differently. Can you > file a JIRA for this. > > Thanks, > Harsha > > On Thu, Jul 7, 2016 at 10:48 PM Vipul Sharma <vipulsharma2...@gmail.com> > wrote: > > > I am running zookeeper and kafka on local machine. > > This is the user permission on zookeeper > > [zk: localhost:2181(CONNECTED) 0] getAcl / > > 'digest,'broker:TqgUewyrgBbYEWTfsNStYmIfD2Q= > > : cdrwa > > > > I am using the same user in kafka to connect to this local zookeeper > > > > /usr/lib/jvm/java-8-oracle-amd64/bin/java -Xmx200m -Xms200m > > -Djava.security.auth.login.config=/opt/kafka/config/jaas.conf -server > > -Djava.awt.headless=true -XX:PermSize=48m -XX:MaxPermSize=48m -XX:+UseG1GC > > -XX:MaxGCPauseMillis=20 -XX:InitiatingHeapOccupancyPercent=35 > > -Xloggc:/var/log/kafka/kafka-gc.log -XX:+PrintGCDateStamps > > -XX:+PrintGCTimeStamps -Dcom.sun.management.jmxremote > > -Dcom.sun.management.jmxremote.authenticate=false > > -Dcom.sun.management.jmxremote.ssl=false > > -Dcom.sun.management.jmxremote.port=9999 > > -Dkafka.logs.dir=/opt/kafka/bin/../logs > > -Dlog4j.configuration=file:/opt/kafka/config/log4j.properties -cp > > :/opt/kafka/bin/../libs/* kafka.Kafka /opt/kafka/config/server.properties > > > > root@default-ubuntu-1404:~# cat /opt/kafka/config/jaas.conf > > Client { > > org.apache.zookeeper.server.auth.DigestLoginModule required > > username=broker > > password=password; > > }; > > > > > > The kafka start fails with these logs > > > > [2016-07-08 05:43:32,326] INFO Client > > > > environment:java.library.path=/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib > > (org.apache.zookeeper.ZooKeeper) > > [2016-07-08 05:43:32,327] INFO Client environment:java.io.tmpdir=/tmp > > (org.apache.zookeeper.ZooKeeper) > > [2016-07-08 05:43:32,327] INFO Client environment:java.compiler=<NA> > > (org.apache.zookeeper.ZooKeeper) > > [2016-07-08 05:43:32,327] INFO Client environment:os.name=Linux > > (org.apache.zookeeper.ZooKeeper) > > [2016-07-08 05:43:32,328] INFO Client environment:os.arch=amd64 > > (org.apache.zookeeper.ZooKeeper) > > [2016-07-08 05:43:32,328] INFO Client > > environment:os.version=4.2.0-35-generic (org.apache.zookeeper.ZooKeeper) > > [2016-07-08 05:43:32,328] INFO Client environment:user.name=root > > (org.apache.zookeeper.ZooKeeper) > > [2016-07-08 05:43:32,329] INFO Client environment:user.home=/root > > (org.apache.zookeeper.ZooKeeper) > > [2016-07-08 05:43:32,329] INFO Client environment:user.dir=/root > > (org.apache.zookeeper.ZooKeeper) > > [2016-07-08 05:43:32,330] INFO Initiating client connection, > > connectString=default-ubuntu-1404:2181,localhost:2181 sessionTimeout=6000 > > watcher=org.I0Itec.zkclient.ZkClient@bef2d72 > > (org.apache.zookeeper.ZooKeeper) > > [2016-07-08 05:43:32,359] INFO Waiting for keeper state SaslAuthenticated > > (org.I0Itec.zkclient.ZkClient) > > [2016-07-08 05:43:32,362] INFO successfully logged in. > > (org.apache.zookeeper.Login) > > [2016-07-08 05:43:32,363] INFO Client will use DIGEST-MD5 as SASL > > mechanism. (org.apache.zookeeper.client.ZooKeeperSaslClient) > > [2016-07-08 05:43:32,507] INFO Opening socket connection to server > > localhost/0:0:0:0:0:0:0:1:2181. Will attempt to SASL-authenticate using > > Login Context section 'Client' (org.apache.zookeeper.ClientCnxn) > > [2016-07-08 05:43:32,519] INFO Socket connection established to > > localhost/0:0:0:0:0:0:0:1:2181, initiating session > > (org.apache.zookeeper.ClientCnxn) > > [2016-07-08 05:43:32,537] INFO Session establishment complete on server > > localhost/0:0:0:0:0:0:0:1:2181, sessionid = 0x155c8e99f690005, negotiated > > timeout = 6000 (org.apache.zookeeper.ClientCnxn) > > [2016-07-08 05:43:32,541] INFO zookeeper state changed (SyncConnected) > > (org.I0Itec.zkclient.ZkClient) > > [2016-07-08 05:43:32,564] INFO zookeeper state changed (SaslAuthenticated) > > (org.I0Itec.zkclient.ZkClient) > > [2016-07-08 05:43:32,614] FATAL Fatal error during KafkaServer startup. > > Prepare to shutdown (kafka.server.KafkaServer) > > org.I0Itec.zkclient.exception.ZkException: > > org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = > > NoAuth for /consumers > > at org.I0Itec.zkclient.exception.ZkException.create(ZkException.java:68) > > at org.I0Itec.zkclient.ZkClient.retryUntilConnected(ZkClient.java:1000) > > at org.I0Itec.zkclient.ZkClient.create(ZkClient.java:527) > > at org.I0Itec.zkclient.ZkClient.createPersistent(ZkClient.java:293) > > at kafka.utils.ZkPath$.createPersistent(ZkUtils.scala:938) > > at kafka.utils.ZkUtils.makeSurePersistentPathExists(ZkUtils.scala:340) > > at kafka.utils.ZkUtils$$anonfun$setupCommonPaths$1.apply(ZkUtils.scala:175) > > at kafka.utils.ZkUtils$$anonfun$setupCommonPaths$1.apply(ZkUtils.scala:174) > > at scala.collection.immutable.List.foreach(List.scala:381) > > at kafka.utils.ZkUtils.setupCommonPaths(ZkUtils.scala:174) > > at kafka.server.KafkaServer.initZk(KafkaServer.scala:298) > > at kafka.server.KafkaServer.startup(KafkaServer.scala:180) > > at kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:37) > > at kafka.Kafka$.main(Kafka.scala:67) > > at kafka.Kafka.main(Kafka.scala) > > Caused by: org.apache.zookeeper.KeeperException$NoAuthException: > > KeeperErrorCode = NoAuth for /consumers > > at org.apache.zookeeper.KeeperException.create(KeeperException.java:113) > > at org.apache.zookeeper.KeeperException.create(KeeperException.java:51) > > at org.apache.zookeeper.ZooKeeper.create(ZooKeeper.java:783) > > at org.I0Itec.zkclient.ZkConnection.create(ZkConnection.java:99) > > at org.I0Itec.zkclient.ZkClient$3.call(ZkClient.java:530) > > at org.I0Itec.zkclient.ZkClient$3.call(ZkClient.java:527) > > at org.I0Itec.zkclient.ZkClient.retryUntilConnected(ZkClient.java:990) > > ... 13 more > > [2016-07-08 05:43:32,627] INFO shutting down (kafka.server.KafkaServer) > > [2016-07-08 05:43:32,639] INFO shut down completed > > (kafka.server.KafkaServer) > > [2016-07-08 05:43:32,640] FATAL Fatal error during KafkaServerStartable > > startup. Prepare to shutdown (kafka.server.KafkaServerStartable) > > > > > > Why is broker user not able to create the child znodes even though it has > > create permissions. > > Stuck on this since a day. Please help > > > > > > > > > > > > Regards > > Vipul Sharma > >