We should pass necessary ssl configs using --command-config  command-line
option.

>>security.protocol=SSL
>>ssl.truststore.location=/var/private/ssl/client.truststore.jks
>>ssl.truststore.password=test1234

http://kafka.apache.org/documentation.html#security_configclients

On Mon, Jul 31, 2017 at 1:22 PM, Gabriel Machado <gmachado....@gmail.com>
wrote:

> Thank you for your help Vahid.
>
> I use kafka_2.11-0.10.0.1 with ssl.
> kafka-consumer-groups.sh script fails with a java heap space out of memory.
> Am i doing something wrong ?
>
> #bin/kafka-consumer-groups.sh --new-consumer --bootstrap-server
> myserver:9092 --list
> Error while executing consumer group command Java heap space
> java.lang.OutOfMemoryError: Java heap space
>     at java.nio.HeapByteBuffer.<init>(HeapByteBuffer.java:57)
>     at java.nio.ByteBuffer.allocate(ByteBuffer.java:335)
>     at org.apache.kafka.common.network.NetworkReceive.
> readFromReadableChannel(NetworkReceive.java:93)
>     at org.apache.kafka.common.network.NetworkReceive.
> readFrom(NetworkReceive.java:71)
>     at org.apache.kafka.common.network.KafkaChannel.receive(
> KafkaChannel.java:154)
>     at org.apache.kafka.common.network.KafkaChannel.read(
> KafkaChannel.java:135)
>     at org.apache.kafka.common.network.Selector.
> pollSelectionKeys(Selector.
> java:323)
>     at org.apache.kafka.common.network.Selector.poll(Selector.java:283)
>     at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:260)
>     at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.
> clientPoll(ConsumerNetworkClient.java:360)
>     at org.apache.kafka.clients.consumer.internals.
> ConsumerNetworkClient.poll(ConsumerNetworkClient.java:224)
>     at org.apache.kafka.clients.consumer.internals.
> ConsumerNetworkClient.poll(ConsumerNetworkClient.java:192)
>     at org.apache.kafka.clients.consumer.internals.
> ConsumerNetworkClient.poll(ConsumerNetworkClient.java:163)
>     at kafka.admin.AdminClient.kafka$admin$AdminClient$$send(
> AdminClient.scala:49)
>     at kafka.admin.AdminClient$$anonfun$sendAnyNode$1.apply(
> AdminClient.scala:61)
>     at kafka.admin.AdminClient$$anonfun$sendAnyNode$1.apply(
> AdminClient.scala:58)
>     at scala.collection.immutable.List.foreach(List.scala:381)
>     at kafka.admin.AdminClient.sendAnyNode(AdminClient.scala:58)
>     at kafka.admin.AdminClient.findAllBrokers(AdminClient.scala:87)
>     at kafka.admin.AdminClient.listAllGroups(AdminClient.scala:96)
>     at kafka.admin.AdminClient.listAllGroupsFlattened(
> AdminClient.scala:117)
>     at kafka.admin.AdminClient.listAllConsumerGroupsFlattened
> (AdminClient.scala:121)
>     at kafka.admin.ConsumerGroupCommand$KafkaConsumerGroupService.
> list(ConsumerGroupCommand.scala:311)
>     at kafka.admin.ConsumerGroupCommand$.main(
> ConsumerGroupCommand.scala:63)
>     at kafka.admin.ConsumerGroupCommand.main(ConsumerGroupCommand.scala)
>
> Gabriel.
>
> 2017-07-28 18:28 GMT+02:00 Vahid S Hashemian <vahidhashem...@us.ibm.com>:
>
> > Hi Gabriel,
> >
> > I have yet to experiment with enabling SSL for Kafka.
> > However, there are some good documents out there that seem to cover it.
> > Examples:
> > *
> > https://www.confluent.io/blog/apache-kafka-security-
> > authorization-authentication-encryption/
> > *
> > http://coheigea.blogspot.com/2016/09/securing-apache-kafka-
> > broker-part-i.html
> >
> > Is there anything specific about the SSL and consumer groups that you are
> > having issues with?
> >
> > Thanks.
> > --Vahid
> >
> >
> >
> >
> > From:   Gabriel Machado <gmachado....@gmail.com>
> > To:     users@kafka.apache.org
> > Date:   07/28/2017 08:40 AM
> > Subject:        Re: kafka-consumer-groups tool with SASL_PLAINTEXT
> >
> >
> >
> > Hi Vahid,
> >
> > Do you know how to use consumer-group tool with ssl only (without sasl) ?
> >
> > Gabriel.
> >
> >
> > Le 24 juil. 2017 11:15 PM, "Vahid S Hashemian" <
> vahidhashem...@us.ibm.com>
> > a écrit :
> >
> > Hi Meghana,
> >
> > I did some experiments with SASL_PLAINTEXT and documented the results
> > here:
> > https://developer.ibm.com/opentech/2017/05/31/kafka-acls-in-practice/
> > I think it covers what you'd like to achieve. If not, please advise.
> >
> > Thanks.
> > --Vahid
> >
> >
> >
> >
> > From:   Meghana Narasimhan <mnarasim...@bandwidth.com>
> > To:     users@kafka.apache.org
> > Date:   07/24/2017 01:56 PM
> > Subject:        kafka-consumer-groups tool with SASL_PLAINTEXT
> >
> >
> >
> > Hi,
> > What is the correct way to use the kafka-consumer-groups tool with
> > SASL_PLAINTEXT security enabled ?
> >
> > The tool seems to work fine with PLAINTEXT port but not with
> > SASL_PLAINTEXT. Can it be configured to work with SASL_PLAINTEXT ? If so
> > what permissions have to enabled for it ?
> >
> > Thanks,
> > Meghana
> >
> >
> >
> >
> >
>

Reply via email to