Kafka version: 2.3.0 Zookeeper version: 3.5.5 Hi!
I'm trying to keep all communication secure in my test cluster, but somehow I'm unable to get Kafka->Zookeeper connection using SSL. If I don't open the "clientPort" next to "secureClientPort" I get: Zookeeper: WARN > [epollEventLoopGroup-7-4:NettyServerCnxnFactory$CnxnChannelHandler@138] > - Exception caught > io.netty.handler.codec.DecoderException: > io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: Kafka: INFO Client will use DIGEST-MD5 as SASL mechanism. > (org.apache.zookeeper.client.ZooKeeperSaslClient) > INFO Opening socket connection to server FQDN/XX.XXX.XX.XX:2000. Will > attempt to SASL-authenticate using Login Context section 'Client' > (org.apache.zookeeper.ClientCnxn) > INFO Socket connection established to FQDN/XX.XXX.XX.XX:2000, initiating > session (org.apache.zookeeper.ClientCnxn) > INFO Unable to read additional data from server sessionid 0x0, likely > server has closed socket, closing socket connection and attempting > reconnect (org.apache.zookeeper.ClientCnxn) By checking network packets I see that if I use "clientPort" plain text data is forwarded. Related server.properties settings: *inter.broker.listener.name:INTERNALlisteners=INTERNAL://FQDN:5555,EXTERNAL://FQDN:5556advertised.listeners=INTERNAL://FQDN:5555,EXTERNAL://FQDN:5556listener.security.protocol.map=INTERNAL:SASL_SSL,EXTERNAL:SASL_SSLadvertised.host.name <http://advertised.host.name>=FQDNsecurity.protocol=SSLssl.client.auth=requiredssl.truststore.location=/truststore.jksssl.truststore.password=PASSWORDssl.keystore.location=/kafka.jksssl.keystore.password=PASSWORDsasl.enabled.mechanisms=PLAINsasl.mechanism.inter.broker.protocol=PLAIN* What am I doing wrong? Thank you! Peter
