Impossible to secure Kafka and SSL

Wed, 17 Nov 2021 07:38:42 -0800 

Hi guys,



It seems the secure operation of a Kafka broker is very simple..but no for
me: it is very hard.

I hope in your help to solve my problem.



I want to show the steps to reproduce my error:

I generate CA and certificates and I store in a dir: /home/kafka/ssl.



I download and untar the file kafka_2.13-3.0.0.tgz, I moved and renamed this
directory in my home: /home/kafka/kafka2_13_3.

The clean kafka installation works.

To secure Kafka and use SSL protocol for communication broker-client (I have
only 1 broker on a remote Ubuntu server) I modify the config file
server.properties: I add this rows:



listeners=PLAINTEXT://localhost:9092,SSL://localhost:9093,SASL_SSL://localho
st:9094



ssl.keystore.location=/home/kafka/ssl/kafka.server.keystore.jks

ssl.keystore.password=mypwd

ssl.key.password=mypwd

ssl.truststore.location=/home/kafka/ssl/kafka.server.truststore.jks

ssl.truststore.password=mypwd



advertised.listeners=PLAINTEXT://localhost:9092,SSL://localhost:9093,SASL_SS
L://localhost:9094

zookeeper.connect=localhost:2181



#security.inter.broker.protocol=SSL

#ssl.client.auth=required

sasl.enabled.mechanisms=PLAIN



When I try to restart Kafka I receive this error:



[2021-11-17 14:45:30,961] ERROR [KafkaServer id=0] Fatal error during
KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)

java.lang.IllegalArgumentException: Could not find a 'KafkaServer' or
'sasl_ssl.KafkaServer' entry in the JAAS configuration. System property
'java.security.auth.login.config' is not set



According some tutorial I have read, there is any error of this type and at
this step jaas file it is not need.

So I create in the config dir the file kafka_server_jaas.conf with this
content:



KafkaServer {

   org.apache.kafka.common.security.plain.PlainLoginModule required

   username="kafkabroker"

   password="mypwd"

   user_kafkabroker="kafkabroker-secret"

   user_client="client";

};

Client {

   org.apache.zookeeper.server.auth.DigestLoginModule required

   username="giuseppe"

   password="mypwd";

};



I exported the KAFKA_OPTS and restart kafka:



export
KAFKA_OPTS="-Djava.security.auth.login.config=/home/kafka/kafka2_13_3config/
kafka_server_jaas.conf"

sudo bin/kafka-server-start.sh etc/kafka/server.properties



but any solution.

Can someone help me in configure Kafka in secure manner??

Any help is very appreciated.

Thanks.

Giuseppe.









--
Questa email รจ stata esaminata alla ricerca di virus da AVG.
http://www.avg.com

Reply via email to