Re: NoAuth for /brokers/ids

Mon, 04 Jul 2022 19:57:37 -0700 

Hi Evgeny

You can check the zookeeper log to see if there are logs about why the
error happened.

Thanks.
Luke

On Tue, Jul 5, 2022 at 1:34 AM Ivanov, Evgeny <evgeny.iva...@vtbcapital.ru>
wrote:

> Hi everyone,
>
> could you please advise how to fix the problem below ?
>
> I'm trying to run Zookeeper with mTLS to authenticate Kafka broker on
> Zookeeper by SSL certificate.
> Both Zookeeper and Kafka broker are located on the same server, so I use
> the same keystore and trustore for them.
>
> Here is the error in Kafka server.log when Kafka starts:
>
> [2022-07-01 19:16:44,157] DEBUG [id: 0x7b9f05b5, L:/10.76.196.200:53876 -
> R:smsk01ap437u/10.76.196.200:2182] HANDSHAKEN: protocol:TLSv1.2 cipher
> suite:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
> (io.netty.handler.ssl.SslHandler)
> [2022-07-01 19:16:44,206] INFO Session establishment complete on server
> smsk01ap437u/10.76.196.200:2182, session id = 0x100bb14c3bf0000,
> negotiated timeout = 18000 (org.apache.zookeeper.ClientCnxn)
> [2022-07-01 19:16:44,210] DEBUG [ZooKeeperClient Kafka server] Received
> event: WatchedEvent state:SyncConnected type:None path:null
> (kafka.zookeeper.ZooKeeperClient)
> [2022-07-01 19:16:44,210] INFO [ZooKeeperClient Kafka server] Connected.
> (kafka.zookeeper.ZooKeeperClient)
> [2022-07-01 19:16:44,320] DEBUG Reading reply session id:
> 0x100bb14c3bf0000, packet:: clientPath:/consumers serverPath:/consumers
> finished:false header:: 1,1  replyHeader:: 1,77309411356,-110  request::
> '/consumers,,v{s{31,s{'world,'anyone}}},0  response::
>  (org.apache.zookeeper.ClientCnxn)
> [2022-07-01 19:16:44,346] DEBUG Reading reply session id:
> 0x100bb14c3bf0000, packet:: clientPath:/brokers/ids serverPath:/brokers/ids
> finished:false header:: 2,1  replyHeader:: 2,77309411357,-102  request::
> '/brokers/ids,,v{s{31,s{'world,'anyone}}},0  response::
>  (org.apache.zookeeper.ClientCnxn)
> [2022-07-01 19:16:44,358] ERROR Fatal error during KafkaServer startup.
> Prepare to shutdown (kafka.server.KafkaServer)
> org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode =
> NoAuth for /brokers/ids
>         at
> org.apache.zookeeper.KeeperException.create(KeeperException.java:120)
>         at
> org.apache.zookeeper.KeeperException.create(KeeperException.java:54)
>         at
> kafka.zookeeper.AsyncResponse.maybeThrow(ZooKeeperClient.scala:566)
>         at kafka.zk.KafkaZkClient.createRecursive(KafkaZkClient.scala:1729)
>         at
> kafka.zk.KafkaZkClient.makeSurePersistentPathExists(KafkaZkClient.scala:1627)
>         at
> kafka.zk.KafkaZkClient.$anonfun$createTopLevelPaths$1(KafkaZkClient.scala:1619)
>         at
> kafka.zk.KafkaZkClient.$anonfun$createTopLevelPaths$1$adapted(KafkaZkClient.scala:1619)
>         at scala.collection.immutable.List.foreach(List.scala:333)
>         at
> kafka.zk.KafkaZkClient.createTopLevelPaths(KafkaZkClient.scala:1619)
>         at kafka.server.KafkaServer.initZkClient(KafkaServer.scala:492)
>         at kafka.server.KafkaServer.startup(KafkaServer.scala:201)
>         at kafka.Kafka$.main(Kafka.scala:109)
>         at kafka.Kafka.main(Kafka.scala)
> [2022-07-01 19:16:44,359] INFO shutting down (kafka.server.KafkaServer)
>
> Here are the configs.
>
> Zoo.cfg:
>
> secureClientPort=2182
> serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
>
> authProvider.x509=org.apache.zookeeper.server.auth.X509AuthenticationProvider
> ssl.keyStore.location=/app/kafka/certs/server/server.keystore.jks
> ssl.keyStore.password=Moscow123
> ssl.trustStore.location=/app/kafka/certs/server/server.truststore.jks
> ssl.trustStore.password=Moscow123
>
> server.properties:
>
> zookeeper.connect=server_hostname:2182
> zookeeper.ssl.client.enable=true
> zookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
> zookeeper.ssl.keystore.location=/app/kafka/certs/server/server.keystore.jks
> zookeeper.ssl.keystore.password=Moscow123
> zookeeper.ssl.truststore.location=kafka/certs/server/server.truststore.jks
> zookeeper.ssl.truststore.password=Moscow123
>
> Best regards,
> Evgeny
>
>
> ________________________________
>
> This email message (and any attachments) is confidential and may be
> privileged or otherwise protected from disclosure by applicable law. If you
> are not the intended recipient or have received this in error please notify
> the system manager, postmas...@vtbcapital.ru and remove this message and
> any attachments from your system. Any unauthorized dissemination, copying
> or other use of this message and/or any attachments is strictly prohibited
> and may constitute a breach of civil or criminal law.
> JSC VTB Capital may monitor email traffic data and also the content of
> email.
>

Reply via email to