Hi Luke!
There were no any specific error in Zookeeper log, but I managed to solved the
issue. The problem was related to the fact that I used SASL authentication
between Zookeeper and Kafka and then I switched it to mTLS authentication
without using ZkSecurityMigrator tool.
Thanks!
Best regards,
Evgeny
-----Original Message-----
From: Luke Chen <show...@gmail.com>
Sent: Tuesday, July 5, 2022 5:57 AM
To: Kafka Users <users@kafka.apache.org>
Subject: Re: NoAuth for /brokers/ids
Hi Evgeny
You can check the zookeeper log to see if there are logs about why the error
happened.
Thanks.
Luke
On Tue, Jul 5, 2022 at 1:34 AM Ivanov, Evgeny <evgeny.iva...@vtbcapital.ru>
wrote:
> Hi everyone,
>
> could you please advise how to fix the problem below ?
>
> I'm trying to run Zookeeper with mTLS to authenticate Kafka broker on
> Zookeeper by SSL certificate.
> Both Zookeeper and Kafka broker are located on the same server, so I
> use the same keystore and trustore for them.
>
> Here is the error in Kafka server.log when Kafka starts:
>
> [2022-07-01 19:16:44,157] DEBUG [id: 0x7b9f05b5,
> L:/10.76.196.200:53876 - R:smsk01ap437u/10.76.196.200:2182]
> HANDSHAKEN: protocol:TLSv1.2 cipher
> suite:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
> (io.netty.handler.ssl.SslHandler)
> [2022-07-01 19:16:44,206] INFO Session establishment complete on
> server smsk01ap437u/10.76.196.200:2182, session id =
> 0x100bb14c3bf0000, negotiated timeout = 18000
> (org.apache.zookeeper.ClientCnxn)
> [2022-07-01 19:16:44,210] DEBUG [ZooKeeperClient Kafka server]
> Received
> event: WatchedEvent state:SyncConnected type:None path:null
> (kafka.zookeeper.ZooKeeperClient)
> [2022-07-01 19:16:44,210] INFO [ZooKeeperClient Kafka server] Connected.
> (kafka.zookeeper.ZooKeeperClient)
> [2022-07-01 19:16:44,320] DEBUG Reading reply session id:
> 0x100bb14c3bf0000, packet:: clientPath:/consumers
> serverPath:/consumers finished:false header:: 1,1 replyHeader::
> 1,77309411356,-110 request::
> '/consumers,,v{s{31,s{'world,'anyone}}},0 response::
> (org.apache.zookeeper.ClientCnxn)
> [2022-07-01 19:16:44,346] DEBUG Reading reply session id:
> 0x100bb14c3bf0000, packet:: clientPath:/brokers/ids
> serverPath:/brokers/ids finished:false header:: 2,1 replyHeader::
> 2,77309411357,-102 request::
> '/brokers/ids,,v{s{31,s{'world,'anyone}}},0 response::
> (org.apache.zookeeper.ClientCnxn)
> [2022-07-01 19:16:44,358] ERROR Fatal error during KafkaServer startup.
> Prepare to shutdown (kafka.server.KafkaServer)
> org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode
> = NoAuth for /brokers/ids
> at
> org.apache.zookeeper.KeeperException.create(KeeperException.java:120)
> at
> org.apache.zookeeper.KeeperException.create(KeeperException.java:54)
> at
> kafka.zookeeper.AsyncResponse.maybeThrow(ZooKeeperClient.scala:566)
> at kafka.zk.KafkaZkClient.createRecursive(KafkaZkClient.scala:1729)
> at
> kafka.zk.KafkaZkClient.makeSurePersistentPathExists(KafkaZkClient.scala:1627)
> at
> kafka.zk.KafkaZkClient.$anonfun$createTopLevelPaths$1(KafkaZkClient.scala:1619)
> at
> kafka.zk.KafkaZkClient.$anonfun$createTopLevelPaths$1$adapted(KafkaZkClient.scala:1619)
> at scala.collection.immutable.List.foreach(List.scala:333)
> at
> kafka.zk.KafkaZkClient.createTopLevelPaths(KafkaZkClient.scala:1619)
> at kafka.server.KafkaServer.initZkClient(KafkaServer.scala:492)
> at kafka.server.KafkaServer.startup(KafkaServer.scala:201)
> at kafka.Kafka$.main(Kafka.scala:109)
> at kafka.Kafka.main(Kafka.scala)
> [2022-07-01 19:16:44,359] INFO shutting down
> (kafka.server.KafkaServer)
>
> Here are the configs.
>
> Zoo.cfg:
>
> secureClientPort=2182
> serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
>
> authProvider.x509=org.apache.zookeeper.server.auth.X509AuthenticationP
> rovider
> ssl.keyStore.location=/app/kafka/certs/server/server.keystore.jks
> ssl.keyStore.password=Moscow123
> ssl.trustStore.location=/app/kafka/certs/server/server.truststore.jks
> ssl.trustStore.password=Moscow123
>
> server.properties:
>
> zookeeper.connect=server_hostname:2182
> zookeeper.ssl.client.enable=true
> zookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
> zookeeper.ssl.keystore.location=/app/kafka/certs/server/server.keystor
> e.jks
> zookeeper.ssl.keystore.password=Moscow123
> zookeeper.ssl.truststore.location=kafka/certs/server/server.truststore
> .jks
> zookeeper.ssl.truststore.password=Moscow123
>
> Best regards,
> Evgeny
>
>
> ________________________________
>
> This email message (and any attachments) is confidential and may be
> privileged or otherwise protected from disclosure by applicable law.
> If you are not the intended recipient or have received this in error
> please notify the system manager, postmas...@vtbcapital.ru and remove
> this message and any attachments from your system. Any unauthorized
> dissemination, copying or other use of this message and/or any
> attachments is strictly prohibited and may constitute a breach of civil or
> criminal law.
> JSC VTB Capital may monitor email traffic data and also the content of
> email.
>
________________________________
This email message (and any attachments) is confidential and may be privileged
or otherwise protected from disclosure by applicable law. If you are not the
intended recipient or have received this in error please notify the system
manager, postmas...@vtbcapital.ru and remove this message and any attachments
from your system. Any unauthorized dissemination, copying or other use of this
message and/or any attachments is strictly prohibited and may constitute a
breach of civil or criminal law.
JSC VTB Capital may monitor email traffic data and also the content of email.
