On 3/11/23 16:45, Richard Bosch wrote:
I haven't worked with KRaft controllers in SASL mode yet, but could I think
that the early.start.listeners might help here. (
https://kafka.apache.org/documentation/#brokerconfigs_early.start.listeners)
It was meant to indicate that these listeners are depending on data in the
cluster itself for bootstrapping.
Can you test specifying the controller in that setting?
early.start.listeners=CONTROLLER
I would guess that it would make no sense, because the SCRAM
authentication actually depends of the cluster metadata log, and the
documentation says specifically "A listener should not appear in this
list if it accepts external traffic". In fact, this socket should use
ACLs, for your own good. So, that "early.start.listeners" would solve
our issue would be quite puzzling.
That said, I have tried it anyway, just in case. The error in the log:
org.apache.kafka.common.errors.SaslAuthenticationException:
Authentication failed during authentication due to invalid credentials
with SASL mechanism SCRAM-SHA-256
No luck.
This actually seems like a bug in Kafka 3.6.0.
Anybody out there has a SCRAM working configuration between the
controllers, using KRAFT mode?
Thanks for the suggestion.
--
Jesús Cea Avión _/_/ _/_/_/ _/_/_/
j...@jcea.es - https://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/
Twitter: @jcea _/_/ _/_/ _/_/_/_/_/
jabber / xmpp:j...@jabber.org _/_/ _/_/ _/_/ _/_/ _/_/
"Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
"My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz