Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nri-kafka does not support SASL_PLAINTEXT security protocol #58

Closed
1 of 7 tasks
mafitconsulting opened this issue Jul 22, 2019 · 8 comments
Closed
1 of 7 tasks

nri-kafka does not support SASL_PLAINTEXT security protocol #58

mafitconsulting opened this issue Jul 22, 2019 · 8 comments
Assignees
@camdencheek

Comments

@mafitconsulting
Copy link

Description of the problem

It appears as though the nri-kafka integration does not support sasl-plaintext. See F/R below
https://discuss.newrelic.com/t/feature-idea-nri-kafka-sasl-plaintext-support/63261

Error when trying to get broker information
level=error msg="executing data source" data prefix=config/kafka error="exit status 1" plugin name=kafka-consumer-offsets stderr="2019/07/22 10:32:38 Connected to 100.98.200.70:2181\n2019/07/22 10:32:38 Authenticated: id=102416806283784402, timeout=4000\n2019/07/22 10:32:38 Re-submitting0credentials after reconnect\n[WARN] Unable to get connection information for broker with ID '1'. Will not collect offset data for consumer groups on this broker.\n[WARN] Unable to get connection information for broker with ID '2'. Will not collect offset data for consumer groups on this broker.\n[WARN] Unable to get connection information for broker with ID '3'. Will not collect offset data for consumer groups on this broker.\n[ERR] Failed collecting consumer offset data: kafka: invalid configuration (You must provide at least one broker address)\n"

OS
  • All of them
  • Amazon Linux, all versions
  • CentOS, version 6 or higher
  • Debian, version 7 ("Wheezy") or higher
  • Red Hat Enterprise Linux (RHEL), version 6 or higher
  • Ubuntu, versions 12.04, 14.04, and 16.04 (LTS versions)
  • Windows Server, 2008 and 2012 and their service packs
@camdencheek
Copy link
Contributor

@mafitconsulting Sorry for the slow response on this. I've got this on my list to look into in the next week or so

@camdencheek
Copy link
Contributor

Update on this: currently blocked by a couple of issues upstream.

IBM/sarama#1526
IBM/sarama#1519

@camdencheek camdencheek self-assigned this Nov 11, 2019
@RagingPuppies
Copy link

why is the use of "HasPrefix" ? as i understand it will only look for the start of a string, using SASL_SSL or SASL_PLAINTEXT will make it fail...

line 220 of src/zookeeper/connection.go
if strings.HasPrefix(urlString, "SSL") || (hasProtocol && strings.HasPrefix(urlStringProtocol, "SSL")) {

@martelskiy
Copy link

Any updates on this?

@camdencheek
Copy link
Contributor

We've refactored the codebase so it doesn't have the confusing HasPrefix stuff. However, it's still blocked on those sarama issues.

@dylanmei
Copy link
Contributor

It's unclear what those Kerberos issues have to do with supporting SASL mechanisms PLAIN and SCRAM. Sarama has examples: https://github.com/Shopify/sarama/tree/master/examples/sasl_scram_client

@camdencheek
Copy link
Contributor

@dylanmei -- you're right. For some reason I got it in my head that the feature being requested here was specifically for the GSSAPI method. I'll add it to my backlog, but in the mean time, would be happy to review any PRs to add non-GSSAPI SASL auth

@dylanmei dylanmei mentioned this issue Apr 11, 2020
Merged
11 tasks
@camdencheek
Copy link
Contributor

Fixed in #82

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@camdencheek camdencheek

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@dylanmei @camdencheek @mafitconsulting @RagingPuppies @martelskiy