Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kafka with SASL_PLAINTEXT authentication #401

Closed
JorgeLeonelMatos opened this issue Sep 19, 2018 · 4 comments
Closed

Kafka with SASL_PLAINTEXT authentication #401

JorgeLeonelMatos opened this issue Sep 19, 2018 · 4 comments

Comments

@JorgeLeonelMatos
Copy link

JorgeLeonelMatos commented Sep 19, 2018
edited

I'm using the following docker-compose configuration:

  app-zookeeper:
    image: wurstmeister/zookeeper
    container_name: app-zookeeper
    ports:
      - 2181:2181

  app-kafka:
    build: ../images/kafka
    container_name: app-kafka
    ports:
      - 9092:9092
    environment:
      KAFKA_ADVERTISED_HOST_NAME: ${DOCKER_LOCAL_HOST}
      KAFKA_ADVERTISED_PORT: 9092
      KAFKA_ADVERTISED_LISTENERS: SASL_PLAINTEXT://:9092
      KAFKA_LISTENERS: SASL_PLAINTEXT://:9092
      KAFKA_ZOOKEEPER_CONNECT: app-zookeepr:2181
      KAFKA_DELETE_TOPIC_ENBALE: "true"
      KAFKA_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512
      KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: SCRAM-SHA-512
      KAFKA_SECURITY_INTER_BROKER_PROTOCOL: SASL_PLAINTEXT
      CUSTOM_INIT_SCRIPT: "export KAFKA_OPTS=-Djava.security.auth.login.config=/opt/kafka/config/kafka_server_jaas.conf"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

File kafka_server_jaas.conf:

KafkaServer {
  org.apache.kafka.common.security.scram.ScramLoginModule required
  username="admin"
  password="admin123";
};

On images/kafka I have a DockerFile:

FROM wurstmeister/kafka

# Authentication
COPY kafka_server_jaas.conf /opt/kafka/config/

# Define env vars for authentication
ENV CUSTOM_INIT_SCRIPT="export KAFKA_OPTS=-Djava.security.auth.login.config=/opt/kafka/config/kafka_server_jaas.conf"
ENV KAFKA_OPTS="-Djava.security.auth.login.config=/opt/kafka/config/kafka_server_jaas.conf"

# create user
RUN kafka-configs.sh --zookeeper <DOCKER_LOCAL_HOST>:2181 --alter --add-config='SCRAM-SHA-512=[password="admin123"]' --entity-type users --entity-name admin

# List users
RUN kafka-configs.sh --zookeeper <DOCKER_LOCAL_HOST>:2181 --describe --entity-type users

Then I start the zookeeper container and kafka containers:

On kafka container I got this error, and I am not able to connect.

ERROR [Controller id=1001, targetBrokerId=1001] Connection to node 1001 failed authentication due to: Authentication failed due to invalid credentials with SASL mechanism SCRAM-SHA-512 (org.apache.kafka.clients.NetworkClient)

on the kafka container:
I have the env var KAFKA_OPTS defined
KAFKA_OPTS=-Djava.security.auth.login.config=/opt/kafka/config/kafka_server_jaas.conf

Any clue?
@sscaling
Copy link
Collaborator

A few notes - no specific answer - but may be of some help:

  1. You should be able to specify KAFKA_OPTS like any other environment var - this was fixed (https://github.com/wurstmeister/kafka-docker/blob/master/start-kafka.sh#L121)
  2. I'm not sure your Dockerfile will work. You appear to be trying to execute a run-time command at build time (see https://docs.docker.com/engine/reference/builder/#run). At the point you invoke the Dockerfile RUN commands, neither zookeeper or the broker is running.

@sscaling
Copy link
Collaborator

Closing due to staleness, no response from OP

@elioncho
Copy link

elioncho commented May 3, 2019

Is there an example with sasl authentication anywhere?

@danielmotaleite
Copy link

https://github.com/wurstmeister/kafka-docker/wiki/SASL-config-example

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@elioncho @sscaling @danielmotaleite @JorgeLeonelMatos