Version:
Logstash 6.4.1
Operating System:
Ubuntu 16.04
Hi,
Im having issue with configuring logstash to subscribe to a kafka topic over SASL SSL.
From what it looks like Kafka fails to read the kafka client configuration specified in the provided jaas_path. From logstash log:
Unable to create Kafka consumer from given configuration
{:kafka_error_message=>org.apache.kafka.common.KafkaException: Failed to construct kafka consumer, :cause=>java.lang.IllegalArgumentException: Could not find a 'KafkaClient' entry in the JAAS configuration. System property 'java.security.auth.login.config' is /etc/logstash/kafka_sasl_jaas.java}
kafka_sasl_jaas.java file looks like:
KafkaClient {
org.apache.kafka.common.security.plain.PlainLoginModule required
serviceName="someName"
username="someName2"
password="somePassword";
};
Kafka consumer configuration (from logstash logs):
ConsumerConfig values:
auto.commit.interval.ms = 5000
auto.offset.reset = latest
bootstrap.servers = [someIP:somePort]
check.crcs = true
client.id = logstash-0
connections.max.idle.ms = 540000
enable.auto.commit = true
exclude.internal.topics = true
fetch.max.bytes = 52428800
fetch.max.wait.ms = 500
fetch.min.bytes = 1
group.id = someGroup
heartbeat.interval.ms = 3000
interceptor.classes =
internal.leave.group.on.close = true
isolation.level = read_uncommitted
key.deserializer = class org.apache.kafka.common.serialization.StringDeserializer
max.partition.fetch.bytes = 1048576
max.poll.interval.ms = 300000
max.poll.records = 500
metadata.max.age.ms = 300000
metric.reporters =
metrics.num.samples = 2
metrics.recording.level = INFO
metrics.sample.window.ms = 30000
partition.assignment.strategy = [class org.apache.kafka.clients.consumer.RangeAssignor]
receive.buffer.bytes = 65536
reconnect.backoff.max.ms = 1000
reconnect.backoff.ms = 50
request.timeout.ms = 305000
retry.backoff.ms = 100
sasl.jaas.config = null
sasl.kerberos.kinit.cmd = /usr/bin/kinit
sasl.kerberos.min.time.before.relogin = 60000
sasl.kerberos.service.name = someName
sasl.kerberos.ticket.renew.jitter = 0.05
sasl.kerberos.ticket.renew.window.factor = 0.8
sasl.mechanism = PLAIN
security.protocol = SASL_SSL
send.buffer.bytes = 131072
session.timeout.ms = 10000
ssl.cipher.suites = null
ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1]
ssl.endpoint.identification.algorithm = null
ssl.key.password = null
ssl.keymanager.algorithm = SunX509
ssl.keystore.location = null
ssl.keystore.password = null
ssl.keystore.type = JKS
ssl.protocol = TLS
ssl.provider = null
ssl.secure.random.implementation = null
ssl.trustmanager.algorithm = PKIX
ssl.truststore.location = /etc/logstash/kafka.truststore.pkcs12
ssl.truststore.password = null
ssl.truststore.type = pkcs12
value.deserializer = class org.apache.kafka.common.serialization.StringDeserializer
Logstash kafka input config:
input {
kafka {
bootstrap_servers => "someIP:somePort"
topics => ["someTopic"]
decorate_events => true
group_id => "someGroup"
codec => someCodec
security_protocol => "SASL_SSL"
sasl_mechanism => "PLAIN"
jaas_path => "/etc/logstash/kafka_sasl_jaas.java"
sasl_kerberos_service_name => "kafka"
ssl_truststore_location => "/etc/logstash/kafka.truststore.pkcs12"
ssl_truststore_type => "pkcs12"
}
}
I have tried different access right and ownership (root and logstash) for the kafka.sasl.jaas.conf without success.
Really glad if someone can help me identify what is going wrong here:-)!