Hi,
I'm trying to setup logstash agent with Kafka output that has Kerberos based authentication and uses SASL_SSL mechanism. Logstash agent works fine when started but fails to renew Kerberos ticket.
I've configured the jaas with following properties
KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="service.keytab"
storeKey=true
useTicketCache=true
serviceName="kafka"
principal="<principal>";
};
logstash config:
input {
file {
path => ["test"]
}
}
output {
kafka {
topic_id => "<topic>"
bootstrap_servers => "<broker>"
compression_type => "snappy"
jaas_path => "jaas.conf"
kerberos_config => "/etc/krb5.conf"
sasl_kerberos_service_name => "kafka"
security_protocol => "SASL_SSL"
client_id => "client"
ssl_truststore_location => "truststore.jks"
ssl_truststore_password => "<password>"
}
}
Java version:
openjdk version "11.0.8" 2020-07-14
OpenJDK Runtime Environment (build 11.0.8+10-post-Ubuntu-0ubuntu118.04.1)
OpenJDK 64-Bit Server VM (build 11.0.8+10-post-Ubuntu-0ubuntu118.04.1, mixed mode, sharing)
logstash version: 7.9.2
How can I make sure that logstash is renewing the ticket before it is expired?