[
https://issues.apache.org/jira/browse/KAFKA-9486?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kuttaiah updated KAFKA-9486:
----------------------------
Description:
My use case is to setup different protocol for inter-broker communication and
producer/consumer to broker communication.
Hence I have below broker configuration
{quote}{{"zookeeper.sasl.enabled": false}}
{{ # Disable hostname verification, default is https.
"ssl.endpoint.identification.algorithm":
"inter.broker.listener.name": PLAINTEXT
"listener.name.external.sasl.enabled.mechanisms": OAUTHBEARER
"listener.name.external.oauthbearer.sasl.login.callback.handler.class":
oracle.insight.common.kafka.security.OAuthBearerSignedLoginCallbackHandler
"listener.name.external.oauthbearer.sasl.server.callback.handler.class":
oracle.insight.common.kafka.security.OAuthBearerSignedValidatorCallbackHandler
"listener.security.protocol.map": PLAINTEXT:PLAINTEXT,EXTERNAL:SASL_PLAINTEXT
"listener.name.external.oauthbearer.sasl.jaas.config":
org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required
signedLoginStringClaim_ocid=insightAdmin
signedLoginKeyServiceClass=oracle.insight.common.security.SMSKeyService
signedValidatorKeyServiceClass=oracle.insight.common.security.SMSKeyService;
"advertised.listeners":
EXTERNAL://kafka-$((${KAFKA_BROKER_ID})).mydomain:$((${KAFKA_OUTSIDE_PORT} +
${KAFKA_BROKER_ID}))}}
{{}}
{quote}
With this i always get
{quote}{{[2020-01-30 17:23:55,228] INFO [SocketServer brokerId=0] Failed
authentication with /10.244.0.1 (Unexpected Kafka request of type METADATA
during SASL handshake.) (org.apache.kafka.common.network.Selector)
[2020-01-30 17:23:55,633] INFO [SocketServer brokerId=0] Failed authentication
with /10.244.0.1 (Unexpected Kafka request of type METADATA during SASL
handshake.) (org.apache.kafka.common.network.Selector)
[2020-01-30 17:23:55,989] INFO [SocketServer brokerId=0] Failed authentication
with /10.244.0.1 (Unexpected Kafka request of type METADATA during SASL
handshake.) (org.apache.kafka.common.network.Selector)}}
{quote}
{{}}
>From the logs it looks like inter-broker communication is happening via SASL
>even though I set it to PLAIN_TEXT
{quote}{{"inter.broker.listener.name": PLAINTEXT}}
{{}}
{quote}
{{Please guide me on what exactly is missing. This is critical for our release
which is happening shortly.}}
{{}}
{{thanks}}
{{Robin Kuttaiah}}
was:
My use case is to setup different protocol for inter-broker communication and
producer/consumer to broker communication.
Hence I have below configuration
{quote}{{"zookeeper.sasl.enabled": false}}
{{ # Disable hostname verification, default is https.
"ssl.endpoint.identification.algorithm":
"inter.broker.listener.name": PLAINTEXT
"listener.name.external.sasl.enabled.mechanisms": OAUTHBEARER
"listener.name.external.oauthbearer.sasl.login.callback.handler.class":
oracle.insight.common.kafka.security.OAuthBearerSignedLoginCallbackHandler
"listener.name.external.oauthbearer.sasl.server.callback.handler.class":
oracle.insight.common.kafka.security.OAuthBearerSignedValidatorCallbackHandler
"listener.security.protocol.map": PLAINTEXT:PLAINTEXT,EXTERNAL:SASL_PLAINTEXT
"listener.name.external.oauthbearer.sasl.jaas.config":
org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required
signedLoginStringClaim_ocid=insightAdmin
signedLoginKeyServiceClass=oracle.insight.common.security.SMSKeyService
signedValidatorKeyServiceClass=oracle.insight.common.security.SMSKeyService;
"advertised.listeners":
EXTERNAL://kafka-$((${KAFKA_BROKER_ID})).mydomain:$((${KAFKA_OUTSIDE_PORT} +
${KAFKA_BROKER_ID}))}}
{{}}
{quote}
With this i always get
{quote}{{[2020-01-30 17:23:55,228] INFO [SocketServer brokerId=0] Failed
authentication with /10.244.0.1 (Unexpected Kafka request of type METADATA
during SASL handshake.) (org.apache.kafka.common.network.Selector)
[2020-01-30 17:23:55,633] INFO [SocketServer brokerId=0] Failed authentication
with /10.244.0.1 (Unexpected Kafka request of type METADATA during SASL
handshake.) (org.apache.kafka.common.network.Selector)
[2020-01-30 17:23:55,989] INFO [SocketServer brokerId=0] Failed authentication
with /10.244.0.1 (Unexpected Kafka request of type METADATA during SASL
handshake.) (org.apache.kafka.common.network.Selector)}}
{quote}
{{}}
>From the logs it looks like inter-broker communication is happening via SASL
>even though I set it to PLAIN_TEXT
{quote}{{"inter.broker.listener.name": PLAINTEXT}}
{{}}
{quote}
{{Please guide me on what exactly is missing. This is critical for our release
which is happening shortly.}}
{{}}
{{thanks}}
{{Robin Kuttaiah}}
> Kafka Security
> --------------
>
> Key: KAFKA-9486
> URL: https://issues.apache.org/jira/browse/KAFKA-9486
> Project: Kafka
> Issue Type: Bug
> Components: security
> Reporter: Kuttaiah
> Priority: Critical
>
> My use case is to setup different protocol for inter-broker communication and
> producer/consumer to broker communication.
>
> Hence I have below broker configuration
>
> {quote}{{"zookeeper.sasl.enabled": false}}
> {{ # Disable hostname verification, default is https.
> "ssl.endpoint.identification.algorithm":
> "inter.broker.listener.name": PLAINTEXT
> "listener.name.external.sasl.enabled.mechanisms": OAUTHBEARER
> "listener.name.external.oauthbearer.sasl.login.callback.handler.class":
> oracle.insight.common.kafka.security.OAuthBearerSignedLoginCallbackHandler
> "listener.name.external.oauthbearer.sasl.server.callback.handler.class":
> oracle.insight.common.kafka.security.OAuthBearerSignedValidatorCallbackHandler
> "listener.security.protocol.map": PLAINTEXT:PLAINTEXT,EXTERNAL:SASL_PLAINTEXT
> "listener.name.external.oauthbearer.sasl.jaas.config":
> org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required
> signedLoginStringClaim_ocid=insightAdmin
> signedLoginKeyServiceClass=oracle.insight.common.security.SMSKeyService
> signedValidatorKeyServiceClass=oracle.insight.common.security.SMSKeyService;
> "advertised.listeners":
> EXTERNAL://kafka-$((${KAFKA_BROKER_ID})).mydomain:$((${KAFKA_OUTSIDE_PORT} +
> ${KAFKA_BROKER_ID}))}}
> {{}}
> {quote}
> With this i always get
>
> {quote}{{[2020-01-30 17:23:55,228] INFO [SocketServer brokerId=0] Failed
> authentication with /10.244.0.1 (Unexpected Kafka request of type METADATA
> during SASL handshake.) (org.apache.kafka.common.network.Selector)
> [2020-01-30 17:23:55,633] INFO [SocketServer brokerId=0] Failed
> authentication with /10.244.0.1 (Unexpected Kafka request of type METADATA
> during SASL handshake.) (org.apache.kafka.common.network.Selector)
> [2020-01-30 17:23:55,989] INFO [SocketServer brokerId=0] Failed
> authentication with /10.244.0.1 (Unexpected Kafka request of type METADATA
> during SASL handshake.) (org.apache.kafka.common.network.Selector)}}
> {quote}
> {{}}
> From the logs it looks like inter-broker communication is happening via SASL
> even though I set it to PLAIN_TEXT
> {quote}{{"inter.broker.listener.name": PLAINTEXT}}
> {{}}
> {quote}
> {{Please guide me on what exactly is missing. This is critical for our
> release which is happening shortly.}}
> {{}}
> {{thanks}}
> {{Robin Kuttaiah}}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
