Skip to content
This repository has been archived by the owner on Aug 29, 2023. It is now read-only.

Does Kafka-utils support SASL #209

Open
cocotier opened this issue Jan 5, 2019 · 5 comments
Open

Does Kafka-utils support SASL #209

cocotier opened this issue Jan 5, 2019 · 5 comments

Comments

@cocotier
Copy link

cocotier commented Jan 5, 2019

Does Kafka-utils support SASL with Kafka Client properties?
@djoul2706
Copy link

Hi, I'm also interested by that subject. Found any solution yet ?

@iMajna
Copy link

iMajna commented Aug 13, 2019

@cocotier @djoul2706 are you referring to Kafka protocol or?
I managed to run kafka-utils processes under SASL_PLAINTEXT since if you dig into a code a bit kafka-utils is almost pure reading of Zookeepers znodes (which are already recommended to be in world:r mode) and using http and ssh

@tmendenhall
Copy link

@iMajna How did you change the configuration settings to allow for a SASL connection? I am interested in allowing for that type of connection.

@iMajna
Copy link

iMajna commented Sep 23, 2019
edited
Loading

@tmendenhall
Just to clarify, kafka_utils in my case didn't behave like client which authenticated to Kafka cluster I think that is not intention atm.

My cluster sample looks the same as for Kafka cluster which supports only PLAINTEXT protocol. So no changes are needed in sample_config.yml!

Important thing to know it that Kafka clusters which are Kerberized by default are putting host to null, thats a known issue. Like this:
If we try to get the information for kafka broker znode after enabling kerberos, it shows as below:

get /brokers/ids/1002 {"jmx_port":-1,"timestamp":"1312312312","endpoints":["PLAINTEXTSASL://xxxx.domain.com:9092"],"host":null,"version":2,"port":-1}

Thats the reason why you can't read any hosts while trying to execute rolling_restart for example.kafka_utilsis reading host and since it is null you get null as feedback.

The only way to handle this is to manually change it. **Be aware that after each restart of broker host var in zookeeper is changed to default null again **

The default ‘host’ and ‘port’ here in Zookeeper are used to maintain backward compatibility for older Kafka clients, but only PLAINTEXT protocol is supported as default.
If the broker does not listen on PLAINTEXT protocol, for example PLAINTEXTSASL after kerberizing, an empty endpoint (that is, "host":null,"port”:-1) will be registered and older clients will break.

Changing host property in Zookeeper:
[zk: localhost:2181(CONNECTED) 2] set /brokers/ids/1001 {"jmx_port":-1,"timestamp":"1312312312","endpoints":["PLAINTEXTSASL://txxxx.domain.com:9092"],"host":"txxxx.domain.com","version":3,"port":9092}

Hope you find this helpful. :)

@jeffwidman
Copy link

The underlying kafka-python lib supports some SASL setups...

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jeffwidman @tmendenhall @cocotier @iMajna @djoul2706