CODEWITHSUNDEEP
apache-kafkakafka-producer-apiapache-kafka-security
James Liu
James Liu

Reputation: 206

No serviceName defined in either JAAS or Kafka config (not Kerberos)

I'm trying to configure a kafka client to authenticate against a secure kafkaserver. I've set up the jaas and ssl configs, but it's complaining about serviceNames.

I am not using Kerberos.

command

KAFKA_OPTS="-Djava.security.auth.login.config=./jaas.conf" \ 
kafka-console-producer --broker-list k0:9092,k1:9092,k2:9092 \
   --topic test-topic 
   --producer.config ./ssl.properties

error

org.apache.kafka.common.KafkaException: Failed to construct kafka producer
    at org.apache.kafka.clients.producer.KafkaProducer.<init>
    [ ... ] 
Caused by: java.lang.IllegalArgumentException: No serviceName defined in either JAAS or Kafka config

jaas.conf

KafkaServer {
    org.apache.kafka.common.security.plain.PlainLoginModule required
    serviceName="kafka"
    password="broker-secret"
    user_broker="broker-secret"
    sasl.enabled.mechanisms=PLAIN
    sasl.mechanism.inter.broker.protocol=PLAIN
    confluent.metrics.reporter.sasl.mechanism=PLAIN
    user_username1="password1";
};

ssl.properties

bootstrap.servers=k0:9092,k1:9092,k2:9092
security.protocol=SASL_PLAINTEXT
ssl.truststore.location=/var/ssl/private/client.truststore.jks
ssl.truststore.password=confluent
ssl.keystore.location=/var/ssl/private/client.keystore.jks
ssl.keystore.password=confluent
ssl.key.password=confluent


producer.bootstrap.servers=k0:9092,1:9092,k2:9092
producer.security.protocol=SASL_PLAINTEXT
producer.ssl.truststore.location=/var/private/ssl/kafka.client.truststore.jks
producer.ssl.truststore.location=/var/ssl/private/client.truststore.jks
producer.ssl.truststore.password=confluent
producer.ssl.keystore.location=/var/ssl/private/client.keystore.jks
producer.ssl.keystore.password=confluent
producer.ssl.key.password=confluent

org.apache.kafka.common.security.plain.PlainLoginModule required
password="broker-secret"
user_broker="broker-secret"
sasl.enabled.mechanisms=PLAIN
sasl.mechanism.inter.broker.protocol=PLAIN
confluent.metrics.reporter.sasl.mechanism=PLAIN
user_username1="password";
serviceName="Kafka"

Upvotes: 13

Views: 33383

Answers (2)

Akta Kalariya
Akta Kalariya

Reputation: 101

I was getting this error and tried both options but did not worked. After searching all documents finally found that we have to give credentials like this

If you are directly adding this into properties file then use this

sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
  username="username" \
  password="password";

If you are running kafka-connect, modify property file using echo command

echo "sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \\
  username=\"${confluent_jass_config_username}\" \\
  password=\"${confluent_jass_config_password}\";" >> /opt/connector/config/connect-distributed.properties
  • This approach is also useful when you have password with special character like + or forward slash, as in this cases jaas.conf file approach was not working for me but this worked and solved all errors
  • Add same config property using producer or consumer prefix if its source or sink connectors

Upvotes: 0

Giorgos Myrianthous
Giorgos Myrianthous

Reputation: 39810

This error indicates that jaas configuration is not visible to your kafka producer. To solve this issue, you either need to include 

sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="(username)" password="(password)";

in your ssl.properties file, or export it in your path

export KAFKA_OPTS="-Djava.security.auth.login.config=path/to/jaas.conf"

Upvotes: 8

Related Questions