[jira] [Commented] (KAFKA-5458) SASL handshake fails for METADATA requests

Sagar Lad (JIRA) Fri, 16 Jun 2017 02:31:22 -0700

    [ 
https://issues.apache.org/jira/browse/KAFKA-5458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16051669#comment-16051669
 ]


Sagar Lad commented on KAFKA-5458:
----------------------------------

[~ecomar], i have provided conf file to kafka producer while initiation 
[^kafka_client_jaas.conf]

>From logs it seems that SASL Authentication happens for HANDSHAKE_REQUEST  
>types but fails for METADATA Type

{code:java}
[2017-06-16 14:52:15,546] DEBUG Got ping response for sessionid: 
0x15cac4153cb0000 after 0ms (org.apache.zookeeper.ClientCnxn)
[2017-06-16 14:52:17,531] DEBUG Set SASL server state to HANDSHAKE_REQUEST 
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
[2017-06-16 14:52:17,531] DEBUG Handle Kafka request SASL_HANDSHAKE 
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
[2017-06-16 14:52:17,531] DEBUG Using SASL mechanism 'PLAIN' provided by client 
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
[2017-06-16 14:52:17,531] DEBUG Set SASL server state to AUTHENTICATE 
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
[2017-06-16 14:52:17,542] DEBUG Set SASL server state to COMPLETE 
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
[2017-06-16 14:52:17,549] DEBUG Got ping response for sessionid: 
0x15cac4153cb0000 after 0ms (org.apache.zookeeper.ClientCnxn)
[2017-06-16 14:52:17,651] DEBUG Set SASL server state to HANDSHAKE_REQUEST 
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
[2017-06-16 14:52:17,651] DEBUG Handle Kafka request SASL_HANDSHAKE 
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
[2017-06-16 14:52:17,651] DEBUG Using SASL mechanism 'PLAIN' provided by client 
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
[2017-06-16 14:52:17,651] DEBUG Set SASL server state to AUTHENTICATE 
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
[2017-06-16 14:52:17,654] DEBUG Set SASL server state to COMPLETE 
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
[2017-06-16 14:52:17,655] INFO [GroupCoordinator 0]: Preparing to restabilize 
group tfa-data-collection with old generation 26 
(kafka.coordinator.GroupCoordinator)
[2017-06-16 14:52:17,672] DEBUG Set SASL server state to HANDSHAKE_REQUEST 
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
[2017-06-16 14:52:17,673] DEBUG Handle Kafka request SASL_HANDSHAKE 
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
[2017-06-16 14:52:17,673] DEBUG Using SASL mechanism 'PLAIN' provided by client 
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
[2017-06-16 14:52:17,673] DEBUG Set SASL server state to AUTHENTICATE 
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
[2017-06-16 14:52:17,674] DEBUG Set SASL server state to COMPLETE 
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
[2017-06-16 14:52:18,051] DEBUG Set SASL server state to HANDSHAKE_REQUEST 
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
[2017-06-16 14:52:18,051] DEBUG Handle Kafka request SASL_HANDSHAKE 
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
[2017-06-16 14:52:18,051] DEBUG Using SASL mechanism 'PLAIN' provided by client 
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
[2017-06-16 14:52:18,051] DEBUG Set SASL server state to AUTHENTICATE 
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
[2017-06-16 14:52:18,053] DEBUG Set SASL server state to COMPLETE 
(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
{code}

also i can see corresponding topics populated with these producers 
i noticed this only happens only in case my producer is idle for 5 min (i.e. no 
topic data is produced)


> SASL handshake fails for METADATA requests
> ------------------------------------------
>
>                 Key: KAFKA-5458
>                 URL: https://issues.apache.org/jira/browse/KAFKA-5458
>             Project: Kafka
>          Issue Type: Bug
>          Components: KafkaConnect
>    Affects Versions: 0.10.1.1
>            Reporter: Sagar Lad
>         Attachments: kafka_client_jaas.conf, kafka_server_jaas.conf, 
> producer.properties, server.properties
>
>
> i have enabled SASL Authentication for my kafka with 
> {code:java}
> listeners=SASL_PLAINTEXT://0.0.0.0:9092
> advertised.listeners=SASL_PLAINTEXT://0.0.0.0:9092
> sasl.enabled.mechanisms=PLAIN
> security.protocol=SASL_PLAINTEXT
> security.inter.broker.protocol=SASL_PLAINTEXT
> sasl.mechanism=PLAIN
> sasl.mechanism.inter.broker.protocol=PLAIN
> {code}
> but in kafkaServer.out getting
> {code:java}
> [2017-06-16 11:21:12,167] DEBUG Set SASL server state to HANDSHAKE_REQUEST 
> (org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
> [2017-06-16 11:21:12,167] DEBUG Handle Kafka request METADATA 
> (org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
> [2017-06-16 11:21:12,167] DEBUG Set SASL server state to FAILED 
> (org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)
> [2017-06-16 11:21:12,167] DEBUG Connection with /127.0.0.1 disconnected 
> (org.apache.kafka.common.network.Selector)
> java.io.IOException: 
> org.apache.kafka.common.errors.IllegalSaslStateException: Unexpected Kafka 
> request of type METADATA during SASL handshake.
>         at 
> org.apache.kafka.common.security.authenticator.SaslServerAuthenticator.authenticate(SaslServerAuthenticator.java:243)
>         at 
> org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:64)
>         at 
> org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:338)
>         at org.apache.kafka.common.network.Selector.poll(Selector.java:291)
>         at kafka.network.Processor.poll(SocketServer.scala:476)
>         at kafka.network.Processor.run(SocketServer.scala:416)
>         at java.lang.Thread.run(Thread.java:745)
> {code}
> where as in client log i observed 
> {code:java}
> #### 2017-06-16 11:33:33,501 WARN  [kafka-producer-network-thread | 
> producer-7] NetworkClient.maybeHandleDisconnection (NetworkClient.java:568)   
>   - Bootstrap broker 127.0.0.1:9092 disconnected
> #### 2017-06-16 11:33:33,607 WARN  [kafka-producer-network-thread | 
> producer-7] NetworkClient.maybeHandleDisconnection (NetworkClient.java:568)   
>   - Bootstrap broker 127.0.0.1:9092 disconnected
> #### 2017-06-16 11:33:33,721 WARN  [kafka-producer-network-thread | 
> producer-7] NetworkClient.maybeHandleDisconnection (NetworkClient.java:568)   
>   - Bootstrap broker 127.0.0.1:9092 disconnected
> #### 2017-06-16 11:33:33,834 WARN  [kafka-producer-network-thread | 
> producer-7] NetworkClient.maybeHandleDisconnection (NetworkClient.java:568)   
>   - Bootstrap broker 127.0.0.1:9092 disconnected
> #### 2017-06-16 11:33:33,952 WARN  [kafka-producer-network-thread | 
> producer-7] NetworkClient.maybeHandleDisconnection (NetworkClient.java:568)   
>   - Bootstrap broker 127.0.0.1:9092 disconnected
> #### 2017-06-16 11:33:34,059 WARN  [kafka-producer-network-thread | 
> producer-7] NetworkClient.maybeHandleDisconnection (NetworkClient.java:568)   
>   - Bootstrap broker 127.0.0.1:9092 disconnected
> #### 2017-06-16 11:33:34,162 WARN  [kafka-producer-network-thread | 
> producer-7] NetworkClient.maybeHandleDisconnection (NetworkClient.java:568)   
>   - Bootstrap broker 127.0.0.1:9092 disconnected
> ###
> {code}
> metadata request are being every 100ms
> *Problem* : 
> how can we make SASL handshake to support METADATA type requests



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (KAFKA-5458) SASL handshake fails for METADATA requests

Reply via email to