Hi Jaikiran
My producer is getting *WARN Error while fetching metadata with correlation
id 1 : {Topic4006=TOPIC_AUTHORIZATION_FAILED}
(org.apache.kafka.clients.NetworkClient)* error.
To test it out my producer is the default Kafka console client which I am
trying to use like this: *bin/kafka-console-producer.sh --broker-list
Kafka1:9092 --topic Topic4006* and then I see the above mentioned error
when I type something to send a message.
Here is my server.properties file if that helps.
# ID and basic topic creation
broker.id=1
auto.create.topics.enable=true
delete.topic.enable=true
# LISTERN Settings
listeners=INTERNAL://1.1.1.165:9092,EXTERNAL://172.21.190.176:9093
advertised.listeners=INTERNAL://1.1.1.165:9092,EXTERNAL://17
2.21.190.176:9093
listener.security.protocol.map=INTERNAL:PLAINTEXT,EXTERNAL:SSL
inter.broker.listener.name=INTERNAL
host.name=172.21.190.176
# Security Settings
ssl.keystore.location=keystore.jks
ssl.keystore.password=password
ssl.key.password=password
ssl.truststore.location=truststore.jks
ssl.truststore.password=password
ssl.keystore.type=JKS
ssl.truststore.type=JKS
security.protocol=SSL
ssl.client.auth=required
allow.everyone.if.no.acl.found=false
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
super.users=User:CN=Kafka1
Thanks.
On Wed, Dec 20, 2017 at 8:16 PM, Jaikiran Pai <jai.forums2...@gmail.com>
wrote:
> When you say not able to write to a Kafka broker, do you mean your
> producer isn't able to produce a message? What does your producer configs
> look like? What exact exception, error or DEBUG logs do you see when you
> attempt this?
>
> We do use a similar setup, so I do know that such a configuration works
> fine.
>
> -Jaikiran
>
>
>
> On 21/12/17 1:49 AM, Darshan wrote:
>
>> Hi Jaikiran
>>
>> With that config, my internal kafka client can't write to the Kafka
>> broker.
>> What I am looking for is that internal client can write to Kafka topic
>> without having to have any truststore setup, while external kafka client
>> MUST have certificate, and truststore setup and can read only if ACLs are
>> programmed for that topic.
>>
>> Any idea if such a thing exists ?
>>
>> Thanks.
>>
>>
>> On Tue, Dec 19, 2017 at 10:10 PM, Jaikiran Pai <jai.forums2...@gmail.com>
>> wrote:
>>
>> What exact issue are you running into with thta configs?
>>>
>>> -Jaikiran
>>>
>>>
>>>
>>> On 20/12/17 7:24 AM, Darshan wrote:
>>>
>>> Anyone ?
>>>>
>>>> On Mon, Dec 18, 2017 at 7:25 AM, Darshan <purandare.dars...@gmail.com>
>>>> wrote:
>>>>
>>>> Hi
>>>>
>>>>> I am wondering if there is a way to run the SSL and PLAINTEXT mode
>>>>> together ? I am running Kafka 10.2.1. We want our internal clients to
>>>>> use
>>>>> the PLAINTEXT mode to write to certain topics, but any external clients
>>>>> should use SSL to read messages on those topics. We also want to
>>>>> enforce
>>>>> ACLs.
>>>>>
>>>>> To try this out, I modified my server.properties as follows, but
>>>>> without
>>>>> any luck. Can someone please let me know if it needs any change ?
>>>>>
>>>>> listeners=INTERNAL://10.10.10.64:9092,EXTERNAL://172.1.1.157:9093
>>>>> advertised.listeners=INTERNAL://10.10.10.64:9092,EXTERNAL://
>>>>> 172.1.1.157:9093
>>>>> listener.security.protocol.map=INTERNAL:PLAINTEXT,EXTERNAL:SSL
>>>>> inter.broker.listener.name=INTERNAL
>>>>>
>>>>> ssl.keystore.location=/opt/keystores/keystotr.jks
>>>>> ssl.keystore.password=ABCDEFGH
>>>>> ssl.key.password=ABCDEFGH
>>>>> ssl.truststore.location=/opt/keystores/truststore.jks
>>>>> ssl.truststore.password=ABCDEFGH
>>>>> ssl.keystore.type=JKS
>>>>> ssl.truststore.type=JKS
>>>>> security.protocol=SSL
>>>>> ssl.client.auth=required
>>>>> # allow.everyone.if.no.acl.found=false
>>>>> allow.everyone.if.no.acl.found=true
>>>>> authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
>>>>> super.users=User:CN=KafkaBroker01
>>>>>
>>>>> Thanks.
>>>>>
>>>>> --Darshan
>>>>>
>>>>>
>>>>>
>
