Hi Jaikiran My producer is getting *WARN Error while fetching metadata with correlation id 1 : {Topic4006=TOPIC_AUTHORIZATION_FAILED} (org.apache.kafka.clients.NetworkClient)* error.
To test it out my producer is the default Kafka console client which I am trying to use like this: *bin/kafka-console-producer.sh --broker-list Kafka1:9092 --topic Topic4006* and then I see the above mentioned error when I type something to send a message. Here is my server.properties file if that helps. # ID and basic topic creation broker.id=1 auto.create.topics.enable=true delete.topic.enable=true # LISTERN Settings listeners=INTERNAL://1.1.1.165:9092,EXTERNAL://172.21.190.176:9093 advertised.listeners=INTERNAL://1.1.1.165:9092,EXTERNAL://17 2.21.190.176:9093 listener.security.protocol.map=INTERNAL:PLAINTEXT,EXTERNAL:SSL inter.broker.listener.name=INTERNAL host.name=172.21.190.176 # Security Settings ssl.keystore.location=keystore.jks ssl.keystore.password=password ssl.key.password=password ssl.truststore.location=truststore.jks ssl.truststore.password=password ssl.keystore.type=JKS ssl.truststore.type=JKS security.protocol=SSL ssl.client.auth=required allow.everyone.if.no.acl.found=false authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer super.users=User:CN=Kafka1 Thanks. On Wed, Dec 20, 2017 at 8:16 PM, Jaikiran Pai <jai.forums2...@gmail.com> wrote: > When you say not able to write to a Kafka broker, do you mean your > producer isn't able to produce a message? What does your producer configs > look like? What exact exception, error or DEBUG logs do you see when you > attempt this? > > We do use a similar setup, so I do know that such a configuration works > fine. > > -Jaikiran > > > > On 21/12/17 1:49 AM, Darshan wrote: > >> Hi Jaikiran >> >> With that config, my internal kafka client can't write to the Kafka >> broker. >> What I am looking for is that internal client can write to Kafka topic >> without having to have any truststore setup, while external kafka client >> MUST have certificate, and truststore setup and can read only if ACLs are >> programmed for that topic. >> >> Any idea if such a thing exists ? >> >> Thanks. >> >> >> On Tue, Dec 19, 2017 at 10:10 PM, Jaikiran Pai <jai.forums2...@gmail.com> >> wrote: >> >> What exact issue are you running into with thta configs? >>> >>> -Jaikiran >>> >>> >>> >>> On 20/12/17 7:24 AM, Darshan wrote: >>> >>> Anyone ? >>>> >>>> On Mon, Dec 18, 2017 at 7:25 AM, Darshan <purandare.dars...@gmail.com> >>>> wrote: >>>> >>>> Hi >>>> >>>>> I am wondering if there is a way to run the SSL and PLAINTEXT mode >>>>> together ? I am running Kafka 10.2.1. We want our internal clients to >>>>> use >>>>> the PLAINTEXT mode to write to certain topics, but any external clients >>>>> should use SSL to read messages on those topics. We also want to >>>>> enforce >>>>> ACLs. >>>>> >>>>> To try this out, I modified my server.properties as follows, but >>>>> without >>>>> any luck. Can someone please let me know if it needs any change ? >>>>> >>>>> listeners=INTERNAL://10.10.10.64:9092,EXTERNAL://172.1.1.157:9093 >>>>> advertised.listeners=INTERNAL://10.10.10.64:9092,EXTERNAL:// >>>>> 172.1.1.157:9093 >>>>> listener.security.protocol.map=INTERNAL:PLAINTEXT,EXTERNAL:SSL >>>>> inter.broker.listener.name=INTERNAL >>>>> >>>>> ssl.keystore.location=/opt/keystores/keystotr.jks >>>>> ssl.keystore.password=ABCDEFGH >>>>> ssl.key.password=ABCDEFGH >>>>> ssl.truststore.location=/opt/keystores/truststore.jks >>>>> ssl.truststore.password=ABCDEFGH >>>>> ssl.keystore.type=JKS >>>>> ssl.truststore.type=JKS >>>>> security.protocol=SSL >>>>> ssl.client.auth=required >>>>> # allow.everyone.if.no.acl.found=false >>>>> allow.everyone.if.no.acl.found=true >>>>> authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer >>>>> super.users=User:CN=KafkaBroker01 >>>>> >>>>> Thanks. >>>>> >>>>> --Darshan >>>>> >>>>> >>>>> >