I have a kakfa/zookeeper(embedded zookeeper) cluster with SASL/PLAIN + ACL enabled. It worked fine with version kafka_2.12-1.0.0. But recently, I need to upgrade to kafka_2.12-2.1.0. Unfortunately, the ACL function cannot work normally.
kafka-acls.sh command failed, for example: > # echo $KAFKA_OPTS > > KAFKA_OPTS=-Djava.security.auth.login.config=/work/sasl/kafka_server_jaas.conf > # # /kafka_2.12-2.1.0/bin/kafka-acls.sh --authorizer > kafka.security.auth.SimpleAclAuthorizer --authorizer-properties > zookeeper.connect=zookeeper.example.com:2181 --list --topic test-topic The error message from screen is: > Error while executing ACL command: KeeperErrorCode = InvalidACL for > /kafka-acl > org.apache.zookeeper.KeeperException$InvalidACLException: KeeperErrorCode > = InvalidACL for /kafka-acl > at org.apache.zookeeper.KeeperException.create(KeeperException.java:121) > at org.apache.zookeeper.KeeperException.create(KeeperException.java:51) > at kafka.zookeeper.AsyncResponse.maybeThrow(ZooKeeperClient.scala:494) > at kafka.zk.KafkaZkClient.createRecursive(KafkaZkClient.scala:1416) > at kafka.zk.KafkaZkClient.createAclPaths(KafkaZkClient.scala:931) > at > kafka.security.auth.SimpleAclAuthorizer.configure(SimpleAclAuthorizer.scala:96) > at kafka.admin.AclCommand$.withAuthorizer(AclCommand.scala:78) > at kafka.admin.AclCommand$.listAcl(AclCommand.scala:119) > at kafka.admin.AclCommand$.main(AclCommand.scala:56) > at kafka.admin.AclCommand.main(AclCommand.scala) > The zookeeper log is: > zookeeper.example.com | [2018-12-26 09:46:09,622] ERROR Missing > AuthenticationProvider for sasl > (org.apache.zookeeper.server.PrepRequestProcessor) > zookeeper.example.com | [2018-12-26 09:46:09,622] INFO Got user-level > KeeperException when processing sessionid:0x167e9e2c60c0003 type:create > cxid:0x3 zxid:0x10000008a txntype:-1 reqpath:n/a Error Path:/kafka-acl > Error:KeeperErrorCode = InvalidACL for /kafka-acl > (org.apache.zookeeper.server.PrepRequestProcessor) > zookeeper.example.com | [2018-12-26 09:46:09,704] INFO Processed > session termination for sessionid: 0x167e9e2c60c0003 > (org.apache.zookeeper.server.PrepRequestProcessor) > The kafka SASL configure file /work/sasl/kafka_server_jaas.conf content is: > # cat /work/sasl/kafka_server_jaas.conf > KafkaServer { > org.apache.kafka.common.security.plain.PlainLoginModule required > username="admin" > password="adminpwd" > user_admin="adminpwd" > user_alice="alicepwd"; > }; > > KafkaClient { > org.apache.kafka.common.security.plain.PlainLoginModule required > username="alice" > password="alicepwd"; > }; > > Client { > org.apache.kafka.common.security.plain.PlainLoginModule required > username="admin" > password="adminpwd"; > }; > And zookeeper SASL configure file zookeeper_jaas.conf content is: > # cat /work/sasl/zookeeper_jaas.conf > Server { > org.apache.kafka.common.security.plain.PlainLoginModule required > username="admin" > password="adminpwd" > user_admin="adminpwd"; > }; > Anybody can help this ? thanks. Hui