Created on 03-24-2017 05:23 PM
ISSUE: While trying to run ConsumeKafka process to consume messages from secure Kafka, it throws following error:
org.apache.kafka.common.KafkaException: Failed to construct kafka consumer at org.apache.kafka.clients.consumer.KafkaConsumer.(KafkaConsumer.java:702) ~[na:na] at org.apache.kafka.clients.consumer.KafkaConsumer.(KafkaConsumer.java:557) ~[na:na] at org.apache.kafka.clients.consumer.KafkaConsumer.(KafkaConsumer.java:540) ~[na:na] at org.apache.nifi.processors.kafka.pubsub.ConsumerPool.createKafkaConsumer(ConsumerPool.java:136) ~[na:na] at org.apache.nifi.processors.kafka.pubsub.ConsumerPool.obtainConsumer(ConsumerPool.java:106) ~[na:na] at org.apache.nifi.processors.kafka.pubsub.ConsumeKafka_0_10.onTrigger(ConsumeKafka_0_10.java:285) ~[na:na] at org.apache.nifi.processor.AbstractProcessor.onTrigger(AbstractProcessor.java:27) ~[nifi-api-1.1.0.2.1.1.0-2.jar:1.1.0.2.1.1.0-2] at org.apache.nifi.controller.StandardProcessorNode.onTrigger(StandardProcessorNode.java:1099) ~[nifi-framework-core-1.1.0.2.1.1.0-2.jar:1.1.0.2.1.1.0-2] at org.apache.nifi.controller.tasks.ContinuallyRunProcessorTask.call(ContinuallyRunProcessorTask.java:136) [nifi-framework-core-1.1.0.2.1.1.0-2.jar:1.1.0.2.1.1.0-2] at org.apache.nifi.controller.tasks.ContinuallyRunProcessorTask.call(ContinuallyRunProcessorTask.java:47) [nifi-framework-core-1.1.0.2.1.1.0-2.jar:1.1.0.2.1.1.0-2] at org.apache.nifi.controller.scheduling.TimerDrivenSchedulingAgent$1.run(TimerDrivenSchedulingAgent.java:132) [nifi-framework-core-1.1.0.2.1.1.0-2.jar:1.1.0.2.1.1.0-2] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [na:1.8.0_121] at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) [na:1.8.0_121] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) [na:1.8.0_121] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) [na:1.8.0_121] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_121] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_121] at java.lang.Thread.run(Thread.java:745) [na:1.8.0_121] Caused by: org.apache.kafka.common.KafkaException: org.apache.kafka.common.KafkaException: Jaas configuration not found at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:86) ~[na:na] at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:70) ~[na:na] at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:83) ~[na:na] at org.apache.kafka.clients.consumer.KafkaConsumer.(KafkaConsumer.java:623) ~[na:na] ... 17 common frames omitted Caused by: org.apache.kafka.common.KafkaException: Jaas configuration not found at org.apache.kafka.common.security.kerberos.KerberosLogin.getServiceName(KerberosLogin.java:299) ~[na:na] at org.apache.kafka.common.security.kerberos.KerberosLogin.configure(KerberosLogin.java:103) ~[na:na] at org.apache.kafka.common.security.authenticator.LoginManager.(LoginManager.java:45) ~[na:na] at org.apache.kafka.common.security.authenticator.LoginManager.acquireLoginManager(LoginManager.java:68) ~[na:na] at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:78) ~[na:na] ... 20 common frames omitted Caused by: java.io.IOException: Could not find a 'KafkaClient' entry in this configuration. at org.apache.kafka.common.security.JaasUtils.jaasConfig(JaasUtils.java:50) ~[na:na] at org.apache.kafka.common.security.kerberos.KerberosLogin.getServiceName(KerberosLogin.java:297) ~[na:na] ... 24 common frames omitted
The Security Protocol is set to SASL_PLAINTEXT and Kerberos Service Name as Kafka in ConsumeKafka properties.
ROOT CAUSE: The JAAS configuration is missing in conf/bootstrap.conf
RESOLUTION: When Kafka is secure and Security Protocol is set to SASL_PLAINTEXT in ConsumeKafka processor configuration, There are two factors that needs to be considered:
1. The Kerberos Service Name must be provided, for example, 'Kafka' 2. The JAAS configuration file must be set in conf/bootstrap.conf with something like the following (example):java.arg.15=-Djava.security.auth.login.config=/path/to/jass-client.config
Created on 01-23-2018 11:27 PM
We tried this. Still NO Luck
export SPARK_HOME="/usr/hdp/current/spark2-client"
export SPARK_MAJOR_VERSION=2
kinit sa_seed_ld@IHGINT.GLOBAL -kt /etc/seed_ld.keytab
java.arg.15=-Djava.security.auth.login.config=/home/seed_ld/sandbox/miryals/SimpleTest/kafka_client_jaas.conf /usr/hdp/current/spark2-client/bin/spark-submit \--class com.abc.sample.DirectStreamConsumer \
--conf "spark.driver.allowMultipleContexts=true" \sample-0.0.1-SNAPSHOT.jar <brokers> <args>
Created on 01-23-2018 11:27 PM
Resolution didn't work. I tried
export SPARK_HOME="/usr/hdp/current/spark2-client"
export SPARK_MAJOR_VERSION=2
kinit sa_seed_ld@IHGINT.GLOBAL -kt /etc/seed_ld.keytab
/usr/hdp/current/spark2-client/bin/spark-submit \
--verbose \
--master yarn \
--jars /usr/google/gcs/lib/gcs-connector-latest-hadoop2.jar \
--deploy-mode client \
--num-executors 10 \
--executor-memory 2G \
--executor-cores 2 \
--class com.abc.sample.DirectStreamConsumer \
--conf "spark.driver.allowMultipleContexts=true" \
--files "kafka_client_jaas.conf,/etc/seed_ld.keytab" \
--driver-java-options "-Djava.security.auth.login.config=kafka_client_jaas.conf" \
--conf "spark.executor.extraJavaOptions=-Djava.security.auth.login.config=kafka_client_jaas.conf" \
--conf "spark.executor.extraJavaOptions=-Dlog4j.configuration=log4j-spark.properties" \
--conf "spark.driver.extraJavaOptions=-Dlog4j.configuration=log4j-spark.properties" \
--driver-java-options "-Dsun.security.krb5.debug=true -Dsun.security.spnego.debug=true" \
sample-0.0.1-SNAPSHOT.jar
My jaas and above command are in same directory.