Community Articles

Find and share helpful community-sourced technical articles.
Labels (2)
avatar
Expert Contributor

ISSUE: While trying to run ConsumeKafka process to consume messages from secure Kafka, it throws following error:

org.apache.kafka.common.KafkaException: Failed to construct kafka consumer 
at org.apache.kafka.clients.consumer.KafkaConsumer.(KafkaConsumer.java:702) ~[na:na] 
at org.apache.kafka.clients.consumer.KafkaConsumer.(KafkaConsumer.java:557) ~[na:na] 
at org.apache.kafka.clients.consumer.KafkaConsumer.(KafkaConsumer.java:540) ~[na:na] 
at org.apache.nifi.processors.kafka.pubsub.ConsumerPool.createKafkaConsumer(ConsumerPool.java:136) ~[na:na] 
at org.apache.nifi.processors.kafka.pubsub.ConsumerPool.obtainConsumer(ConsumerPool.java:106) ~[na:na] 
at org.apache.nifi.processors.kafka.pubsub.ConsumeKafka_0_10.onTrigger(ConsumeKafka_0_10.java:285) ~[na:na] 
at org.apache.nifi.processor.AbstractProcessor.onTrigger(AbstractProcessor.java:27) ~[nifi-api-1.1.0.2.1.1.0-2.jar:1.1.0.2.1.1.0-2] 
at org.apache.nifi.controller.StandardProcessorNode.onTrigger(StandardProcessorNode.java:1099) ~[nifi-framework-core-1.1.0.2.1.1.0-2.jar:1.1.0.2.1.1.0-2] 
at org.apache.nifi.controller.tasks.ContinuallyRunProcessorTask.call(ContinuallyRunProcessorTask.java:136) [nifi-framework-core-1.1.0.2.1.1.0-2.jar:1.1.0.2.1.1.0-2] 
at org.apache.nifi.controller.tasks.ContinuallyRunProcessorTask.call(ContinuallyRunProcessorTask.java:47) [nifi-framework-core-1.1.0.2.1.1.0-2.jar:1.1.0.2.1.1.0-2] 
at org.apache.nifi.controller.scheduling.TimerDrivenSchedulingAgent$1.run(TimerDrivenSchedulingAgent.java:132) [nifi-framework-core-1.1.0.2.1.1.0-2.jar:1.1.0.2.1.1.0-2] 
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [na:1.8.0_121] 
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) [na:1.8.0_121] 
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) [na:1.8.0_121] 
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) [na:1.8.0_121] 
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_121] 
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_121] 
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_121] 
Caused by: org.apache.kafka.common.KafkaException: org.apache.kafka.common.KafkaException: Jaas configuration not found 
at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:86) ~[na:na] 
at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:70) ~[na:na] 
at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:83) ~[na:na] 
at org.apache.kafka.clients.consumer.KafkaConsumer.(KafkaConsumer.java:623) ~[na:na] 
... 17 common frames omitted 
Caused by: org.apache.kafka.common.KafkaException: Jaas configuration not found 
at org.apache.kafka.common.security.kerberos.KerberosLogin.getServiceName(KerberosLogin.java:299) ~[na:na] 
at org.apache.kafka.common.security.kerberos.KerberosLogin.configure(KerberosLogin.java:103) ~[na:na] 
at org.apache.kafka.common.security.authenticator.LoginManager.(LoginManager.java:45) ~[na:na] 
at org.apache.kafka.common.security.authenticator.LoginManager.acquireLoginManager(LoginManager.java:68) ~[na:na] 
at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:78) ~[na:na] 
... 20 common frames omitted 
Caused by: java.io.IOException: Could not find a 'KafkaClient' entry in this configuration. 
at org.apache.kafka.common.security.JaasUtils.jaasConfig(JaasUtils.java:50) ~[na:na] 
at org.apache.kafka.common.security.kerberos.KerberosLogin.getServiceName(KerberosLogin.java:297) ~[na:na] 
... 24 common frames omitted

The Security Protocol is set to SASL_PLAINTEXT and Kerberos Service Name as Kafka in ConsumeKafka properties.

ROOT CAUSE: The JAAS configuration is missing in conf/bootstrap.conf

RESOLUTION: When Kafka is secure and Security Protocol is set to SASL_PLAINTEXT in ConsumeKafka processor configuration, There are two factors that needs to be considered:

1. The Kerberos Service Name must be provided, for example, 'Kafka' 2. The JAAS configuration file must be set in conf/bootstrap.conf with something like the following (example):
java.arg.15=-Djava.security.auth.login.config=/path/to/jass-client.config
16,729 Views
0 Kudos
Comments

We tried this. Still NO Luck

export SPARK_HOME="/usr/hdp/current/spark2-client"
export SPARK_MAJOR_VERSION=2

kinit sa_seed_ld@IHGINT.GLOBAL -kt /etc/seed_ld.keytab

java.arg.15=-Djava.security.auth.login.config=/home/seed_ld/sandbox/miryals/SimpleTest/kafka_client_jaas.conf /usr/hdp/current/spark2-client/bin/spark-submit \
--verbose \
--master yarn \
--jars /usr/google/gcs/lib/gcs-connector-latest-hadoop2.jar \
--deploy-mode client \
--num-executors 10 \
--executor-memory 2G \
--executor-cores 2 \

--class com.abc.sample.DirectStreamConsumer \

--conf "spark.driver.allowMultipleContexts=true" \
--files "kafka_client_jaas.conf,/etc/seed_ld.keytab" \
--driver-java-options "-Djava.security.auth.login.config=kafka_client_jaas.conf" \
--conf "spark.executor.extraJavaOptions=-Djava.security.auth.login.config=kafka_client_jaas.conf" \
--conf "spark.executor.extraJavaOptions=-Dlog4j.configuration=log4j-spark.properties" \
--conf "spark.driver.extraJavaOptions=-Dlog4j.configuration=log4j-spark.properties" \
--driver-java-options "-Dsun.security.krb5.debug=true -Dsun.security.spnego.debug=true" \

sample-0.0.1-SNAPSHOT.jar <brokers> <args>

Resolution didn't work. I tried

export SPARK_HOME="/usr/hdp/current/spark2-client"
export SPARK_MAJOR_VERSION=2

kinit sa_seed_ld@IHGINT.GLOBAL -kt /etc/seed_ld.keytab

/usr/hdp/current/spark2-client/bin/spark-submit \
--verbose \
--master yarn \
--jars /usr/google/gcs/lib/gcs-connector-latest-hadoop2.jar \
--deploy-mode client \
--num-executors 10 \
--executor-memory 2G \
--executor-cores 2 \
--class com.abc.sample.DirectStreamConsumer \
--conf "spark.driver.allowMultipleContexts=true" \
--files "kafka_client_jaas.conf,/etc/seed_ld.keytab" \
--driver-java-options "-Djava.security.auth.login.config=kafka_client_jaas.conf" \
--conf "spark.executor.extraJavaOptions=-Djava.security.auth.login.config=kafka_client_jaas.conf" \
--conf "spark.executor.extraJavaOptions=-Dlog4j.configuration=log4j-spark.properties" \
--conf "spark.driver.extraJavaOptions=-Dlog4j.configuration=log4j-spark.properties" \
--driver-java-options "-Dsun.security.krb5.debug=true -Dsun.security.spnego.debug=true" \
sample-0.0.1-SNAPSHOT.jar

My jaas and above command are in same directory.