Comments (7)
davidcurrie
commented on June 11, 2024
3
I believe this change is the problem. We now always end up with a keystore file (albeit empty), even when we don't want one.
from kafdrop.
pablonaranjo
commented on June 11, 2024
3
We are having the same issue using AWS MSK, and it works after revert this change.
AFAIK using AWS MSK does not require a TRUSTORE or KEYSTORE (only SSL as Protocol in kafka.properties) because the certificate is already trusted. Looks like having these files created (even empty) and security.protocol=SSL in kafka.properties end up in that error.
Caused by: org.apache.kafka.common.errors.InvalidConfigurationException: SSL key store is specified, but key store password is not specified.
from kafdrop.
davidcurrie
commented on June 11, 2024
2
@Bert-R - at least for me, the problem manifests itself when I'm trying to provide client properties and a truststore but no keystore. Here's the simplest recreate I can come up with:
helm install kafka oci://registry-1.docker.io/bitnamicharts/kafka --wait \
--set auth.clientProtocol=sasl_tls,tls.autoGenerated=true,tls.type=PEM,listeners.client.protocol=SASL_SSL
export KAFKA_PROPERTIES=$(echo "security.protocol=SASL_SSL\nsasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username=\"user1\" password=\"$(kubectl get secret kafka-user-passwords -o go-template='{{ index .data "client-passwords" | base64decode }}')\";\nsasl.mechanism=SCRAM-SHA-256\nssl.truststore.type=PEM" | base64)
export TRUSTSTORE="$(kubectl get secret kafka-tls -o go-template='{{ index .data "kafka-ca.crt" }}')"
helm upgrade --install kafdrop chart --set kafka.brokerConnect=kafka:9092 \
--set kafka.properties="${KAFKA_PROPERTIES}" --set kafka.truststore="${TRUSTSTORE}"
This fails with:
Caused by: org.apache.kafka.common.errors.InvalidConfigurationException: SSL key store is specified, but key store password is not specified.
but if I add --set image.tag=3.31.0, it starts successfully.
from kafdrop.
Bert-R
commented on June 11, 2024
2
The fix is available in release 4.0.1
from kafdrop.
Bert-R
commented on June 11, 2024
1
@pablonaranjo @mperello-tech @davidcurrie Can one of you test with the snap shot build (4.0.1-SNAPSHOT)? If that works, we can quickly release an official 4.0.1
from kafdrop.
Bert-R
commented on June 11, 2024
That's not the issue. It runs fine with this Docker Compose fragment:
kafdrop:
container_name: kafdrop
image: obsidiandynamics/kafdrop:4.0.0
restart: "no"
ports:
- "9000:9000"
environment:
KAFKA_BROKERCONNECT: "kafka:29092"
JVM_OPTS: "-Xms16M -Xmx48M -XX:-TieredCompilation -XX:+UseStringDeduplication -noverify"
depends_on:
- "kafka"
If I exec into the container, I see empty files for all three:
-rw-r--r-- 1 root root 0 Oct 14 14:35 kafka.keystore.jks
-rw-r--r-- 1 root root 0 Oct 14 14:35 kafka.properties
-rw-r--r-- 1 root root 0 Oct 14 14:35 kafka.truststore.jks
Still it works nicely. This is the log:
::: ::: ::: :::::::::: ::::::::: ::::::::: :::::::: ::::::::: :::
:+: :+: :+: :+: :+: :+: :+: :+: :+: :+: :+: :+: :+: :+:
+:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+
+#++:++ +#++:++#++: :#::+::# +#+ +:+ +#++:++#: +#+ +:+ +#++:++#+ +#+ +:+
+#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+#+#+#+#+
#+# #+# #+# #+# #+# #+# #+# #+# #+# #+# #+# #+# #+#
### ### ### ### ### ######### ### ### ######## ### ###
OpenJDK 64-Bit Server VM warning: Options -Xverify:none and -noverify were deprecated in JDK 13 and will likely be removed in a future release.
2023-10-14 14:35:58.321 INFO ${sys:PID} [ main] k.Kafdrop$EnvironmentSetupListener : Initializing JAAS config
2023-10-14 14:35:58.325 INFO ${sys:PID} [ main] k.Kafdrop$EnvironmentSetupListener : Env: null
2023-10-14 14:35:58.388 INFO 1 [kground-preinit] o.h.v.i.u.Version : HV000001: Hibernate Validator 8.0.1.Final
2023-10-14 14:35:58.423 INFO 1 [ main] o.s.b.StartupInfoLogger : Starting Kafdrop v4.0.0 using Java 17.0.8.1 with PID 1 (/kafdrop-4.0.0/kafdrop-4.0.0.jar started by root in /)
2023-10-14 14:35:58.427 INFO 1 [ main] o.s.b.SpringApplication : No active profile set, falling back to 1 default profile: "default"
2023-10-14 14:36:00.376 INFO 1 [ main] i.u.s.s.ServletContextImpl : Initializing Spring embedded WebApplicationContext
2023-10-14 14:36:00.378 INFO 1 [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1906 ms
2023-10-14 14:36:00.599 INFO 1 [ main] k.c.KafkaConfiguration : Checking truststore file kafka.truststore.jks
2023-10-14 14:36:00.600 INFO 1 [ main] k.c.KafkaConfiguration : Assigning truststore location to kafka.truststore.jks
2023-10-14 14:36:00.600 INFO 1 [ main] k.c.KafkaConfiguration : Checking keystore file kafka.keystore.jks
2023-10-14 14:36:00.601 INFO 1 [ main] k.c.KafkaConfiguration : Assigning keystore location to kafka.keystore.jks
2023-10-14 14:36:00.601 INFO 1 [ main] k.c.KafkaConfiguration : Checking properties file kafka.properties
2023-10-14 14:36:00.601 INFO 1 [ main] k.c.KafkaConfiguration : Loading properties from kafka.properties
2023-10-14 14:36:00.650 WARN 1 [ main] o.a.k.c.c.AbstractConfig : These configurations '[ssl.truststore.location, ssl.keystore.location]' were supplied but are not used yet.
2023-10-14 14:36:00.656 INFO 1 [ main] k.c.KafkaConfiguration : Checking truststore file kafka.truststore.jks
2023-10-14 14:36:00.656 INFO 1 [ main] k.c.KafkaConfiguration : Assigning truststore location to kafka.truststore.jks
2023-10-14 14:36:00.657 INFO 1 [ main] k.c.KafkaConfiguration : Checking keystore file kafka.keystore.jks
2023-10-14 14:36:00.657 INFO 1 [ main] k.c.KafkaConfiguration : Assigning keystore location to kafka.keystore.jks
2023-10-14 14:36:00.657 INFO 1 [ main] k.c.KafkaConfiguration : Checking properties file kafka.properties
2023-10-14 14:36:00.657 INFO 1 [ main] k.c.KafkaConfiguration : Loading properties from kafka.properties
2023-10-14 14:36:00.666 WARN 1 [ main] o.a.k.c.c.AbstractConfig : These configurations '[ssl.truststore.location, ssl.keystore.location]' were supplied but are not used yet.
2023-10-14 14:36:00.674 INFO 1 [ main] k.s.BuildInfo : Kafdrop version: 4.0.0, build time: 2023-10-09T09:23:35.219Z
2023-10-14 14:36:01.534 INFO 1 [ main] o.s.b.a.e.w.EndpointLinksResolver : Exposing 13 endpoint(s) beneath base path '/actuator'
2023-10-14 14:36:01.601 INFO 1 [ main] i.u.Undertow : starting server: Undertow - 2.3.8.Final
2023-10-14 14:36:01.607 INFO 1 [ main] o.x.Xnio : XNIO version 3.8.8.Final
2023-10-14 14:36:01.610 INFO 1 [ main] o.x.n.NioXnio : XNIO NIO Implementation Version 3.8.8.Final
2023-10-14 14:36:01.620 INFO 1 [ main] o.j.t.Version : JBoss Threads version 3.5.0.Final
2023-10-14 14:36:01.637 INFO 1 [ main] o.s.b.w.e.u.UndertowWebServer : Undertow started on port(s) 9000 (http)
2023-10-14 14:36:01.657 INFO 1 [ main] o.s.b.StartupInfoLogger : Started Kafdrop in 3.526 seconds (process running for 4.295)
2023-10-14 14:36:04.905 INFO 1 [ XNIO-1 task-2] i.u.s.s.ServletContextImpl : Initializing Spring DispatcherServlet 'dispatcherServlet'
2023-10-14 14:36:04.906 INFO 1 [ XNIO-1 task-2] o.s.w.s.FrameworkServlet : Initializing Servlet 'dispatcherServlet'
2023-10-14 14:36:04.907 INFO 1 [ XNIO-1 task-2] o.s.w.s.FrameworkServlet : Completed initialization in 1 ms
from kafdrop.
davidcurrie
commented on June 11, 2024
@Bert-R - I can confirm that if I rerun the same test as above but with --set image.tag=4.0.1-SNAPSHOT, then it starts successfully. Thanks!
from kafdrop.
Related Issues (20)
- in KRaft mode, WARN: Broker may not be available HOT 2
- Unable to disable vulnerable TLS protocols TLSv1, TLSv1.0 HOT 2
- Please help create new release & image HOT 3
- Arm64 container images HOT 1
- Kafdrop 4.0.0 Docker image doesn't start HOT 15
- Invalid value SASL_PLAINTEXT HOT 3
- StackOverflow exception HOT 3
- I can't connect Broker when i run by Docker on Mac M1 HOT 2
- Only one node in the cluster is available, but kafdrop shows all nodes are online HOT 2
- When running kafdrop in a separate container, I can't configure the kafka broker address. HOT 2
- IllegalFormatConversionException on Long Search Queries in Message Search HOT 2
- Is there any way to hide the messages from kafdrop as in PROD it is not suitable to show the messages of eventhub or kafka HOT 5
- I cannot view messages within the topics. (No messages found in partition 0 at offset 0)
- arm64 architecture HOT 4
- Does it support deployment with spring native ? HOT 3
- NPE HOT 3
- Consumer Group Id is not html escaped in the UI HOT 5
- Disable Log-Spamming in Docker Compose
- Query: Do we have any near term Plan for AWS IAM authentication to control access HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kafdrop.