Comments (7)
I believe this change is the problem. We now always end up with a keystore file (albeit empty), even when we don't want one.
from kafdrop.
We are having the same issue using AWS MSK, and it works after revert this change.
AFAIK using AWS MSK does not require a TRUSTORE or KEYSTORE (only SSL as Protocol in kafka.properties) because the certificate is already trusted. Looks like having these files created (even empty) and security.protocol=SSL in kafka.properties end up in that error.
Caused by: org.apache.kafka.common.errors.InvalidConfigurationException: SSL key store is specified, but key store password is not specified.
from kafdrop.
@Bert-R - at least for me, the problem manifests itself when I'm trying to provide client properties and a truststore but no keystore. Here's the simplest recreate I can come up with:
helm install kafka oci://registry-1.docker.io/bitnamicharts/kafka --wait \
--set auth.clientProtocol=sasl_tls,tls.autoGenerated=true,tls.type=PEM,listeners.client.protocol=SASL_SSL
export KAFKA_PROPERTIES=$(echo "security.protocol=SASL_SSL\nsasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username=\"user1\" password=\"$(kubectl get secret kafka-user-passwords -o go-template='{{ index .data "client-passwords" | base64decode }}')\";\nsasl.mechanism=SCRAM-SHA-256\nssl.truststore.type=PEM" | base64)
export TRUSTSTORE="$(kubectl get secret kafka-tls -o go-template='{{ index .data "kafka-ca.crt" }}')"
helm upgrade --install kafdrop chart --set kafka.brokerConnect=kafka:9092 \
--set kafka.properties="${KAFKA_PROPERTIES}" --set kafka.truststore="${TRUSTSTORE}"
This fails with:
Caused by: org.apache.kafka.common.errors.InvalidConfigurationException: SSL key store is specified, but key store password is not specified.
but if I add --set image.tag=3.31.0
, it starts successfully.
from kafdrop.
The fix is available in release 4.0.1
from kafdrop.
@pablonaranjo @mperello-tech @davidcurrie Can one of you test with the snap shot build (4.0.1-SNAPSHOT)? If that works, we can quickly release an official 4.0.1
from kafdrop.
That's not the issue. It runs fine with this Docker Compose fragment:
kafdrop:
container_name: kafdrop
image: obsidiandynamics/kafdrop:4.0.0
restart: "no"
ports:
- "9000:9000"
environment:
KAFKA_BROKERCONNECT: "kafka:29092"
JVM_OPTS: "-Xms16M -Xmx48M -XX:-TieredCompilation -XX:+UseStringDeduplication -noverify"
depends_on:
- "kafka"
If I exec
into the container, I see empty files for all three:
-rw-r--r-- 1 root root 0 Oct 14 14:35 kafka.keystore.jks
-rw-r--r-- 1 root root 0 Oct 14 14:35 kafka.properties
-rw-r--r-- 1 root root 0 Oct 14 14:35 kafka.truststore.jks
Still it works nicely. This is the log:
::: ::: ::: :::::::::: ::::::::: ::::::::: :::::::: ::::::::: :::
:+: :+: :+: :+: :+: :+: :+: :+: :+: :+: :+: :+: :+: :+:
+:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+ +:+
+#++:++ +#++:++#++: :#::+::# +#+ +:+ +#++:++#: +#+ +:+ +#++:++#+ +#+ +:+
+#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+#+#+#+#+
#+# #+# #+# #+# #+# #+# #+# #+# #+# #+# #+# #+# #+#
### ### ### ### ### ######### ### ### ######## ### ###
OpenJDK 64-Bit Server VM warning: Options -Xverify:none and -noverify were deprecated in JDK 13 and will likely be removed in a future release.
2023-10-14 14:35:58.321 INFO ${sys:PID} [ main] k.Kafdrop$EnvironmentSetupListener : Initializing JAAS config
2023-10-14 14:35:58.325 INFO ${sys:PID} [ main] k.Kafdrop$EnvironmentSetupListener : Env: null
2023-10-14 14:35:58.388 INFO 1 [kground-preinit] o.h.v.i.u.Version : HV000001: Hibernate Validator 8.0.1.Final
2023-10-14 14:35:58.423 INFO 1 [ main] o.s.b.StartupInfoLogger : Starting Kafdrop v4.0.0 using Java 17.0.8.1 with PID 1 (/kafdrop-4.0.0/kafdrop-4.0.0.jar started by root in /)
2023-10-14 14:35:58.427 INFO 1 [ main] o.s.b.SpringApplication : No active profile set, falling back to 1 default profile: "default"
2023-10-14 14:36:00.376 INFO 1 [ main] i.u.s.s.ServletContextImpl : Initializing Spring embedded WebApplicationContext
2023-10-14 14:36:00.378 INFO 1 [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1906 ms
2023-10-14 14:36:00.599 INFO 1 [ main] k.c.KafkaConfiguration : Checking truststore file kafka.truststore.jks
2023-10-14 14:36:00.600 INFO 1 [ main] k.c.KafkaConfiguration : Assigning truststore location to kafka.truststore.jks
2023-10-14 14:36:00.600 INFO 1 [ main] k.c.KafkaConfiguration : Checking keystore file kafka.keystore.jks
2023-10-14 14:36:00.601 INFO 1 [ main] k.c.KafkaConfiguration : Assigning keystore location to kafka.keystore.jks
2023-10-14 14:36:00.601 INFO 1 [ main] k.c.KafkaConfiguration : Checking properties file kafka.properties
2023-10-14 14:36:00.601 INFO 1 [ main] k.c.KafkaConfiguration : Loading properties from kafka.properties
2023-10-14 14:36:00.650 WARN 1 [ main] o.a.k.c.c.AbstractConfig : These configurations '[ssl.truststore.location, ssl.keystore.location]' were supplied but are not used yet.
2023-10-14 14:36:00.656 INFO 1 [ main] k.c.KafkaConfiguration : Checking truststore file kafka.truststore.jks
2023-10-14 14:36:00.656 INFO 1 [ main] k.c.KafkaConfiguration : Assigning truststore location to kafka.truststore.jks
2023-10-14 14:36:00.657 INFO 1 [ main] k.c.KafkaConfiguration : Checking keystore file kafka.keystore.jks
2023-10-14 14:36:00.657 INFO 1 [ main] k.c.KafkaConfiguration : Assigning keystore location to kafka.keystore.jks
2023-10-14 14:36:00.657 INFO 1 [ main] k.c.KafkaConfiguration : Checking properties file kafka.properties
2023-10-14 14:36:00.657 INFO 1 [ main] k.c.KafkaConfiguration : Loading properties from kafka.properties
2023-10-14 14:36:00.666 WARN 1 [ main] o.a.k.c.c.AbstractConfig : These configurations '[ssl.truststore.location, ssl.keystore.location]' were supplied but are not used yet.
2023-10-14 14:36:00.674 INFO 1 [ main] k.s.BuildInfo : Kafdrop version: 4.0.0, build time: 2023-10-09T09:23:35.219Z
2023-10-14 14:36:01.534 INFO 1 [ main] o.s.b.a.e.w.EndpointLinksResolver : Exposing 13 endpoint(s) beneath base path '/actuator'
2023-10-14 14:36:01.601 INFO 1 [ main] i.u.Undertow : starting server: Undertow - 2.3.8.Final
2023-10-14 14:36:01.607 INFO 1 [ main] o.x.Xnio : XNIO version 3.8.8.Final
2023-10-14 14:36:01.610 INFO 1 [ main] o.x.n.NioXnio : XNIO NIO Implementation Version 3.8.8.Final
2023-10-14 14:36:01.620 INFO 1 [ main] o.j.t.Version : JBoss Threads version 3.5.0.Final
2023-10-14 14:36:01.637 INFO 1 [ main] o.s.b.w.e.u.UndertowWebServer : Undertow started on port(s) 9000 (http)
2023-10-14 14:36:01.657 INFO 1 [ main] o.s.b.StartupInfoLogger : Started Kafdrop in 3.526 seconds (process running for 4.295)
2023-10-14 14:36:04.905 INFO 1 [ XNIO-1 task-2] i.u.s.s.ServletContextImpl : Initializing Spring DispatcherServlet 'dispatcherServlet'
2023-10-14 14:36:04.906 INFO 1 [ XNIO-1 task-2] o.s.w.s.FrameworkServlet : Initializing Servlet 'dispatcherServlet'
2023-10-14 14:36:04.907 INFO 1 [ XNIO-1 task-2] o.s.w.s.FrameworkServlet : Completed initialization in 1 ms
from kafdrop.
@Bert-R - I can confirm that if I rerun the same test as above but with --set image.tag=4.0.1-SNAPSHOT
, then it starts successfully. Thanks!
from kafdrop.
Related Issues (20)
- in KRaft mode, WARN: Broker may not be available HOT 2
- Unable to disable vulnerable TLS protocols TLSv1, TLSv1.0 HOT 2
- Please help create new release & image HOT 3
- Arm64 container images HOT 1
- Kafdrop 4.0.0 Docker image doesn't start HOT 15
- Invalid value SASL_PLAINTEXT HOT 3
- StackOverflow exception HOT 3
- I can't connect Broker when i run by Docker on Mac M1 HOT 2
- Only one node in the cluster is available, but kafdrop shows all nodes are online HOT 2
- When running kafdrop in a separate container, I can't configure the kafka broker address. HOT 2
- IllegalFormatConversionException on Long Search Queries in Message Search HOT 2
- Is there any way to hide the messages from kafdrop as in PROD it is not suitable to show the messages of eventhub or kafka HOT 5
- I cannot view messages within the topics. (No messages found in partition 0 at offset 0)
- arm64 architecture HOT 4
- Does it support deployment with spring native ? HOT 3
- NPE HOT 3
- Consumer Group Id is not html escaped in the UI HOT 5
- Disable Log-Spamming in Docker Compose
- Query: Do we have any near term Plan for AWS IAM authentication to control access HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kafdrop.