search

bitnami / charts

Bitnami Helm Charts
https://bitnami.com
Other
8.93k stars 9.18k forks source link

[bitnami/kafka] SASL_PLAINTEXT and SCRAM-SHA-256 is not working #18793

Closed Jojoooo1 closed 1 year ago

Jojoooo1 commented 1 year ago

Name and Version

kafka/24.0.14

What architecture are you using?

None

What steps will reproduce the bug?

Create helm chart with the following value:

kraft:
  enabled: true
listeners:
  client: 
    protocol: SASL_PLAINTEXT
  controller: 
    protocol: SASL_PLAINTEXT
  interbroker: 
    protocol: SASL_PLAINTEXT
  external: 
    protocol: SASL_PLAINTEXT
sasl:
  interBrokerMechanism: SCRAM-SHA-256
  controllerMechanism: SCRAM-SHA-256
  interbroker:
    user: inter_broker_user
    password: password
  controller:
    user: controller_user
    password: password
  client:
    users:
      - admin
      - user
    passwords: 
      - password
      - password
controller:
  replicaCount: 3

Are you using any custom parameters or values?

No response

What is the expected behavior?

Inter broker communication should succeed.

What do you see instead?

[2023-08-22 20:55:30,262] ERROR [RaftManager id=2] Connection to node 1 (kafka-controller-1.kafka-controller-headless.kafka.svc.cluster.local/10.42.0.43:9093) failed authentication due to: Authentication failed during authentication due to invalid credentials with SASL mechanism SCRAM-SHA-256 (org.apache.kafka.clients.NetworkClient)

[2023-08-22 20:55:30,262] ERROR [kafka-2-raft-outbound-request-thread]: Failed to send the following request due to authentication error: ClientRequest(expectResponse=true, callback=kafka.raft.KafkaNetworkChannel$$Lambda$587/0x00007f21143d6000@12a2ee4e, destination=1, correlationId=294, clientId=raft-client-2, createdTimeMs=1692737729958, requestBuilder=VoteRequestData(clusterId='GTxB5josEfsini5mBw33Ww', topics=[TopicData(topicName='__cluster_metadata', partitions=[PartitionData(partitionIndex=0, candidateEpoch=314, candidateId=2, lastOffsetEpoch=192, lastOffset=1170)])])) (kafka.raft.RaftSendThread)

[2023-08-22 20:55:30,262] ERROR Request OutboundRequest(correlationId=294, data=VoteRequestData(clusterId='GTxB5josEfsini5mBw33Ww', topics=[TopicData(topicName='__cluster_metadata', partitions=[PartitionData(partitionIndex=0, candidateEpoch=314, candidateId=2, lastOffsetEpoch=192, lastOffset=1170)])]), createdTimeMs=1692737729958, destinationId=1) failed due to authentication error (kafka.raft.KafkaNetworkChannel)

org.apache.kafka.common.errors.SaslAuthenticationException: Authentication failed during authentication due to invalid credentials with SASL mechanism SCRAM-SHA-256

Additional information

No response

pchang388 commented 1 year ago

I am seeing this same issue, I took a look inside the configuration and it appears to be missing the password section in properties file and not properly placed in there. I tried switching to SASL_PLAINTEXT with PLAIN for sasl.*.mechanism as well. I ended up just going for PLAIN instead of SASL_PLAINTEXT which requires no auth at all for now just to get things moving

listener.name.client.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required user_test="test";
listener.name.internal.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="inter_broker_user" password="inter_broker_user" user_inter_broker_user="inter_broker_user" user_test="test"
github-actions[bot] commented 1 year ago

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

CeliaGMqrz commented 1 year ago

Hi @Jojoooo1, @pchang388

Thanks for reporting this issue.

Sorry for the delay. There have been recent changes. Could you please try with the latest image to see if the problem still exists?

Jojoooo1 commented 1 year ago

Hi @CeliaGMqrz I have upgraded the chart to 25.1.10 and I am still having the same error.

migruiz4 commented 1 year ago

Hi @Jojoooo1,

I'm sorry for the inconvenience, we are aware of this issue, but we suspect it may be an issue with upstream Kafka.

Currently, the controller SASL mechanism only works with PLAIN, not SCRAM-256/512. This issue only affects the controller listener, while Client and Inter-broker listeners work can continue using SCRAM.

I have shared more details about this issue here: https://github.com/bitnami/containers/issues/41415#issuecomment-1727256011

github-actions[bot] commented 1 year ago

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

github-actions[bot] commented 1 year ago

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.