Open laurafbec opened 2 years ago
The error is suggesting you didn't setup SSL for Zookeeper. And your environment variables for Zookeeper seem to confirm that
The examples have moved, by the way https://github.com/confluentinc/kafka-images/blob/master/examples/kafka-cluster-ssl/docker-compose.yml
Thanks @OneCricketeer !! I've actually solved it after posting the error. I had a mismatch between kafka listeners and the certs, and now I've TLSv1.3 enabled between kafka client and broker. I haven't found examples about enabling TLS for Zokeeper of Kafka connect. Do you know where can I find some of them? Thanks again!
haven't found examples about enabling TLS for Zookeeper or Kafka connect.
Is this page what you're looking for?
https://docs.confluent.io/platform/current/security/security_tutorial.html
Otherwise, Zookeeper has its own official documentation, and Connect is configured like any other broker client. Both utilize KAFKA_JAVA_OPTS
environment variables for setting JAAS or other JVM System properties
Connect doesn't depend on Zookeeper
Thanks again @OneCricketeer!! I actually was looking for docker-compose examples with SSL enabled between zookeeper and Kafka. On that page is described SASL for Zookeeper, but, I think that SSL is not. But thanks anyway!! I'll check everything.
Hi everyone, Based on the example https://github.com/confluentinc/cp-docker-images/tree/5.3.3-post/examples/kafka-cluster-ssl I've tried to develop a docker-compose file with zookeeper, a broker and the connect API with SSL enabled. The certificates have been generated by using the script included in the example and the content of the docker-compose file would be the next one:
`version: '3.6'
services: zookeeper: image: confluentinc/cp-zookeeper:7.0.1 hostname: zookeeper container_name: zookeeper ports:
"2181:2181" environment: ZOOKEEPER_CLIENT_PORT: 2181 ZOOKEEPER_TICK_TIME: 2000 ZOOKEEPER_INIT_LIMIT: 5 ZOOKEEPER_SYNC_LIMIT: 2
broker: image: confluentinc/cp-kafka:7.0.1 hostname: broker container_name: broker depends_on:
connect: image: confluentinc/cp-kafka-connect:7.0.1 hostname: connect container_name: connect depends_on:
"8083:8083" environment: CONNECT_BOOTSTRAP_SERVERS: 'broker:39093' CONNECT_REST_ADVERTISED_HOST_NAME: connect CONNECT_REST_PORT: 8083 CONNECT_GROUP_ID: compose-connect-group CONNECT_CONFIG_STORAGE_TOPIC: docker-connect-configs CONNECT_CONFIG_STORAGE_REPLICATION_FACTOR: 1 CONNECT_OFFSET_FLUSH_INTERVAL_MS: 10000 CONNECT_OFFSET_STORAGE_TOPIC: docker-connect-offsets CONNECT_OFFSET_STORAGE_REPLICATION_FACTOR: 1 CONNECT_STATUS_STORAGE_TOPIC: docker-connect-status CONNECT_STATUS_STORAGE_REPLICATION_FACTOR: 1 CONNECT_KEY_CONVERTER: org.apache.kafka.connect.json.JsonConverter CONNECT_VALUE_CONVERTER: org.apache.kafka.connect.json.JsonConverter CONNECT_INTERNAL_KEY_CONVERTER: "org.apache.kafka.connect.json.JsonConverter" CONNECT_INTERNAL_VALUE_CONVERTER: "org.apache.kafka.connect.json.JsonConverter" CONNECT_LOG4J_ROOT_LOGLEVEL: "INFO" CONNECT_LOG4J_LOGGERS: "org.apache.kafka.connect.runtime.rest=WARN,org.reflections=ERROR,com.mongodb.kafka=DEBUG" CONNECT_PLUGIN_PATH: /usr/share/confluent-hub-components CONNECT_ZOOKEEPER_CONNECT: 'zookeeper:2181' CLASSPATH: /usr/share/java/monitoring-interceptors/monitoring-interceptors-6.2.2.jar CONNECT_PRODUCER_INTERCEPTOR_CLASSES: "io.confluent.monitoring.clients.interceptor.MonitoringProducerInterceptor" CONNECT_CONSUMER_INTERCEPTOR_CLASSES: "io.confluent.monitoring.clients.interceptor.MonitoringConsumerInterceptor" CONNECT_SSL_KEYSTORE_FILENAME: kafka.connect.keystore.jks CONNECT_SSL_KEYSTORE_CREDENTIALS: connect_keystore_creds CONNECT_SSL_KEY_CREDENTIALS: connect_sslkey_creds CONNECT_SSL_TRUSTSTORE_FILENAME: kafka.connect.truststore.jks CONNECT_SSL_TRUSTSTORE_CREDENTIALS: connect_truststore_creds
volumes:
When running it I get the error from broker
[2022-01-10 11:08:03,163] INFO [SocketServer listenerType=ZK_BROKER, nodeId=1] Failed authentication with /172.19.0.4 (SSL handshake failed) (org.apache.kafka.common.network.Selector)
Can anyone help me? thanks in advance