leshkasmirnov
commented
5 years ago Hello! I have the same issue
Open Nervniyak opened 5 years ago
leshkasmirnov
commented
5 years ago Hello! I have the same issue
Nervniyak
commented
5 years ago Privet Alexey, I couldn't find a way to configure this, so I moved to official Apache Kafka broker that is using terminal. There it was easy (almost) to set up SASL. At least for debug purpose.
giamo
commented
2 years ago If anyone is stumbling upon this, I managed to start the image with a working SSL/SASL endpoint (SCRAM authentication) by:
/etc/kafka/secrets/ with my own SSL files (generated with this script https://github.com/confluentinc/confluent-platform-security-tools/blob/master/kafka-generate-ssl.sh) and broker jaas config fileKAFKA_LISTENERS=SASL_SSL://0.0.0.0:9094,PLAINTEXT://0.0.0.0:9092 # 9094 for SASL_SSL traffic inside docker, 9092 for plaintext debugging from host
KAFKA_ADVERTISED_LISTENERS=SASL_SSL://kafka-broker.local:9094,PLAINTEXT://localhost:9092
KAFKA_SSL_KEYSTORE_LOCATION=/etc/kafka/secrets/broker_keystore.jks
KAFKA_SSL_KEYSTORE_PASSWORD=<keystore-password>
KAFKA_SSL_KEY_PASSWORD=<key-password>
KAFKA_SSL_TRUSTSTORE_LOCATION=/etc/kafka/secrets/truststore.jks
KAFKA_SSL_TRUSTSTORE_PASSWORD=<truststore-password>
KAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM=""
KAFKA_SSL_CLIENT_AUTH=requested
KAFKA_LISTENER_NAME_INTERNAL_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM=""
KAFKA_SECURITY_INTER_BROKER_PROTOCOL=PLAINTEXT
KAFKA_SASL_ENABLED_MECHANISMS=SCRAM-SHA-512
KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL=SCRAM-SHA-512
KAFKA_OPTS=-Djava.security.auth.login.config=/etc/kafka/secrets/broker1_jaas.conf -Dzookeeper.sasl.client=falseIt's definitely a hack, but seems to be working
The way I run it:
docker run --rm -p 2181:2181 -p 3030:3030 -p 8081-8083:8081-8083 -p 9581-9585:9581-9585 -p 9092-9093:9092-9093 -e ADV_HOST=127.0.0.1 -e ENABLE_SSL=1 -e USER=username -e PASSWORD=password landoop/fast-data-dev:latestIs there a way to edit broker config to configure SSL and SASL?