search

rollno748 / di-kafkameter

JMeter Plugin to load test Apache Kafka topics/brokers
35 stars 12 forks source link

FAILED TO LOAD SSL KEYSTORE OF TYPE JKS #27

Open vishalchds8928 opened 2 weeks ago

vishalchds8928 commented 2 weeks ago

I am trying to setup producer using below config

SCRAM-SHA-512, SASL_Ssl, truststore file and password, no keystore

I am getting “ FAILED TO LOAD SSL KEYSTORE OF TYPE JKS” “java.nio.file.accessdeniedexception” even though i am keeping keystore argument as blank.

could you please help how to resolve. I tried modifying properties file accordingly. But no luck.

I am using latest version of both plugin and jmeter

rollno748 commented 2 weeks ago

Hello

It is more of file permission issue Can you upload the jmeter.log file to verify that ?

Thanks

vishalchds8928 commented 2 weeks ago

here is the JmeterLog file 2024-08-29 15:40:52,642 INFO c.d.j.k.c.KafkaProducerConfig: Setting up Additional properties 2024-08-29 15:40:52,642 INFO c.d.j.k.c.KafkaProducerConfig: Kafka security type: SASL_SSL 2024-08-29 15:40:52,642 INFO c.d.j.k.c.KafkaProducerConfig: Setting up Kafka securityType.sasl_ssl properties 2024-08-29 15:40:52,661 INFO o.a.k.c.p.ProducerConfig: ProducerConfig values: acks = 1 batch.size = 16384 bootstrap.servers = [eheu2in1cpkaf01.innovate.lan:9093] buffer.memory = 33554432 client.dns.lookup = default client.id = JMeter-Producer-1 compression.type = none connections.max.idle.ms = 540000 delivery.timeout.ms = 120000 enable.idempotence = false interceptor.classes = [] key.serializer = class org.apache.kafka.common.serialization.StringSerializer linger.ms = 0 max.block.ms = 60000 max.in.flight.requests.per.connection = 5 max.request.size = 1048576 metadata.max.age.ms = 300000 metric.reporters = [] metrics.num.samples = 2 metrics.recording.level = INFO metrics.sample.window.ms = 30000 partitioner.class = class org.apache.kafka.clients.producer.internals.DefaultPartitioner receive.buffer.bytes = 32768 reconnect.backoff.max.ms = 1000 reconnect.backoff.ms = 50 request.timeout.ms = 30000 retries = 2147483647 retry.backoff.ms = 100 sasl.client.callback.handler.class = null sasl.jaas.config = [hidden] sasl.kerberos.kinit.cmd = /usr/bin/kinit sasl.kerberos.min.time.before.relogin = 60000 sasl.kerberos.service.name = null sasl.kerberos.ticket.renew.jitter = 0.05 sasl.kerberos.ticket.renew.window.factor = 0.8 sasl.login.callback.handler.class = null sasl.login.class = null sasl.login.refresh.buffer.seconds = 300 sasl.login.refresh.min.period.seconds = 60 sasl.login.refresh.window.factor = 0.8 sasl.login.refresh.window.jitter = 0.05 sasl.mechanism = SCRAM-SHA-512 security.protocol = SASL_SSL send.buffer.bytes = 131072 ssl.cipher.suites = null ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1] ssl.endpoint.identification.algorithm = https ssl.key.password = [hidden] ssl.keymanager.algorithm = SunX509 ssl.keystore.location = ssl.keystore.password = [hidden] ssl.keystore.type = JKS ssl.protocol = TLS ssl.provider = null ssl.secure.random.implementation = null ssl.trustmanager.algorithm = PKIX ssl.truststore.location = location to kafka_broker.truststore.jks ssl.truststore.password = [hidden] ssl.truststore.type = JKS transaction.timeout.ms = 60000 transactional.id = null value.serializer = class org.apache.kafka.common.serialization.StringSerializer

2024-08-29 15:40:52,695 INFO o.a.k.c.s.a.AbstractLogin: Successfully logged in. 2024-08-29 15:40:52,701 INFO o.a.k.c.p.KafkaProducer: [Producer clientId=JMeter-Producer-1] Closing the Kafka producer with timeoutMillis = 0 ms. 2024-08-29 15:40:52,703 ERROR c.d.j.k.c.KafkaProducerConfig: Error establishing Kafka producer client! org.apache.kafka.common.KafkaException: Failed to construct kafka producer at org.apache.kafka.clients.producer.KafkaProducer.(KafkaProducer.java:433) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.clients.producer.KafkaProducer.(KafkaProducer.java:313) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at com.di.jmeter.kafka.config.KafkaProducerConfig.testStarted(KafkaProducerConfig.java:76) [di-kafkameter-1.3%20(1).jar:?] at org.apache.jmeter.engine.StandardJMeterEngine.notifyTestListenersOfStart(StandardJMeterEngine.java:246) [ApacheJMeter_core.jar:5.6.2] at org.apache.jmeter.engine.StandardJMeterEngine.run(StandardJMeterEngine.java:424) [ApacheJMeter_core.jar:5.6.2] at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) [?:1.8.0_261] at java.util.concurrent.FutureTask.run(Unknown Source) [?:1.8.0_261] at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:1.8.0_261] at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:1.8.0_261] at java.lang.Thread.run(Unknown Source) [?:1.8.0_261] Caused by: org.apache.kafka.common.KafkaException: org.apache.kafka.common.KafkaException: org.apache.kafka.common.KafkaException: Failed to load SSL keystore of type JKS at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:160) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:146) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:67) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:99) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.clients.producer.KafkaProducer.newSender(KafkaProducer.java:441) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.clients.producer.KafkaProducer.(KafkaProducer.java:422) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] ... 9 more Caused by: org.apache.kafka.common.KafkaException: org.apache.kafka.common.KafkaException: Failed to load SSL keystore of type JKS at org.apache.kafka.common.security.ssl.SslEngineBuilder.createSSLContext(SslEngineBuilder.java:160) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.common.security.ssl.SslEngineBuilder.(SslEngineBuilder.java:102) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:93) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:156) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:146) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:67) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:99) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.clients.producer.KafkaProducer.newSender(KafkaProducer.java:441) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.clients.producer.KafkaProducer.(KafkaProducer.java:422) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] ... 9 more Caused by: org.apache.kafka.common.KafkaException: Failed to load SSL keystore of type JKS at org.apache.kafka.common.security.ssl.SslEngineBuilder$SecurityStore.load(SslEngineBuilder.java:289) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.common.security.ssl.SslEngineBuilder.createSSLContext(SslEngineBuilder.java:142) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.common.security.ssl.SslEngineBuilder.(SslEngineBuilder.java:102) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:93) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:156) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:146) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:67) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:99) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.clients.producer.KafkaProducer.newSender(KafkaProducer.java:441) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.clients.producer.KafkaProducer.(KafkaProducer.java:422) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] ... 9 more Caused by: java.nio.file.AccessDeniedException: at sun.nio.fs.WindowsException.translateToIOException(Unknown Source) ~[?:1.8.0_261] at sun.nio.fs.WindowsException.rethrowAsIOException(Unknown Source) ~[?:1.8.0_261] at sun.nio.fs.WindowsException.rethrowAsIOException(Unknown Source) ~[?:1.8.0_261] at sun.nio.fs.WindowsFileSystemProvider.newByteChannel(Unknown Source) ~[?:1.8.0_261] at java.nio.file.Files.newByteChannel(Unknown Source) ~[?:1.8.0_261] at java.nio.file.Files.newByteChannel(Unknown Source) ~[?:1.8.0_261] at java.nio.file.spi.FileSystemProvider.newInputStream(Unknown Source) ~[?:1.8.0_261] at java.nio.file.Files.newInputStream(Unknown Source) ~[?:1.8.0_261] at org.apache.kafka.common.security.ssl.SslEngineBuilder$SecurityStore.load(SslEngineBuilder.java:282) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.common.security.ssl.SslEngineBuilder.createSSLContext(SslEngineBuilder.java:142) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.common.security.ssl.SslEngineBuilder.(SslEngineBuilder.java:102) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:93) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:156) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:146) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:67) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:99) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.clients.producer.KafkaProducer.newSender(KafkaProducer.java:441) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] at org.apache.kafka.clients.producer.KafkaProducer.(KafkaProducer.java:422) ~[jmeter.backendlistener.kafka-1.0.0.jar:?] ... 9 more

vishalchds8928 commented 2 weeks ago

Looks like it is expected to feed keystore values in the Plugin. But I only have truststore file.

rollno748 commented 1 week ago

Your broker config uses Kafka security type: SASL_SSL when the security type is not PLAINTEXT, it will always expect a truststore and keystore with the password

The easy hack with the plugin is to set the security type as PLAINTEXT then in the additional configs area, add the following

security.protocol = SASL_SSL sasl.mechanism = SCRAM-SHA-512 ssl.truststore.location = ssl.truststore.password =

This will override the security type and adds the truststore alone

please let me know, if this works.

vishalchds8928 commented 1 week ago

HI, i am able to resolve my previous error by switching to plaintext and explicitly including in addn configs. But I am getting a different error now

Error while fetching metadata with correlation id 1 : {topicname=TOPIC_AUTHORIZATION_FAILED}

I have Crossed checked the name of the topic, but still not sure. I ma checking any other solution available online, Meanwhile let me know if you have come across such issue.

rollno748 commented 1 week ago

@vishalchds8928

I can't help you without the jmeter.log and screenshot of your config/sampler or error message in your view results tree.

Note: Please attach the logs as file

vishalchds8928 commented 1 week ago

Heres's the log file (Sorry unable to attach as file somerestriction)

2024-09-05 16:59:27,754 INFO o.a.j.e.StandardJMeterEngine: Running the test! 2024-09-05 16:59:27,757 INFO o.a.j.s.SampleEvent: List of sample_variables: [] 2024-09-05 16:59:27,758 INFO c.d.j.k.c.KafkaProducerConfig: Setting up Additional properties 2024-09-05 16:59:27,758 INFO o.a.k.c.p.ProducerConfig: ProducerConfig values: acks = 1 batch.size = 16384 bootstrap.servers = [localhost:9093] buffer.memory = 33554432 client.dns.lookup = default client.id = JMeter-Producer-1 compression.type = none connections.max.idle.ms = 540000 delivery.timeout.ms = 120000 enable.idempotence = false interceptor.classes = [] key.serializer = class org.apache.kafka.common.serialization.StringSerializer linger.ms = 0 max.block.ms = 60000 max.in.flight.requests.per.connection = 5 max.request.size = 1048576 metadata.max.age.ms = 300000 metric.reporters = [] metrics.num.samples = 2 metrics.recording.level = INFO metrics.sample.window.ms = 30000 partitioner.class = class org.apache.kafka.clients.producer.internals.DefaultPartitioner receive.buffer.bytes = 32768 reconnect.backoff.max.ms = 1000 reconnect.backoff.ms = 50 request.timeout.ms = 30000 retries = 2147483647 retry.backoff.ms = 100 sasl.client.callback.handler.class = null sasl.jaas.config = [hidden] sasl.kerberos.kinit.cmd = /usr/bin/kinit sasl.kerberos.min.time.before.relogin = 60000 sasl.kerberos.service.name = null sasl.kerberos.ticket.renew.jitter = 0.05 sasl.kerberos.ticket.renew.window.factor = 0.8 sasl.login.callback.handler.class = null sasl.login.class = null sasl.login.refresh.buffer.seconds = 300 sasl.login.refresh.min.period.seconds = 60 sasl.login.refresh.window.factor = 0.8 sasl.login.refresh.window.jitter = 0.05 sasl.mechanism = SCRAM-SHA-512 security.protocol = SASL_SSL send.buffer.bytes = 131072 ssl.cipher.suites = null ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1] ssl.endpoint.identification.algorithm = https ssl.key.password = null ssl.keymanager.algorithm = SunX509 ssl.keystore.location = null ssl.keystore.password = null ssl.keystore.type = JKS ssl.protocol = TLS ssl.provider = null ssl.secure.random.implementation = null ssl.trustmanager.algorithm = PKIX ssl.truststore.location = kafka_broker.truststore.jks ssl.truststore.password = [hidden] ssl.truststore.type = JKS transaction.timeout.ms = 60000 transactional.id = null value.serializer = class org.apache.kafka.common.serialization.StringSerializer

2024-09-05 16:59:27,760 INFO o.a.k.c.s.a.AbstractLogin: Successfully logged in. 2024-09-05 16:59:27,827 INFO o.a.k.c.u.AppInfoParser: Kafka version: 2.3.0 2024-09-05 16:59:27,827 INFO o.a.k.c.u.AppInfoParser: Kafka commitId: fc1aaa116b661c8a 2024-09-05 16:59:27,827 INFO o.a.k.c.u.AppInfoParser: Kafka startTimeMs: 1725535767827 2024-09-05 16:59:27,828 INFO c.d.j.k.c.KafkaProducerConfig: Kafka Producer client successfully Initialized 2024-09-05 16:59:27,828 INFO o.a.j.g.u.JMeterMenuBar: setRunning(true, local) 2024-09-05 16:59:28,047 INFO o.a.j.e.StandardJMeterEngine: Starting ThreadGroup: 1 : Thread Group 2024-09-05 16:59:28,047 INFO o.a.j.e.StandardJMeterEngine: Starting 1 threads for group Thread Group. 2024-09-05 16:59:28,047 INFO o.a.j.e.StandardJMeterEngine: Thread will continue on error 2024-09-05 16:59:28,047 INFO o.a.j.t.ThreadGroup: Starting thread group... number=1 threads=1 ramp-up=1 delayedStart=false 2024-09-05 16:59:28,048 INFO o.a.j.t.ThreadGroup: Started thread group number 1 2024-09-05 16:59:28,048 INFO o.a.j.e.StandardJMeterEngine: All thread groups have been started 2024-09-05 16:59:28,048 INFO o.a.j.t.JMeterThread: Thread started: Thread Group 1-1 2024-09-05 16:59:28,326 WARN o.a.k.c.NetworkClient: [Producer clientId=JMeter-Producer-1] Error while fetching metadata with correlation id 1 : {TopicName_int=TOPIC_AUTHORIZATION_FAILED} 2024-09-05 16:59:28,328 ERROR o.a.k.c.Metadata: [Producer clientId=JMeter-Producer-1] Topic authorization failed for topics [TopicName_int] 2024-09-05 16:59:28,329 INFO o.a.k.c.Metadata: [Producer clientId=JMeter-Producer-1] Cluster ID: ID1234 2024-09-05 16:59:28,329 INFO c.d.j.k.s.KafkaProducerSampler: Exception occurred while sending message to kafka 2024-09-05 16:59:28,329 INFO o.a.j.t.JMeterThread: Thread is done: Thread Group 1-1 2024-09-05 16:59:28,329 INFO o.a.j.t.JMeterThread: Thread finished: Thread Group 1-1 2024-09-05 16:59:28,329 INFO o.a.j.e.StandardJMeterEngine: Notifying test listeners of end of test 2024-09-05 16:59:28,329 INFO o.a.k.c.p.KafkaProducer: [Producer clientId=JMeter-Producer-1] Closing the Kafka producer with timeoutMillis = 9223372036854775807 ms. 2024-09-05 16:59:28,331 INFO c.d.j.k.c.KafkaProducerConfig: Kafka Producer client connection terminated 2024-09-05 16:59:28,331 INFO o.a.j.g.u.JMeterMenuBar: setRunning(false, local)

rollno748 commented 1 week ago

@vishalchds8928

It seems your certificate is not loaded properly.

A quick look tells me that you have a specified file name without the path.

ssl.truststore.location = kafka_broker.truststore.jks

It has to be a complete directory path with filename.

Also please attach screenshots of producer config and sampler

vishalchds8928 commented 1 week ago

File was in the bin folder so, did not specified full path. Anyways I have tried with full path also ,but same issue.

image

rollno748 commented 1 week ago

@vishalchds8928

It seems like you have ACL or subscription restrictions enabled with the topic or broker.

JMeter-Producer-1 doesn't have the necessary permissions to access the topic "TopicName_int".

You need to talk to the Dev team to have a recommended name for producer and if you have ip restrictions then you need to lift it for your loadgen machine

vishalchds8928 commented 1 week ago

ok, thanks for the suggestion. Will try connecting with dev. and let you know if any outcome.