Closed eazhilan-nagarajan closed 4 years ago
scholzj
commented
4 years ago This looks like something is missing for the SCRAM auth. Are you sure you configured the secrets corectly? That the names are right and they contain the right password under the right key. Maybe you can check the configuration files in /tmp/ in the MirrorMaker2 container and share them - that might show what is wrong.
eazhilan-nagarajan
commented
4 years ago Unfortunately the POD has crashed and there is no running container to pull the configuration files.
To explain a little better, below is the snippet of target alias section from MirrorMaker config file:
- alias: "target-kafka-cluster"
authentication:
passwordSecret:
password: password
secretName: target-mirrormaker-password-secret
type: scram-sha-512
username: mirrormaker-user-1
bootstrapServers: my-cluster-1-kafka-bootstrap-prod-XYZ.com:443
tls:
trustedCertificates:
- certificate: ca.crt
secretName: target-my-cluster-1-cluster-ca-cert
config:
producer.max.request.size: 15728640
config.storage.replication.factor: 3
offset.storage.replication.factor: 3
status.storage.replication.factor: 3target-mirrormaker-password-secret was created using oc create secret generic target-mirrormaker-password-secret --from-file=<my-password.txt>.my-password.txt file had the password of the kafkaUser from the target clusterusername: mirrormaker-user-1 is not created in OpenShift. Should the KafkaUser be created in the source cluster? Or how this user and the secret with password can be linked?Thanks.
eazhilan-nagarajan
commented
4 years ago Hi @scholzj, I was able to sneak into the container and found the strimzi-mirrormaker properties file.
Found the below two line but definitely the password to connect the target cluster is missing.
source-kafka-cluster.sasl.password=kNxxxxxxxz
target-kafka-cluster.sasl.password=So, can you get the password secrets with oc get secret xxx -o yaml? To see the structure?
PS: For the debuging of failing container ... since you seem to be already using oc, oc debug is helpful in these cases ... it lests start a debu gversion of a crashlooping pod where you can try to run the commend, debug it, check the files etc.
eazhilan-nagarajan
commented
4 years ago You got the issue right @scholzj, Adding in some details thinking it might help somebody some day :smile:.
I tried to follow the document from Strimzi
echo -n '1f2d1e2e67df' > password.txt
oc create secret generic test-secret --from-file=password.txt
Upon extracting it as an yaml, found the structure as below:
apiVersion: v1
data:
password.txt: MWYyZDFlMmU2N2Rm
kind: Secret
metadata:
creationTimestamp: "2020-06-30T13:13:01Z"
name: gen-secret
namespace: aaa-bbb
type: OpaqueNote: Under data, the key is the name of the file itself "password.txt" which is not what I expected. So copied the above structure, replaced "password.txt ( filename )" to "password ( the expected key name )".
After this, the MirrorMaker was able to authenticate and it worked. My mistake it was a old document I followed :grin:
Thanks again for the quick help.
scholzj
commented
4 years ago Right. Ok. The docs says that ... but it then also says that the KAfkaConnect YAML should be:
passwordSecret:
secretName: _<my-secret>_
password: _<my-password.txt>_and not just password: password.
Anway, glad you solved it!
Hi,
I'm trying to mirror data between two Kafka cluster running in two different OpenShift clusters. I'm trying the "scram-sha-512" client authentication type but I get the below error in MirrorMaker logs.
To explain better how I did:
Source cluster:
MirrorMaker 2 config yaml:
Kafka Cluster config yaml: ( just a snippet of the config )
Error from logs:
Kindly help me with what am I doing wrong.
Thanks, Eazhilan