Emiliano Tomaselli
Emiliano Tomaselli
@becketqin We are not using kerberos... we are just using SASL_SSL with the username and password in the JAAS.. but apparently as @efeg said is not supported.
@efeg I can take a look how complicate is to patch it.
@becketqin Thx, here my config file : ``` broker.metric.sample.store.topic=__KafkaCruiseControlModelTrainingSamples sample.store.class=com.linkedin.kafka.cruisecontrol.monitor.sampling.KafkaSampleStore ssl.key.password=xxxxxxxxx (password is present) min.samples.per.broker.metrics.window=1 num.partition.metrics.windows=1 ssl.keystore.password=xxxxxxxxx (password is present) sample.store.topic.replication.factor=2 ssl.keystore.location=/etc/kafka/secrets/jks/kafka.keystore.jks capacity.config.file=/etc/kafka-cruise-control/config/capacity.json webserver.ui.diskpath=/app/cruise-control-ui/dist/ zookeeper.connect=ZKIP:2181/devkafka partition.metrics.window.ms=300000 metric.sampler.partition.assignor.class=com.linkedin.kafka.cruisecontrol.monitor.sampling.DefaultMetricSamplerPartitionAssignor ssl.truststore.location=/etc/kafka/secrets/jks/kafka.truststore.jks ssl.client.auth=true partition.metric.sample.store.topic=__KafkaCruiseControlPartitionMetricSamples...
@becketqin The problem is just the KafkaAdminClient Configs, the ConsumerConf for example are created with the right values (jks.. password and jaas are present in the ConsumerConf but not in...
@becketqin Uhm.. with the tag 0.1.39 is working actually.. earlier I was using 2.0.36 Tag... what's the different ? Master branch should be at the 0.1.39 right ? I guess...
@efeg Ok as I thought. If you want I can contribute on this.
@poyyi What is your Cruise Control Metric Jar configuration?
I guess you are missing all the Cruise Control configs for Sasl SSL. Try with these also : ``` KAFKA_METRIC_REPORTERS: "com.linkedin.kafka.cruisecontrol.metricsreporter.CruiseControlMetricsReporter" KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SECURITY_PROTOCOL: "SASL_SSL" KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SASL_MECHANISM: "PLAIN" KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: "" KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SSL_CLIENT_AUTH: "true" KAFKA_CRUISE_CONTROL_METRICS_REPORTER_SSL_KEYSTORE_LOCATION:...
Sorry I didn't have time to test this, will be back asap.