Uploaded image for project: 'OpenNMS Horizon'
  1. OpenNMS Horizon
  2. HZN-1387

Cannot use SASL Authentication for Kafka on Minions (might impact Sentinel)

    XMLWordPrintable

    Details

    • Sprint:
      Horizon - September 26 2018, Horizon - October 3rd 2018, Horizon - October 10th 2018

      Description

      Using latest RPMs from develop. I've started OpenNMS on AWS, and Minion on a VM on my machine.

      I'm using Kafka (version 2.0.0) for RPC and Sink. For versions older than 23 (like 22 or Meridian 2018, this might affect only the Sink pattern, as RPC with Kafka only exist on 23 or newer).

      I've enabled basic authentication on Kafka using SASL_PLAIN.

      On OpenNMS seems to work as I can see the topics created on Kafka, but on Minions, I'm seeing the following on karaf.log:

      2018-09-07T14:51:29,011 | ERROR | features-1-thread-1 | BlueprintContainerImpl | 16 - org.apache.aries.blueprint.core - 1.8.3 | Unable to start blueprint container for bundle org.opennms.core.ipc.sink.kafka.client/23.0.0.SNAPSHOT
      org.osgi.service.blueprint.container.ComponentDefinitionException: Unable to initialize bean kafkaRemoteMessageDispatcherFactory
      ...
      Caused by: org.apache.kafka.common.KafkaException: Failed to construct kafka producer
      ...
      Caused by: org.apache.kafka.common.KafkaException: javax.security.auth.login.LoginException: unable to find LoginModule class: org.apache.kafka.common.security.plain.PlainLoginModule
      

      On Minions, I have the same content for org.opennms.core.ipc.rpc.kafka.cfg and org.opennms.core.ipc.sink.kafka.cfg:

      bootstrap.servers=demo.aws.opennms.org:9092
      acks=1
      security.protocol=SASL_PLAINTEXT
      sasl.mechanism=PLAIN
      sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="kafka" password="0p3nNMS!";
      

      On OpenNMS, I have similar settings on /opt/opennms/etc/opennms.properties.d/kafka.properties:

      org.opennms.core.ipc.sink.initialSleepTime=60000
      org.opennms.core.ipc.sink.strategy=kafka
      org.opennms.core.ipc.sink.kafka.bootstrap.servers=kafka1:9092
      org.opennms.core.ipc.sink.kafka.group.id=OpenNMS
      org.opennms.core.ipc.sink.kafka.security.protocol=SASL_PLAINTEXT
      org.opennms.core.ipc.sink.kafka.sasl.mechanism=PLAIN
      org.opennms.core.ipc.sink.kafka.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="kafka" password="0p3nNMS!";
      org.opennms.core.ipc.rpc.strategy=kafka
      org.opennms.core.ipc.rpc.kafka.bootstrap.servers=kafka1:9092
      org.opennms.core.ipc.rpc.kafka.ttl=30000
      org.opennms.core.ipc.rpc.kafka.security.protocol=SASL_PLAINTEXT
      org.opennms.core.ipc.rpc.kafka.sasl.mechanism=PLAIN
      org.opennms.core.ipc.rpc.kafka.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="kafka" password="0p3nNMS!";
      

      On Kafka, I've added -Djava.security.auth.login.config=/opt/kafka/config/jaas.conf to the initialization environment variable, and jaas.conf contains:

      KafkaServer {
       org.apache.kafka.common.security.plain.PlainLoginModule required
       username="admin"
       password="admin_0p3nNMS!"
       user_admin="admin_0p3nNMS!"
       user_kafka="0p3nNMS!";
      };
      

      In terms of the kafka server.properties:

      listeners=SASL_PLAINTEXT://0.0.0.0:9092
      advertised.listeners=SASL_PLAINTEXT://X.X.X.X:9092
      security.inter.broker.protocol=SASL_PLAINTEXT
      sasl.mechanism.inter.broker.protocol=PLAIN
      sasl.enabled.mechanisms=PLAIN
      

      Everything is running on the same machine at AWS. `X.X.X.X` is the Public IP, so the Minion on my machine can reach OpenNMS and Kafka.

        Attachments

          Activity

            People

            • Assignee:
              cgorantla Chandra Gorantla
              Reporter:
              agalue Alejandro Galue
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: