Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to send jaas config file to schema registry in docker compose through KAFKA_OPTS property? #3215

Open
varunkamra opened this issue Aug 9, 2024 · 2 comments
Open

How to send jaas config file to schema registry in docker compose through KAFKA_OPTS property? #3215

varunkamra opened this issue Aug 9, 2024 · 2 comments

Comments

@varunkamra
Copy link

varunkamra commented Aug 9, 2024
edited
Loading

I am using following docker compose file:

services:
  zookeeper:
    image: confluentinc/cp-zookeeper:7.7.0
    hostname: zookeeper
    container_name: zookeeper
    ports:
      - "2181:2181"
    environment:
      #JVMFLAGS: "-Djava.security.auth.login.config=/opt/kafka/config/zoo-jaas.conf"
      ZOOKEEPER_CLIENT_PORT: 2181
      ZOOKEEPER_TICK_TIME: 2000
      ZOO_PORT: 2181
      KAFKA_OPTS: "-Djava.security.auth.login.config=/opt/kafka/config/zoo-jaas.conf"
    volumes:
      - /opt/kafka/config/zoo-jaas.conf:/opt/kafka/config/zoo-jaas.conf

  broker:
    image: confluentinc/cp-kafka:7.7.0
    hostname: broker
    container_name: broker
    depends_on:
      - zookeeper
    ports:
      - "29092:29092"
      - "9092:9092"
      - "9101:9101"
    environment:
      KAFKA_BROKER_ID: 1
      KAFKA_ZOOKEEPER_CONNECT: 'zookeeper:2181'
      KAFKA_INTER_BROKER_LISTENER_NAME: INTERNAL
      KAFKA_LISTENERS: INTERNAL://:29092,EXTERNAL://:9092
      KAFKA_ADVERTISED_LISTENERS: INTERNAL://broker:29092,EXTERNAL://localhost:9092
      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: INTERNAL:SASL_PLAINTEXT,EXTERNAL:SASL_PLAINTEXT
      KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
      KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1
      KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1
      KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 0
      KAFKA_JMX_PORT: 9101
      KAFKA_JMX_HOSTNAME: localhost
      KAFKA_OPTS: '-Djava.security.auth.login.config=/opt/kafka/config/server-jaas.conf'
      KAFKA_SASL_ENABLED_MECHANISMS: PLAIN
      KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN

    volumes:
      - /opt/kafka/config/server-jaas.conf:/opt/kafka/config/server-jaas.conf
  schema-registry:
    image: confluentinc/cp-schema-registry:7.7.0
    hostname: schema-registry
    container_name: schema-registry
    depends_on:
      - broker
    ports:
      - "8081:8081"
    environment:
      SCHEMA_REGISTRY_HOST_NAME: schema-registry
      SCHEMA_REGISTRY_KAFKASTORE_BOOTSTRAP_SERVERS: 'broker:29092'
      SCHEMA_REGISTRY_LISTENERS: http://0.0.0.0:8081
      SCHEMA_REGISTRY_LOG4J_ROOT_LOGLEVEL: WARN
      SCHEMA_REGISTRY_KAFKASTORE_SECURITY_PROTOCOL: SASL_PLAINTEXT
      SCHEMA_REGISTRY_KAFKASTORE_SASL_MECHANISM: PLAIN
        #SCHEMA_REGISTRY_KAFKASTORE_SASL_JAAS_CONFIG: 'org.apache.kafka.common.security.plain.PlainLoginModule required username="test" password="test" user_admin="test";'  
      SCHEMA_REGISTRY_KAFKA_OPTS: '-Djava.security.auth.login.config=/opt/kafka/config/server-jaas.conf'
      SCHEMA_REGISTRY_LOG4J_LOGGERS: "org.apache.kafka=ERROR,io.confluent.rest.exceptions=FATAL"
    volumes:
      - /opt/kafka/config/server-jaas.conf:/opt/kafka/config/server-jaas.conf

  rest-proxy:
    image: confluentinc/cp-kafka-rest:7.7.0
    depends_on:
      - broker
      - schema-registry
    ports:
      - 8082:8082
    hostname: rest-proxy
    container_name: rest-proxy
    environment:
      KAFKA_REST_HOST_NAME: rest-proxy
      KAFKA_REST_BOOTSTRAP_SERVERS: 'broker:29092'
      KAFKA_REST_LISTENERS: "http://0.0.0.0:8082"
      KAFKA_REST_SCHEMA_REGISTRY_URL: 'http://schema-registry:8081'
      KAFKA_REST_CLIENT_SECURITY_PROTOCOL: SASL_PLAINTEXT
      KAFKA_OPTS: '-Djava.security.auth.login.config=/opt/kafka/config/server-jaas.conf'
      KAFKA_REST_CLIENT_SASL_MECHANISM: PLAIN
    volumes:
      - /opt/kafka/config/server-jaas.conf:/opt/kafka/config/server-jaas.conf

I am not able to set KAFKA_OPTS for schema registry container, I am required to use SCHEMA_REGISTRY_KAFKASTORE_SASL_JAAS_CONFIG instead which works but I want to provide a conf file instead.

Error:

schema-registry  | [2024-08-09 13:23:31,277] ERROR Error while running kafka-ready. (io.confluent.admin.utils.cli.KafkaReadyCommand)
schema-registry  | org.apache.kafka.common.KafkaException: Failed to create new KafkaAdminClient
schema-registry  | 	at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:541)
schema-registry  | 	at org.apache.kafka.clients.admin.Admin.create(Admin.java:147)
schema-registry  | 	at org.apache.kafka.clients.admin.AdminClient.create(AdminClient.java:49)
schema-registry  | 	at io.confluent.admin.utils.ClusterStatus.isKafkaReady(ClusterStatus.java:136)
schema-registry  | 	at io.confluent.admin.utils.cli.KafkaReadyCommand.main(KafkaReadyCommand.java:149)
schema-registry  | Caused by: org.apache.kafka.common.KafkaException: Failed to create new NetworkClient
schema-registry  | 	at org.apache.kafka.clients.ClientUtils.createNetworkClient(ClientUtils.java:252)
schema-registry  | 	at org.apache.kafka.clients.ClientUtils.createNetworkClient(ClientUtils.java:189)
schema-registry  | 	at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:525)
schema-registry  | 	... 4 more
schema-registry  | Caused by: java.lang.IllegalArgumentException: Could not find a 'KafkaClient' entry in the JAAS configuration. System property 'java.security.auth.login.config' is not set
schema-registry  | 	at org.apache.kafka.common.security.JaasContext.defaultContext(JaasContext.java:150)
schema-registry  | 	at org.apache.kafka.common.security.JaasContext.load(JaasContext.java:103)
schema-registry  | 	at org.apache.kafka.common.security.JaasContext.loadClientContext(JaasContext.java:87)
schema-registry  | 	at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:167)
schema-registry  | 	at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:81)
schema-registry  | 	at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:119)
schema-registry  | 	at org.apache.kafka.clients.ClientUtils.createNetworkClient(ClientUtils.java:223)
schema-registry  | 	... 6 more

I found on the confluent documentation that the env variables have to be prefixed with SCHEMA_REGISTRY_ so I have tried with both KAFKA_OPTS and SCHEMA_REGISTRY_KAFKA_OPTS but I keep getting the error.

OS: Ubuntu 24.04
@OneCricketeer
Copy link
Contributor

It's SCHEMA_REGISTRY_OPTS

Source - https://github.com/confluentinc/schema-registry/blob/master/bin/schema-registry-run-class#L88

@OneCricketeer
Copy link
Contributor

OneCricketeer commented Aug 22, 2024
edited
Loading

confluent documentation that the env variables have to be prefixed with SCHEMA_REGISTRY_

While correct for this case, that prefix only modifies the server properties file, not the JVM settings. JAVA_TOOL_OPTIONS should work as well since most JVMs support that

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@OneCricketeer @varunkamra