[druid-user] Druid and Kafka connectivity

Hi Team,

we are trying to connect kafka from druid

as part of that i have made changes to jvm config of druid services

kafka_client_jaas.conf

KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab=""----> key that has access to kafka topic
principal="";
};
Client {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=false
useKeyTab=true
storeKey=true
keyTab=""—> key that has access to kafka topic
principal="";
};

jvm.config

-server
-Xms2g
-Xmx3g
-XX:+ExitOnOutOfMemoryError
-Duser.timezone=UTC
-Dfile.encoding=UTF-8
-Djava.io.tmpdir=var/tmp
-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager
-Djava.security.auth.login.config=/opt/druid/apache-druid-0.20.1/conf/druid/cluster/_common/kafka_client_jaas.conf

after making the changes middlemanger services are not coming up from the logs i noticed the below

2022-05-24T10:20:39,681 ERROR [main-SendThread(****:2181)] org.apache.zookeeper.client.ZooKeeperSaslClient - An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]) occurred when evaluating Zookeeper Quorum Member’s received SASL token. Zookeeper Client will go to AUTH_FAILED state.
2022-05-24T10:20:39,681 ERROR [main-SendThread(
:2181)] org.apache.zookeeper.ClientCnxn - SASL authentication with Zookeeper Quorum member failed: javax.security.sasl.SaslException: An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]) occurred when evaluating Zookeeper Quorum Member’s received SASL token. Zookeeper Client will go to AUTH_FAILED state.
2022-05-24T10:20:39,681 ERROR [main-EventThread] org.apache.curator.ConnectionState - Authentication failed
2022-05-24T10:20:39,686 ERROR [main] org.apache.druid.cli.CliMiddleManager - Error when starting up. Failing.
java.lang.reflect.InvocationTargetException: null
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_302]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_302]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_302]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_302]
at org.apache.druid.java.util.common.lifecycle.Lifecycle$AnnotationBasedHandler.start(Lifecycle.java:446) ~[druid-core-0.20.1.jar:0.20.1]
at org.apache.druid.java.util.common.lifecycle.Lifecycle.start(Lifecycle.java:341) ~[druid-core-0.20.1.jar:0.20.1]
at org.apache.druid.guice.LifecycleModule$2.start(LifecycleModule.java:143) ~[druid-core-0.20.1.jar:0.20.1]
at org.apache.druid.cli.GuiceRunnable.initLifecycle(GuiceRunnable.java:115) [druid-services-0.20.1.jar:0.20.1]
at org.apache.druid.cli.ServerRunnable.run(ServerRunnable.java:63) [druid-services-0.20.1.jar:0.20.1]
at org.apache.druid.cli.Main.main(Main.java:113) [druid-services-0.20.1.jar:0.20.1]
Caused by: org.apache.zookeeper.KeeperException$AuthFailedException: KeeperErrorCode = AuthFailed for /druid

Not sure what i have missed , pls guide me

This is the link i followed for my reference.

Did you add -Djava.security.auth.login.config=/opt/druid/apache-druid-0.20.1/conf/druid/cluster/_common/kafka_client_jaas.conf to druid.indexer.runner.javaOpts in the Middle Manager runtime.properties? And druid.zk.service.host={host}.example.com to the common.runtime.properties? Those are the only two configs that I see in the doc that don’t appear to be present in your configs.

Hi Mark,

pls find the runtime properties of middle manager

druid.indexer.runner.javaOpts=-server -Xms2g -Xmx2g -XX:MaxDirectMemorySize=3g -Duser.timezone=UTC -Dfile.encoding=UTF-8 -XX:+ExitOnOutOfMemoryError -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager -Djava.security.auth.login.config=/opt/druid/apache-druid-0.20.1/conf/druid/cluster/_common/kafka_client_jaas.conf

and common properties file.

druid.zk.service.host=node1:2181,node2:2181,node3:2181

Maybe this would be helpful - https://docs.cloudera.com/HDPDocuments/HDF3/HDF-3.4.0/nifi-state-management/content/troubleshooting_kerberos.html