Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wip: redpanda serverless demo #7927

Draft
wants to merge 1 commit into
base: develop
Choose a base branch
from
Draft

wip: redpanda serverless demo #7927

wants to merge 1 commit into from

Conversation

glenngillen
Copy link
Member

No description provided.

glenngillen
glenngillen commented Apr 18, 2024
View reviewed changes
examples/command/portals/kafka/redpanda/serverless/run.sh
Comment on lines +34 to +53
cat >application_team/volumes/config/kafka.config <<EOF
request.timeout.ms=30000
sasl.mechanism=SCRAM-SHA-256
security.protocol=SASL_SSL
sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required \
username="$username" \
password="$password";

producer.sasl.mechanism=SCRAM-SHA-256
producer.security.protocol=SASL_SSL
producer.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required \
username="$username" \
password="$password";

consumer.sasl.mechanism=SCRAM-SHA-256
consumer.security.protocol=SASL_SSL
consumer.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required \
username="$username" \
password="$password";
EOF
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the most useful difference between this and the docker version, for now.

If you sign up for a Redpanda account you can start a free serverless cluster. You'll also need to create a user, (I think) add an ACL that grants everything, and then in the API settings section you'll see that they support SASL_SSL and SCRAM-SHA-256/512 as the protocol and mechanism. These settings need to be passed into the kafka CLI tools and AIUI this is how you do that.

@glenngillen
Copy link
Member Author

So the problem I currently have is I can't get the Redpanda Serverless cluster working. I've gone all the way back and tried to manually change the steps from our previous managed kafka guide. Unfortunately trying to start the consumer throws up the following error:

$ export JAVA_HOME=/opt/homebrew/opt/openjdk
kafka-console-consumer --topic demo \
  --bootstrap-server localhost:4000 \
  --consumer.config ./kafka.config

[2024-04-18 14:00:12,988] WARN [Consumer clientId=console-consumer, groupId=console-consumer-98168] Connection to node -1 (localhost/127.0.0.1:4000) terminated during authentication. This may happen due to any of the following reasons: (1) Authentication failed due to invalid credentials with brokers older than 1.0.0, (2) Firewall blocking Kafka TLS traffic (eg it may only allow HTTPS traffic), (3) Transient network issue. (org.apache.kafka.clients.NetworkClient)
[2024-04-18 14:00:12,989] WARN [Consumer clientId=console-consumer, groupId=console-consumer-98168] Bootstrap broker localhost:4000 (id: -1 rack: null) disconnected (org.apache.kafka.clients.NetworkClient)
[2024-04-18 14:00:15,719] WARN [Consumer clientId=console-consumer, groupId=console-consumer-98168] Connection to node -1 (localhost/127.0.0.1:4000) terminated during authentication. This may happen due to any of the following reasons: (1) Authentication failed due to invalid credentials with brokers older than 1.0.0, (2) Firewall blocking Kafka TLS traffic (eg it may only allow HTTPS traffic), (3) Transient network issue. (org.apache.kafka.clients.NetworkClient)
[2024-04-18 14:00:15,719] WARN [Consumer clientId=console-consumer, groupId=console-consumer-98168] Bootstrap broker localhost:4000 (id: -1 rack: null) disconnected (org.apache.kafka.clients.NetworkClient)
^CProcessed a total of 0 messages

As the error states, this appears to be a problem with TLS/authentication. I've either got it misconfigured, or the node/relay is interfering with expectations the kafka console tools have about how that works. Any ideas?

@glenngillen
Copy link
Member Author

Thought I should break out the actual suggested causes in the error message incase it's something other than the one I suggested:

(1) Authentication failed due to invalid credentials with brokers older than 1.0.0,
(2) Firewall blocking Kafka TLS traffic (eg it may only allow HTTPS traffic),
(3) Transient network issue. (org.apache.kafka.clients.NetworkClient)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@glenngillen