Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Unable to connect to Kafka cluster using Data-Admin-Kafka

SA-67645

Summary



Error occurs when connecting to a Kafka cluster using the out-of-the-box Data-Admin-Kafka functionality. This occurs after updating the JAAS files on the application server and following all configuration in the Pega application.


Error Messages



On Rule Form:

This record has 1 error(s) in 1 place(s) .

Error connecting to Kafka. Failed to construct kafka consumer. java.lang.IllegalArgumentException: No serviceName defined in either JAAS or Kafka config. No serviceName defined in either JAAS or Kafka config

com.pega.dsm.dnode.impl.dataset.kafka.KafkaConnectivityException: Error connecting to Kafka
at com.pega.dsm.dnode.impl.dataset.kafka.KafkaConnectivityChecker.checkConnectivity(KafkaConnectivityChecker.java:20) ~[dnode-7.3.1.jar:?]
at com.pegarules.generated.activity.ra_action_validate_9bd6f9fc9d1aa379ae710d084aeee710.step4_circum0(ra_action_validate_9bd6f9fc9d1aa379ae710d084aeee710.java:394) ~[?:?]
at com.pegarules.generated.activity.ra_action_validate_9bd6f9fc9d1aa379ae710d084aeee710.perform(ra_action_validate_9bd6f9fc9d1aa379ae710d084aeee710.java:121) ~[?:?]
Caused by: java.lang.IllegalArgumentException: No serviceName defined in either JAAS or Kafka config
at org.apache.kafka.common.security.kerberos.KerberosLogin.getServiceName(KerberosLogin.java:298) ~[kafka-clients-0.11.0.1.jar:?]
at org.apache.kafka.common.security.kerberos.KerberosLogin.configure(KerberosLogin.java:87) ~[kafka-clients-0.11.0.1.jar:?]
at org.apache.kafka.common.security.authenticator.LoginManager.<init>(LoginManager.java:53) ~[kafka-clients-0.11.0.1.jar:?]
at org.apache.kafka.common.security.authenticator.LoginManager.acquireLoginManager(LoginManager.java:83) ~[kafka-clients-0.11.0.1.jar:?]
at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:90) ~[kafka-clients-0.11.0.1.jar:?]
at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:112) ~[kafka-clients-0.11.0.1.jar:?]
at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:58) ~[kafka-clients-0.11.0.1.jar:?]
at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:88) ~[kafka-clients-0.11.0.1.jar:?]
at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:695) ~[kafka-clients-0.11.0.1.jar:?]
at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:633) ~[kafka-clients-0.11.0.1.jar:?]
at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:615) ~[kafka-clients-0.11.0.1.jar:?]
at com.pega.dsm.dnode.impl.dataset.kafka.KafkaInstanceImplementation.getConsumer(KafkaInstanceImplementation.java:340) ~[dnode-7.3.1.jar:?]
at com.pega.dsm.dnode.impl.dataset.kafka.KafkaInstanceImplementation.getConsumer(KafkaInstanceImplementation.java:24) ~[dnode-7.3.1.jar:?]
at com.pega.dsm.dnode.impl.dataset.kafka.KafkaConnectivityChecker.checkConnectivity(KafkaConnectivityChecker.java:16) ~[dnode-7.3.1.jar:?]


Steps to Reproduce

  1. Create a Kafka configuration instance and fill out the information: Host, SSL configuration, Authentication = Kerberos
  2. Add a keytab file to the wsjaas.conf directory in which the file is.
  3. Update the wsjaas.conf file on the application server with the below setting:

      KafkaClient {
        com.ibm.security.auth.module.Krb5LoginModule required
        useKeyTab = "/etc/security/keytabs/kafka_server.keytab"
        principal= "kafka/kafka1.[email protected]";
      };
     
  4. Save the Data-Admin-Kafka instance.


Root Cause



A defect or configuration issue in the operating environment.
The keyword portion of the principal and the security protocol were not provided to the Pega engine.


Resolution



Add the below Dynamic System Settings (DSS) entries in the prconfig file to set the Consumer and Producer properties:

<pegarules>
  ....
   <!-- Kerberized Kafka settings -->
   <env name="security.protocol" value="SASL_SSL" />
   <env name="sasl.kerberos.service.name" value="kafka" />
</pegarules>  

 

Tags:

Pega Platform 7.3.1 Pega Platform Platform Data Integration

Published December 2, 2018 - Updated October 8, 2020

Was this useful?

100% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Collaboration Center

Did you find this content helpful?

Yes
No

Want to help us improve this content?
Suggest an edit

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us