MQTT Proxy Error: No LoginModules configured for ConfluentKafkaMqtt

Hi there,

(I put this topic here under “Clients”, because I don’t know where else to put it.)

I want to configure a MQTT-Proxy via a Docker container together with the other Confluent stuff (broker, rest-proxy, etc.). The relevant part in my docker-compose.yml looks like this:

  kafka-mqtt:
    image: confluentinc/cp-kafka-mqtt:latest
    depends_on:
      - broker
    ports:
      - "1883:1883"
    environment:
      KAFKA_MQTT_BOOTSTRAP_SERVERS: PLAINTEXT://broker:29092
      KAFKA_MQTT_TOPIC_REGEX_LIST: test:test
      KAFKA_MQTT_LISTENERS: 0.0.0.0:1883
      KAFKA_MQTT_CONFLUENT_TOPIC_REPLICATION_FACTOR: 1
      KAFKA_MQTT_LISTENERS_SECURITY_PROTOCOL: SASL_PLAINTEXT
      KAFKA_OPTS: "-Djava.security.auth.login.config=/etc/conf/jaas.conf"
    volumes:
      - ./configs:/etc/conf

In addition to that I have a jaas.conf:

ConfluentKafkaMqtt {
  io.confluent.mqtt.protocol.security.PropertyFileLoginModule required
    file="/etc/conf/credentials.txt";
};

As well as a (very secure) credentials.txt:

test=test

My setup has worked before I added the security/jaas things, so it must be something with it.
When trying to connect to MQTT Proxy the connection is refused. The logs for the kafka-container give me the following error:

javax.security.auth.login.LoginException: No LoginModules configured for ConfluentKafkaMqtt

So it doesn’t seem to find my jaas.conf. (?)
It is in the container however - I checked that. So what’s the problem here?
Help would be very much appreciated :slight_smile:

hey @massi1008 welcome :slight_smile:

could you share your docker-compose.yml?

and did you check?
https://docs.confluent.io/platform/current/kafka-mqtt/security-settings.html#between-mqtt-and-ak

best,
michael

Hi Michael,

here is the entire long .yml:

---
version: '2'
services:
  zookeeper:
    image: confluentinc/cp-zookeeper:6.2.0
    hostname: zookeeper
    container_name: zookeeper
    ports:
      - "2181:2181"
    environment:
      ZOOKEEPER_CLIENT_PORT: 2181
      ZOOKEEPER_TICK_TIME: 2000

  broker:
    image: confluentinc/cp-server:6.2.0
    hostname: broker
    container_name: broker
    depends_on:
      - zookeeper
    ports:
      - "9092:9092"
      - "9101:9101"
    environment:
      KAFKA_BROKER_ID: 1
      KAFKA_ZOOKEEPER_CONNECT: 'zookeeper:2181'
      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT
      KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://broker:29092,PLAINTEXT_HOST://localhost:9092
      KAFKA_METRIC_REPORTERS: io.confluent.metrics.reporter.ConfluentMetricsReporter
      KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
      KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 0
      KAFKA_CONFLUENT_LICENSE_TOPIC_REPLICATION_FACTOR: 1
      KAFKA_CONFLUENT_BALANCER_TOPIC_REPLICATION_FACTOR: 1
      KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1
      KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1
      KAFKA_JMX_PORT: 9101
      KAFKA_JMX_HOSTNAME: localhost
      KAFKA_CONFLUENT_SCHEMA_REGISTRY_URL: http://schema-registry:8081
      CONFLUENT_METRICS_REPORTER_BOOTSTRAP_SERVERS: broker:29092
      CONFLUENT_METRICS_REPORTER_TOPIC_REPLICAS: 1
      CONFLUENT_METRICS_ENABLE: 'true'
      CONFLUENT_SUPPORT_CUSTOMER_ID: 'anonymous'

  schema-registry:
    image: confluentinc/cp-schema-registry:6.2.0
    hostname: schema-registry
    container_name: schema-registry
    depends_on:
      - broker
    ports:
      - "8081:8081"
    environment:
      SCHEMA_REGISTRY_HOST_NAME: schema-registry
      SCHEMA_REGISTRY_KAFKASTORE_BOOTSTRAP_SERVERS: 'broker:29092'
      SCHEMA_REGISTRY_LISTENERS: http://0.0.0.0:8081

  connect:
    image: cnfldemos/cp-server-connect-datagen:0.5.0-6.2.0
    hostname: connect
    container_name: connect
    depends_on:
      - broker
      - schema-registry
    ports:
      - "8083:8083"
    environment:
      CONNECT_BOOTSTRAP_SERVERS: 'broker:29092'
      CONNECT_REST_ADVERTISED_HOST_NAME: connect
      CONNECT_REST_PORT: 8083
      CONNECT_GROUP_ID: compose-connect-group
      CONNECT_CONFIG_STORAGE_TOPIC: docker-connect-configs
      CONNECT_CONFIG_STORAGE_REPLICATION_FACTOR: 1
      CONNECT_OFFSET_FLUSH_INTERVAL_MS: 10000
      CONNECT_OFFSET_STORAGE_TOPIC: docker-connect-offsets
      CONNECT_OFFSET_STORAGE_REPLICATION_FACTOR: 1
      CONNECT_STATUS_STORAGE_TOPIC: docker-connect-status
      CONNECT_STATUS_STORAGE_REPLICATION_FACTOR: 1
      CONNECT_KEY_CONVERTER: org.apache.kafka.connect.storage.StringConverter
      CONNECT_VALUE_CONVERTER: io.confluent.connect.avro.AvroConverter
      CONNECT_VALUE_CONVERTER_SCHEMA_REGISTRY_URL: http://schema-registry:8081
      # CLASSPATH required due to CC-2422
      CLASSPATH: /usr/share/java/monitoring-interceptors/monitoring-interceptors-6.2.0.jar
      CONNECT_PRODUCER_INTERCEPTOR_CLASSES: "io.confluent.monitoring.clients.interceptor.MonitoringProducerInterceptor"
      CONNECT_CONSUMER_INTERCEPTOR_CLASSES: "io.confluent.monitoring.clients.interceptor.MonitoringConsumerInterceptor"
      CONNECT_PLUGIN_PATH: "/usr/share/java,/usr/share/confluent-hub-components"
      CONNECT_LOG4J_LOGGERS: org.apache.zookeeper=ERROR,org.I0Itec.zkclient=ERROR,org.reflections=ERROR
    command:
      - bash
      - -c
      - |
        confluent-hub install --no-prompt neo4j/kafka-connect-neo4j:1.0.9 && \
        confluent-hub install confluentinc/kafka-connect-mqtt:1.4.1 && \
        confluent-hub install --no-prompt confluentinc/kafka-connect-datagen:latest
        /etc/confluent/docker/run &
        sleep infinity

  control-center:
    image: confluentinc/cp-enterprise-control-center:6.2.0
    hostname: control-center
    container_name: control-center
    depends_on:
      - broker
      - schema-registry
      - connect
      - mqtt
      #- ksqldb-server
    ports:
      - "9021:9021"
    environment:
      CONTROL_CENTER_BOOTSTRAP_SERVERS: 'broker:29092'
      CONTROL_CENTER_CONNECT_CLUSTER: 'connect:8083'
#      CONTROL_CENTER_KSQL_KSQLDB1_URL: "http://ksqldb-server:8088"
#      CONTROL_CENTER_KSQL_KSQLDB1_ADVERTISED_URL: "http://localhost:8088"
      CONTROL_CENTER_SCHEMA_REGISTRY_URL: "http://schema-registry:8081"
      CONTROL_CENTER_REPLICATION_FACTOR: 1
      CONTROL_CENTER_INTERNAL_TOPICS_PARTITIONS: 1
      CONTROL_CENTER_MONITORING_INTERCEPTOR_TOPIC_PARTITIONS: 1
      CONFLUENT_METRICS_TOPIC_REPLICATION: 1
      PORT: 9021
      

  rest-proxy:
    image: confluentinc/cp-kafka-rest:6.2.0
    depends_on:
      - broker
      - schema-registry
    ports:
      - 8082:8082
    hostname: rest-proxy
    container_name: rest-proxy
    environment:
      KAFKA_REST_HOST_NAME: rest-proxy
      KAFKA_REST_BOOTSTRAP_SERVERS: 'broker:29092'
      KAFKA_REST_LISTENERS: "http://0.0.0.0:8082"
      KAFKA_REST_SCHEMA_REGISTRY_URL: 'http://schema-registry:8081'

  kafka-mqtt:
    image: confluentinc/cp-kafka-mqtt:latest
    depends_on:
      - broker
    ports:
      - "1883:1883"
    environment:
      KAFKA_MQTT_BOOTSTRAP_SERVERS: PLAINTEXT://broker:29092
      KAFKA_MQTT_TOPIC_REGEX_LIST: test:test
      KAFKA_MQTT_LISTENERS: 0.0.0.0:1883
      KAFKA_MQTT_CONFLUENT_TOPIC_REPLICATION_FACTOR: 1
      KAFKA_MQTT_LISTENERS_SECURITY_PROTOCOL: SASL_PLAINTEXT
      KAFKA_OPTS: "-Djava.security.auth.login.config=/etc/conf/jaas.conf"
    volumes:
      - ./configs:/etc/conf

Regarding the link your send: This is authentification between MQTT-Proxy and Kafka-Broker. This is not what I’m looking for. Is this needed?

ah sorry my mistake.
will check by myself and come back to you :slight_smile: