I am trying to develop a Kafka Consumer in Spring Boot. I am able to setup the Kafka Cluster in Kafka Tool and able to read the messages from it manually. I am using the same configs in Spring Boot as well but ended up with the below errors and this warning.
2019-06-10 13:45:40.036 WARN 8364 --- [ id3-0-C-1] org.apache.kafka.clients.NetworkClient : Bootstrap broker XXXXXX.DEVHADOOP.XXXX.COM:6768 disconnected
2019-06-10 13:45:40.038 WARN 8364 --- [ id1-0-C-1] org.apache.kafka.clients.NetworkClient : Bootstrap broker XXXXXXX.DEVHADOOP.XXXXXXXXX.COM:6768 disconnected
2019-06-10 13:45:40.044 WARN 8364 --- [ id2-0-C-1] org.apache.kafka.clients.NetworkClient : Bootstrap broker XXXXXXXXXXXXXX.DEVHADOOP.XXXXXX.COM:6768 disconnected
2019-06-10 13:45:40.045 WARN 8364 --- [ id4-0-C-1] org.apache.kafka.clients.NetworkClient : Bootstrap broker XXXXXXXXX.DEVHADOOP.XXXXXXX.COM:6768 disconnected
Exception in thread "main" org.apache.kafka.common.KafkaException: Failed to construct kafka consumer
at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:702)
at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:587)
at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:569)
at com.howtoprogram.kafka.SpringKafkaExampleApplication.main(SpringKafkaExampleApplication.java:38)
Caused by: org.apache.kafka.common.KafkaException: org.apache.kafka.common.KafkaException: java.io.IOException: Invalid keystore format
at org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:44)
at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:70)
at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:83)
at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:623)
public Map<String, Object> consumerConfigs() {
Map<String, Object> propsMap = new HashMap<>();
propsMap.put(ConsumerConfig.BOOTSTRAP_SERVERS_CONFIG, "XXXXX.DEVHADOOP.XXXXXX.COM:6768");
propsMap.put(ConsumerConfig.ENABLE_AUTO_COMMIT_CONFIG, false);
propsMap.put(ConsumerConfig.AUTO_COMMIT_INTERVAL_MS_CONFIG, "100");
propsMap.put(ConsumerConfig.SESSION_TIMEOUT_MS_CONFIG, "15000");
propsMap.put(ConsumerConfig.KEY_DESERIALIZER_CLASS_CONFIG, StringDeserializer.class);
propsMap.put(ConsumerConfig.VALUE_DESERIALIZER_CLASS_CONFIG, StringDeserializer.class);
propsMap.put(ConsumerConfig.GROUP_ID_CONFIG, "group1");
propsMap.put(ConsumerConfig.AUTO_OFFSET_RESET_CONFIG, "earliest");
propsMap.put("ssl.truststore.location","C:/Users/PXXX/Documents/XXXXX/KafkaTool-for-v0.10/truststore.jks");
propsMap.put("ssl.truststore.password", "XXXXXXX");
propsMap.put("security.protocol", "SSL");
propsMap.put("ssl.jaas.config","C:/Users/PXXXX/Documents/XXXXKafkaTool-for-v0.10/jaas_sdataflow_dev.conf");
propsMap.put("ssl.kerberos.service.name", "kafka");
propsMap.put("ssl.keystore.location", "C:/Users/PXXXXXX/Documents/XXXXXX/KafkaTool-for-v0.10/svc-bd-priscpqc-dev.keytab");
propsMap.put("ssl.keystore.password", "XXXXXX");
2019-06-10 13:45:39.723 INFO 8364 --- [ main] o.a.k.clients.consumer.ConsumerConfig : ConsumerConfig values:
metric.reporters = []
metadata.max.age.ms = 300000
partition.assignment.strategy = [org.apache.kafka.clients.consumer.RangeAssignor]
reconnect.backoff.ms = 50
sasl.kerberos.ticket.renew.window.factor = 0.8
max.partition.fetch.bytes = 1048576
bootstrap.servers = [XXXXXX.DEVHADOOP.XXXXXXX.COM:6768]
ssl.keystore.type = JKS
enable.auto.commit = false
sasl.mechanism = GSSAPI
interceptor.classes = null
exclude.internal.topics = true
ssl.truststore.password = [hidden]
client.id =
ssl.endpoint.identification.algorithm = null
max.poll.records = 2147483647
check.crcs = true
request.timeout.ms = 40000
heartbeat.interval.ms = 3000
auto.commit.interval.ms = 100
receive.buffer.bytes = 65536
ssl.truststore.type = JKS
ssl.truststore.location = C:/Users/PXXXX/Documents/XXXXX/KafkaTool-for-v0.10/truststore.jks
ssl.keystore.password = [hidden]
fetch.min.bytes = 1
send.buffer.bytes = 131072
value.deserializer = class org.apache.kafka.common.serialization.StringDeserializer
group.id = group1
retry.backoff.ms = 100
sasl.kerberos.kinit.cmd = /usr/bin/kinit
sasl.kerberos.service.name = kafka
sasl.kerberos.ticket.renew.jitter = 0.05
ssl.trustmanager.algorithm = PKIX
ssl.key.password = null
fetch.max.wait.ms = 500
sasl.kerberos.min.time.before.relogin = 60000
connections.max.idle.ms = 540000
session.timeout.ms = 15000
metrics.num.samples = 2
key.deserializer = class org.apache.kafka.common.serialization.StringDeserializer
ssl.protocol = TLS
ssl.provider = null
ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1]
ssl.keystore.location = C:/Users/PXXXXX/Documents/XXXXXX/KafkaTool-for-v0.10/svc-bd-priscpqc-dev.keytab
ssl.cipher.suites = null
security.protocol = SSL
ssl.keymanager.algorithm = SunX509
metrics.sample.window.ms = 30000
auto.offset.reset = earliest
Kerberos is different to SSL. SSL is for encryption, Kerberos is for authentication.
See Configuring Kafka Clients (for SSL).
See Authentication using SASL/Kerberos and Configuring Kafka Clients