Hi!
After playing with Datahub on my dev machine ...
# all-things-deployments
square-football-37770
05/03/2023, 9:44 PMHi!
After playing with Datahub on my dev machine via docker-compose, I’m trying to set it up on GKE so my teammates canm also play with it and convince them to adopt it as our Data Catalog. However, our Kafka is on Aiven, which do not expose/require a zookeeper. It seems this doesn’t suits too well with
datahub-kafka-setup-job Copy code
spec:
│ containers:
│ - env:
│ - name: KAFKA_ZOOKEEPER_CONNECT
│ value: prerequisites-zookeeper:2181🔍 1
📖 1
l
lively-cat-88289
05/03/2023, 9:44 PMHey there 👋 I'm The DataHub Community Support bot. I'm here to help make sure the community can best support you with your request.
Let's double check a few things first: ✅ There's a lot of good information on our docs site: www.datahubproject.io/docs, Have you searched there for a solution? ✅ button ✅ It's not uncommon that someone has run into your exact problem before in the community. Have you searched Slack for similar issues? ✅ button Did you find a solution to your issue? ❌ Sorry you weren't able to find a solution. I'm sending you some tips on info you can provide to help the community troubleshoot. Whenever you feel your issue is solved, please react ✅ to your original message to let us know!
s
square-football-37770
05/03/2023, 9:47 PMmmm seems the issue is actually
Copy code
Unable to attach or mount volumes: unmounted volumes=[datahub-certs-dir], unattached volumes=[kube-api-access-2bt9w datahub-certs-dir]: timed out waiting for the conditiona
astonishing-answer-96712
05/05/2023, 5:33 PM@dazzling-yak-93039 might be able to help out here vis-a-vis hooking kafka/aiven in
d
dazzling-yak-93039
05/05/2023, 8:08 PMSounds like it can't come up because it doesn't have the certificates it needs because the volumes are not mounted?
s
square-football-37770
05/08/2023, 7:34 AMHi! Sorry for the late reply.
I created the secret on GKE:
square-football-37770
05/08/2023, 7:35 AMwith the following config:
Copy code
credentialsAndCertsSecrets:
name: datahub-certs
path: /mnt/datahub/certs
secureEnv:
<http://basic.auth.user.info|basic.auth.user.info>: sasl-auth
sasl.username: sasl-username
sasl.password: sasl-password
springKafkaConfigurationOverrides:
sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="myuser" password="mypass";
sasl.mechanism: PLAIN
security.protocol: SASL_PLAINTEXT
ssl.endpoint.identification.algorith: https
client.dns.lookup: use_all_dns_ips
basic.auth.credentials.source: USER_INFOsquare-football-37770
05/08/2023, 7:38 AMHowever the kafkaSetupJob starts with
sasl.mechanismGSSAPsasl.jaas.configsquare-football-37770
05/08/2023, 7:38 AM Copy code
[main] INFO org.apache.kafka.common.security.authenticator.AbstractLogin - Successfully logged in.
[main] WARN org.apache.kafka.clients.admin.AdminClientConfig - The configuration 'sasl.jaas.config' was supplied but isn't a known config.
[main] WARN org.apache.kafka.clients.admin.AdminClientConfig - The configuration 'sasl.kerberos.service.name' was supplied but isn't a known config.
[main] INFO org.apache.kafka.common.utils.AppInfoParser - Kafka version: 6.1.4-ccs
[main] INFO org.apache.kafka.common.utils.AppInfoParser - Kafka commitId: c9124241a6ff43bc
[main] INFO org.apache.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1683294446800
[kafka-admin-client-thread | adminclient-1] INFO org.apache.kafka.common.network.SaslChannelBuilder - [AdminClient clientId=adminclient-1] Failed to create channel due to
org.apache.kafka.common.errors.SaslAuthenticationException: Failed to configure SaslClientAuthenticator
Caused by: org.apache.kafka.common.KafkaException: Principal could not be determined from Subject, this may be a transient failure due to Kerberos re-login
at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.firstPrincipal(SaslClientAuthenticator.java:622)
at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.<init>(SaslClientAuthenticator.java:200)
at org.apache.kafka.common.network.SaslChannelBuilder.buildClientAuthenticator(SaslChannelBuilder.java:274)
at org.apache.kafka.common.network.SaslChannelBuilder.lambda$buildChannel$1(SaslChannelBuilder.java:216)
at org.apache.kafka.common.network.KafkaChannel.<init>(KafkaChannel.java:142)
at org.apache.kafka.common.network.SaslChannelBuilder.buildChannel(SaslChannelBuilder.java:224)
at org.apache.kafka.common.network.Selector.buildAndAttachKafkaChannel(Selector.java:338)
at org.apache.kafka.common.network.Selector.registerChannel(Selector.java:329)square-football-37770
05/08/2023, 7:39 AMlooks like datahub (or most likely spring-kafka` doesn’t like my
sasl.mechanismsquare-football-37770
05/08/2023, 9:10 AMenvars are also ignored apparently
Copy code
helm install datahub -f datahub/aiven-neo4j.yaml --set KAFKA_PROPERTIES_SASL_MECHANISM=$SPRING_KAFKA_PROPERTIES_SASL_MECHANISM --set KAFKA_PROPERTIES_SASL_KERBEROS_SERVICE_NAME=$SPRING_KAFKA_PROPERTIES_SASL_KERBEROS_SERVICE_NAME datahubsquare-football-37770
05/08/2023, 11:46 AMScreenshot 2023-05-08 at 13.45.52.png
a
astonishing-answer-96712
05/16/2023, 9:38 PMHey @square-football-37770, is this issue still effecting you?
s
square-football-37770
05/17/2023, 9:11 AMI created the topics manually.
datahub-actionsfrontendsquare-football-37770
05/17/2023, 9:11 AMimage.png
square-football-37770
05/17/2023, 9:11 AMbut then kafka ingestion seems to fail
square-football-37770
05/17/2023, 9:12 AMand I’m trying to six the
actionssquare-football-37770
05/17/2023, 9:19 AMwhich fails with:
Copy code
Exception: Failed to instantiate Actions Pipeline using config {'name': 'ingestion_executor', 'source': {'type': 'kafka', 'config': {'connection': {'bootstrap': '<http://kafka-01-my-instance-aiven.aivencloud.com:29658|kafka-01-my-instance-aiven.aivencloud.com:29658>', 'schema_registry_url': '<https://myuser:mypass@kafka-01-my-instance-aiven.aivencloud.com:29650>', 'consumer_config': {'security.protocol': 'SASL_SSL', 'sasl.mechanism': 'SCRAM-SHA-512', 'sasl.username': 'myuser', 'sasl.password': 'mypass', 'sasl.jaas.config': 'org.apache.kafka.common.security.scram.ScramLoginModule required username=myuser password=mypass;', 'ssl.truststore.location': '/mnt/datahub/certs/truststore.jks', 'kafkastore.ssl.truststore.location': '/mnt/datahub/certs/truststore.jks'}, 'schema_registry_config': {'<http://basic.auth.user.info|basic.auth.user.info>': 'myuser:mypass'}}, 'topic_routes': {'mcl': 'MetadataChangeLog_Versioned_v1', 'pe': 'PlatformEvent_v1'}}}, 'filter': {'event_type': 'MetadataChangeLogEvent_v1', 'event': {'entityType': 'dataHubExecutionRequest', 'changeType': 'UPSERT', 'aspectName': ['dataHubExecutionRequestInput', 'dataHubExecutionRequestSignal'], 'aspect': {'value': {'executorId': 'default'}}}}, 'action': {'type': 'executor', 'config': {'executor_id': 'default'}}, 'datahub': {'server': '<http://datahub-datahub-gms:8080>', 'extra_headers': {'Authorization': 'Basic __datahub_system:JohnSnowKnowsNothing'}}}square-football-37770
05/17/2023, 9:20 AMmmm that last
Authorizationgmssquare-football-37770
05/17/2023, 10:08 AMnope, even changing that to
Copy code
{'server': '<http://datahub-datahub-gms:8080>', 'extra_headers': {'Authorization': 'Bearer eyJhbGciOiJIUzI1NiJ9.eyJhY3RvclR5cGUiOiJVU0VSIiwiYWN0b3JJZCI6ImRhdGFodWIiLCJ0eXBlIjoiUEVSU09OQUwiLCJ2ZXJzaW9uIjoiMiIsImp0aSI6IjlmZTk1NTkxLWI5YTgtNDZkYi04YTI4LTc2NmY3ZTBhMzAyMyIsInN1YiI6ImRhdGFodWIiLCJleHAiOjE2ODY5MDg1OTYsImlzcyI6ImRhdGFodWItbWV0YWRhdGEtc2VydmljZSJ9.TNN0_Vxzu7gnYAcGmECWBX4SCrYmtsLHH3Dliqkck-w'}}square-football-37770
05/17/2023, 10:08 AMsame error