Uploaded image for project: 'Debezium'
  1. Debezium
  2. DBZ-8338

Producer SSL handshake failed

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Major Major
    • None
    • None
    • postgresql-connector
    • False
    • None
    • False

      In order to make your issue reports as actionable as possible, please provide the following information, depending on the issue type.

      Bug report

      For bug reports, provide this information, please:

      What Debezium connector do you use and what version?

      Debezium connector postgresql
      Version: lastest

      What is the captured database version and mode of deployment?

      (E.g. on-premises, with a specific cloud provider, etc.)

      Database postgresql version: 16 and 17
      mode: on-premises and ssl: disable

      Describe

      Hello, I am currently using Debezium to listen to Postgresql events and then fire events on the kafka topic with the following model: 
      postgresql --> Debezium --> Kafka

      I have configured Debezium to connect to Kafka using docker-compose.yaml. You can see the code below:

       

      version: '3.8'
services:
  debezium-connector-test:
    image: debezium/connect:latest
    container_name: debezium-connector-3
    ports:
      - "8083:8083"
    environment:
      - BOOTSTRAP_SERVERS=kafka-01.sbkafka.hehe.vn:31504, kafka-02.sbkafka.hehe.vn:30969, kafka-03.sbkafka.hehe.vn:31924
      - GROUP_ID=vcr-cdc-sandbox
      - CONFIG_STORAGE_TOPIC=vcr-cdc-config
      - OFFSET_STORAGE_TOPIC=vcr-cdc-offset
      - STATUS_STORAGE_TOPIC=vcr-cdc-status
      - CONNECT_SECURITY_PROTOCOL=SASL_SSL
      - CONNECT_SASL_MECHANISM=SCRAM-SHA-512
      - CONNECT_SASL_JAAS_CONFIG=org.apache.kafka.common.security.scram.ScramLoginModule required username="vcr-cdc-sandbox" password="xxxxxx";
      - CONNECT_PRODUCER_SECURITY_PROTOCOL=SASL_SSL
      - CONNECT_PRODUCER_SASL_MECHANISM=SCRAM-SHA-512
      - CONNECT_PRODUCER_SASL_JAAS_CONFIG=org.apache.kafka.common.security.scram.ScramLoginModule required username="vcr-cdc-sandbox" password="xxxxxx";
      - CONNECT_CONSUMER_SECURITY_PROTOCOL=SASL_SSL
      - CONNECT_CONSUMER_SASL_MECHANISM=SCRAM-SHA-512
      - CONNECT_CONSUMER_SASL_JAAS_CONFIG=org.apache.kafka.common.security.scram.ScramLoginModule required username="vcr-cdc-sandbox" password="xxxxxx";
      - CONNECT_SSL_TRUSTSTORE_LOCATION=/etc/kafka/server.truststore
      - CONNECT_SSL_TRUSTSTORE_PASSWORD=12341234**
      - CONNECT_SSL_TRUSTSTORE_TYPE=JKS

     - CONNECT_SSL_KEYSTORE_LOCATION=/etc/kafka/keystore1.p12      - CONNECT_SSL_KEYSTORE_PASSWORD=xxxxx**      - CONNECT_SSL_KEYSTORE_TYPE=PKCS12
      - CONNECT_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM=
      - CONNECTOR_CLIENT_CONFIG_OVERRIDE_POLICY=All
    volumes:
      - ./server.truststore:/etc/kafka/server.truststore
      1.  

      After that, I typed the command: docker-compose up, the connection was completed and I checked the kafka topic vcr-cdc-config and vcr-cdc-status.

      But when I start config debezium conector to listen to postgresql, I get the error "Producer clientId=vcr-cdc-sandbox] Failed authentication with kafka-01.sbkafka.infiniband.vn/172.26.x.x (channelId=-1) (SSL handshake failed) [org.apache.kafka.common.network.Selector"

      The config I curl is as follows:

      curl -s -X POST -H "Content-Type: application/json" \
  --data '{
    "name": "postgres-connector",
    "config": {
      "connector.class": "io.debezium.connector.postgresql.PostgresConnector",
      "database.hostname": "172.25.x.x",
      "database.port": "5417",
      "database.user": "xxxxxx",
      "database.password": "xxxxxx",
      "database.dbname": "xxxxxx",
      "database.server.name": "event_log",
      "plugin.name": "pgoutput",
      "auto.create.topics.enable": "true",
      "topic.prefix": "vcr-cdc",
      "schema.include.list": "public",
      "table.include.list": "public.tag,public.artifact,public.repository",
      "database.history.kafka.bootstrap.servers": "kafka-01.sbkafka.hehe.vn:31504,kafka-02.sbkafka.hehe.vn:30969,kafka-03.sbkafka.hehe.vn:31924",
      "schema.history.internal.kafka.bootstrap.servers": "kafka-01.sbkafka.hehe.vn:31504,kafka-02.sbkafka.hehe.vn:30969,kafka-03.sbkafka.hehe.vn:31924",
      "schema.history.internal.consumer.sasl.jaas.config": "org.apache.kafka.common.security.scram.ScramLoginModule required username=\"vcr-cdc-sandbox\" password=\"xxxxx\";",
      "schema.history.internal.consumer.security.protocol": "SASL_SSL",
      "schema.history.internal.consumer.sasl.mechanism": "SCRAM-SHA-512",
      "producer.sasl.jaas.config": "org.apache.kafka.common.security.scram.ScramLoginModule required username=\"vcr-cdc-sandbox\" password=\"xxxxx\";",
      "producer.sasl.mechanism": "SCRAM-SHA-512",
      "producer.security.protocol": "SASL_SSL",
      "schema.history.internal.producer.sasl.jaas.config": "org.apache.kafka.common.security.scram.ScramLoginModule required username=\"vcr-cdc-sandbox\" password=\"xxxxx\";",
      "schema.history.internal.producer.security.protocol": "SASL_SSL",
      "schema.history.internal.producer.sasl.mechanism": "SCRAM-SHA-512",
      "ssl.mode": "disable",
      "ssl.truststore.location": "/etc/kafka/server.truststore",
      "ssl.truststore.password": "xxxxx**",
      "database.history.kafka.topic": "schema-changes.postgres"
    }
  }' http://localhost:8083/connectors

       

       

      Here are the logs I receive: Attachment
       
      I'm wondering if it's the same authentication but in the docker-compose configuration file, I can connect to it. But when I start configuring curl, I get the error Producer SSL Handshake failed.

        1. debizum-log.txt
          89 kB

              Unassigned Unassigned
              lethanhtha Tha le
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: