javaapache-kafkaibm-cloudwebsphere-libertymessage-hub

Can't Connect to BlueMix MessageHub From Bluemix Liberty

I have a liberty app that connects Bluemix Message Hub. It works fine locally, however it never works when I run the liberty app from Bluemix Liberty. I'm following the example in https://github.com/ibm-messaging/message-hub-samples/tree/master/kafka-java-liberty-sample where you change username/pw in server.xml during runtime.

After some trial and error I realized that when I hardcode my kafka username/pw in server.xml, then BluemixLiberty connects to MsgHub fine. When I "hotswap" the kafka username/pw like in the example, it doesn't work and never connects to kafka (even when I restart the service it doesn't reconnect). I've checked by logging into my service using CF and the sever.xml does have the username/pw correctly swapped.

Is this feature supported in Bluemix Liberty? If not, how am I supposed to properly use vcap-services so I don't hardcode my production user/pw?

Solution

  • I have just redeployed MessageHub's kafka-java-liberty-sample to Bluemix and checked it works ok. One reason your own application may not work could be if it reads server.xml's before the credentials replacement takes place. In the sample, the textual replacement occurs before any JAAS configuration is set.

    However, you may follow another, better, approach. Using Kafka's 0.10.2 client, you do not have to use a global JAAS configuration (a jaas.conf file in a plain Java app, or a <jaasLoginContextEntry> in Liberty's server.xml).

    You can instead remove both <jaasLoginContextEntry> and </jaasLoginModule> sections from server.xml and avoid doing any replacement there.

    Add to your consumer and producer's Properties a sasl.jaas.config property that contains the username and password obtained from VCAP_SERVICES.

    see http://kafka.apache.org/documentation/#security_sasl_plain_clientconfig

    e.g. a property like the following with real USERNAME and PASSWORD. Note that " and ; are expected to be there verbatim.

    sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="USERNAME" password="PASSWORD";

    see https://github.com/ibm-messaging/message-hub-samples/pull/17 (we will merge this PR shortly, for now the branch is https://github.com/edoardocomar/message-hub-samples/tree/liberty-fixed-serverxml)