admin管理员组文章数量:1336632
I have two k8s setups on which kafka clusters are running. On my origin setup no TLS or authentication is required. My target setup has both SCRAM-SHA-512 and TLS setup. The config of my KafkaMirrorMaker2 is as follows:-
spec:
clusters:
- alias: source-dummy-six
bootstrapServers: origin-kafka:9092
- alias: target-dummy-six
authentication:
passwordSecret:
password: target-password
secretName: password-secret-dummy-six
type: scram-sha-512
username: kafka-username
bootstrapServers: 10.11.12.13:32182
config:
config.storage.replication.factor: -1
config.storage.topic: dummy-six-configs
group.id: dummy-six-group-id
offset.storage.replication.factor: -1
offset.storage.topic: dummy-six-offset
reconnect.backoff.max.ms: 2000
reconnect.backoff.ms: 2000
request.timeout.ms: 60000
retry.backoff.max.ms: 2000
retry.backoff.ms: 2000
socket.connection.setup.timeout.ms: 30000
ssl.endpoint.identification.algorithm: ""
status.storage.replication.factor: -1
status.storage.topic: dummy-six-status
tls:
trustedCertificates:
- certificate: ca.cert
secretName: target-tls-secret-dummy-six
connectCluster: target-dummy-six
logging:
loggers:
connect.root.logger.level: INFO
type: inline
metricsConfig:
type: jmxPrometheusExporter
valueFrom:
configMapKeyRef:
key: mirrormaker-metrics-config
name: mirror-maker-2-metrics
mirrors:
- checkpointConnector:
config:
checkpoints.topic.replication.factor: 1
offset-syncs.topic.location: target
refresh.groups.interval.seconds: 20
replication.policy.class: company.CustomRepPolicy
replication.policy.dest.metric.topic.name: test_metric_con
sync.group.offsets.enabled: false
groupsPattern: .*
heartbeatConnector:
config:
heartbeats.topic.replication.factor: 1
sourceCluster: source-dummy-six
sourceConnector:
config:
offset-syncs.topic.location: target
offset-syncs.topic.replication.factor: 1
refresh.topics.interval.seconds: 20
replication.factor: 1
replication.policy.class: company.CustomRepPolicy
replication.policy.dest.metric.topic.name: test_metric_con
replication.policy.separator: .
sync.group.offsets.enabled: false
sync.topic.acls.enabled: "true"
topic.creation.default.message.format.version: 2.8-IV0
topic.creation.default.partitions: -1
topic.creation.default.replication.factor: -1
tasksMax: 4
targetCluster: target-dummy-six
topicsPattern: my_target_topic
This is the error I get
Node 2 disconnected. (.apache.kafka.clients.NetworkClient) [kafka-admin-client-thread | adminclient-1]
2024-11-19 16:11:17,103 WARN [AdminClient clientId=adminclient-1] Connection to node 2 (kafka-target-cluster/10.23.52.37:32187) could not be established. Node may not be available. (.apache.kafka.clients.NetworkClient) [kafka-admin-client-thread | adminclient-1]
2024-11-19 16:11:18,769 INFO [AdminClient clientId=adminclient-1] Node 0 disconnected. (.apache.kafka.clients.NetworkClient) [kafka-admin-client-thread | adminclient-1]
2024-11-19 16:11:18,769 WARN [AdminClient clientId=adminclient-1] Connection to node 0 (kafka-target-cluster/10.23.52.37:32185) could not be established. Node may not be available. (.apache.kafka.clients.NetworkClient) [kafka-admin-client-thread | adminclient-1]
2024-11-19 16:11:18,770 INFO App info kafka.admin.client for adminclient-1 unregistered (.apache.kafkamon.utils.AppInfoParser) [kafka-admin-client-thread | adminclient-1]
2024-11-19 16:11:18,771 INFO [AdminClient clientId=adminclient-1] Metadata update failed (.apache.kafka.clients.admin.internals.AdminMetadataManager) [kafka-admin-client-thread | adminclient-1]
.apache.kafkamon.errors.TimeoutException: The AdminClient thread has exited. Call: fetchMetadata
2024-11-19 16:11:18,773 INFO [AdminClient clientId=adminclient-1] Timed out 1 remaining operation(s) during close. (.apache.kafka.clients.admin.KafkaAdminClient) [kafka-admin-client-thread | adminclient-1]
2024-11-19 16:11:18,779 INFO Metrics scheduler closed (.apache.kafkamon.metrics.Metrics) [kafka-admin-client-thread | adminclient-1]
2024-11-19 16:11:18,779 INFO Closing reporter .apache.kafkamon.metrics.JmxReporter (.apache.kafkamon.metrics.Metrics) [kafka-admin-client-thread | adminclient-1]
2024-11-19 16:11:18,779 INFO Metrics reporters closed (.apache.kafkamon.metrics.Metrics) [kafka-admin-client-thread | adminclient-1]
2024-11-19 16:11:18,779 ERROR Stopping due to error (.apache.kafka.connect.cli.AbstractConnectCli) [main]
.apache.kafka.connect.errors.ConnectException: Failed to connect to and describe Kafka cluster. Check worker's broker connection and security properties.
at .apache.kafka.connect.runtime.WorkerConfig.lookupKafkaClusterId(WorkerConfig.java:305)
at .apache.kafka.connect.runtime.WorkerConfig.lookupKafkaClusterId(WorkerConfig.java:285)
at .apache.kafka.connect.runtime.WorkerConfig.kafkaClusterId(WorkerConfig.java:415)
at .apache.kafka.connect.cli.AbstractConnectCli.startConnect(AbstractConnectCli.java:124)
at .apache.kafka.connect.cli.AbstractConnectCli.run(AbstractConnectCli.java:94)
at .apache.kafka.connect.cli.ConnectDistributed.main(ConnectDistributed.java:116)
Caused by: java.util.concurrent.ExecutionException: .apache.kafkamon.errors.TimeoutException: Timed out waiting for a node assignment. Call: listNodes
at java.base/java.util.concurrent.CompletableFuture.reportGet(Unknown Source)
at java.base/java.util.concurrent.CompletableFuture.get(Unknown Source)
at .apache.kafkamon.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:165)
at .apache.kafka.connect.runtime.WorkerConfig.lookupKafkaClusterId(WorkerConfig.java:299)
... 5 more
Caused by: .apache.kafkamon.errors.TimeoutException: Timed out waiting for a node assignment. Call: listNodes
What I notice is I am providing the target bootstrap-server as 10.11.12.13:32182 but it fails to reach 10.23.52.37:32185. So this means that it is able to resolve the original bootstrap server and then identifies from the target kafka cluster metadata, the nodes. So TLS configuration and SCRAM-SHA-512 authentication is happening correctly.
Furthermore when I try to check the connection on 10.11.12.13:32182 I get this
nc -zv 10.11.12.13 32182
Ncat: Version 7.70 ( )
Ncat: Connected to 10.11.12.13:32182.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.
But when I do the same with 10.23.52.37:32185 I am unable to eastablish a connection
nc -zv 10.23.52.37 32185
Ncat: Version 7.70 ( )
Ncat: Connection timed out.
I have also verified the tls certificate by executing this command and cross checking the ca-cert I have provided with the last certificate of the output of this command
openssl s_client -connect 10.11.12.13:32182 -showcerts
Also on my target cluster I have not defined any acls. So by default all permissions should be enabled. As determined by the output of this
./kafka-acls.sh --list --bootstrap-server 10.11.12.13:32182
Error while executing ACL command: .apache.kafkamon.errors.SecurityDisabledException: No Authorizer is configured on the broker
java.util.concurrent.ExecutionException: .apache.kafkamon.errors.SecurityDisabledException: No Authorizer is configured on the broker
at java.base/java.util.concurrent.CompletableFuture.reportGet(Unknown Source)
at java.base/java.util.concurrent.CompletableFuture.get(Unknown Source)
at .apache.kafkamon.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:165)
at kafka.admin.AclCommand$AdminClientService.getAcls(AclCommand.scala:180)
at kafka.admin.AclCommand$AdminClientService.listAcls(AclCommand.scala:149)
at kafka.admin.AclCommand$AdminClientService.$anonfun$listAcls$1(AclCommand.scala:142)
at kafka.admin.AclCommand$AdminClientService.listAcls(AclCommand.scala:141)
at kafka.admin.AclCommand$.main(AclCommand.scala:77)
at kafka.admin.AclCommand.main(AclCommand.scala)
Caused by: .apache.kafkamon.errors.SecurityDisabledException: No Authorizer is configured on the broker
(I have changed the actual IP addresses)
I have two k8s setups on which kafka clusters are running. On my origin setup no TLS or authentication is required. My target setup has both SCRAM-SHA-512 and TLS setup. The config of my KafkaMirrorMaker2 is as follows:-
spec:
clusters:
- alias: source-dummy-six
bootstrapServers: origin-kafka:9092
- alias: target-dummy-six
authentication:
passwordSecret:
password: target-password
secretName: password-secret-dummy-six
type: scram-sha-512
username: kafka-username
bootstrapServers: 10.11.12.13:32182
config:
config.storage.replication.factor: -1
config.storage.topic: dummy-six-configs
group.id: dummy-six-group-id
offset.storage.replication.factor: -1
offset.storage.topic: dummy-six-offset
reconnect.backoff.max.ms: 2000
reconnect.backoff.ms: 2000
request.timeout.ms: 60000
retry.backoff.max.ms: 2000
retry.backoff.ms: 2000
socket.connection.setup.timeout.ms: 30000
ssl.endpoint.identification.algorithm: ""
status.storage.replication.factor: -1
status.storage.topic: dummy-six-status
tls:
trustedCertificates:
- certificate: ca.cert
secretName: target-tls-secret-dummy-six
connectCluster: target-dummy-six
logging:
loggers:
connect.root.logger.level: INFO
type: inline
metricsConfig:
type: jmxPrometheusExporter
valueFrom:
configMapKeyRef:
key: mirrormaker-metrics-config
name: mirror-maker-2-metrics
mirrors:
- checkpointConnector:
config:
checkpoints.topic.replication.factor: 1
offset-syncs.topic.location: target
refresh.groups.interval.seconds: 20
replication.policy.class: company.CustomRepPolicy
replication.policy.dest.metric.topic.name: test_metric_con
sync.group.offsets.enabled: false
groupsPattern: .*
heartbeatConnector:
config:
heartbeats.topic.replication.factor: 1
sourceCluster: source-dummy-six
sourceConnector:
config:
offset-syncs.topic.location: target
offset-syncs.topic.replication.factor: 1
refresh.topics.interval.seconds: 20
replication.factor: 1
replication.policy.class: company.CustomRepPolicy
replication.policy.dest.metric.topic.name: test_metric_con
replication.policy.separator: .
sync.group.offsets.enabled: false
sync.topic.acls.enabled: "true"
topic.creation.default.message.format.version: 2.8-IV0
topic.creation.default.partitions: -1
topic.creation.default.replication.factor: -1
tasksMax: 4
targetCluster: target-dummy-six
topicsPattern: my_target_topic
This is the error I get
Node 2 disconnected. (.apache.kafka.clients.NetworkClient) [kafka-admin-client-thread | adminclient-1]
2024-11-19 16:11:17,103 WARN [AdminClient clientId=adminclient-1] Connection to node 2 (kafka-target-cluster/10.23.52.37:32187) could not be established. Node may not be available. (.apache.kafka.clients.NetworkClient) [kafka-admin-client-thread | adminclient-1]
2024-11-19 16:11:18,769 INFO [AdminClient clientId=adminclient-1] Node 0 disconnected. (.apache.kafka.clients.NetworkClient) [kafka-admin-client-thread | adminclient-1]
2024-11-19 16:11:18,769 WARN [AdminClient clientId=adminclient-1] Connection to node 0 (kafka-target-cluster/10.23.52.37:32185) could not be established. Node may not be available. (.apache.kafka.clients.NetworkClient) [kafka-admin-client-thread | adminclient-1]
2024-11-19 16:11:18,770 INFO App info kafka.admin.client for adminclient-1 unregistered (.apache.kafkamon.utils.AppInfoParser) [kafka-admin-client-thread | adminclient-1]
2024-11-19 16:11:18,771 INFO [AdminClient clientId=adminclient-1] Metadata update failed (.apache.kafka.clients.admin.internals.AdminMetadataManager) [kafka-admin-client-thread | adminclient-1]
.apache.kafkamon.errors.TimeoutException: The AdminClient thread has exited. Call: fetchMetadata
2024-11-19 16:11:18,773 INFO [AdminClient clientId=adminclient-1] Timed out 1 remaining operation(s) during close. (.apache.kafka.clients.admin.KafkaAdminClient) [kafka-admin-client-thread | adminclient-1]
2024-11-19 16:11:18,779 INFO Metrics scheduler closed (.apache.kafkamon.metrics.Metrics) [kafka-admin-client-thread | adminclient-1]
2024-11-19 16:11:18,779 INFO Closing reporter .apache.kafkamon.metrics.JmxReporter (.apache.kafkamon.metrics.Metrics) [kafka-admin-client-thread | adminclient-1]
2024-11-19 16:11:18,779 INFO Metrics reporters closed (.apache.kafkamon.metrics.Metrics) [kafka-admin-client-thread | adminclient-1]
2024-11-19 16:11:18,779 ERROR Stopping due to error (.apache.kafka.connect.cli.AbstractConnectCli) [main]
.apache.kafka.connect.errors.ConnectException: Failed to connect to and describe Kafka cluster. Check worker's broker connection and security properties.
at .apache.kafka.connect.runtime.WorkerConfig.lookupKafkaClusterId(WorkerConfig.java:305)
at .apache.kafka.connect.runtime.WorkerConfig.lookupKafkaClusterId(WorkerConfig.java:285)
at .apache.kafka.connect.runtime.WorkerConfig.kafkaClusterId(WorkerConfig.java:415)
at .apache.kafka.connect.cli.AbstractConnectCli.startConnect(AbstractConnectCli.java:124)
at .apache.kafka.connect.cli.AbstractConnectCli.run(AbstractConnectCli.java:94)
at .apache.kafka.connect.cli.ConnectDistributed.main(ConnectDistributed.java:116)
Caused by: java.util.concurrent.ExecutionException: .apache.kafkamon.errors.TimeoutException: Timed out waiting for a node assignment. Call: listNodes
at java.base/java.util.concurrent.CompletableFuture.reportGet(Unknown Source)
at java.base/java.util.concurrent.CompletableFuture.get(Unknown Source)
at .apache.kafkamon.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:165)
at .apache.kafka.connect.runtime.WorkerConfig.lookupKafkaClusterId(WorkerConfig.java:299)
... 5 more
Caused by: .apache.kafkamon.errors.TimeoutException: Timed out waiting for a node assignment. Call: listNodes
What I notice is I am providing the target bootstrap-server as 10.11.12.13:32182 but it fails to reach 10.23.52.37:32185. So this means that it is able to resolve the original bootstrap server and then identifies from the target kafka cluster metadata, the nodes. So TLS configuration and SCRAM-SHA-512 authentication is happening correctly.
Furthermore when I try to check the connection on 10.11.12.13:32182 I get this
nc -zv 10.11.12.13 32182
Ncat: Version 7.70 ( https://nmap./ncat )
Ncat: Connected to 10.11.12.13:32182.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.
But when I do the same with 10.23.52.37:32185 I am unable to eastablish a connection
nc -zv 10.23.52.37 32185
Ncat: Version 7.70 ( https://nmap./ncat )
Ncat: Connection timed out.
I have also verified the tls certificate by executing this command and cross checking the ca-cert I have provided with the last certificate of the output of this command
openssl s_client -connect 10.11.12.13:32182 -showcerts
Also on my target cluster I have not defined any acls. So by default all permissions should be enabled. As determined by the output of this
./kafka-acls.sh --list --bootstrap-server 10.11.12.13:32182
Error while executing ACL command: .apache.kafkamon.errors.SecurityDisabledException: No Authorizer is configured on the broker
java.util.concurrent.ExecutionException: .apache.kafkamon.errors.SecurityDisabledException: No Authorizer is configured on the broker
at java.base/java.util.concurrent.CompletableFuture.reportGet(Unknown Source)
at java.base/java.util.concurrent.CompletableFuture.get(Unknown Source)
at .apache.kafkamon.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:165)
at kafka.admin.AclCommand$AdminClientService.getAcls(AclCommand.scala:180)
at kafka.admin.AclCommand$AdminClientService.listAcls(AclCommand.scala:149)
at kafka.admin.AclCommand$AdminClientService.$anonfun$listAcls$1(AclCommand.scala:142)
at kafka.admin.AclCommand$AdminClientService.listAcls(AclCommand.scala:141)
at kafka.admin.AclCommand$.main(AclCommand.scala:77)
at kafka.admin.AclCommand.main(AclCommand.scala)
Caused by: .apache.kafkamon.errors.SecurityDisabledException: No Authorizer is configured on the broker
(I have changed the actual IP addresses)
Share Improve this question edited Nov 19, 2024 at 16:47 om shreenidhi asked Nov 19, 2024 at 16:40 om shreenidhiom shreenidhi 11 bronze badge1 Answer
Reset to default 0It turned out to be a network issue. The hostname the bootstrap server was resolving to kafka-target-cluster/10.23.52.37:32185 was also present in my source k8s cluster. So it was not actually connecting to the target cluster.
本文标签: Kafka MirrorMaker2 cannot connect to kafka node with TLSStack Overflow
版权声明:本文标题:Kafka MirrorMaker2 cannot connect to kafka node with TLS - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742412458a2470059.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论