Chris Egerton created KAFKA-14781:
-------------------------------------
Summary: MM2 logs misleading error during topic ACL sync when
broker does not have authorizer configured
Key: KAFKA-14781
URL: https://issues.apache.org/jira/browse/KAFKA-14781
Project: Kafka
Issue Type: Bug
Components: mirrormaker
Reporter: Chris Egerton
When there is no broker-side authorizer configured on a Kafka cluster targeted
by MirrorMaker 2, users see error-level log messages like this one:{{{}{}}}
{quote}[2023-03-06 10:53:57,488] ERROR [MirrorSourceConnector|worker] Scheduler
for MirrorSourceConnector caught exception in scheduled task: syncing topic
ACLs (org.apache.kafka.connect.mirror.Scheduler:102)
java.util.concurrent.ExecutionException:
org.apache.kafka.common.errors.SecurityDisabledException: No Authorizer is
configured on the broker
at
java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:395)
at
java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1999)
at
org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:165)
at
org.apache.kafka.connect.mirror.MirrorSourceConnector.listTopicAclBindings(MirrorSourceConnector.java:456)
at
org.apache.kafka.connect.mirror.MirrorSourceConnector.syncTopicAcls(MirrorSourceConnector.java:342)
at org.apache.kafka.connect.mirror.Scheduler.run(Scheduler.java:93)
at
org.apache.kafka.connect.mirror.Scheduler.executeThread(Scheduler.java:112)
at
org.apache.kafka.connect.mirror.Scheduler.lambda$scheduleRepeating$0(Scheduler.java:50)
at
java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at
java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305)
at
java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: org.apache.kafka.common.errors.SecurityDisabledException: No
Authorizer is configured on the broker
{quote}
This can be misleading as it looks like something is wrong with MM2 or the
Kafka cluster. In reality, it's usually fine, since topic ACL syncing is
enabled by default and it's reasonable for Kafka clusters (especially in
testing/dev environments) to not have authorizers enabled.
We should try to catch this specific case and downgrade the severity of the log
message from {{ERROR}} to either {{INFO}} or {{{}DEBUG{}}}. We may also
consider suggesting to users that they disable topic ACL syncing if their Kafka
cluster doesn't have authorization set up, but this should probably only be
emitted once over the lifetime of the connector in order to avoid generating
log spam.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
