We just started enabling SSL for our Kafka brokers and (Java) clients
and among some of the issues we are running into, one of them is the
flooding of the server/broker Kafka logs where we are seeing these messages:
[2016-09-02 08:07:13,773] WARN SSL peer is not authenticated, returning
ANONYMOUS instead (org.apache.kafka.common.network.SslTransportLayer)
[2016-09-02 08:07:15,710] WARN SSL peer is not authenticated, returning
ANONYMOUS instead (org.apache.kafka.common.network.SslTransportLayer)
[2016-09-02 08:07:15,711] WARN SSL peer is not authenticated, returning
ANONYMOUS instead (org.apache.kafka.common.network.SslTransportLayer)
[2016-09-02 08:07:15,711] WARN SSL peer is not authenticated, returning
ANONYMOUS instead (org.apache.kafka.common.network.SslTransportLayer)
[2016-09-02 08:07:15,712] WARN SSL peer is not authenticated, returning
ANONYMOUS instead (org.apache.kafka.common.network.SslTransportLayer)
....
They just keep going on and on. In our SSL setup, we have the broker
configured with the keystore and the Java clients have been configured
with a proper truststore and all works fine except for these messages
flooding the logs. We don't have any ACLs setup nor have we enabled
client auth check.
Looking at the code which generates this WARN message
https://github.com/apache/kafka/blob/trunk/clients/src/main/java/org/apache/kafka/common/network/SslTransportLayer.java#L638
and the fact that the setup we have (where we just enable server/broker
cert validation) is, IMO, a valid scenario and not some
exceptional/incorrect setup issue, I think this log message is something
that can be removed from the code (or at least logged at a very lower
level given the frequency at which this gets logged)
Any thoughts on this?
It's a pretty straightforward change and if this change is something
that sounds right, I can go ahead and submit a PR.
P.S: This is both on 0.9.0.1 and latest 0.10.0.1.
-Jaikiran
