[ https://issues.apache.org/jira/browse/KAFKA-13456?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ron Dagostino updated KAFKA-13456: ---------------------------------- Priority: Blocker (was: Major) > Tighten KRaft config checks/constraints > --------------------------------------- > > Key: KAFKA-13456 > URL: https://issues.apache.org/jira/browse/KAFKA-13456 > Project: Kafka > Issue Type: Bug > Components: kraft > Affects Versions: 2.8.0, 3.0.0 > Reporter: Ron Dagostino > Assignee: Ron Dagostino > Priority: Blocker > Fix For: 3.1.0 > > > We need to tighten the configuration constraints/checks related to KRaft > configs because the current checks do not eliminate illegal configuration > combinations. Specifically, we need to add the following constraints: > * controller.listener.names is required to be empty for the non-KRaft (i.e. > ZooKeeper) case. A ZooKeeper-based cluster that sets this config will fail to > restart until this config is removed. This generally should not be occurring > -- nobody should be setting KRaft-specific configs in a ZooKeeper-based > cluster -- but we currently do not prevent it from happening. > * There must be no advertised listeners when running just a KRaft controller > (i.e. when process.roles=controller). This means neither listeners nor > advertised.listeners (if the latter is explicitly defined) can contain a > listener that does not also appear in controller.listener.names. > * When running a KRaft broker (i.e. when process.roles=broker or > process.roles=broker,controller), advertised listeners must not include any > listeners appearing in controller.listener.names. > * When running a KRaft controller (i.e. when process.roles=controller or > process.roles=broker,controller) controller.listener.names must be non-empty > and every one must appear in listeners > * When running just a KRaft broker (i.e. when process.roles=broker) > controller.listener.names must be non-empty and none of them can appear in > listeners. This is currently checked indirectly, but the indirect checks do > not catch all cases. We will check directly. > * When running just a KRaft broker we log a warning if more than one entry > appears in controller.listener.names because only the first entry is used. > In addition to the above additional constraints, we should also map the > CONTROLLER listener name to the PLAINTEXT security protocol by default when > using KRaft -- this would be a very helpful convenience. -- This message was sent by Atlassian Jira (v8.20.1#820001)