[jira] [Updated] (KAFKA-13456) Tighten KRaft config checks/constraints

Tue, 23 Nov 2021 10:22:24 -0800 


     [ 
https://issues.apache.org/jira/browse/KAFKA-13456?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ron Dagostino updated KAFKA-13456:
----------------------------------
    Priority: Blocker  (was: Major)

> Tighten KRaft config checks/constraints
> ---------------------------------------
>
>                 Key: KAFKA-13456
>                 URL: https://issues.apache.org/jira/browse/KAFKA-13456
>             Project: Kafka
>          Issue Type: Bug
>          Components: kraft
>    Affects Versions: 2.8.0, 3.0.0
>            Reporter: Ron Dagostino
>            Assignee: Ron Dagostino
>            Priority: Blocker
>             Fix For: 3.1.0
>
>
> We need to tighten the configuration constraints/checks related to KRaft 
> configs because the current checks do not eliminate illegal configuration 
> combinations.  Specifically, we need to add the following constraints:
> * controller.listener.names is required to be empty for the non-KRaft (i.e. 
> ZooKeeper) case. A ZooKeeper-based cluster that sets this config will fail to 
> restart until this config is removed.  This generally should not be occurring 
> -- nobody should be setting KRaft-specific configs in a ZooKeeper-based 
> cluster -- but we currently do not prevent it from happening.
> * There must be no advertised listeners when running just a KRaft controller 
> (i.e. when process.roles=controller). This means neither listeners nor 
> advertised.listeners (if the latter is explicitly defined) can contain a 
> listener that does not also appear in controller.listener.names.
> * When running a KRaft broker (i.e. when process.roles=broker or 
> process.roles=broker,controller), advertised listeners must not include any 
> listeners appearing in controller.listener.names.
> * When running a KRaft controller (i.e. when process.roles=controller or 
> process.roles=broker,controller) controller.listener.names must be non-empty 
> and every one must appear in listeners
> * When running just a KRaft broker (i.e. when process.roles=broker) 
> controller.listener.names must be non-empty and none of them can appear in 
> listeners. This is currently checked indirectly, but the indirect checks do 
> not catch all cases.  We will check directly.
> * When running just a KRaft broker we log a warning if more than one entry 
> appears in controller.listener.names because only the first entry is used.
> In addition to the above additional constraints, we should also map the 
> CONTROLLER listener name to the PLAINTEXT security protocol by default when 
> using KRaft -- this would be a very helpful convenience.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to