[jira] [Comment Edited] (KAFKA-7509) Kafka Connect logs unnecessary warnings about unused configurations

[Chris Egerton (Jira)]

    [ 
https://issues.apache.org/jira/browse/KAFKA-7509?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17509303#comment-17509303
 ] 

Chris Egerton edited comment on KAFKA-7509 at 3/19/22, 4:38 PM:
----------------------------------------------------------------

RE backwards compatibility: That's a fair point about feature flag gating. You 
could have that gating at multiple levels in Connect:
 # Gating for the top-level worker config (either on an all-or-nothing basis, 
with one property per case, or something else entirely), which would affect 
these cases that are currently configured using the entire worker config:
 ## The Kafka clients that the worker creates for managing internal topics, 
fetching the Kafka cluster ID, etc. (possibly even one property for each type 
of client–admin, producer, and consumer)
 ## REST extensions brought up on the worker
 ## The connector client config override policy used by the worker
 ## Admin clients that are brought up on behalf of connectors (see KAFKA-9046 
for more context on this special case)
 # Gating for interceptors used by each Kafka client that's configured in the 
worker config
 ## The Kafka clients used for internal topics, etc. described in section 1.1
 ## The admin clients brought up on behalf of connectors described in section 
1.4
 ## The Kafka clients used for connectors (configured using the 
{{{}consumer.{}}}, {{{}producer.{}}}, and {{admin.}} prefixes)
 # Gating for interceptors used by each Kafka client that's configured in a 
connector config
 ## There's just one case for this (configured using the 
{{{}consumer.override.{}}}, {{{}producer.override.{}}}, and {{admin.override.}} 
prefixes)

 

 

We could also theoretically introduce namespacing for connector configs so that 
{{Connector}} instances don't receive the {{{}key.converter.*{}}}, 
{{{}value.converter.*{}}}, {{{}header.converter.*{}}}, {{{}transforms.*{}}}, 
and {{predicates.*}} config properties, although given the 
currently-mostly-benign KAFKA-9228, we might want to hold off on that. It would 
allow {{Connector}} (and probably {{{}Task{}}}) implementations to log warnings 
on unrecognized config properties though, which they can't realistically do 
right now without producing a ton of false positives.

At the Kafka client level, this approach seems pretty simple, but given all of 
the nesting that can happen in Kafka Connect with fairly standard usage, it 
does get more complicated. I think a reasonable way to make this happen could 
be to use the same config property in the Connect worker config that we would 
in Kafka clients–something like {{config.namespacing.enabled}} (name obviously 
subject to change), which could be specified in the worker config at the top 
level and would control both namespacing behavior for all 1.* cases outlined 
above, and establish a default for all 2.* and 3.* cases, which could then be 
overridden using existing mechanisms in Connect for overriding worker defaults. 
For example, to disable namespacing by default for all connector producers on 
your worker, you could specify {{{}producer.config.namespacing.enabled = 
false{}}}.

 

RE encapsulation: There's a few cases where it's been useful for Connect worker 
plugins to be aware of the worker config that I've encountered:
 * REST extensions:
 ** Monitoring the internal topics of the Connect worker in order to expose 
extra metadata about connector health, like injecting a "last modified" time 
into the response from the {{GET /connector/\{connector}/status}} endpoint
 ** Modifying key/value/header converter configurations before a connector is 
created, which requires knowledge of the {{key.converter.* / 
value.converter.{*}/ header.converter.{*}}} properties in the worker config in 
order to handle the case that the connector config doesn't contain overrides 
for the given converter type
 * Config providers (which don't receive the full worker config at the moment, 
but could possibly benefit from receiving it):
 ** Store and retrieve secrets using a Kafka topic on the same cluster that the 
Connect worker uses for its internal topics

I also wonder if a consumer interceptor might benefit from knowing how to 
access the Kafka cluster that the consumer is reading from in order to write 
custom metrics to a Kafka topic, although I haven't personally done too much 
work in this space so I don't know for sure if it's a realistic use case.

All of these cases can be easily addressed by requiring users to duplicate 
top-level configs into namespaced configs (e.g., specify the 
{{{}bootstrap.servers{}}}, {{{}sasl.jaas.config{}}}, {{{}security.protocol{}}}, 
etc. properties twice in your worker config: once at the top level, and once 
with something like a {{rest.extension.foo.*}} namespace. But that'd be awful 
for end users who will inevitably ask why we couldn't come up with something a 
little more sophisticated in order to save them work copy+pasting.

Introducing a {{forward.}} prefix might help but the more I think about it, the 
likelier it seems to cause confusion in some cases. What would the behavior be 
for a property in the top-level worker config that comes with the {{forward.}} 
prefix w/r/t case 2.3 (interceptors for Kafka clients configured for connectors 
in the worker config)?

 

RE disabling useful warnings: I don't really understand this point. If 
disabling these warnings is an opt-in feature in every context except the ones 
where the signal-to-noise ratio is already so low as to render these messages 
useless at best and actively harmful at worst, what's the actual risk here? For 
a concrete example, see the attachments I've provided here: 
[^connect-distributed.log], [^connect-spurious-warnings.log]

The first is the raw output of running {{bin/connect-distributed.sh 
config/connect-distributed.properties}} after building the latest trunk (commit 
{{8d6968e}} at the time), up until the Kafka Connect worker [finished 
startup|https://github.com/apache/kafka/blob/8d6968e8322d74ebb0fde513113d42bef69fb72b/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/Connect.java#L57].
 The second is just the result of running {{grep ' WARN The configuration'}} on 
that file.

The first file is 1838 lines long. The second is 179 lines long. 9.7% of the 
log lines emitted during startup were spurious warnings about unrecognized 
config properties. This volume of spurious warnings is basically unavoidable 
with any released version of Connect today and completely destroys any 
potential they have to provide value to users. In fact, they're actively 
confusing users who worry that something is going wrong–see 
[here|https://stackoverflow.com/questions/55455709/kafka-connect-the-configuration-xxx-was-supplied-but-isnt-a-known-config-in-ad],
 [here|https://github.com/confluentinc/cp-helm-charts/issues/481], and 
[here|https://groups.google.com/g/confluent-platform/c/10SjqweFFmk/m/acoFmN_-AQAJ]
 for a few examples I was able to find after a 30-second Google search.


was (Author: chrisegerton):
RE backwards compatibility: That's a fair point about feature flag gating. You 
could have that gating at multiple levels in Connect:
 # Gating for the top-level worker config (either on an all-or-nothing basis, 
with one property per case, or something else entirely), which would affect 
these cases that are currently configured using the entire worker config:
 ## The Kafka clients that the worker creates for managing internal topics, 
fetching the Kafka cluster ID, etc. (possibly even one property for each type 
of client–admin, producer, and consumer)
 ## REST extensions brought up on the worker
 ## The connector client config override policy used by the worker
 ## Admin clients that are brought up on behalf of connectors (see KAFKA-9046 
for more context on this special case)
 # Gating for interceptors used by each Kafka client that's configured in the 
worker config
 ## The Kafka clients used for internal topics, etc. described in section 1.1
 ## The admin clients brought up on behalf of connectors described in section 
1.4
 ## The Kafka clients used for connectors (configured using the 
{{{}consumer.{}}}, {{{}producer.{}}}, and {{admin.}} prefixes)
 # Gating for interceptors used by each Kafka client that's configured in a 
connector config
 ## There's just one case for this (configured using the 
{{{}consumer.override.{}}}, {{{}producer.override.{}}}, and {{admin.override.}} 
prefixes)

We could also theoretically introduce namespacing for connector configs so that 
{{Connector}} instances don't receive the {{{}key.converter.*{}}}, 
{{{}value.converter.{}}}, {{{}header.converter.*{}}}{*},{*} 
{{{}transforms.*{}}}, and {{predicates.*}} config properties, although given 
the currently-mostly-benign KAFKA-9228, we might want to hold off on that. It 
would allow {{Connector}} (and probably {{{}Task{}}}) implementations to log 
warnings on unrecognized config properties though, which they can't 
realistically do right now without producing a ton of false positives.

At the Kafka client level, this approach seems pretty simple, but given all of 
the nesting that can happen in Kafka Connect with fairly standard usage, it 
does get more complicated. I think a reasonable way to make this happen could 
be to use the same config property in the Connect worker config that we would 
in Kafka clients–something like {{config.namespacing.enabled}} (name obviously 
subject to change), which could be specified in the worker config at the top 
level and would control both namespacing behavior for all 1.* cases outlined 
above, and establish a default for all 2.* and 3.* cases, which could then be 
overridden using existing mechanisms in Connect for overriding worker defaults. 
For example, to disable namespacing by default for all connector producers on 
your worker, you could specify {{{}producer.config.namespacing.enabled = 
false{}}}.

 

RE encapsulation: There's a few cases where it's been useful for Connect worker 
plugins to be aware of the worker config that I've encountered:
 * REST extensions:
 ** Monitoring the internal topics of the Connect worker in order to expose 
extra metadata about connector health, like injecting a "last modified" time 
into the response from the {{GET /connector/\{connector}/status}} endpoint
 ** Modifying key/value/header converter configurations before a connector is 
created, which requires knowledge of the {{key.converter.* / 
value.converter.{*}/ header.converter.{*}}} properties in the worker config in 
order to handle the case that the connector config doesn't contain overrides 
for the given converter type
 * Config providers (which don't receive the full worker config at the moment, 
but could possibly benefit from receiving it):
 ** Store and retrieve secrets using a Kafka topic on the same cluster that the 
Connect worker uses for its internal topics

I also wonder if a consumer interceptor might benefit from knowing how to 
access the Kafka cluster that the consumer is reading from in order to write 
custom metrics to a Kafka topic, although I haven't personally done too much 
work in this space so I don't know for sure if it's a realistic use case.

All of these cases can be easily addressed by requiring users to duplicate 
top-level configs into namespaced configs (e.g., specify the 
{{{}bootstrap.servers{}}}, {{{}sasl.jaas.config{}}}, {{{}security.protocol{}}}, 
etc. properties twice in your worker config: once at the top level, and once 
with something like a {{rest.extension.foo.*}} namespace. But that'd be awful 
for end users who will inevitably ask why we couldn't come up with something a 
little more sophisticated in order to save them work copy+pasting.

Introducing a {{forward.}} prefix might help but the more I think about it, the 
likelier it seems to cause confusion in some cases. What would the behavior be 
for a property in the top-level worker config that comes with the {{forward.}} 
prefix w/r/t case 2.3 (interceptors for Kafka clients configured for connectors 
in the worker config)?

 

RE disabling useful warnings: I don't really understand this point. If 
disabling these warnings is an opt-in feature in every context except the ones 
where the signal-to-noise ratio is already so low as to render these messages 
useless at best and actively harmful at worst, what's the actual risk here? For 
a concrete example, see the attachments I've provided here: 
[^connect-distributed.log], [^connect-spurious-warnings.log]

The first is the raw output of running {{bin/connect-distributed.sh 
config/connect-distributed.properties}} after building the latest trunk (commit 
{{8d6968e}} at the time), up until the Kafka Connect worker [finished 
startup|https://github.com/apache/kafka/blob/8d6968e8322d74ebb0fde513113d42bef69fb72b/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/Connect.java#L57].
 The second is just the result of running {{grep ' WARN The configuration'}} on 
that file.

The first file is 1838 lines long. The second is 179 lines long. 9.7% of the 
log lines emitted during startup were spurious warnings about unrecognized 
config properties. This volume of spurious warnings is basically unavoidable 
with any released version of Connect today and completely destroys any 
potential they have to provide value to users. In fact, they're actively 
confusing users who worry that something is going wrong–see 
[here|https://stackoverflow.com/questions/55455709/kafka-connect-the-configuration-xxx-was-supplied-but-isnt-a-known-config-in-ad],
 [here|https://github.com/confluentinc/cp-helm-charts/issues/481], and 
[here|https://groups.google.com/g/confluent-platform/c/10SjqweFFmk/m/acoFmN_-AQAJ]
 for a few examples I was able to find after a 30-second Google search.

> Kafka Connect logs unnecessary warnings about unused configurations
> -------------------------------------------------------------------
>
>                 Key: KAFKA-7509
>                 URL: https://issues.apache.org/jira/browse/KAFKA-7509
>             Project: Kafka
>          Issue Type: Improvement
>          Components: clients, KafkaConnect
>    Affects Versions: 0.10.2.0
>            Reporter: Randall Hauch
>            Priority: Major
>
> When running Connect, the logs contain quite a few warnings about "The 
> configuration '{}' was supplied but isn't a known config." This occurs when 
> Connect creates producers, consumers, and admin clients, because the 
> AbstractConfig is logging unused configuration properties upon construction. 
> It's complicated by the fact that the Producer, Consumer, and AdminClient all 
> create their own AbstractConfig instances within the constructor, so we can't 
> even call its {{ignore(String key)}} method.
> See also KAFKA-6793 for a similar issue with Streams.
> There are no arguments in the Producer, Consumer, or AdminClient constructors 
> to control  whether the configs log these warnings, so a simpler workaround 
> is to only pass those configuration properties to the Producer, Consumer, and 
> AdminClient that the ProducerConfig, ConsumerConfig, and AdminClientConfig 
> configdefs know about.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)