Hi guys,
I currently try to switch from Kafka 3.1.0 with ZooKeeper to Kafka 3.2.0 with
Kafka Kraft mode. I adjusted the server.properties as follows:
### KRaft-properties
process.roles=broker,controller
node.id=1
controller.quorum.voters=1@127.0.0.1:9091
controller.listener.names=CONTROLLER
auto.create.topics.enable=false
ssl.client.auth=required
### Enable ACLs
authorizer.class.name=org.apache.kafka.metadata.authorizer.StandardAuthorizer
allow.everyone.if.no.acl.found=false
# Topics and indexes are stored here to keep track of records sent via broker
log.dir=/opt/kafka/data/
############################# Internal Topic Settings
#############################
# The replication factor for the group metadata internal topics
"__consumer_offsets" and "__transaction_state"
# For anything other than development testing, a value greater than 1 is
recommended for to ensure availability such as 3.
offsets.topic.replication.factor=1
transaction.state.log.replication.factor=1
transaction.state.log.min.isr=1
### Platform Configured Entries --- Below here entries are configured by the
platform
listener.name.docker.ssl.keystore.location=/app/ssl/internalKeystore.jks
super.users=User:Applications:0765df41-0b31-4db8-8849-c9d77e9c6e20;User:CN=onlinesuiteplus-kafka,OU=Services,O=Company
AG,L=City,C=DE
advertised.listeners=DEVIN://onlinesuiteplus-kafka:29092,DEVOUT://localhost:9092,DOCKER://onlinesuiteplus-kafka:29093,EXTERNAL://localhost:9093
listener.name.docker.ssl.key.password=password
inter.broker.listener.name=DOCKER
listener.name.external.ssl.key.password=password
listener.name.external.ssl.truststore.password=password
ssl.principal.mapping.rules=RULE:^CN=(.*?),OU=Applications.*$/Applications:$1/,RULE:^CN=(.*?),OU=Devices.*$/Devices:$1/,DEFAULT
initial.start=true
listener.name.docker.ssl.truststore.location=/app/ssl/truststore.jks
listener.name.external.ssl.keystore.password=password
listeners=CONTROLLER://:9091,DEVIN://:29092,DEVOUT://:9092,DOCKER://:29093,EXTERNAL://:9093
listener.name.external.ssl.truststore.location=/app/ssl/truststore.jks
listener.name.docker.ssl.truststore.password=password
listener.name.external.ssl.keystore.location=/app/ssl/externalKeystore.jks
listener.security.protocol.map=CONTROLLER:PLAINTEXT,DEVIN:PLAINTEXT,DEVOUT:PLAINTEXT,DOCKER:SSL,EXTERNAL:SSL
listener.name.docker.ssl.keystore.password=password
If I now run kafka with the following script:
if [ "$KAFKA_INITIAL_START" == "true" ]
then
echo "Running kafka-storage.sh because env var KAFKA_INITIAL_START was set
to true"
"${KAFKA_HOME}"/bin/kafka-storage.sh format --config
"${KAFKA_HOME}"/config/server.properties --cluster-id
$("${KAFKA_HOME}"/bin/kafka-storage.sh random-uuid)
fi
exec "$KAFKA_HOME/bin/kafka-server-start.sh"
"$KAFKA_HOME/config/server.properties"
I got the following logs:
[2022-05-16 11:25:08,894] INFO Registered kafka:type=kafka.Log4jController
MBean (kafka.utils.Log4jControllerRegistration$)
[2022-05-16 11:25:09,220] INFO Setting -D
jdk.tls.rejectClientInitiatedRenegotiation=true to disable client-initiated TLS
renegotiation (org.apache.zookeeper.common.X509Util)
[2022-05-16 11:25:09,473] INFO [LogLoader partition=__cluster_metadata-0,
dir=/opt/kafka/data] Loading producer state till offset 0 with message format
version 2 (kafka.log.UnifiedLog$)
[2022-05-16 11:25:09,474] INFO [LogLoader partition=__cluster_metadata-0,
dir=/opt/kafka/data] Reloading from producer snapshot and rebuilding producer
state from offset 0 (kafka.log.UnifiedLog$)
[2022-05-16 11:25:09,477] INFO [LogLoader partition=__cluster_metadata-0,
dir=/opt/kafka/data] Producer state recovery took 2ms for snapshot load and 0ms
for segment recovery from offset 0 (kafka.log.UnifiedLog$)
[2022-05-16 11:25:09,584] INFO [raft-expiration-reaper]: Starting
(kafka.raft.TimingWheelExpirationService$ExpiredOperationReaper)
[2022-05-16 11:25:09,784] INFO [RaftManager nodeId=1] Completed transition to
Unattached(epoch=0, voters=[1], electionTimeoutMs=1442)
(org.apache.kafka.raft.QuorumState)
[2022-05-16 11:25:09,797] INFO [RaftManager nodeId=1] Completed transition to
CandidateState(localId=1, epoch=1, retries=1, electionTimeoutMs=1741)
(org.apache.kafka.raft.QuorumState)
[2022-05-16 11:25:09,810] INFO [RaftManager nodeId=1] Completed transition to
Leader(localId=1, epoch=1, epochStartOffset=0, highWatermark=Optional.empty,
voterStates={1=ReplicaState(nodeId=1, endOffset=Optional.empty,
lastFetchTimestamp=OptionalLong.empty, hasAcknowledgedLeader=true)})
(org.apache.kafka.raft.QuorumState)
[2022-05-16 11:25:09,854] INFO Registered signal handlers for TERM, INT, HUP
(org.apache.kafka.common.utils.LoggingSignalHandler)
[2022-05-16 11:25:09,860] INFO [kafka-raft-outbound-request-thread]: Starting
(kafka.raft.RaftSendThread)
[2022-05-16 11:25:09,860] INFO [kafka-raft-io-thread]: Starting
(kafka.raft.KafkaRaftManager$RaftIoThread)
[2022-05-16 11:25:09,862] INFO Starting controller
(kafka.server.ControllerServer)
[2022-05-16 11:25:09,869] INFO [StandardAuthorizer 1] set
super.users=User:CN=onlinesuiteplus-kafka,OU=Services,O=B. Braun Melsungen
AG,L=Melsungen,C=DE,User:Applications:0765df41-0b31-4db8-8849-c9d77e9c6e20,
default result=DENIED
(org.apache.kafka.metadata.authorizer.StandardAuthorizerData)
[2022-05-16 11:25:10,270] INFO Updated connection-accept-rate max connection
creation rate to 2147483647 (kafka.network.ConnectionQuotas)
[2022-05-16 11:25:10,277] INFO Awaiting socket connections on 0.0.0.0:9091.
(kafka.network.DataPlaneAcceptor)
[2022-05-16 11:25:10,318] INFO [SocketServer listenerType=CONTROLLER, nodeId=1]
Created data-plane acceptor and processors for endpoint :
ListenerName(CONTROLLER) (kafka.network.SocketServer)
[2022-05-16 11:25:10,354] INFO [RaftManager nodeId=1] Registered the listener
org.apache.kafka.controller.QuorumController$QuorumMetaLogListener@557176505
(org.apache.kafka.raft.KafkaRaftClient)
[2022-05-16 11:25:10,361] INFO [ThrottledChannelReaper-Fetch]: Starting
(kafka.server.ClientQuotaManager$ThrottledChannelReaper)
[2022-05-16 11:25:10,362] INFO [ThrottledChannelReaper-Produce]: Starting
(kafka.server.ClientQuotaManager$ThrottledChannelReaper)
[2022-05-16 11:25:10,363] INFO [ThrottledChannelReaper-Request]: Starting
(kafka.server.ClientQuotaManager$ThrottledChannelReaper)
[2022-05-16 11:25:10,365] INFO [ThrottledChannelReaper-ControllerMutation]:
Starting (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
[2022-05-16 11:25:10,366] INFO [Controller 1] Becoming the active controller at
epoch 1, committed offset -1 and committed epoch -1.
(org.apache.kafka.controller.QuorumController)
[2022-05-16 11:25:10,384] INFO [ExpirationReaper-1-AlterAcls]: Starting
(kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper)
[2022-05-16 11:25:10,402] INFO [SocketServer listenerType=CONTROLLER, nodeId=1]
Starting socket server acceptors and processors (kafka.network.SocketServer)
[2022-05-16 11:25:10,434] INFO [SocketServer listenerType=CONTROLLER, nodeId=1]
Started data-plane acceptor and processor(s) for endpoint :
ListenerName(CONTROLLER) (kafka.network.SocketServer)
[2022-05-16 11:25:10,435] INFO [SocketServer listenerType=CONTROLLER, nodeId=1]
Started socket server acceptors and processors (kafka.network.SocketServer)
[2022-05-16 11:25:10,436] INFO [BrokerServer id=1] Transition from SHUTDOWN to
STARTING (kafka.server.BrokerServer)
[2022-05-16 11:25:10,437] INFO [BrokerServer id=1] Starting broker
(kafka.server.BrokerServer)
[2022-05-16 11:25:10,457] INFO [ThrottledChannelReaper-Fetch]: Starting
(kafka.server.ClientQuotaManager$ThrottledChannelReaper)
[2022-05-16 11:25:10,457] INFO [ThrottledChannelReaper-Produce]: Starting
(kafka.server.ClientQuotaManager$ThrottledChannelReaper)
[2022-05-16 11:25:10,458] INFO [ThrottledChannelReaper-Request]: Starting
(kafka.server.ClientQuotaManager$ThrottledChannelReaper)
[2022-05-16 11:25:10,458] INFO [ThrottledChannelReaper-ControllerMutation]:
Starting (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
[2022-05-16 11:25:10,491] INFO [BrokerToControllerChannelManager broker=1
name=forwarding]: Starting (kafka.server.BrokerToControllerRequestThread)
[2022-05-16 11:25:10,492] INFO [BrokerToControllerChannelManager broker=1
name=forwarding]: Recorded new controller, from now on will use broker
localhost:9091 (id: 1 rack: null) (kafka.server.BrokerToControllerRequestThread)
[2022-05-16 11:25:10,552] INFO Updated connection-accept-rate max connection
creation rate to 2147483647 (kafka.network.ConnectionQuotas)
[2022-05-16 11:25:10,553] INFO Awaiting socket connections on 0.0.0.0:29092.
(kafka.network.DataPlaneAcceptor)
[2022-05-16 11:25:10,568] INFO [SocketServer listenerType=BROKER, nodeId=1]
Created data-plane acceptor and processors for endpoint : ListenerName(DEVIN)
(kafka.network.SocketServer)
[2022-05-16 11:25:10,570] INFO Updated connection-accept-rate max connection
creation rate to 2147483647 (kafka.network.ConnectionQuotas)
[2022-05-16 11:25:10,571] INFO Awaiting socket connections on 0.0.0.0:9092.
(kafka.network.DataPlaneAcceptor)
[2022-05-16 11:25:10,583] INFO [SocketServer listenerType=BROKER, nodeId=1]
Created data-plane acceptor and processors for endpoint : ListenerName(DEVOUT)
(kafka.network.SocketServer)
[2022-05-16 11:25:10,585] INFO Updated connection-accept-rate max connection
creation rate to 2147483647 (kafka.network.ConnectionQuotas)
[2022-05-16 11:25:10,586] INFO Awaiting socket connections on 0.0.0.0:29093.
(kafka.network.DataPlaneAcceptor)
[2022-05-16 11:25:11,323] INFO [SocketServer listenerType=BROKER, nodeId=1]
Created data-plane acceptor and processors for endpoint : ListenerName(DOCKER)
(kafka.network.SocketServer)
[2022-05-16 11:25:11,324] INFO Updated connection-accept-rate max connection
creation rate to 2147483647 (kafka.network.ConnectionQuotas)
[2022-05-16 11:25:11,325] INFO Awaiting socket connections on 0.0.0.0:9093.
(kafka.network.DataPlaneAcceptor)
[2022-05-16 11:25:11,343] INFO [SocketServer listenerType=BROKER, nodeId=1]
Created data-plane acceptor and processors for endpoint :
ListenerName(EXTERNAL) (kafka.network.SocketServer)
[2022-05-16 11:25:11,351] INFO [BrokerToControllerChannelManager broker=1
name=alterIsr]: Starting (kafka.server.BrokerToControllerRequestThread)
[2022-05-16 11:25:11,351] INFO [BrokerToControllerChannelManager broker=1
name=alterIsr]: Recorded new controller, from now on will use broker
localhost:9091 (id: 1 rack: null) (kafka.server.BrokerToControllerRequestThread)
[2022-05-16 11:25:11,369] INFO [ExpirationReaper-1-Produce]: Starting
(kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper)
[2022-05-16 11:25:11,371] INFO [ExpirationReaper-1-Fetch]: Starting
(kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper)
[2022-05-16 11:25:11,372] INFO [ExpirationReaper-1-DeleteRecords]: Starting
(kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper)
[2022-05-16 11:25:11,374] INFO [ExpirationReaper-1-ElectLeader]: Starting
(kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper)
[2022-05-16 11:25:11,397] INFO [ExpirationReaper-1-Heartbeat]: Starting
(kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper)
[2022-05-16 11:25:11,398] INFO [ExpirationReaper-1-Rebalance]: Starting
(kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper)
[2022-05-16 11:25:11,457] INFO [RaftManager nodeId=1] Registered the listener
kafka.server.metadata.BrokerMetadataListener@225769393
(org.apache.kafka.raft.KafkaRaftClient)
[2022-05-16 11:25:11,457] INFO [BrokerToControllerChannelManager broker=1
name=heartbeat]: Starting (kafka.server.BrokerToControllerRequestThread)
[2022-05-16 11:25:11,458] INFO [BrokerToControllerChannelManager broker=1
name=heartbeat]: Recorded new controller, from now on will use broker
localhost:9091 (id: 1 rack: null) (kafka.server.BrokerToControllerRequestThread)
[2022-05-16 11:25:11,459] INFO [StandardAuthorizer 1] set
super.users=User:CN=onlinesuiteplus-kafka,OU=Services,O=B. Braun Melsungen
AG,L=Melsungen,C=DE,User:Applications:0765df41-0b31-4db8-8849-c9d77e9c6e20,
default result=DENIED
(org.apache.kafka.metadata.authorizer.StandardAuthorizerData)
[2022-05-16 11:25:11,464] INFO [BrokerLifecycleManager id=1] Incarnation
WvNL61avTOC-nYrzNqPy6A of broker 1 in cluster 5vz8gUXVSke--ryOTMTNLg is now
STARTING. (kafka.server.BrokerLifecycleManager)
[2022-05-16 11:25:11,540] INFO [ExpirationReaper-1-AlterAcls]: Starting
(kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper)
[2022-05-16 11:25:11,612] ERROR Unexpected error handling request
RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0, clientId=1,
correlationId=0) -- BrokerRegistrationRequestData(brokerId=1,
clusterId='5vz8gUXVSke--ryOTMTNLg', incarnationId=WvNL61avTOC-nYrzNqPy6A,
listeners=[Listener(name='DEVIN', host='onlinesuiteplus-kafka', port=29092,
securityProtocol=0), Listener(name='DEVOUT', host='localhost', port=9092,
securityProtocol=0), Listener(name='DOCKER', host='onlinesuiteplus-kafka',
port=29093, securityProtocol=1), Listener(name='EXTERNAL', host='localhost',
port=9093, securityProtocol=1)], features=[], rack=null) with context
RequestContext(header=RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0,
clientId=1, correlationId=0), connectionId='127.0.0.1:9091-127.0.0.1:33790-0',
clientAddress=/127.0.0.1, principal=User:ANONYMOUS,
listenerName=ListenerName(CONTROLLER), securityProtocol=PLAINTEXT,
clientInformation=ClientInformation(softwareName=apache-kafka-java,
softwareVersion=3.2.0), fromPrivilegedListener=false,
principalSerde=Optional[org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder@797e4004])
(kafka.server.ControllerApis)
org.apache.kafka.common.errors.ClusterAuthorizationException: Request
Request(processor=0, connectionId=127.0.0.1:9091-127.0.0.1:33790-0,
session=Session(User:ANONYMOUS,/127.0.0.1),
listenerName=ListenerName(CONTROLLER), securityProtocol=PLAINTEXT, buffer=null,
envelope=None) is not authorized.
[2022-05-16 11:25:11,619] INFO [BrokerLifecycleManager id=1] Unable to register
broker 1 because the controller returned error CLUSTER_AUTHORIZATION_FAILED
(kafka.server.BrokerLifecycleManager)
[2022-05-16 11:25:11,719] ERROR Unexpected error handling request
RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0, clientId=1,
correlationId=2) -- BrokerRegistrationRequestData(brokerId=1,
clusterId='5vz8gUXVSke--ryOTMTNLg', incarnationId=WvNL61avTOC-nYrzNqPy6A,
listeners=[Listener(name='DEVIN', host='onlinesuiteplus-kafka', port=29092,
securityProtocol=0), Listener(name='DEVOUT', host='localhost', port=9092,
securityProtocol=0), Listener(name='DOCKER', host='onlinesuiteplus-kafka',
port=29093, securityProtocol=1), Listener(name='EXTERNAL', host='localhost',
port=9093, securityProtocol=1)], features=[], rack=null) with context
RequestContext(header=RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0,
clientId=1, correlationId=2), connectionId='127.0.0.1:9091-127.0.0.1:33790-0',
clientAddress=/127.0.0.1, principal=User:ANONYMOUS,
listenerName=ListenerName(CONTROLLER), securityProtocol=PLAINTEXT,
clientInformation=ClientInformation(softwareName=apache-kafka-java,
softwareVersion=3.2.0), fromPrivilegedListener=false,
principalSerde=Optional[org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder@797e4004])
(kafka.server.ControllerApis)
org.apache.kafka.common.errors.ClusterAuthorizationException: Request
Request(processor=0, connectionId=127.0.0.1:9091-127.0.0.1:33790-0,
session=Session(User:ANONYMOUS,/127.0.0.1),
listenerName=ListenerName(CONTROLLER), securityProtocol=PLAINTEXT, buffer=null,
envelope=None) is not authorized.
[2022-05-16 11:25:11,720] INFO [BrokerLifecycleManager id=1] Unable to register
broker 1 because the controller returned error CLUSTER_AUTHORIZATION_FAILED
(kafka.server.BrokerLifecycleManager)
[2022-05-16 11:25:11,922] ERROR Unexpected error handling request
RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0, clientId=1,
correlationId=3) -- BrokerRegistrationRequestData(brokerId=1,
clusterId='5vz8gUXVSke--ryOTMTNLg', incarnationId=WvNL61avTOC-nYrzNqPy6A,
listeners=[Listener(name='DEVIN', host='onlinesuiteplus-kafka', port=29092,
securityProtocol=0), Listener(name='DEVOUT', host='localhost', port=9092,
securityProtocol=0), Listener(name='DOCKER', host='onlinesuiteplus-kafka',
port=29093, securityProtocol=1), Listener(name='EXTERNAL', host='localhost',
port=9093, securityProtocol=1)], features=[], rack=null) with context
RequestContext(header=RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0,
clientId=1, correlationId=3), connectionId='127.0.0.1:9091-127.0.0.1:33790-0',
clientAddress=/127.0.0.1, principal=User:ANONYMOUS,
listenerName=ListenerName(CONTROLLER), securityProtocol=PLAINTEXT,
clientInformation=ClientInformation(softwareName=apache-kafka-java,
softwareVersion=3.2.0), fromPrivilegedListener=false,
principalSerde=Optional[org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder@797e4004])
(kafka.server.ControllerApis)
org.apache.kafka.common.errors.ClusterAuthorizationException: Request
Request(processor=0, connectionId=127.0.0.1:9091-127.0.0.1:33790-0,
session=Session(User:ANONYMOUS,/127.0.0.1),
listenerName=ListenerName(CONTROLLER), securityProtocol=PLAINTEXT, buffer=null,
envelope=None) is not authorized.
[2022-05-16 11:25:11,924] INFO [BrokerLifecycleManager id=1] Unable to register
broker 1 because the controller returned error CLUSTER_AUTHORIZATION_FAILED
(kafka.server.BrokerLifecycleManager)
[2022-05-16 11:25:12,330] ERROR Unexpected error handling request
RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0, clientId=1,
correlationId=4) -- BrokerRegistrationRequestData(brokerId=1,
clusterId='5vz8gUXVSke--ryOTMTNLg', incarnationId=WvNL61avTOC-nYrzNqPy6A,
listeners=[Listener(name='DEVIN', host='onlinesuiteplus-kafka', port=29092,
securityProtocol=0), Listener(name='DEVOUT', host='localhost', port=9092,
securityProtocol=0), Listener(name='DOCKER', host='onlinesuiteplus-kafka',
port=29093, securityProtocol=1), Listener(name='EXTERNAL', host='localhost',
port=9093, securityProtocol=1)], features=[], rack=null) with context
RequestContext(header=RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0,
clientId=1, correlationId=4), connectionId='127.0.0.1:9091-127.0.0.1:33790-0',
clientAddress=/127.0.0.1, principal=User:ANONYMOUS,
listenerName=ListenerName(CONTROLLER), securityProtocol=PLAINTEXT,
clientInformation=ClientInformation(softwareName=apache-kafka-java,
softwareVersion=3.2.0), fromPrivilegedListener=false,
principalSerde=Optional[org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder@797e4004])
(kafka.server.ControllerApis)
org.apache.kafka.common.errors.ClusterAuthorizationException: Request
Request(processor=0, connectionId=127.0.0.1:9091-127.0.0.1:33790-0,
session=Session(User:ANONYMOUS,/127.0.0.1),
listenerName=ListenerName(CONTROLLER), securityProtocol=PLAINTEXT, buffer=null,
envelope=None) is not authorized.
[2022-05-16 11:25:12,333] INFO [BrokerLifecycleManager id=1] Unable to register
broker 1 because the controller returned error CLUSTER_AUTHORIZATION_FAILED
(kafka.server.BrokerLifecycleManager)
[2022-05-16 11:25:13,131] ERROR Unexpected error handling request
RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0, clientId=1,
correlationId=5) -- BrokerRegistrationRequestData(brokerId=1,
clusterId='5vz8gUXVSke--ryOTMTNLg', incarnationId=WvNL61avTOC-nYrzNqPy6A,
listeners=[Listener(name='DEVIN', host='onlinesuiteplus-kafka', port=29092,
securityProtocol=0), Listener(name='DEVOUT', host='localhost', port=9092,
securityProtocol=0), Listener(name='DOCKER', host='onlinesuiteplus-kafka',
port=29093, securityProtocol=1), Listener(name='EXTERNAL', host='localhost',
port=9093, securityProtocol=1)], features=[], rack=null) with context
RequestContext(header=RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0,
clientId=1, correlationId=5), connectionId='127.0.0.1:9091-127.0.0.1:33790-0',
clientAddress=/127.0.0.1, principal=User:ANONYMOUS,
listenerName=ListenerName(CONTROLLER), securityProtocol=PLAINTEXT,
clientInformation=ClientInformation(softwareName=apache-kafka-java,
softwareVersion=3.2.0), fromPrivilegedListener=false,
principalSerde=Optional[org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder@797e4004])
(kafka.server.ControllerApis)
org.apache.kafka.common.errors.ClusterAuthorizationException: Request
Request(processor=0, connectionId=127.0.0.1:9091-127.0.0.1:33790-0,
session=Session(User:ANONYMOUS,/127.0.0.1),
listenerName=ListenerName(C[2022-05-16 11:25:13,133] INFO
[BrokerLifecycleManager id=1] Unable to register broker 1 because the
controller returned error CLUSTER_AUTHORIZATION_FAILED
(kafka.server.BrokerLifecycleManager)
[2022-05-16 11:25:14,733] ERROR Unexpected error handling request
RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0, clientId=1,
correlationId=6) -- BrokerRegistrationRequestData(brokerId=1,
clusterId='5vz8gUXVSke--ryOTMTNLg', incarnationId=WvNL61avTOC-nYrzNqPy6A,
listeners=[Listener(name='DEVIN', host='onlinesuiteplus-kafka', port=29092,
securityProtocol=0), Listener(name='DEVOUT', host='localhost', port=9092,
securityProtocol=0), Listener(name='DOCKER', host='onlinesuiteplus-kafka',
port=29093, securityProtocol=1), Listener(name='EXTERNAL', host='localhost',
port=9093, securityProtocol=1)], features=[], rack=null) with context
RequestContext(header=RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0,
clientId=1, correlationId=6), connectionId='127.0.0.1:9091-127.0.0.1:33790-0',
clientAddress=/127.0.0.1, principal=User:ANONYMOUS,
listenerName=ListenerName(CONTROLLER), securityProtocol=PLAINTEXT,
clientInformation=ClientInformation(softwareName=apache-kafka-java,
softwareVersion=3.2.0), fromPrivilegedListener=false,
principalSerde=Optional[org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder@797e4004])
(kafka.server.ControllerApis)
org.apache.kafka.common.errors.ClusterAuthorizationException: Request
Request(processor=0, connectionId=127.0.0.1:9091-127.0.0.1:33790-0,
session=Session(User:ANONYMOUS,/127.0.0.1),
listenerName=ListenerName(CONTROLLER), securityProtocol=PLAINTEXT, buffer=null,
envelope=None) is not authorized.
[2022-05-16 11:25:14,734] INFO [BrokerLifecycleManager id=1] Unable to register
broker 1 because the controller returned error CLUSTER_AUTHORIZATION_FAILED
(kafka.server.BrokerLifecycleManager)
[2022-05-16 11:25:17,892] ERROR Unexpected error handling request
RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0, clientId=1,
correlationId=7) -- BrokerRegistrationRequestData(brokerId=1,
clusterId='5vz8gUXVSke--ryOTMTNLg', incarnationId=WvNL61avTOC-nYrzNqPy6A,
listeners=[Listener(name='DEVIN', host='onlinesuiteplus-kafka', port=29092,
securityProtocol=0), Listener(name='DEVOUT', host='localhost', port=9092,
securityProtocol=0), Listener(name='DOCKER', host='onlinesuiteplus-kafka',
port=29093, securityProtocol=1), Listener(name='EXTERNAL', host='localhost',
port=9093, securityProtocol=1)], features=[], rack=null) with context
RequestContext(header=RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0,
clientId=1, correlationId=7), connectionId='127.0.0.1:9091-127.0.0.1:33790-0',
clientAddress=/127.0.0.1, principal=User:ANONYMOUS,
listenerName=ListenerName(CONTROLLER), securityProtocol=PLAINTEXT,
clientInformation=ClientInformation(softwareName=apache-kafka-java,
softwareVersion=3.2.0), fromPrivilegedListener=false,
principalSerde=Optional[org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder@797e4004])
(kafka.server.ControllerApis)
org.apache.kafka.common.errors.ClusterAuthorizationException: Request
Request(processor=0, connectionId=127.0.0.1:9091-127.0.0.1:33790-0,
session=Session(User:ANONYMOUS,/127.0.0.1),
listenerName=ListenerName(CONTROLLER), securityProtocol=PLAINTEXT, buffer=null,
envelope=None) is not authorized.
[2022-05-16 11:25:17,894] INFO [BrokerLifecycleManager id=1] Unable to register
broker 1 because the controller returned error CLUSTER_AUTHORIZATION_FAILED
(kafka.server.BrokerLifecycleManager)
[2022-05-16 11:25:24,216] ERROR Unexpected error handling request
RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0, clientId=1,
correlationId=8) -- BrokerRegistrationRequestData(brokerId=1,
clusterId='5vz8gUXVSke--ryOTMTNLg', incarnationId=WvNL61avTOC-nYrzNqPy6A,
listeners=[Listener(name='DEVIN', host='onlinesuiteplus-kafka', port=29092,
securityProtocol=0), Listener(name='DEVOUT', host='localhost', port=9092,
securityProtocol=0), Listener(name='DOCKER', host='onlinesuiteplus-kafka',
port=29093, securityProtocol=1), Listener(name='EXTERNAL', host='localhost',
port=9093, securityProtocol=1)], features=[], rack=null) with context
RequestContext(header=RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0,
clientId=1, correlationId=8), connectionId='127.0.0.1:9091-127.0.0.1:33790-0',
clientAddress=/127.0.0.1, principal=User:ANONYMOUS,
listenerName=ListenerName(CONTROLLER), securityProtocol=PLAINTEXT,
clientInformation=ClientInformation(softwareName=apache-kafka-java,
softwareVersion=3.2.0), fromPrivilegedListener=false,
principalSerde=Optional[org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder@797e4004])
(kafka.server.ControllerApis)
org.apache.kafka.common.errors.ClusterAuthorizationException: Request
Request(processor=0, connectionId=127.0.0.1:9091-127.0.0.1:33790-0,
session=Session(User:ANONYMOUS,/127.0.0.1),
listenerName=ListenerName(CONTROLLER), securityProtocol=PLAINTEXT, buffer=null,
envelope=None) is not authorized.
[2022-05-16 11:25:24,218] INFO [BrokerLifecycleManager id=1] Unable to register
broker 1 because the controller returned error CLUSTER_AUTHORIZATION_FAILED
(kafka.server.BrokerLifecycleManager)
I understand it like this, that if I use PLAINTEXT as CONTROLLER security map
entry it won't use authorization at all for the communication. I also tried to
use SSL for the CONTROLLER security map entry but then I got a
SSL_HANDSHAKE_FAILED error message. So what do I have to do to run Kafka in
KRaft mode with ACLs enabled?
Best regards,
Florian
B. Braun Avitum AG
Vorstand:
Anna Maria Braun (Vorsitzende)
Michael Becker
Dr. Holger Seeberg
Vorsitz des Aufsichtsrats:
Benjamin Kuhnsch (stellv. Vorsitzender)
Sitz der Gesellschaft: Melsungen
Reg. Gericht: Amtsgericht Fritzlar HRB 11263
Informationen zur EU-Datenschutzgrundverordnung finden Sie unter:
www.bbraun.de/dsgvo
_______________________________________________________________
The information contained in this communication is confidential, may be
attorney-client privileged, may constitute inside information, and is intended
only for the use of the addressee. It is the property of the company of the
sender of this e-mail. Unauthorized use, disclosure, or copying of this
communication or any part thereof is strictly prohibited and may be unlawful.
If you have received this communication in error, please notify us immediately
by return e-mail and destroy this communication and all copies thereof,
including all attachments.
