Hi Florian,
Switching from a Zookeeper based cluster to a KRaft based one is not
currently supported. AFAIK that functionality should be coming in Kafka
3.4 (or possibly later).
Cheers,
Tom
On 16/05/2022 12:42, Florian Blumenstein wrote:
> Hi guys,
>
> I currently try to switch from Kafka 3.1.0 with ZooKeeper to Kafka 3.2.0 with
> Kafka Kraft mode. I adjusted the server.properties as follows:
>
> ### KRaft-properties
> process.roles=broker,controller
> node.id=1
> controller.quorum.voters=1@127.0.0.1:9091
> controller.listener.names=CONTROLLER
>
> auto.create.topics.enable=false
> ssl.client.auth=required
>
> ### Enable ACLs
> authorizer.class.name=org.apache.kafka.metadata.authorizer.StandardAuthorizer
> allow.everyone.if.no.acl.found=false
>
> # Topics and indexes are stored here to keep track of records sent via broker
> log.dir=/opt/kafka/data/
>
> ############################# Internal Topic Settings
> #############################
> # The replication factor for the group metadata internal topics
> "__consumer_offsets" and "__transaction_state"
> # For anything other than development testing, a value greater than 1 is
> recommended for to ensure availability such as 3.
> offsets.topic.replication.factor=1
> transaction.state.log.replication.factor=1
> transaction.state.log.min.isr=1
>
> ### Platform Configured Entries --- Below here entries are configured by the
> platform
> listener.name.docker.ssl.keystore.location=/app/ssl/internalKeystore.jks
> super.users=User:Applications:0765df41-0b31-4db8-8849-c9d77e9c6e20;User:CN=onlinesuiteplus-kafka,OU=Services,O=Company
> AG,L=City,C=DE
> advertised.listeners=DEVIN://onlinesuiteplus-kafka:29092,DEVOUT://localhost:9092,DOCKER://onlinesuiteplus-kafka:29093,EXTERNAL://localhost:9093
> listener.name.docker.ssl.key.password=password
> inter.broker.listener.name=DOCKER
> listener.name.external.ssl.key.password=password
> listener.name.external.ssl.truststore.password=password
> ssl.principal.mapping.rules=RULE:^CN=(.*?),OU=Applications.*$/Applications:$1/,RULE:^CN=(.*?),OU=Devices.*$/Devices:$1/,DEFAULT
> initial.start=true
> listener.name.docker.ssl.truststore.location=/app/ssl/truststore.jks
> listener.name.external.ssl.keystore.password=password
> listeners=CONTROLLER://:9091,DEVIN://:29092,DEVOUT://:9092,DOCKER://:29093,EXTERNAL://:9093
> listener.name.external.ssl.truststore.location=/app/ssl/truststore.jks
> listener.name.docker.ssl.truststore.password=password
> listener.name.external.ssl.keystore.location=/app/ssl/externalKeystore.jks
> listener.security.protocol.map=CONTROLLER:PLAINTEXT,DEVIN:PLAINTEXT,DEVOUT:PLAINTEXT,DOCKER:SSL,EXTERNAL:SSL
> listener.name.docker.ssl.keystore.password=password
>
> If I now run kafka with the following script:
>
> if [ "$KAFKA_INITIAL_START" == "true" ]
> then
> echo "Running kafka-storage.sh because env var KAFKA_INITIAL_START was
> set to true"
> "${KAFKA_HOME}"/bin/kafka-storage.sh format --config
> "${KAFKA_HOME}"/config/server.properties --cluster-id
> $("${KAFKA_HOME}"/bin/kafka-storage.sh random-uuid)
> fi
>
> exec "$KAFKA_HOME/bin/kafka-server-start.sh"
> "$KAFKA_HOME/config/server.properties"
>
>
> I got the following logs:
>
> [2022-05-16 11:25:08,894] INFO Registered kafka:type=kafka.Log4jController
> MBean (kafka.utils.Log4jControllerRegistration$)
> [2022-05-16 11:25:09,220] INFO Setting -D
> jdk.tls.rejectClientInitiatedRenegotiation=true to disable client-initiated
> TLS renegotiation (org.apache.zookeeper.common.X509Util)
> [2022-05-16 11:25:09,473] INFO [LogLoader partition=__cluster_metadata-0,
> dir=/opt/kafka/data] Loading producer state till offset 0 with message format
> version 2 (kafka.log.UnifiedLog$)
> [2022-05-16 11:25:09,474] INFO [LogLoader partition=__cluster_metadata-0,
> dir=/opt/kafka/data] Reloading from producer snapshot and rebuilding producer
> state from offset 0 (kafka.log.UnifiedLog$)
> [2022-05-16 11:25:09,477] INFO [LogLoader partition=__cluster_metadata-0,
> dir=/opt/kafka/data] Producer state recovery took 2ms for snapshot load and
> 0ms for segment recovery from offset 0 (kafka.log.UnifiedLog$)
> [2022-05-16 11:25:09,584] INFO [raft-expiration-reaper]: Starting
> (kafka.raft.TimingWheelExpirationService$ExpiredOperationReaper)
> [2022-05-16 11:25:09,784] INFO [RaftManager nodeId=1] Completed transition to
> Unattached(epoch=0, voters=[1], electionTimeoutMs=1442)
> (org.apache.kafka.raft.QuorumState)
> [2022-05-16 11:25:09,797] INFO [RaftManager nodeId=1] Completed transition to
> CandidateState(localId=1, epoch=1, retries=1, electionTimeoutMs=1741)
> (org.apache.kafka.raft.QuorumState)
> [2022-05-16 11:25:09,810] INFO [RaftManager nodeId=1] Completed transition to
> Leader(localId=1, epoch=1, epochStartOffset=0, highWatermark=Optional.empty,
> voterStates={1=ReplicaState(nodeId=1, endOffset=Optional.empty,
> lastFetchTimestamp=OptionalLong.empty, hasAcknowledgedLeader=true)})
> (org.apache.kafka.raft.QuorumState)
> [2022-05-16 11:25:09,854] INFO Registered signal handlers for TERM, INT, HUP
> (org.apache.kafka.common.utils.LoggingSignalHandler)
> [2022-05-16 11:25:09,860] INFO [kafka-raft-outbound-request-thread]: Starting
> (kafka.raft.RaftSendThread)
> [2022-05-16 11:25:09,860] INFO [kafka-raft-io-thread]: Starting
> (kafka.raft.KafkaRaftManager$RaftIoThread)
> [2022-05-16 11:25:09,862] INFO Starting controller
> (kafka.server.ControllerServer)
> [2022-05-16 11:25:09,869] INFO [StandardAuthorizer 1] set
> super.users=User:CN=onlinesuiteplus-kafka,OU=Services,O=B. Braun Melsungen
> AG,L=Melsungen,C=DE,User:Applications:0765df41-0b31-4db8-8849-c9d77e9c6e20,
> default result=DENIED
> (org.apache.kafka.metadata.authorizer.StandardAuthorizerData)
> [2022-05-16 11:25:10,270] INFO Updated connection-accept-rate max connection
> creation rate to 2147483647 (kafka.network.ConnectionQuotas)
> [2022-05-16 11:25:10,277] INFO Awaiting socket connections on 0.0.0.0:9091.
> (kafka.network.DataPlaneAcceptor)
> [2022-05-16 11:25:10,318] INFO [SocketServer listenerType=CONTROLLER,
> nodeId=1] Created data-plane acceptor and processors for endpoint :
> ListenerName(CONTROLLER) (kafka.network.SocketServer)
> [2022-05-16 11:25:10,354] INFO [RaftManager nodeId=1] Registered the listener
> org.apache.kafka.controller.QuorumController$QuorumMetaLogListener@557176505
> (org.apache.kafka.raft.KafkaRaftClient)
> [2022-05-16 11:25:10,361] INFO [ThrottledChannelReaper-Fetch]: Starting
> (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
> [2022-05-16 11:25:10,362] INFO [ThrottledChannelReaper-Produce]: Starting
> (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
> [2022-05-16 11:25:10,363] INFO [ThrottledChannelReaper-Request]: Starting
> (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
> [2022-05-16 11:25:10,365] INFO [ThrottledChannelReaper-ControllerMutation]:
> Starting (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
> [2022-05-16 11:25:10,366] INFO [Controller 1] Becoming the active controller
> at epoch 1, committed offset -1 and committed epoch -1.
> (org.apache.kafka.controller.QuorumController)
> [2022-05-16 11:25:10,384] INFO [ExpirationReaper-1-AlterAcls]: Starting
> (kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper)
> [2022-05-16 11:25:10,402] INFO [SocketServer listenerType=CONTROLLER,
> nodeId=1] Starting socket server acceptors and processors
> (kafka.network.SocketServer)
> [2022-05-16 11:25:10,434] INFO [SocketServer listenerType=CONTROLLER,
> nodeId=1] Started data-plane acceptor and processor(s) for endpoint :
> ListenerName(CONTROLLER) (kafka.network.SocketServer)
> [2022-05-16 11:25:10,435] INFO [SocketServer listenerType=CONTROLLER,
> nodeId=1] Started socket server acceptors and processors
> (kafka.network.SocketServer)
> [2022-05-16 11:25:10,436] INFO [BrokerServer id=1] Transition from SHUTDOWN
> to STARTING (kafka.server.BrokerServer)
> [2022-05-16 11:25:10,437] INFO [BrokerServer id=1] Starting broker
> (kafka.server.BrokerServer)
> [2022-05-16 11:25:10,457] INFO [ThrottledChannelReaper-Fetch]: Starting
> (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
> [2022-05-16 11:25:10,457] INFO [ThrottledChannelReaper-Produce]: Starting
> (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
> [2022-05-16 11:25:10,458] INFO [ThrottledChannelReaper-Request]: Starting
> (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
> [2022-05-16 11:25:10,458] INFO [ThrottledChannelReaper-ControllerMutation]:
> Starting (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
> [2022-05-16 11:25:10,491] INFO [BrokerToControllerChannelManager broker=1
> name=forwarding]: Starting (kafka.server.BrokerToControllerRequestThread)
> [2022-05-16 11:25:10,492] INFO [BrokerToControllerChannelManager broker=1
> name=forwarding]: Recorded new controller, from now on will use broker
> localhost:9091 (id: 1 rack: null)
> (kafka.server.BrokerToControllerRequestThread)
> [2022-05-16 11:25:10,552] INFO Updated connection-accept-rate max connection
> creation rate to 2147483647 (kafka.network.ConnectionQuotas)
> [2022-05-16 11:25:10,553] INFO Awaiting socket connections on 0.0.0.0:29092.
> (kafka.network.DataPlaneAcceptor)
> [2022-05-16 11:25:10,568] INFO [SocketServer listenerType=BROKER, nodeId=1]
> Created data-plane acceptor and processors for endpoint : ListenerName(DEVIN)
> (kafka.network.SocketServer)
> [2022-05-16 11:25:10,570] INFO Updated connection-accept-rate max connection
> creation rate to 2147483647 (kafka.network.ConnectionQuotas)
> [2022-05-16 11:25:10,571] INFO Awaiting socket connections on 0.0.0.0:9092.
> (kafka.network.DataPlaneAcceptor)
> [2022-05-16 11:25:10,583] INFO [SocketServer listenerType=BROKER, nodeId=1]
> Created data-plane acceptor and processors for endpoint :
> ListenerName(DEVOUT) (kafka.network.SocketServer)
> [2022-05-16 11:25:10,585] INFO Updated connection-accept-rate max connection
> creation rate to 2147483647 (kafka.network.ConnectionQuotas)
> [2022-05-16 11:25:10,586] INFO Awaiting socket connections on 0.0.0.0:29093.
> (kafka.network.DataPlaneAcceptor)
> [2022-05-16 11:25:11,323] INFO [SocketServer listenerType=BROKER, nodeId=1]
> Created data-plane acceptor and processors for endpoint :
> ListenerName(DOCKER) (kafka.network.SocketServer)
> [2022-05-16 11:25:11,324] INFO Updated connection-accept-rate max connection
> creation rate to 2147483647 (kafka.network.ConnectionQuotas)
> [2022-05-16 11:25:11,325] INFO Awaiting socket connections on 0.0.0.0:9093.
> (kafka.network.DataPlaneAcceptor)
> [2022-05-16 11:25:11,343] INFO [SocketServer listenerType=BROKER, nodeId=1]
> Created data-plane acceptor and processors for endpoint :
> ListenerName(EXTERNAL) (kafka.network.SocketServer)
> [2022-05-16 11:25:11,351] INFO [BrokerToControllerChannelManager broker=1
> name=alterIsr]: Starting (kafka.server.BrokerToControllerRequestThread)
> [2022-05-16 11:25:11,351] INFO [BrokerToControllerChannelManager broker=1
> name=alterIsr]: Recorded new controller, from now on will use broker
> localhost:9091 (id: 1 rack: null)
> (kafka.server.BrokerToControllerRequestThread)
> [2022-05-16 11:25:11,369] INFO [ExpirationReaper-1-Produce]: Starting
> (kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper)
> [2022-05-16 11:25:11,371] INFO [ExpirationReaper-1-Fetch]: Starting
> (kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper)
> [2022-05-16 11:25:11,372] INFO [ExpirationReaper-1-DeleteRecords]: Starting
> (kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper)
> [2022-05-16 11:25:11,374] INFO [ExpirationReaper-1-ElectLeader]: Starting
> (kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper)
> [2022-05-16 11:25:11,397] INFO [ExpirationReaper-1-Heartbeat]: Starting
> (kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper)
> [2022-05-16 11:25:11,398] INFO [ExpirationReaper-1-Rebalance]: Starting
> (kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper)
> [2022-05-16 11:25:11,457] INFO [RaftManager nodeId=1] Registered the listener
> kafka.server.metadata.BrokerMetadataListener@225769393
> (org.apache.kafka.raft.KafkaRaftClient)
> [2022-05-16 11:25:11,457] INFO [BrokerToControllerChannelManager broker=1
> name=heartbeat]: Starting (kafka.server.BrokerToControllerRequestThread)
> [2022-05-16 11:25:11,458] INFO [BrokerToControllerChannelManager broker=1
> name=heartbeat]: Recorded new controller, from now on will use broker
> localhost:9091 (id: 1 rack: null)
> (kafka.server.BrokerToControllerRequestThread)
> [2022-05-16 11:25:11,459] INFO [StandardAuthorizer 1] set
> super.users=User:CN=onlinesuiteplus-kafka,OU=Services,O=B. Braun Melsungen
> AG,L=Melsungen,C=DE,User:Applications:0765df41-0b31-4db8-8849-c9d77e9c6e20,
> default result=DENIED
> (org.apache.kafka.metadata.authorizer.StandardAuthorizerData)
> [2022-05-16 11:25:11,464] INFO [BrokerLifecycleManager id=1] Incarnation
> WvNL61avTOC-nYrzNqPy6A of broker 1 in cluster 5vz8gUXVSke--ryOTMTNLg is now
> STARTING. (kafka.server.BrokerLifecycleManager)
> [2022-05-16 11:25:11,540] INFO [ExpirationReaper-1-AlterAcls]: Starting
> (kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper)
> [2022-05-16 11:25:11,612] ERROR Unexpected error handling request
> RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0, clientId=1,
> correlationId=0) -- BrokerRegistrationRequestData(brokerId=1,
> clusterId='5vz8gUXVSke--ryOTMTNLg', incarnationId=WvNL61avTOC-nYrzNqPy6A,
> listeners=[Listener(name='DEVIN', host='onlinesuiteplus-kafka', port=29092,
> securityProtocol=0), Listener(name='DEVOUT', host='localhost', port=9092,
> securityProtocol=0), Listener(name='DOCKER', host='onlinesuiteplus-kafka',
> port=29093, securityProtocol=1), Listener(name='EXTERNAL', host='localhost',
> port=9093, securityProtocol=1)], features=[], rack=null) with context
> RequestContext(header=RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0,
> clientId=1, correlationId=0),
> connectionId='127.0.0.1:9091-127.0.0.1:33790-0', clientAddress=/127.0.0.1,
> principal=User:ANONYMOUS, listenerName=ListenerName(CONTROLLER),
> securityProtocol=PLAINTEXT,
> clientInformation=ClientInformation(softwareName=apache-kafka-java,
> softwareVersion=3.2.0), fromPrivilegedListener=false,
> principalSerde=Optional[org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder@797e4004])
> (kafka.server.ControllerApis)
> org.apache.kafka.common.errors.ClusterAuthorizationException: Request
> Request(processor=0, connectionId=127.0.0.1:9091-127.0.0.1:33790-0,
> session=Session(User:ANONYMOUS,/127.0.0.1),
> listenerName=ListenerName(CONTROLLER), securityProtocol=PLAINTEXT,
> buffer=null, envelope=None) is not authorized.
> [2022-05-16 11:25:11,619] INFO [BrokerLifecycleManager id=1] Unable to
> register broker 1 because the controller returned error
> CLUSTER_AUTHORIZATION_FAILED (kafka.server.BrokerLifecycleManager)
> [2022-05-16 11:25:11,719] ERROR Unexpected error handling request
> RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0, clientId=1,
> correlationId=2) -- BrokerRegistrationRequestData(brokerId=1,
> clusterId='5vz8gUXVSke--ryOTMTNLg', incarnationId=WvNL61avTOC-nYrzNqPy6A,
> listeners=[Listener(name='DEVIN', host='onlinesuiteplus-kafka', port=29092,
> securityProtocol=0), Listener(name='DEVOUT', host='localhost', port=9092,
> securityProtocol=0), Listener(name='DOCKER', host='onlinesuiteplus-kafka',
> port=29093, securityProtocol=1), Listener(name='EXTERNAL', host='localhost',
> port=9093, securityProtocol=1)], features=[], rack=null) with context
> RequestContext(header=RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0,
> clientId=1, correlationId=2),
> connectionId='127.0.0.1:9091-127.0.0.1:33790-0', clientAddress=/127.0.0.1,
> principal=User:ANONYMOUS, listenerName=ListenerName(CONTROLLER),
> securityProtocol=PLAINTEXT,
> clientInformation=ClientInformation(softwareName=apache-kafka-java,
> softwareVersion=3.2.0), fromPrivilegedListener=false,
> principalSerde=Optional[org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder@797e4004])
> (kafka.server.ControllerApis)
> org.apache.kafka.common.errors.ClusterAuthorizationException: Request
> Request(processor=0, connectionId=127.0.0.1:9091-127.0.0.1:33790-0,
> session=Session(User:ANONYMOUS,/127.0.0.1),
> listenerName=ListenerName(CONTROLLER), securityProtocol=PLAINTEXT,
> buffer=null, envelope=None) is not authorized.
> [2022-05-16 11:25:11,720] INFO [BrokerLifecycleManager id=1] Unable to
> register broker 1 because the controller returned error
> CLUSTER_AUTHORIZATION_FAILED (kafka.server.BrokerLifecycleManager)
> [2022-05-16 11:25:11,922] ERROR Unexpected error handling request
> RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0, clientId=1,
> correlationId=3) -- BrokerRegistrationRequestData(brokerId=1,
> clusterId='5vz8gUXVSke--ryOTMTNLg', incarnationId=WvNL61avTOC-nYrzNqPy6A,
> listeners=[Listener(name='DEVIN', host='onlinesuiteplus-kafka', port=29092,
> securityProtocol=0), Listener(name='DEVOUT', host='localhost', port=9092,
> securityProtocol=0), Listener(name='DOCKER', host='onlinesuiteplus-kafka',
> port=29093, securityProtocol=1), Listener(name='EXTERNAL', host='localhost',
> port=9093, securityProtocol=1)], features=[], rack=null) with context
> RequestContext(header=RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0,
> clientId=1, correlationId=3),
> connectionId='127.0.0.1:9091-127.0.0.1:33790-0', clientAddress=/127.0.0.1,
> principal=User:ANONYMOUS, listenerName=ListenerName(CONTROLLER),
> securityProtocol=PLAINTEXT,
> clientInformation=ClientInformation(softwareName=apache-kafka-java,
> softwareVersion=3.2.0), fromPrivilegedListener=false,
> principalSerde=Optional[org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder@797e4004])
> (kafka.server.ControllerApis)
> org.apache.kafka.common.errors.ClusterAuthorizationException: Request
> Request(processor=0, connectionId=127.0.0.1:9091-127.0.0.1:33790-0,
> session=Session(User:ANONYMOUS,/127.0.0.1),
> listenerName=ListenerName(CONTROLLER), securityProtocol=PLAINTEXT,
> buffer=null, envelope=None) is not authorized.
> [2022-05-16 11:25:11,924] INFO [BrokerLifecycleManager id=1] Unable to
> register broker 1 because the controller returned error
> CLUSTER_AUTHORIZATION_FAILED (kafka.server.BrokerLifecycleManager)
> [2022-05-16 11:25:12,330] ERROR Unexpected error handling request
> RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0, clientId=1,
> correlationId=4) -- BrokerRegistrationRequestData(brokerId=1,
> clusterId='5vz8gUXVSke--ryOTMTNLg', incarnationId=WvNL61avTOC-nYrzNqPy6A,
> listeners=[Listener(name='DEVIN', host='onlinesuiteplus-kafka', port=29092,
> securityProtocol=0), Listener(name='DEVOUT', host='localhost', port=9092,
> securityProtocol=0), Listener(name='DOCKER', host='onlinesuiteplus-kafka',
> port=29093, securityProtocol=1), Listener(name='EXTERNAL', host='localhost',
> port=9093, securityProtocol=1)], features=[], rack=null) with context
> RequestContext(header=RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0,
> clientId=1, correlationId=4),
> connectionId='127.0.0.1:9091-127.0.0.1:33790-0', clientAddress=/127.0.0.1,
> principal=User:ANONYMOUS, listenerName=ListenerName(CONTROLLER),
> securityProtocol=PLAINTEXT,
> clientInformation=ClientInformation(softwareName=apache-kafka-java,
> softwareVersion=3.2.0), fromPrivilegedListener=false,
> principalSerde=Optional[org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder@797e4004])
> (kafka.server.ControllerApis)
> org.apache.kafka.common.errors.ClusterAuthorizationException: Request
> Request(processor=0, connectionId=127.0.0.1:9091-127.0.0.1:33790-0,
> session=Session(User:ANONYMOUS,/127.0.0.1),
> listenerName=ListenerName(CONTROLLER), securityProtocol=PLAINTEXT,
> buffer=null, envelope=None) is not authorized.
> [2022-05-16 11:25:12,333] INFO [BrokerLifecycleManager id=1] Unable to
> register broker 1 because the controller returned error
> CLUSTER_AUTHORIZATION_FAILED (kafka.server.BrokerLifecycleManager)
> [2022-05-16 11:25:13,131] ERROR Unexpected error handling request
> RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0, clientId=1,
> correlationId=5) -- BrokerRegistrationRequestData(brokerId=1,
> clusterId='5vz8gUXVSke--ryOTMTNLg', incarnationId=WvNL61avTOC-nYrzNqPy6A,
> listeners=[Listener(name='DEVIN', host='onlinesuiteplus-kafka', port=29092,
> securityProtocol=0), Listener(name='DEVOUT', host='localhost', port=9092,
> securityProtocol=0), Listener(name='DOCKER', host='onlinesuiteplus-kafka',
> port=29093, securityProtocol=1), Listener(name='EXTERNAL', host='localhost',
> port=9093, securityProtocol=1)], features=[], rack=null) with context
> RequestContext(header=RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0,
> clientId=1, correlationId=5),
> connectionId='127.0.0.1:9091-127.0.0.1:33790-0', clientAddress=/127.0.0.1,
> principal=User:ANONYMOUS, listenerName=ListenerName(CONTROLLER),
> securityProtocol=PLAINTEXT,
> clientInformation=ClientInformation(softwareName=apache-kafka-java,
> softwareVersion=3.2.0), fromPrivilegedListener=false,
> principalSerde=Optional[org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder@797e4004])
> (kafka.server.ControllerApis)
> org.apache.kafka.common.errors.ClusterAuthorizationException: Request
> Request(processor=0, connectionId=127.0.0.1:9091-127.0.0.1:33790-0,
> session=Session(User:ANONYMOUS,/127.0.0.1),
> listenerName=ListenerName(C[2022-05-16 11:25:13,133] INFO
> [BrokerLifecycleManager id=1] Unable to register broker 1 because the
> controller returned error CLUSTER_AUTHORIZATION_FAILED
> (kafka.server.BrokerLifecycleManager)
> [2022-05-16 11:25:14,733] ERROR Unexpected error handling request
> RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0, clientId=1,
> correlationId=6) -- BrokerRegistrationRequestData(brokerId=1,
> clusterId='5vz8gUXVSke--ryOTMTNLg', incarnationId=WvNL61avTOC-nYrzNqPy6A,
> listeners=[Listener(name='DEVIN', host='onlinesuiteplus-kafka', port=29092,
> securityProtocol=0), Listener(name='DEVOUT', host='localhost', port=9092,
> securityProtocol=0), Listener(name='DOCKER', host='onlinesuiteplus-kafka',
> port=29093, securityProtocol=1), Listener(name='EXTERNAL', host='localhost',
> port=9093, securityProtocol=1)], features=[], rack=null) with context
> RequestContext(header=RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0,
> clientId=1, correlationId=6),
> connectionId='127.0.0.1:9091-127.0.0.1:33790-0', clientAddress=/127.0.0.1,
> principal=User:ANONYMOUS, listenerName=ListenerName(CONTROLLER),
> securityProtocol=PLAINTEXT,
> clientInformation=ClientInformation(softwareName=apache-kafka-java,
> softwareVersion=3.2.0), fromPrivilegedListener=false,
> principalSerde=Optional[org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder@797e4004])
> (kafka.server.ControllerApis)
> org.apache.kafka.common.errors.ClusterAuthorizationException: Request
> Request(processor=0, connectionId=127.0.0.1:9091-127.0.0.1:33790-0,
> session=Session(User:ANONYMOUS,/127.0.0.1),
> listenerName=ListenerName(CONTROLLER), securityProtocol=PLAINTEXT,
> buffer=null, envelope=None) is not authorized.
> [2022-05-16 11:25:14,734] INFO [BrokerLifecycleManager id=1] Unable to
> register broker 1 because the controller returned error
> CLUSTER_AUTHORIZATION_FAILED (kafka.server.BrokerLifecycleManager)
> [2022-05-16 11:25:17,892] ERROR Unexpected error handling request
> RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0, clientId=1,
> correlationId=7) -- BrokerRegistrationRequestData(brokerId=1,
> clusterId='5vz8gUXVSke--ryOTMTNLg', incarnationId=WvNL61avTOC-nYrzNqPy6A,
> listeners=[Listener(name='DEVIN', host='onlinesuiteplus-kafka', port=29092,
> securityProtocol=0), Listener(name='DEVOUT', host='localhost', port=9092,
> securityProtocol=0), Listener(name='DOCKER', host='onlinesuiteplus-kafka',
> port=29093, securityProtocol=1), Listener(name='EXTERNAL', host='localhost',
> port=9093, securityProtocol=1)], features=[], rack=null) with context
> RequestContext(header=RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0,
> clientId=1, correlationId=7),
> connectionId='127.0.0.1:9091-127.0.0.1:33790-0', clientAddress=/127.0.0.1,
> principal=User:ANONYMOUS, listenerName=ListenerName(CONTROLLER),
> securityProtocol=PLAINTEXT,
> clientInformation=ClientInformation(softwareName=apache-kafka-java,
> softwareVersion=3.2.0), fromPrivilegedListener=false,
> principalSerde=Optional[org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder@797e4004])
> (kafka.server.ControllerApis)
> org.apache.kafka.common.errors.ClusterAuthorizationException: Request
> Request(processor=0, connectionId=127.0.0.1:9091-127.0.0.1:33790-0,
> session=Session(User:ANONYMOUS,/127.0.0.1),
> listenerName=ListenerName(CONTROLLER), securityProtocol=PLAINTEXT,
> buffer=null, envelope=None) is not authorized.
> [2022-05-16 11:25:17,894] INFO [BrokerLifecycleManager id=1] Unable to
> register broker 1 because the controller returned error
> CLUSTER_AUTHORIZATION_FAILED (kafka.server.BrokerLifecycleManager)
> [2022-05-16 11:25:24,216] ERROR Unexpected error handling request
> RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0, clientId=1,
> correlationId=8) -- BrokerRegistrationRequestData(brokerId=1,
> clusterId='5vz8gUXVSke--ryOTMTNLg', incarnationId=WvNL61avTOC-nYrzNqPy6A,
> listeners=[Listener(name='DEVIN', host='onlinesuiteplus-kafka', port=29092,
> securityProtocol=0), Listener(name='DEVOUT', host='localhost', port=9092,
> securityProtocol=0), Listener(name='DOCKER', host='onlinesuiteplus-kafka',
> port=29093, securityProtocol=1), Listener(name='EXTERNAL', host='localhost',
> port=9093, securityProtocol=1)], features=[], rack=null) with context
> RequestContext(header=RequestHeader(apiKey=BROKER_REGISTRATION, apiVersion=0,
> clientId=1, correlationId=8),
> connectionId='127.0.0.1:9091-127.0.0.1:33790-0', clientAddress=/127.0.0.1,
> principal=User:ANONYMOUS, listenerName=ListenerName(CONTROLLER),
> securityProtocol=PLAINTEXT,
> clientInformation=ClientInformation(softwareName=apache-kafka-java,
> softwareVersion=3.2.0), fromPrivilegedListener=false,
> principalSerde=Optional[org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder@797e4004])
> (kafka.server.ControllerApis)
> org.apache.kafka.common.errors.ClusterAuthorizationException: Request
> Request(processor=0, connectionId=127.0.0.1:9091-127.0.0.1:33790-0,
> session=Session(User:ANONYMOUS,/127.0.0.1),
> listenerName=ListenerName(CONTROLLER), securityProtocol=PLAINTEXT,
> buffer=null, envelope=None) is not authorized.
> [2022-05-16 11:25:24,218] INFO [BrokerLifecycleManager id=1] Unable to
> register broker 1 because the controller returned error
> CLUSTER_AUTHORIZATION_FAILED (kafka.server.BrokerLifecycleManager)
>
>
> I understand it like this, that if I use PLAINTEXT as CONTROLLER security map
> entry it won't use authorization at all for the communication. I also tried
> to use SSL for the CONTROLLER security map entry but then I got a
> SSL_HANDSHAKE_FAILED error message. So what do I have to do to run Kafka in
> KRaft mode with ACLs enabled?
>
> Best regards,
> Florian
>
> B. Braun Avitum AG
>
> Vorstand:
> Anna Maria Braun (Vorsitzende)
> Michael Becker
> Dr. Holger Seeberg
>
> Vorsitz des Aufsichtsrats:
> Benjamin Kuhnsch (stellv. Vorsitzender)
>
> Sitz der Gesellschaft: Melsungen
> Reg. Gericht: Amtsgericht Fritzlar HRB 11263
>
> Informationen zur EU-Datenschutzgrundverordnung finden Sie unter:
> www.bbraun.de/dsgvo
> _______________________________________________________________
> The information contained in this communication is confidential, may be
> attorney-client privileged, may constitute inside information, and is intended
> only for the use of the addressee. It is the property of the company of the
> sender of this e-mail. Unauthorized use, disclosure, or copying of this
> communication or any part thereof is strictly prohibited and may be unlawful.
> If you have received this communication in error, please notify us immediately
> by return e-mail and destroy this communication and all copies thereof,
> including all attachments.
