kafka-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jun...@apache.org
Subject [01/17] kafka-site git commit: update 0.9.0 docs
Date Fri, 13 Nov 2015 17:40:23 GMT
Repository: kafka-site
Updated Branches:
  refs/heads/asf-site e8630d36e -> e047c4b24


http://git-wip-us.apache.org/repos/asf/kafka-site/blob/e047c4b2/090/producer_config.html
----------------------------------------------------------------------
diff --git a/090/producer_config.html b/090/producer_config.html
index ed9ce9e..2b1809d 100644
--- a/090/producer_config.html
+++ b/090/producer_config.html
@@ -1,106 +1,106 @@
-<table>
+<table class="data-table"><tbody>
 <tr>
 <th>Name</th>
+<th>Description</th>
 <th>Type</th>
 <th>Default</th>
 <th>Valid Values</th>
 <th>Importance</th>
-<th>Description</th>
 </tr>
 <tr>
-<td>bootstrap.servers</td><td>list</td><td></td><td></td><td>high</td><td>A list of host/port pairs to use for establishing the initial connection to the Kafka cluster. The client will make use of all servers irrespective of which servers are specified here for bootstrapping&mdash;this list only impacts the initial hosts used to discover the full set of servers. This list should be in the form <code>host1:port1,host2:port2,...</code>. Since these servers are just used for the initial connection to discover the full cluster membership (which may change dynamically), this list need not contain the full set of servers (you may want more than one, though, in case a server is down).</td></tr>
+<td>bootstrap.servers</td><td>A list of host/port pairs to use for establishing the initial connection to the Kafka cluster. The client will make use of all servers irrespective of which servers are specified here for bootstrapping&mdash;this list only impacts the initial hosts used to discover the full set of servers. This list should be in the form <code>host1:port1,host2:port2,...</code>. Since these servers are just used for the initial connection to discover the full cluster membership (which may change dynamically), this list need not contain the full set of servers (you may want more than one, though, in case a server is down).</td><td>list</td><td></td><td></td><td>high</td></tr>
 <tr>
-<td>key.serializer</td><td>class</td><td></td><td></td><td>high</td><td>Serializer class for key that implements the <code>Serializer</code> interface.</td></tr>
+<td>key.serializer</td><td>Serializer class for key that implements the <code>Serializer</code> interface.</td><td>class</td><td></td><td></td><td>high</td></tr>
 <tr>
-<td>value.serializer</td><td>class</td><td></td><td></td><td>high</td><td>Serializer class for value that implements the <code>Serializer</code> interface.</td></tr>
+<td>value.serializer</td><td>Serializer class for value that implements the <code>Serializer</code> interface.</td><td>class</td><td></td><td></td><td>high</td></tr>
 <tr>
-<td>acks</td><td>string</td><td>1</td><td>[all, -1, 0, 1]</td><td>high</td><td>The number of acknowledgments the producer requires the leader to have received before considering a request complete. This controls the  durability of records that are sent. The following settings are common:  <ul> <li><code>acks=0</code> If set to zero then the producer will not wait for any acknowledgment from the server at all. The record will be immediately added to the socket buffer and considered sent. No guarantee can be made that the server has received the record in this case, and the <code>retries</code> configuration will not take effect (as the client won't generally know of any failures). The offset given back for each record will always be set to -1. <li><code>acks=1</code> This will mean the leader will write the record to its local log but will respond without awaiting full acknowledgement from all followers. In this case should the leader fail immediately after acknowledging the record b
 ut before the followers have replicated it then the record will be lost. <li><code>acks=all</code> This means the leader will wait for the full set of in-sync replicas to acknowledge the record. This guarantees that the record will not be lost as long as at least one in-sync replica remains alive. This is the strongest available guarantee.</td></tr>
+<td>acks</td><td>The number of acknowledgments the producer requires the leader to have received before considering a request complete. This controls the  durability of records that are sent. The following settings are common:  <ul> <li><code>acks=0</code> If set to zero then the producer will not wait for any acknowledgment from the server at all. The record will be immediately added to the socket buffer and considered sent. No guarantee can be made that the server has received the record in this case, and the <code>retries</code> configuration will not take effect (as the client won't generally know of any failures). The offset given back for each record will always be set to -1. <li><code>acks=1</code> This will mean the leader will write the record to its local log but will respond without awaiting full acknowledgement from all followers. In this case should the leader fail immediately after acknowledging the record but before the followers have replicated it then the record wil
 l be lost. <li><code>acks=all</code> This means the leader will wait for the full set of in-sync replicas to acknowledge the record. This guarantees that the record will not be lost as long as at least one in-sync replica remains alive. This is the strongest available guarantee.</td><td>string</td><td>1</td><td>[all, -1, 0, 1]</td><td>high</td></tr>
 <tr>
-<td>buffer.memory</td><td>long</td><td>33554432</td><td>[0,...]</td><td>high</td><td>The total bytes of memory the producer can use to buffer records waiting to be sent to the server. If records are sent faster than they can be delivered to the server the producer will either block or throw an exception based on the preference specified by <code>block.on.buffer.full</code>. <p>This setting should correspond roughly to the total memory the producer will use, but is not a hard bound since not all memory the producer uses is used for buffering. Some additional memory will be used for compression (if compression is enabled) as well as for maintaining in-flight requests.</td></tr>
+<td>buffer.memory</td><td>The total bytes of memory the producer can use to buffer records waiting to be sent to the server. If records are sent faster than they can be delivered to the server the producer will either block or throw an exception based on the preference specified by <code>block.on.buffer.full</code>. <p>This setting should correspond roughly to the total memory the producer will use, but is not a hard bound since not all memory the producer uses is used for buffering. Some additional memory will be used for compression (if compression is enabled) as well as for maintaining in-flight requests.</td><td>long</td><td>33554432</td><td>[0,...]</td><td>high</td></tr>
 <tr>
-<td>compression.type</td><td>string</td><td>none</td><td></td><td>high</td><td>The compression type for all data generated by the producer. The default is none (i.e. no compression). Valid  values are <code>none</code>, <code>gzip</code>, <code>snappy</code>, or <code>lz4</code>. Compression is of full batches of data, so the efficacy of batching will also impact the compression ratio (more batching means better compression).</td></tr>
+<td>compression.type</td><td>The compression type for all data generated by the producer. The default is none (i.e. no compression). Valid  values are <code>none</code>, <code>gzip</code>, <code>snappy</code>, or <code>lz4</code>. Compression is of full batches of data, so the efficacy of batching will also impact the compression ratio (more batching means better compression).</td><td>string</td><td>none</td><td></td><td>high</td></tr>
 <tr>
-<td>retries</td><td>int</td><td>0</td><td>[0,...,2147483647]</td><td>high</td><td>Setting a value greater than zero will cause the client to resend any record whose send fails with a potentially transient error. Note that this retry is no different than if the client resent the record upon receiving the error. Allowing retries will potentially change the ordering of records because if two records are sent to a single partition, and the first fails and is retried but the second succeeds, then the second record may appear first.</td></tr>
+<td>retries</td><td>Setting a value greater than zero will cause the client to resend any record whose send fails with a potentially transient error. Note that this retry is no different than if the client resent the record upon receiving the error. Allowing retries will potentially change the ordering of records because if two records are sent to a single partition, and the first fails and is retried but the second succeeds, then the second record may appear first.</td><td>int</td><td>0</td><td>[0,...,2147483647]</td><td>high</td></tr>
 <tr>
-<td>ssl.key.password</td><td>string</td><td>null</td><td></td><td>high</td><td>The password of the private key in the key store file. This is optional for client.</td></tr>
+<td>ssl.key.password</td><td>The password of the private key in the key store file. This is optional for client.</td><td>password</td><td>null</td><td></td><td>high</td></tr>
 <tr>
-<td>ssl.keystore.location</td><td>string</td><td>null</td><td></td><td>high</td><td>The location of the key store file. This is optional for client and can be used for two-way authentication for client.</td></tr>
+<td>ssl.keystore.location</td><td>The location of the key store file. This is optional for client and can be used for two-way authentication for client.</td><td>string</td><td>null</td><td></td><td>high</td></tr>
 <tr>
-<td>ssl.keystore.password</td><td>string</td><td>null</td><td></td><td>high</td><td>The store password for the key store file.This is optional for client and only needed if ssl.keystore.location is configured. </td></tr>
+<td>ssl.keystore.password</td><td>The store password for the key store file.This is optional for client and only needed if ssl.keystore.location is configured. </td><td>password</td><td>null</td><td></td><td>high</td></tr>
 <tr>
-<td>ssl.truststore.location</td><td>string</td><td>null</td><td></td><td>high</td><td>The location of the trust store file. </td></tr>
+<td>ssl.truststore.location</td><td>The location of the trust store file. </td><td>string</td><td>null</td><td></td><td>high</td></tr>
 <tr>
-<td>ssl.truststore.password</td><td>string</td><td>null</td><td></td><td>high</td><td>The password for the trust store file. </td></tr>
+<td>ssl.truststore.password</td><td>The password for the trust store file. </td><td>password</td><td>null</td><td></td><td>high</td></tr>
 <tr>
-<td>batch.size</td><td>int</td><td>16384</td><td>[0,...]</td><td>medium</td><td>The producer will attempt to batch records together into fewer requests whenever multiple records are being sent to the same partition. This helps performance on both the client and the server. This configuration controls the default batch size in bytes. <p>No attempt will be made to batch records larger than this size. <p>Requests sent to brokers will contain multiple batches, one for each partition with data available to be sent. <p>A small batch size will make batching less common and may reduce throughput (a batch size of zero will disable batching entirely). A very large batch size may use memory a bit more wastefully as we will always allocate a buffer of the specified batch size in anticipation of additional records.</td></tr>
+<td>batch.size</td><td>The producer will attempt to batch records together into fewer requests whenever multiple records are being sent to the same partition. This helps performance on both the client and the server. This configuration controls the default batch size in bytes. <p>No attempt will be made to batch records larger than this size. <p>Requests sent to brokers will contain multiple batches, one for each partition with data available to be sent. <p>A small batch size will make batching less common and may reduce throughput (a batch size of zero will disable batching entirely). A very large batch size may use memory a bit more wastefully as we will always allocate a buffer of the specified batch size in anticipation of additional records.</td><td>int</td><td>16384</td><td>[0,...]</td><td>medium</td></tr>
 <tr>
-<td>client.id</td><td>string</td><td>""</td><td></td><td>medium</td><td>An id string to pass to the server when making requests. The purpose of this is to be able to track the source of requests beyond just ip/port by allowing a logical application name to be included in server-side request logging.</td></tr>
+<td>client.id</td><td>An id string to pass to the server when making requests. The purpose of this is to be able to track the source of requests beyond just ip/port by allowing a logical application name to be included in server-side request logging.</td><td>string</td><td>""</td><td></td><td>medium</td></tr>
 <tr>
-<td>connections.max.idle.ms</td><td>long</td><td>540000</td><td></td><td>medium</td><td>Close idle connections after the number of milliseconds specified by this config.</td></tr>
+<td>connections.max.idle.ms</td><td>Close idle connections after the number of milliseconds specified by this config.</td><td>long</td><td>540000</td><td></td><td>medium</td></tr>
 <tr>
-<td>linger.ms</td><td>long</td><td>0</td><td>[0,...]</td><td>medium</td><td>The producer groups together any records that arrive in between request transmissions into a single batched request. Normally this occurs only under load when records arrive faster than they can be sent out. However in some circumstances the client may want to reduce the number of requests even under moderate load. This setting accomplishes this by adding a small amount of artificial delay&mdash;that is, rather than immediately sending out a record the producer will wait for up to the given delay to allow other records to be sent so that the sends can be batched together. This can be thought of as analogous to Nagle's algorithm in TCP. This setting gives the upper bound on the delay for batching: once we get <code>batch.size</code> worth of records for a partition it will be sent immediately regardless of this setting, however if we have fewer than this many bytes accumulated for this partition we will 'ling
 er' for the specified time waiting for more records to show up. This setting defaults to 0 (i.e. no delay). Setting <code>linger.ms=5</code>, for example, would have the effect of reducing the number of requests sent but would add up to 5ms of latency to records sent in the absense of load.</td></tr>
+<td>linger.ms</td><td>The producer groups together any records that arrive in between request transmissions into a single batched request. Normally this occurs only under load when records arrive faster than they can be sent out. However in some circumstances the client may want to reduce the number of requests even under moderate load. This setting accomplishes this by adding a small amount of artificial delay&mdash;that is, rather than immediately sending out a record the producer will wait for up to the given delay to allow other records to be sent so that the sends can be batched together. This can be thought of as analogous to Nagle's algorithm in TCP. This setting gives the upper bound on the delay for batching: once we get <code>batch.size</code> worth of records for a partition it will be sent immediately regardless of this setting, however if we have fewer than this many bytes accumulated for this partition we will 'linger' for the specified time waiting for more records to
  show up. This setting defaults to 0 (i.e. no delay). Setting <code>linger.ms=5</code>, for example, would have the effect of reducing the number of requests sent but would add up to 5ms of latency to records sent in the absense of load.</td><td>long</td><td>0</td><td>[0,...]</td><td>medium</td></tr>
 <tr>
-<td>max.block.ms</td><td>long</td><td>60000</td><td>[0,...]</td><td>medium</td><td>The configuration controls how long {@link KafkaProducer#send()} and {@link KafkaProducer#partitionsFor} will block.These methods can be blocked for multiple reasons. For e.g: buffer full, metadata unavailable.This configuration imposes maximum limit on the total time spent in fetching metadata, serialization of key and value, partitioning and allocation of buffer memory when doing a send(). In case of partitionsFor(), this configuration imposes a maximum time threshold on waiting for metadata</td></tr>
+<td>max.block.ms</td><td>The configuration controls how long {@link KafkaProducer#send()} and {@link KafkaProducer#partitionsFor} will block.These methods can be blocked for multiple reasons. For e.g: buffer full, metadata unavailable.This configuration imposes maximum limit on the total time spent in fetching metadata, serialization of key and value, partitioning and allocation of buffer memory when doing a send(). In case of partitionsFor(), this configuration imposes a maximum time threshold on waiting for metadata</td><td>long</td><td>60000</td><td>[0,...]</td><td>medium</td></tr>
 <tr>
-<td>max.request.size</td><td>int</td><td>1048576</td><td>[0,...]</td><td>medium</td><td>The maximum size of a request. This is also effectively a cap on the maximum record size. Note that the server has its own cap on record size which may be different from this. This setting will limit the number of record batches the producer will send in a single request to avoid sending huge requests.</td></tr>
+<td>max.request.size</td><td>The maximum size of a request. This is also effectively a cap on the maximum record size. Note that the server has its own cap on record size which may be different from this. This setting will limit the number of record batches the producer will send in a single request to avoid sending huge requests.</td><td>int</td><td>1048576</td><td>[0,...]</td><td>medium</td></tr>
 <tr>
-<td>partitioner.class</td><td>class</td><td>class org.apache.kafka.clients.producer.internals.DefaultPartitioner</td><td></td><td>medium</td><td>Partitioner class that implements the <code>Partitioner</code> interface.</td></tr>
+<td>partitioner.class</td><td>Partitioner class that implements the <code>Partitioner</code> interface.</td><td>class</td><td>class org.apache.kafka.clients.producer.internals.DefaultPartitioner</td><td></td><td>medium</td></tr>
 <tr>
-<td>receive.buffer.bytes</td><td>int</td><td>32768</td><td>[0,...]</td><td>medium</td><td>The size of the TCP receive buffer (SO_RCVBUF) to use when reading data.</td></tr>
+<td>receive.buffer.bytes</td><td>The size of the TCP receive buffer (SO_RCVBUF) to use when reading data.</td><td>int</td><td>32768</td><td>[0,...]</td><td>medium</td></tr>
 <tr>
-<td>request.timeout.ms</td><td>int</td><td>30000</td><td>[0,...]</td><td>medium</td><td>The configuration controls the maximum amount of time the client will wait for the response of a request. If the response is not received before the timeout elapses the client will resend the request if necessary or fail the request if retries are exhausted.</td></tr>
+<td>request.timeout.ms</td><td>The configuration controls the maximum amount of time the client will wait for the response of a request. If the response is not received before the timeout elapses the client will resend the request if necessary or fail the request if retries are exhausted.</td><td>int</td><td>30000</td><td>[0,...]</td><td>medium</td></tr>
 <tr>
-<td>sasl.kerberos.service.name</td><td>string</td><td>null</td><td></td><td>medium</td><td>The Kerberos principal name that Kafka runs as. This can be defined either in Kafka's JAAS config or in Kafka's config.</td></tr>
+<td>sasl.kerberos.service.name</td><td>The Kerberos principal name that Kafka runs as. This can be defined either in Kafka's JAAS config or in Kafka's config.</td><td>string</td><td>null</td><td></td><td>medium</td></tr>
 <tr>
-<td>security.protocol</td><td>string</td><td>PLAINTEXT</td><td></td><td>medium</td><td>Protocol used to communicate with brokers. Currently only PLAINTEXT and SSL are supported.</td></tr>
+<td>security.protocol</td><td>Protocol used to communicate with brokers. Currently only PLAINTEXT and SSL are supported.</td><td>string</td><td>PLAINTEXT</td><td></td><td>medium</td></tr>
 <tr>
-<td>send.buffer.bytes</td><td>int</td><td>131072</td><td>[0,...]</td><td>medium</td><td>The size of the TCP send buffer (SO_SNDBUF) to use when sending data.</td></tr>
+<td>send.buffer.bytes</td><td>The size of the TCP send buffer (SO_SNDBUF) to use when sending data.</td><td>int</td><td>131072</td><td>[0,...]</td><td>medium</td></tr>
 <tr>
-<td>ssl.enabled.protocols</td><td>list</td><td>[TLSv1.2, TLSv1.1, TLSv1]</td><td></td><td>medium</td><td>The list of protocols enabled for SSL connections. TLSv1.2, TLSv1.1 and TLSv1 are enabled by default.</td></tr>
+<td>ssl.enabled.protocols</td><td>The list of protocols enabled for SSL connections. TLSv1.2, TLSv1.1 and TLSv1 are enabled by default.</td><td>list</td><td>[TLSv1.2, TLSv1.1, TLSv1]</td><td></td><td>medium</td></tr>
 <tr>
-<td>ssl.keystore.type</td><td>string</td><td>JKS</td><td></td><td>medium</td><td>The file format of the key store file. This is optional for client. Default value is JKS</td></tr>
+<td>ssl.keystore.type</td><td>The file format of the key store file. This is optional for client. Default value is JKS</td><td>string</td><td>JKS</td><td></td><td>medium</td></tr>
 <tr>
-<td>ssl.protocol</td><td>string</td><td>TLS</td><td></td><td>medium</td><td>The SSL protocol used to generate the SSLContext. Default setting is TLS, which is fine for most cases. Allowed values in recent JVMs are TLS, TLSv1.1 and TLSv1.2. SSL, SSLv2 and SSLv3 may be supported in older JVMs, but their usage is discouraged due to known security vulnerabilities.</td></tr>
+<td>ssl.protocol</td><td>The SSL protocol used to generate the SSLContext. Default setting is TLS, which is fine for most cases. Allowed values in recent JVMs are TLS, TLSv1.1 and TLSv1.2. SSL, SSLv2 and SSLv3 may be supported in older JVMs, but their usage is discouraged due to known security vulnerabilities.</td><td>string</td><td>TLS</td><td></td><td>medium</td></tr>
 <tr>
-<td>ssl.provider</td><td>string</td><td>null</td><td></td><td>medium</td><td>The name of the security provider used for SSL connections. Default value is the default security provider of the JVM.</td></tr>
+<td>ssl.provider</td><td>The name of the security provider used for SSL connections. Default value is the default security provider of the JVM.</td><td>string</td><td>null</td><td></td><td>medium</td></tr>
 <tr>
-<td>ssl.truststore.type</td><td>string</td><td>JKS</td><td></td><td>medium</td><td>The file format of the trust store file. Default value is JKS.</td></tr>
+<td>ssl.truststore.type</td><td>The file format of the trust store file. Default value is JKS.</td><td>string</td><td>JKS</td><td></td><td>medium</td></tr>
 <tr>
-<td>timeout.ms</td><td>int</td><td>30000</td><td>[0,...]</td><td>medium</td><td>The configuration controls the maximum amount of time the server will wait for acknowledgments from followers to meet the acknowledgment requirements the producer has specified with the <code>acks</code> configuration. If the requested number of acknowledgments are not met when the timeout elapses an error will be returned. This timeout is measured on the server side and does not include the network latency of the request.</td></tr>
+<td>timeout.ms</td><td>The configuration controls the maximum amount of time the server will wait for acknowledgments from followers to meet the acknowledgment requirements the producer has specified with the <code>acks</code> configuration. If the requested number of acknowledgments are not met when the timeout elapses an error will be returned. This timeout is measured on the server side and does not include the network latency of the request.</td><td>int</td><td>30000</td><td>[0,...]</td><td>medium</td></tr>
 <tr>
-<td>block.on.buffer.full</td><td>boolean</td><td>false</td><td></td><td>low</td><td>When our memory buffer is exhausted we must either stop accepting new records (block) or throw errors. By default this setting is true and we block, however in some scenarios blocking is not desirable and it is better to immediately give an error. Setting this to <code>false</code> will accomplish that: the producer will throw a BufferExhaustedException if a recrord is sent and the buffer space is full.</td></tr>
+<td>block.on.buffer.full</td><td>When our memory buffer is exhausted we must either stop accepting new records (block) or throw errors. By default this setting is true and we block, however in some scenarios blocking is not desirable and it is better to immediately give an error. Setting this to <code>false</code> will accomplish that: the producer will throw a BufferExhaustedException if a recrord is sent and the buffer space is full.</td><td>boolean</td><td>false</td><td></td><td>low</td></tr>
 <tr>
-<td>max.in.flight.requests.per.connection</td><td>int</td><td>5</td><td>[1,...]</td><td>low</td><td>The maximum number of unacknowledged requests the client will send on a single connection before blocking. Note that if this setting is set to be greater than 1 and there are failed sends, there is a risk of message re-ordering due to retries (i.e., if retries are enabled).</td></tr>
+<td>max.in.flight.requests.per.connection</td><td>The maximum number of unacknowledged requests the client will send on a single connection before blocking. Note that if this setting is set to be greater than 1 and there are failed sends, there is a risk of message re-ordering due to retries (i.e., if retries are enabled).</td><td>int</td><td>5</td><td>[1,...]</td><td>low</td></tr>
 <tr>
-<td>metadata.fetch.timeout.ms</td><td>long</td><td>60000</td><td>[0,...]</td><td>low</td><td>The first time data is sent to a topic we must fetch metadata about that topic to know which servers host the topic's partitions. This fetch to succeed before throwing an exception back to the client.</td></tr>
+<td>metadata.fetch.timeout.ms</td><td>The first time data is sent to a topic we must fetch metadata about that topic to know which servers host the topic's partitions. This fetch to succeed before throwing an exception back to the client.</td><td>long</td><td>60000</td><td>[0,...]</td><td>low</td></tr>
 <tr>
-<td>metadata.max.age.ms</td><td>long</td><td>300000</td><td>[0,...]</td><td>low</td><td>The period of time in milliseconds after which we force a refresh of metadata even if we haven't seen any partition leadership changes to proactively discover any new brokers or partitions.</td></tr>
+<td>metadata.max.age.ms</td><td>The period of time in milliseconds after which we force a refresh of metadata even if we haven't seen any partition leadership changes to proactively discover any new brokers or partitions.</td><td>long</td><td>300000</td><td>[0,...]</td><td>low</td></tr>
 <tr>
-<td>metric.reporters</td><td>list</td><td>[]</td><td></td><td>low</td><td>A list of classes to use as metrics reporters. Implementing the <code>MetricReporter</code> interface allows plugging in classes that will be notified of new metric creation. The JmxReporter is always included to register JMX statistics.</td></tr>
+<td>metric.reporters</td><td>A list of classes to use as metrics reporters. Implementing the <code>MetricReporter</code> interface allows plugging in classes that will be notified of new metric creation. The JmxReporter is always included to register JMX statistics.</td><td>list</td><td>[]</td><td></td><td>low</td></tr>
 <tr>
-<td>metrics.num.samples</td><td>int</td><td>2</td><td>[1,...]</td><td>low</td><td>The number of samples maintained to compute metrics.</td></tr>
+<td>metrics.num.samples</td><td>The number of samples maintained to compute metrics.</td><td>int</td><td>2</td><td>[1,...]</td><td>low</td></tr>
 <tr>
-<td>metrics.sample.window.ms</td><td>long</td><td>30000</td><td>[0,...]</td><td>low</td><td>The number of samples maintained to compute metrics.</td></tr>
+<td>metrics.sample.window.ms</td><td>The number of samples maintained to compute metrics.</td><td>long</td><td>30000</td><td>[0,...]</td><td>low</td></tr>
 <tr>
-<td>principal.builder.class</td><td>class</td><td>class org.apache.kafka.common.security.auth.DefaultPrincipalBuilder</td><td></td><td>low</td><td>principal builder to generate a java Principal. This config is optional for client.</td></tr>
+<td>principal.builder.class</td><td>principal builder to generate a java Principal. This config is optional for client.</td><td>class</td><td>class org.apache.kafka.common.security.auth.DefaultPrincipalBuilder</td><td></td><td>low</td></tr>
 <tr>
-<td>reconnect.backoff.ms</td><td>long</td><td>50</td><td>[0,...]</td><td>low</td><td>The amount of time to wait before attempting to reconnect to a given host. This avoids repeatedly connecting to a host in a tight loop. This backoff applies to all requests sent by the consumer to the broker.</td></tr>
+<td>reconnect.backoff.ms</td><td>The amount of time to wait before attempting to reconnect to a given host. This avoids repeatedly connecting to a host in a tight loop. This backoff applies to all requests sent by the consumer to the broker.</td><td>long</td><td>50</td><td>[0,...]</td><td>low</td></tr>
 <tr>
-<td>retry.backoff.ms</td><td>long</td><td>100</td><td>[0,...]</td><td>low</td><td>The amount of time to wait before attempting to retry a failed fetch request to a given topic partition. This avoids repeated fetching-and-failing in a tight loop.</td></tr>
+<td>retry.backoff.ms</td><td>The amount of time to wait before attempting to retry a failed fetch request to a given topic partition. This avoids repeated fetching-and-failing in a tight loop.</td><td>long</td><td>100</td><td>[0,...]</td><td>low</td></tr>
 <tr>
-<td>sasl.kerberos.kinit.cmd</td><td>string</td><td>/usr/bin/kinit</td><td></td><td>low</td><td>Kerberos kinit command path. Default is /usr/bin/kinit</td></tr>
+<td>sasl.kerberos.kinit.cmd</td><td>Kerberos kinit command path. Default is /usr/bin/kinit</td><td>string</td><td>/usr/bin/kinit</td><td></td><td>low</td></tr>
 <tr>
-<td>sasl.kerberos.min.time.before.relogin</td><td>long</td><td>60000</td><td></td><td>low</td><td>Login thread sleep time between refresh attempts.</td></tr>
+<td>sasl.kerberos.min.time.before.relogin</td><td>Login thread sleep time between refresh attempts.</td><td>long</td><td>60000</td><td></td><td>low</td></tr>
 <tr>
-<td>sasl.kerberos.ticket.renew.jitter</td><td>double</td><td>0.05</td><td></td><td>low</td><td>Percentage of random jitter added to the renewal time.</td></tr>
+<td>sasl.kerberos.ticket.renew.jitter</td><td>Percentage of random jitter added to the renewal time.</td><td>double</td><td>0.05</td><td></td><td>low</td></tr>
 <tr>
-<td>sasl.kerberos.ticket.renew.window.factor</td><td>double</td><td>0.8</td><td></td><td>low</td><td>Login thread will sleep until the specified window factor of time from last refresh to ticket's expiry has been reached, at which time it will try to renew the ticket.</td></tr>
+<td>sasl.kerberos.ticket.renew.window.factor</td><td>Login thread will sleep until the specified window factor of time from last refresh to ticket's expiry has been reached, at which time it will try to renew the ticket.</td><td>double</td><td>0.8</td><td></td><td>low</td></tr>
 <tr>
-<td>ssl.cipher.suites</td><td>list</td><td>null</td><td></td><td>low</td><td>A list of cipher suites. This is a named combination of authentication, encryption, MAC and key exchange algorithm used to negotiate the security settings for a network connection using TLS or SSL network protocol.By default all the available cipher suites are supported.</td></tr>
+<td>ssl.cipher.suites</td><td>A list of cipher suites. This is a named combination of authentication, encryption, MAC and key exchange algorithm used to negotiate the security settings for a network connection using TLS or SSL network protocol.By default all the available cipher suites are supported.</td><td>list</td><td>null</td><td></td><td>low</td></tr>
 <tr>
-<td>ssl.endpoint.identification.algorithm</td><td>string</td><td>null</td><td></td><td>low</td><td>The endpoint identification algorithm to validate server hostname using server certificate. </td></tr>
+<td>ssl.endpoint.identification.algorithm</td><td>The endpoint identification algorithm to validate server hostname using server certificate. </td><td>string</td><td>null</td><td></td><td>low</td></tr>
 <tr>
-<td>ssl.keymanager.algorithm</td><td>string</td><td>SunX509</td><td></td><td>low</td><td>The algorithm used by key manager factory for SSL connections. Default value is the key manager factory algorithm configured for the Java Virtual Machine.</td></tr>
+<td>ssl.keymanager.algorithm</td><td>The algorithm used by key manager factory for SSL connections. Default value is the key manager factory algorithm configured for the Java Virtual Machine.</td><td>string</td><td>SunX509</td><td></td><td>low</td></tr>
 <tr>
-<td>ssl.trustmanager.algorithm</td><td>string</td><td>PKIX</td><td></td><td>low</td><td>The algorithm used by trust manager factory for SSL connections. Default value is the trust manager factory algorithm configured for the Java Virtual Machine.</td></tr>
-</table>
+<td>ssl.trustmanager.algorithm</td><td>The algorithm used by trust manager factory for SSL connections. Default value is the trust manager factory algorithm configured for the Java Virtual Machine.</td><td>string</td><td>PKIX</td><td></td><td>low</td></tr>
+</tbody></table>

http://git-wip-us.apache.org/repos/asf/kafka-site/blob/e047c4b2/090/quickstart.html
----------------------------------------------------------------------
diff --git a/090/quickstart.html b/090/quickstart.html
index ac5623b..268ed34 100644
--- a/090/quickstart.html
+++ b/090/quickstart.html
@@ -21,11 +21,11 @@ This tutorial assumes you are starting fresh and have no existing Kafka or ZooKe
 
 <h4> Step 1: Download the code </h4>
 
-<a href="https://www.apache.org/dyn/closer.cgi?path=/kafka/0.8.2.0/kafka_2.10-0.8.2.0.tgz" title="Kafka downloads">Download</a> the 0.8.2.0 release and un-tar it.
+<a href="https://www.apache.org/dyn/closer.cgi?path=/kafka/0.9.0.0/kafka_2.11-0.9.0.0.tgz" title="Kafka downloads">Download</a> the 0.9.0.0 release and un-tar it.
 
 <pre>
-&gt; <b>tar -xzf kafka_2.10-0.8.2.0.tgz</b>
-&gt; <b>cd kafka_2.10-0.8.2.0</b>
+&gt; <b>tar -xzf kafka_2.11-0.9.0.0.tgz</b>
+&gt; <b>cd kafka_2.11-0.9.0.0</b>
 </pre>
 
 <h4>Step 2: Start the server</h4>

http://git-wip-us.apache.org/repos/asf/kafka-site/blob/e047c4b2/090/security.html
----------------------------------------------------------------------
diff --git a/090/security.html b/090/security.html
index 80e30bc..f4c8668 100644
--- a/090/security.html
+++ b/090/security.html
@@ -261,6 +261,137 @@ Apache Kafka allows clients to connect over SSL. By default SSL is disabled but
 </ol>
 
 <h3><a id="security_authz">7.4 Authorization and ACLs</a></h3>
+Kafka ships with a pluggable Authorizer and an out-of-box authorizer implementation that uses zookeeper to store all the acls. Kafka acls are defined in the general format of "Principal P is [Allowed/Denied] Operation O From Host H On Resource R". You can read more about the acl structure on KIP-11. In order to add, remove or list acls you can use the Kafka authorizer CLI.
+<h4>Command Line Interface</h4>
+Kafka Authorization management CLI can be found under bin directory with all the other CLIs. The CLI script is called <b>kafka-acls.sh</b>. Following lists all the options that the script supports:
+<p></p>
+<table class="data-table">
+    <tr>
+        <th>Option</th>
+        <th>Description</th>
+        <th>Default</th>
+        <th>Option type</th>
+    </tr>
+    <tr>
+        <td>--add</td>
+        <td>Indicates to the script that user is trying to add an acl.</td>
+        <td></td>
+        <td>Action</td>
+    </tr>
+    <tr>
+        <td>--remove</td>
+        <td>Indicates to the script that user is trying to remove an acl.</td>
+        <td></td>
+        <td>Action</td>
+    </tr>
+    <tr>
+        <td>--list</td>
+        <td>Indicates to the script that user is trying to list acls.</td>
+        <td></td>
+        <td>Action</td>
+    </tr>
+    <tr>
+        <td>--authorizer</td>
+        <td>Fully qualified class name of the authorizer.</td>
+        <td>kafka.security.auth.SimpleAclAuthorizer</td>
+        <td>Configuration</td>
+    </tr>
+    <tr>
+        <td>--authorizer-properties</td>
+        <td>comma separated key=val pairs that will be passed to authorizer for initialization.</td>
+        <td></td>
+        <td>Configuration</td>
+    </tr>
+    <tr>
+        <td>--cluster</td>
+        <td>Specifies cluster as resource.</td>
+        <td></td>
+        <td>Resource</td>
+    </tr>
+    <tr>
+        <td>--topic [topic-name]</td>
+        <td>Specifies the topic as resource.</td>
+        <td></td>
+        <td>Resource</td>
+    </tr>
+    <tr>
+        <td>--consumer-group [group-name]</td>
+        <td>Specifies the consumer-group as resource.</td>
+        <td></td>
+        <td>Resource</td>
+    </tr>
+    <tr>
+        <td>--allow-principal</td>
+        <td>Principal is in PrincipalType:name format that will be added to ACL with Allow permission. <br>You can specify multiple --allow-principal in a single command.</td>
+        <td></td>
+        <td>Principal</td>
+    </tr>
+    <tr>
+        <td>--deny-principal</td>
+        <td>Principal is in PrincipalType:name format that will be added to ACL with Deny permission. <br>You can specify multiple --deny-principal in a single command.</td>
+        <td></td>
+        <td>Principal</td>
+    </tr>
+    <tr>
+        <td>--allow-hosts</td>
+        <td>Comma separated list of hosts from which principals listed in --allow-principals will have access.</td>
+        <td> if --allow-principals is specified defaults to * which translates to "all hosts"</td>
+        <td>Host</td>
+    </tr>
+    <tr>
+        <td>--deny-hosts</td>
+        <td>Comma separated list of hosts from which principals listed in --deny-principals will be denied access.</td>
+        <td>if --deny-principals is specified defaults to * which translates to "all hosts"</td>
+        <td>Host</td>
+    </tr>
+    <tr>
+        <td>--operations</td>
+        <td>Comma separated list of operations.<br>
+            Valid values are : Read, Write, Create, Delete, Alter, Describe, ClusterAction, All</td>
+        <td>All</td>
+        <td>Operation</td>
+    </tr>
+    <tr>
+        <td>--producer</td>
+        <td> Convenience option to add/remove acls for producer role. This will generate acls that allows WRITE,
+            DESCRIBE on topic and CREATE on cluster.</td>
+        <td></td>
+        <td>Convenience</td>
+    </tr>
+    <tr>
+        <td>--consumer</td>
+        <td> Convenience option to add/remove acls for consumer role. This will generate acls that allows READ,
+            DESCRIBE on topic and READ on consumer-group.</td>
+        <td>Convenience</td>
+    </tr>
+</tbody></table>
+
+<h4>Examples</h4>
+<ul>
+    <li><b>Adding Acls</b><br>
+Suppose you want to add an acl "Principals User:Bob and User:Alice are allowed to perform Operation Read and Write on Topic Test-Topic from Host1 and Host2". You can do that by executing the CLI with following options:
+        <pre>bin/kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:Bob --allow-principal User:Alice --allow-hosts Host1,Host2 --operations Read,Write --topic Test-topic</pre>
+        By default all principals that don't have an explicit acl that allows access for an operation to a resource are denied. In rare cases where an allow acl is defined that allows access to all but some principal we will have to use the --deny-principals and --deny-host option. For example, if we want to allow all users to Read from Test-topic but only deny User:BadBob from host bad-host we can do so using following commands:
+        <pre>bin/kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:* --allow-hosts * --deny-principal User:BadBob --deny-hosts bad-host --operations Read--topic Test-topic</pre>
+        Above examples add acls to a topic by specifying --topic [topic-name] as the resource option. Similarly user can add acls to cluster by specifying --cluster and to a consumer group by specifying --consumer-group [group-name].</li>
+
+    <li><b>Removing Acls</b><br>
+            Removing acls is pretty much the same. The only difference is instead of --add option users will have to specify --remove option. To remove the acls added by the first example above we can execute the CLI with following options:
+           <pre> bin/kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer --authorizer-properties zookeeper.connect=localhost:2181 --remove --allow-principal User:Bob --allow-principal User:Alice --allow-hosts Host1,Host2 --operations Read,Write --topic Test-topic </pre></li>
+
+    <li><b>List Acls</b><br>
+            We can list acls for any resource by specifying the --list option with the resource. To list all acls for Test-topic we can execute the CLI with following options:
+            <pre>bin/kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer --authorizer-properties zookeeper.connect=localhost:2181 --list --topic Test-topic</pre></li>
+
+    <li><b>Adding or removing a principal as producer or consumer</b><br>
+            The most common use case for acl management are adding/removing a principal as producer or consumer so we added convenience options to handle these cases. In order to add User:Bob as a producer of  Test-topic we can execute the following command:
+           <pre> bin/kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:Bob --producer --topic Test-topic</pre>
+            Similarly to add Alice as a consumer of Test-topic with consumer group Group-1 we just have to pass --consumer option:
+           <pre> bin/kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:Bob --consumer --topic test-topic --consumer-group Group-1 </pre>
+            Note that for consumer option we must also specify the consumer group.
+            In order to remove a principal from producer or consumer role we just need to pass --remove option. </li>
+    </ul>
+
 <h3><a id="zk_authz">7.5 ZooKeeper Authentication</a></h3>
 <h4><a id="zk_authz_new">7.5.1 New clusters</a></h4>
 To enable ZooKeeper authentication on brokers, there are two necessary steps:
@@ -292,7 +423,7 @@ Here is an example of how to run the migration tool:
 <pre>
 ./bin/zookeeper-security-migration --help
 </pre>
-<h4><a id="zk_authz_new">7.5.3 Migrating the ZooKeeper ensemble</a></h4>
+<h4><a id="zk_authz_ensemble">7.5.3 Migrating the ZooKeeper ensemble</a></h4>
 It is also necessary to enable authentication on the ZooKeeper ensemble. To do it, we need to perform a rolling restart of the server and set a few properties. Please refer to the ZooKeeper documentation for more detail:
 <ol>
 	<li><a href="http://zookeeper.apache.org/doc/r3.4.6/zookeeperProgrammers.html#sc_ZooKeeperAccessControl">Apache ZooKeeper documentation</a></li>

http://git-wip-us.apache.org/repos/asf/kafka-site/blob/e047c4b2/090/upgrade.html
----------------------------------------------------------------------
diff --git a/090/upgrade.html b/090/upgrade.html
index 69ff20a..3b133ab 100644
--- a/090/upgrade.html
+++ b/090/upgrade.html
@@ -35,6 +35,7 @@ Note: Bumping the protocol version and restarting can be done any time after the
 
 <ul>
     <li> Java 1.6 is no longer supported. </li>
+    <li> Scala 2.9 is no longer supported. </li>
     <li> Tools packaged under <em>org.apache.kafka.clients.tools.*</em> have been moved to <em>org.apache.kafka.tools.*</em>. All included scripts will still function as usual, only custom code directly importing these classes will be affected. </li>
     <li> The default Kafka JVM performance options (KAFKA_JVM_PERFORMANCE_OPTS) have been changed in kafka-run-class.sh. </li>
     <li> The kafka-topics.sh script (kafka.admin.TopicCommand) now exits with non-zero exit code on failure. </li>
@@ -61,4 +62,4 @@ Note: Bumping the protocol version and restarting can be done any time after the
 
 <h4>Upgrading from 0.7</h4>
 
-0.8, the release in which added replication, was our first backwards-incompatible release: major changes were made to the API, ZooKeeper data structures, and protocol, and configuration. The upgrade from 0.7 to 0.8.x requires a <a href="https://cwiki.apache.org/confluence/display/KAFKA/Migrating+from+0.7+to+0.8">special tool</a> for migration. This migration can be done without downtime.
+Release 0.7 is incompatible with newer releases. Major changes were made to the API, ZooKeeper data structures, and protocol, and configuration in order to add replication (Which was missing in 0.7). The upgrade from 0.7 to later versions requires a <a href="https://cwiki.apache.org/confluence/display/KAFKA/Migrating+from+0.7+to+0.8">special tool</a> for migration. This migration can be done without downtime.


Mime
View raw message