kafka-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jaikiran Pai <jai.forums2...@gmail.com>
Subject WARN log message flooding broker logs for a pretty typical SSL setup
Date Sun, 04 Sep 2016 14:01:47 GMT
We just started enabling SSL for our Kafka brokers and (Java) clients 
and among some of the issues we are running into, one of them is the 
flooding of the server/broker Kafka logs where we are seeing these 
messages:

[2016-09-02 08:07:13,773] WARN SSL peer is not authenticated, returning 
ANONYMOUS instead (org.apache.kafka.common.network.SslTransportLayer)
[2016-09-02 08:07:15,710] WARN SSL peer is not authenticated, returning 
ANONYMOUS instead (org.apache.kafka.common.network.SslTransportLayer)
[2016-09-02 08:07:15,711] WARN SSL peer is not authenticated, returning 
ANONYMOUS instead (org.apache.kafka.common.network.SslTransportLayer)
[2016-09-02 08:07:15,711] WARN SSL peer is not authenticated, returning 
ANONYMOUS instead (org.apache.kafka.common.network.SslTransportLayer)
[2016-09-02 08:07:15,712] WARN SSL peer is not authenticated, returning 
ANONYMOUS instead (org.apache.kafka.common.network.SslTransportLayer)
....

They just keep going on and on. In our SSL setup, we have the broker 
configured with the keystore and the Java clients have been configured 
with a proper truststore and all works fine except for these messages 
flooding the logs. We don't have any ACLs setup nor have we enabled 
client auth check.

Looking at the code which generates this WARN message 
https://github.com/apache/kafka/blob/trunk/clients/src/main/java/org/apache/kafka/common/network/SslTransportLayer.java#L638

and the fact that the setup we have (where we just enable server/broker 
cert validation) is, IMO, a valid scenario and not some 
exceptional/incorrect setup issue, I think this log message is something 
that can be removed from the code (or at least logged at a very lower 
level given the frequency at which this gets logged)

Any thoughts on this?

It's a pretty straightforward change and if this change is something 
that sounds right, I can go ahead and submit a PR.

P.S: This is both on 0.9.0.1 and latest 0.10.0.1.

-Jaikiran


Mime
View raw message