kafka-jira mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "zhu fangbo (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (KAFKA-5616) unable perform a rolling upgrade from a non-secure to a secure Kafka cluster
Date Tue, 25 Jul 2017 01:16:00 GMT

     [ https://issues.apache.org/jira/browse/KAFKA-5616?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

zhu fangbo resolved KAFKA-5616.
    Resolution: Not A Problem

This is due to improper ACL configuration´╝îI did not set the operation for each broker on
resource of cluster and topic.

> unable perform a rolling upgrade from a non-secure to a secure Kafka cluster
> ----------------------------------------------------------------------------
>                 Key: KAFKA-5616
>                 URL: https://issues.apache.org/jira/browse/KAFKA-5616
>             Project: Kafka
>          Issue Type: Bug
>          Components: core
>    Affects Versions:
>            Reporter: zhu fangbo
> I want to upgrade my unsecure kafka cluster to a secure one whitch support SASL_PLAINT
protocol, but I failed to perfrom rolling upgrade. The only way I found to upgrade is to shutdown
all brokers first and then restart all brokers with inter-broker security configured
> h3. Before upgrade
> Here is the secure configuration of broker 1´╝Ü
> {quote}listeners=PLAINTEXT://,SASL_PLAINTEXT://
> sasl.enabled.mechanisms=PLAIN
> authorizer.class.name = kafka.security.auth.SimpleAclAuthorizer
> super.users=User:admin{quote}
> I want to setup a cluster support both unsecure and secure client-broker connect, so
i add a new endpoint to listeners with port  = 9099
> h3. Start rolling upgrade
> First, I restart broker-1 which is not the controller. below is part of  server.log shows
start complete:
> !http://olt6kofv9.bkt.clouddn.com/17-7-20/25775149.jpg|height=190,width=1390,hspace=1,vspace=4!
> seemed well, but there are no log print to show the replicamanger was started,and broker1
not go back to the ISR
> !http://olt6kofv9.bkt.clouddn.com/17-7-20/55734691.jpg|height=200,width=800!
> Besides, the preferred replica leader election was also failed
> !http://olt6kofv9.bkt.clouddn.com/17-7-20/94837206.jpg|height=100,width=1200!
> h3. After rolling upgrade for all brokers
>  After upgrade all brokers, it seems each broker can not connect to other brokers
> !http://olt6kofv9.bkt.clouddn.com/17-7-20/84863343.jpg| height=200,width=800!
> I restart broker 2 at last which is the controller, then broker 3 came to be controller,
and it also failed to perform preferred replica leader election
> !http://olt6kofv9.bkt.clouddn.com/17-7-20/70680876.jpg|height=150,width=1200!
> h3. Shutdown all and restart 
> The cluster works well when  I shutdown all brokers and restart all with inter-broker
security configurations like this:
> {quote}listeners=PLAINTEXT://,SASL_PLAINTEXT://
> #advertised.listeners=SASL_PLAINTEXT://
> security.inter.broker.protocol=SASL_PLAINTEXT
> sasl.mechanism.inter.broker.protocol=PLAIN{quote}
> replica fetch thread was started
> !http://olt6kofv9.bkt.clouddn.com/17-7-20/98186199.jpg|height=200,width=1200!
> and ISR was normal
> !http://olt6kofv9.bkt.clouddn.com/17-7-20/13606263.jpg|height=150,width=680!

This message was sent by Atlassian JIRA

View raw message