Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 4960C160C05 for ; Wed, 3 Jan 2018 18:34:20 +0100 (CET) Received: (qmail 29773 invoked by uid 500); 3 Jan 2018 17:34:18 -0000 Mailing-List: contact dev-help@kafka.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@kafka.apache.org Delivered-To: mailing list dev@kafka.apache.org Received: (qmail 29758 invoked by uid 99); 3 Jan 2018 17:34:18 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Jan 2018 17:34:18 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id E2C8B18033A for ; Wed, 3 Jan 2018 17:34:17 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.979 X-Spam-Level: * X-Spam-Status: No, score=1.979 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=confluent-io.20150623.gappssmtp.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id z-CuDs69vOC4 for ; Wed, 3 Jan 2018 17:34:12 +0000 (UTC) Received: from mail-oi0-f50.google.com (mail-oi0-f50.google.com [209.85.218.50]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id F18D75FAC9 for ; Wed, 3 Jan 2018 17:34:11 +0000 (UTC) Received: by mail-oi0-f50.google.com with SMTP id r63so1414721oia.6 for ; Wed, 03 Jan 2018 09:34:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=confluent-io.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=5X3UBh+qmor6YL3y2K8xQxXWvfyWOvHfploj2N9Nxg4=; b=YV4aznpjpSsmG3uFe3a4pc7nlZ1vPXv/Fx+90T06seUYzDpQh6nX9Fgd08Fe4IR3Sk KzEdOeZIAY0giaBZwEyDsnH1nFOWXSAus43XqF9zvKnvDEErDCJVUekJuSoiJsHpCxU4 1UWoI4HC1jm2XNff6oQk3D+IXmbf9TgL4U5gfKQ8H6YzG568NgO8bYzvQ8xaoBhMue0A H0Z0VENh/2DsG2yo/B4NqqwxEqqsGa2GPYglQZ59LQAFmL8JCvm2vDXAA/AqVd7dImD2 vI+zg5vUqGmHWTF/JPbm6ONqjXzDtw+tWDy6xXdAI8YbGtLZ+zYqjeliHLRbHAj3wZA8 3puw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=5X3UBh+qmor6YL3y2K8xQxXWvfyWOvHfploj2N9Nxg4=; b=e5+u/iMqFLIWP0ZUshHvcSVELQn5+IPJ5PuB0ZK5dBDXGZkDkad+cQXtZ2cN4Cv3BA uDiAxb2lHfW6HvHROZVSFA1K7lfmoXZ0iUy63SmU7FGZuXkgmCjtGSAD3YO5uYRNHnx3 9Pkta1R9aJ/r3C5kq7MzN50VXRfvt7oxM7Dbz+VJaCeOU/0ekEXJoJj4Muo/2uXSB07k g1vLJ1TUkF1ibvG/3qx3q4IMXFixXro2jMjX+AfLHr+l7b7Ea5miGt5uGaOMXkek/0+V eThPFzOD1A9JuW2bLWzD1I5KgizJ+JdmXPZEW5Bql0y2hwt34JbzsbnqJYn/nz8hC3QC qqiw== X-Gm-Message-State: AKGB3mIU6YHpixTIPN3ldPkbwgz1yzm8guDiXNTxKswBLeot6zG3TBq6 5wlqXTTzBcJbZ3jRcmH3teEfo86So5arTNf3BqNXxEZ3GG8= X-Google-Smtp-Source: ACJfBouA+9b1X+yftzlYlLEnIDO2ztBhkZNPQp2FmfyyQp2hVVD2Ql6tGJBV0jnYHKeP5oXkApNzKV+JKEtVfSVI1XE= X-Received: by 10.202.234.135 with SMTP id i129mr1177980oih.74.1515000843936; Wed, 03 Jan 2018 09:34:03 -0800 (PST) MIME-Version: 1.0 Received: by 10.74.41.140 with HTTP; Wed, 3 Jan 2018 09:34:03 -0800 (PST) In-Reply-To: References: From: Jason Gustafson Date: Wed, 3 Jan 2018 09:34:03 -0800 Message-ID: Subject: Re: [VOTE] KIP-226 - Dynamic Broker Configuration To: dev@kafka.apache.org Content-Type: multipart/alternative; boundary="001a113d395e2336d60561e29fcc" archived-at: Wed, 03 Jan 2018 17:34:21 -0000 --001a113d395e2336d60561e29fcc Content-Type: text/plain; charset="UTF-8" +1 Thanks for the KIP. One minor nit: I think we changed ConfigSource.TOPIC_CONFIG to ConfigSource.DYNAMIC_TOPIC_CONFIG in the PR. As far as updating secrets, I wasn't sure I understand how that will work. Do the password configs accept multiple values? On Wed, Jan 3, 2018 at 2:58 AM, Rajini Sivaram wrote: > Hi Jun, > > Thank you for reviewing and voting. > > 50. I have updated the KIP to describe how the secret may be changed. All > dynamically configurable passwords and per-broker configs. So the secret > can be different across brokers and updated using rolling restart. In order > to update the secret, each broker needs to be restarted with an updated > server.properties which contains the new secret as well as the current > values of all the password configs. Admin client can then be used to update > the passwords in ZooKeeper that are encrypted using the new secret. > > 51. leader.replication.throttled.replicas and > follower.replication.throttled.replicas > are dynamically configurable at the topic level. But there are no defaults > for these at the broker level since they refer to partitions of the topic. > The rates used for throttling were already configurable at the broker > level. > > I made a couple of other changes to the KIP: > > 1. The config names used for encoding passwords are now prefixed with > password.encoder. > Also added key length as a config since this is constrained by the > algorithm which is also configurable. > 2. I moved the update of inter-broker security protocol and > inter-broker sasl mechanism to the follow-on KIP under Future Work. As part > of the new KIP, we need to add protocol changes to validate that all > brokers in the cluster support the new protocol/mechanism/version to avoid > accidental changes before all brokers are updated. > > > On Tue, Jan 2, 2018 at 10:58 PM, Jun Rao wrote: > > > Hi, Rajini, > > > > Thank for the KIP. +1. Just a couple of minor comments below. > > > > > > 50. config.secret.*: Could you document how the encryption/decryption of > > passwd work? In particular, how do we support changing config.secret? > > > > 51. At the topic level, we also have leader.replication.throttled. > replicas > > and follower.replication.throttled.replicas. Should they be dynamically > > configurable? > > > > Jun > > > > > > > > > > > > > > On Tue, Dec 12, 2017 at 9:24 AM, Gwen Shapira wrote: > > > > > +1 (binding). Thank you for leading this, Rajini. > > > > > > On Tue, Dec 12, 2017 at 8:35 AM Tom Bentley > > wrote: > > > > > > > +1 (nonbinding) > > > > > > > > On 12 December 2017 at 15:34, Ted Yu wrote: > > > > > > > > > +1 > > > > > > > > > > On Tue, Dec 12, 2017 at 5:44 AM, Rajini Sivaram < > > > rajinisivaram@gmail.com > > > > > > > > > > wrote: > > > > > > > > > > > Since there are no more outstanding comments, I would like to > start > > > > vote > > > > > > for KIP-226: > > > > > > > > > > > > https://cwiki.apache.org/confluence/display/KAFKA/KIP- > > > > > > 226+-+Dynamic+Broker+Configuration > > > > > > > > > > > > > > > > > > The KIP enables dynamic update of commonly updated broker > > > configuration > > > > > > options to avoid expensive restarts. > > > > > > > > > > > > Thank you, > > > > > > > > > > > > Rajini > > > > > > > > > > > > > > > > > > > > > --001a113d395e2336d60561e29fcc--