Thanks Ismael, I'll raise a PR for this. As a process, is there a JIRA
that's expected to be filed for this before I raise a PR or would this
be OK without a JIRA?
-Jaikiran
On Monday 05 September 2016 03:55 PM, Ismael Juma wrote:
Hi Jaikiran,
I agree that this is a valid configuration and the log level seems too high
given that. The original motivation is explained in the PR:
https://github.com/apache/kafka/pull/155/files#diff-fce430ae21a0c98d82da6d4aa551f824L603
That is, help people figure out if client authentication was not setup
correctly, but it seems like a better way to do that is to set
`ssl.client.auth=required`. So I'd, personally, be fine with reducing the
log level to info or debug.
Ismael
On Sun, Sep 4, 2016 at 3:01 PM, Jaikiran Pai <jai.forums2...@gmail.com>
wrote:
We just started enabling SSL for our Kafka brokers and (Java) clients and
among some of the issues we are running into, one of them is the flooding
of the server/broker Kafka logs where we are seeing these messages:
[2016-09-02 08:07:13,773] WARN SSL peer is not authenticated, returning
ANONYMOUS instead (org.apache.kafka.common.network.SslTransportLayer)
[2016-09-02 08:07:15,710] WARN SSL peer is not authenticated, returning
ANONYMOUS instead (org.apache.kafka.common.network.SslTransportLayer)
[2016-09-02 08:07:15,711] WARN SSL peer is not authenticated, returning
ANONYMOUS instead (org.apache.kafka.common.network.SslTransportLayer)
[2016-09-02 08:07:15,711] WARN SSL peer is not authenticated, returning
ANONYMOUS instead (org.apache.kafka.common.network.SslTransportLayer)
[2016-09-02 08:07:15,712] WARN SSL peer is not authenticated, returning
ANONYMOUS instead (org.apache.kafka.common.network.SslTransportLayer)
....
They just keep going on and on. In our SSL setup, we have the broker
configured with the keystore and the Java clients have been configured with
a proper truststore and all works fine except for these messages flooding
the logs. We don't have any ACLs setup nor have we enabled client auth
check.
Looking at the code which generates this WARN message
https://github.com/apache/kafka/blob/trunk/clients/src/main/
java/org/apache/kafka/common/network/SslTransportLayer.java#L638 and the
fact that the setup we have (where we just enable server/broker cert
validation) is, IMO, a valid scenario and not some exceptional/incorrect
setup issue, I think this log message is something that can be removed from
the code (or at least logged at a very lower level given the frequency at
which this gets logged)
Any thoughts on this?
It's a pretty straightforward change and if this change is something that
sounds right, I can go ahead and submit a PR.
P.S: This is both on 0.9.0.1 and latest 0.10.0.1.
-Jaikiran
