[
https://issues.apache.org/jira/browse/KAFKA-17704?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17888414#comment-17888414
]
Dmitri Pavlov commented on KAFKA-17704:
---------------------------------------
Thanks Greg! Not sure I understood correctly about "AppliedConnectorConfig's
caching behavior". But before 13:53 at 13:51 there was a successful change from
user2 to user3 (if recalling correctly, need to double check).
Lets say I have TTL cycles 1,2,3,4,5,6, etc .... 2 minutes each.
At the beginning of each cycle I change creds.
Which of the cycles you think will have the configs APPLIED vs CURRENT compared
correctly/incorrectly?
Like
Cycle1-creds_changed-Cycle2 -> good (APPLIED vs CURRENT compared correctly)
Cycle2-creds_changed-Cycle3 -> good
Cycle3-creds_changed-Cycle4 -> bad (APPLIED vs CURRENT compared incorrectly)
Cycle4-creds_changed-Cycle5 -> good ....
Since, when it happens, the creds from the previous cycle are used, since
nothing has changed and tasks will not be restarted.
Regarding this - If you shortened the TTL (or equivalently, reduced the rate at
which the config can change). The same phenomena exists when TTL is 10 minutes
(from current 2).
We are ok not to stress it as bug, however difficult not to stress, as it looks
like any dynamic secret scenarios will be affected. However, if KAFKA-17627
fixes "it", then nothing we can do. Work in progress, right?
> possible race condition in TTL credentials when connectors recycled on single
> node instance
> -------------------------------------------------------------------------------------------
>
> Key: KAFKA-17704
> URL: https://issues.apache.org/jira/browse/KAFKA-17704
> Project: Kafka
> Issue Type: Bug
> Affects Versions: 3.7.1
> Reporter: Doug Whitfield
> Priority: Minor
> Attachments: For_community.zip.001, For_community.zip.002,
> For_community.zip.003, For_community.zip.004, For_community.zip.005,
> For_community.zip.006, For_community.zip.007,
> image-2024-10-07-11-17-41-951.png, image-2024-10-08-19-10-13-215.png,
> image-2024-10-09-17-04-31-915.png, logstoupload.log
>
>
> This is related to https://issues.apache.org/jira/browse/KAFKA-9228 and
> https://issues.apache.org/jira/browse/KAFKA-17627 but in single node instance
> and only related to credentials (as far as we know currently), so maybe
> something else is in play?
> In some cases, when TTL is used with a single node, passwords are not passed
> properly.
> In the "logstoupload.log" file you can see that at 09:14 the password does
> not get change, but at 09:24 it does get changed.
> We are able to "reliably" reproduce this in prod-like environment where this
> log comes from in Kubernetes, but we have only captured this "race condition"
> in test rarely where we are not using Kubernetes. We have seen it without
> Kubernetes though.
> We hope to provide something more reproducible next week, but perhaps
> uploading this "full" log will allow you to guide us so we can make this more
> reproducible.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
