[
https://issues.apache.org/jira/browse/KAFKA-14781?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chris Egerton reassigned KAFKA-14781:
-------------------------------------
Assignee: Chris Egerton
> MM2 logs misleading error during topic ACL sync when broker does not have
> authorizer configured
> -----------------------------------------------------------------------------------------------
>
> Key: KAFKA-14781
> URL: https://issues.apache.org/jira/browse/KAFKA-14781
> Project: Kafka
> Issue Type: Bug
> Components: mirrormaker
> Reporter: Chris Egerton
> Assignee: Chris Egerton
> Priority: Major
>
> When there is no broker-side authorizer configured on a Kafka cluster
> targeted by MirrorMaker 2, users see error-level log messages like this
> one:{{{}{}}}
> {quote}[2023-03-06 10:53:57,488] ERROR [MirrorSourceConnector|worker]
> Scheduler for MirrorSourceConnector caught exception in scheduled task:
> syncing topic ACLs (org.apache.kafka.connect.mirror.Scheduler:102)
> java.util.concurrent.ExecutionException:
> org.apache.kafka.common.errors.SecurityDisabledException: No Authorizer is
> configured on the broker
> at
> java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:395)
> at
> java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1999)
> at
> org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:165)
> at
> org.apache.kafka.connect.mirror.MirrorSourceConnector.listTopicAclBindings(MirrorSourceConnector.java:456)
> at
> org.apache.kafka.connect.mirror.MirrorSourceConnector.syncTopicAcls(MirrorSourceConnector.java:342)
> at org.apache.kafka.connect.mirror.Scheduler.run(Scheduler.java:93)
> at
> org.apache.kafka.connect.mirror.Scheduler.executeThread(Scheduler.java:112)
> at
> org.apache.kafka.connect.mirror.Scheduler.lambda$scheduleRepeating$0(Scheduler.java:50)
> at
> java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
> at
> java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305)
> at
> java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305)
> at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
> at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> at java.base/java.lang.Thread.run(Thread.java:829)
> Caused by: org.apache.kafka.common.errors.SecurityDisabledException: No
> Authorizer is configured on the broker
> {quote}
> This can be misleading as it looks like something is wrong with MM2 or the
> Kafka cluster. In reality, it's usually fine, since topic ACL syncing is
> enabled by default and it's reasonable for Kafka clusters (especially in
> testing/dev environments) to not have authorizers enabled.
> We should try to catch this specific case and downgrade the severity of the
> log message from {{ERROR}} to either {{INFO}} or {{{}DEBUG{}}}. We may also
> consider suggesting to users that they disable topic ACL syncing if their
> Kafka cluster doesn't have authorization set up, but this should probably
> only be emitted once over the lifetime of the connector in order to avoid
> generating log spam.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
