10011 created KAFKA-16006:
-----------------------------
Summary: mTLS authentication works for kafka-topic.sh but fails
for kafka-metadata-quorum.sh
Key: KAFKA-16006
URL: https://issues.apache.org/jira/browse/KAFKA-16006
Project: Kafka
Issue Type: Bug
Reporter: 10011
The same client-ssl configuration works for kafka-topics.sh script but failed
for kafka-metadata-quorum.sh during authentication. See details below
{code:java}
bash-4.2$ ./kafka-topics.sh --bootstrap-server localhost:11005 --command-config
/config/client-ssl.properties --describe --topic clientmTLSTest
Topic: clientmTLSTest TopicId: dg7q11k6R2m2dgDSDGEfXw PartitionCount: 3
ReplicationFactor: 3 Configs: segment.bytes=1073741824
Topic: clientmTLSTest Partition: 0 Leader: 5 Replicas: 5,6,4
Isr: 6,5,4
Topic: clientmTLSTest Partition: 1 Leader: 6 Replicas: 6,4,5
Isr: 6,4,5
Topic: clientmTLSTest Partition: 2 Leader: 4 Replicas: 4,5,6
Isr: 6,4,5
bash-4.2$ ./kafka-metadata-quorum.sh --command-config
/config/client-ssl.properties --bootstrap-server localhost:11005 describe
--status
[2023-12-13 21:19:55,500] ERROR Uncaught exception in thread
'kafka-admin-client-thread | adminclient-1':
(org.apache.kafka.common.utils.KafkaThread)
java.lang.OutOfMemoryError: Java heap space
at java.base/java.nio.HeapByteBuffer.<init>(HeapByteBuffer.java:64)
at java.base/java.nio.ByteBuffer.allocate(ByteBuffer.java:363)
at
org.apache.kafka.common.memory.MemoryPool$1.tryAllocate(MemoryPool.java:30)
at
org.apache.kafka.common.network.NetworkReceive.readFrom(NetworkReceive.java:102)
at
org.apache.kafka.common.network.KafkaChannel.receive(KafkaChannel.java:452)
at org.apache.kafka.common.network.KafkaChannel.read(KafkaChannel.java:402)
at org.apache.kafka.common.network.Selector.attemptRead(Selector.java:674)
at
org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:576)
at org.apache.kafka.common.network.Selector.poll(Selector.java:481)
at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560)
at
org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413)
at
org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344)
at java.base/java.lang.Thread.run(Thread.java:842)
org.apache.kafka.common.errors.TimeoutException: The AdminClient thread has
exited. Call: listNodes
java.util.concurrent.ExecutionException:
org.apache.kafka.common.errors.TimeoutException: The AdminClient thread has
exited. Call: listNodes
at
java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:396)
at
java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2073)
at
org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:165)
at
org.apache.kafka.tools.MetadataQuorumCommand.handleDescribeStatus(MetadataQuorumCommand.java:167)
at
org.apache.kafka.tools.MetadataQuorumCommand.execute(MetadataQuorumCommand.java:106)
at
org.apache.kafka.tools.MetadataQuorumCommand.mainNoExit(MetadataQuorumCommand.java:55)
at
org.apache.kafka.tools.MetadataQuorumCommand.main(MetadataQuorumCommand.java:50)
Caused by: org.apache.kafka.common.errors.TimeoutException: The AdminClient
thread has exited. Call: listNodes
bash-4.2$ tail /logs/kafka/server.log
[2023-12-13 21:18:17,356] INFO [SocketServer listenerType=BROKER, nodeId=4]
Failed authentication with /127.0.0.1
(channelId=127.0.0.1:11005-127.0.0.1:42730-794) (SSL handshake failed)
(org.apache.kafka.common.network.Selector)
[2023-12-13 21:19:55,464] INFO [SocketServer listenerType=BROKER, nodeId=4]
Failed authentication with /127.0.0.1
(channelId=127.0.0.1:11005-127.0.0.1:39594-809) (SSL handshake failed)
(org.apache.kafka.common.network.Selector)
{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
