10011 created KAFKA-16006: ----------------------------- Summary: mTLS authentication works for kafka-topic.sh but fails for kafka-metadata-quorum.sh Key: KAFKA-16006 URL: https://issues.apache.org/jira/browse/KAFKA-16006 Project: Kafka Issue Type: Bug Reporter: 10011
The same client-ssl configuration works for kafka-topics.sh script but failed for kafka-metadata-quorum.sh during authentication. See details below {code:java} bash-4.2$ ./kafka-topics.sh --bootstrap-server localhost:11005 --command-config /config/client-ssl.properties --describe --topic clientmTLSTest Topic: clientmTLSTest TopicId: dg7q11k6R2m2dgDSDGEfXw PartitionCount: 3 ReplicationFactor: 3 Configs: segment.bytes=1073741824 Topic: clientmTLSTest Partition: 0 Leader: 5 Replicas: 5,6,4 Isr: 6,5,4 Topic: clientmTLSTest Partition: 1 Leader: 6 Replicas: 6,4,5 Isr: 6,4,5 Topic: clientmTLSTest Partition: 2 Leader: 4 Replicas: 4,5,6 Isr: 6,4,5 bash-4.2$ ./kafka-metadata-quorum.sh --command-config /config/client-ssl.properties --bootstrap-server localhost:11005 describe --status [2023-12-13 21:19:55,500] ERROR Uncaught exception in thread 'kafka-admin-client-thread | adminclient-1': (org.apache.kafka.common.utils.KafkaThread) java.lang.OutOfMemoryError: Java heap space at java.base/java.nio.HeapByteBuffer.<init>(HeapByteBuffer.java:64) at java.base/java.nio.ByteBuffer.allocate(ByteBuffer.java:363) at org.apache.kafka.common.memory.MemoryPool$1.tryAllocate(MemoryPool.java:30) at org.apache.kafka.common.network.NetworkReceive.readFrom(NetworkReceive.java:102) at org.apache.kafka.common.network.KafkaChannel.receive(KafkaChannel.java:452) at org.apache.kafka.common.network.KafkaChannel.read(KafkaChannel.java:402) at org.apache.kafka.common.network.Selector.attemptRead(Selector.java:674) at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:576) at org.apache.kafka.common.network.Selector.poll(Selector.java:481) at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560) at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1413) at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1344) at java.base/java.lang.Thread.run(Thread.java:842) org.apache.kafka.common.errors.TimeoutException: The AdminClient thread has exited. Call: listNodes java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.TimeoutException: The AdminClient thread has exited. Call: listNodes at java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:396) at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2073) at org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:165) at org.apache.kafka.tools.MetadataQuorumCommand.handleDescribeStatus(MetadataQuorumCommand.java:167) at org.apache.kafka.tools.MetadataQuorumCommand.execute(MetadataQuorumCommand.java:106) at org.apache.kafka.tools.MetadataQuorumCommand.mainNoExit(MetadataQuorumCommand.java:55) at org.apache.kafka.tools.MetadataQuorumCommand.main(MetadataQuorumCommand.java:50) Caused by: org.apache.kafka.common.errors.TimeoutException: The AdminClient thread has exited. Call: listNodes bash-4.2$ tail /logs/kafka/server.log [2023-12-13 21:18:17,356] INFO [SocketServer listenerType=BROKER, nodeId=4] Failed authentication with /127.0.0.1 (channelId=127.0.0.1:11005-127.0.0.1:42730-794) (SSL handshake failed) (org.apache.kafka.common.network.Selector) [2023-12-13 21:19:55,464] INFO [SocketServer listenerType=BROKER, nodeId=4] Failed authentication with /127.0.0.1 (channelId=127.0.0.1:11005-127.0.0.1:39594-809) (SSL handshake failed) (org.apache.kafka.common.network.Selector) {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)