Re: [ANNOUNCE] New Kafka PMC Member: David Arthur

Congratulations, David! Regards, Rajini On Mon, Mar 13, 2023 at 9:06 AM Bruno Cadonna wrote: > Congrats, David! > > Bruno > > On 10.03.23 01:36, Matthias J. Sax wrote: > > Congrats! > > > > On 3/9/23 2:59 PM, José Armando García Sancio wrote: > >> Congrats David! > >> > >> On Thu, Mar 9, 2023

Re: [VOTE] 3.2.1 RC3

Hi David, +1 (binding) Verified signatures, ran quickstart with binaries, built from source and verified with quickstart, checked some javadocs. Thanks for the RC, David! Regards, Rajini On Tue, Jul 26, 2022 at 4:32 PM Randall Hauch wrote: > Thanks for the RC, David. > > I was able to

Re: Accessing TLS certs and keys from Vault into Kafka

You can add a Vault provider for externalized configs by implementing a ` org.apache.kafka.common.config.provider.ConfigProvider`.Details are in https://cwiki.apache.org/confluence/display/KAFKA/KIP-297%3A+Externalizing+Secrets+for+Connect+Configurations and

Re: [VOTE] 2.6.1 RC3

+1 (binding) Verified signatures, ran tests from source build (one flaky test failed but passed on rerun), ran Kafka quick start with the binary with both Scala 2.12 and Scala 2.13. Thanks for running the release, Mickael! Regards, Rajini On Fri, Dec 11, 2020 at 3:23 PM Mickael Maison wrote:

Re: [ANNOUNCE] New committer: David Jacot

Congratulations, David! Regards, Rajini On Fri, Oct 16, 2020 at 5:45 PM Matthias J. Sax wrote: > Congrats! > > On 10/16/20 9:25 AM, Tom Bentley wrote: > > Congratulations David! > > > > On Fri, Oct 16, 2020 at 5:10 PM Bill Bejeck wrote: > > > >> Congrats David! Well deserved. > >> > >> -Bill

Re: [VOTE] 2.6.0 RC2

Thanks Randall, +1 (binding) Built from source and ran tests, had a quick look through some Javadoc changes, ran quickstart and some tests with Java 11 TLSv1.3 on the binary. Regards, Rajini On Tue, Jul 28, 2020 at 10:50 PM Randall Hauch wrote: > Hello Kafka users, developers and

Re: [ANNOUNCE] New committer: Mickael Maison

Congratulations, Mickael, well deserved!! Regards, Rajini On Fri, Nov 8, 2019 at 9:08 AM David Jacot wrote: > Congrats Mickeal, well deserved! > > On Fri, Nov 8, 2019 at 8:56 AM Tom Bentley wrote: > > > Congratulations Mickael! > > > > On Fri, Nov 8, 2019 at 6:41 AM Vahid Hashemian < >

Re: [VOTE] 2.3.1 RC2

+1 (binding) Verified signatures, built source and ran tests, verified binary using broker, producer and consumer with security enabled. Regards, Rajini On Wed, Oct 23, 2019 at 11:37 PM Matthias J. Sax wrote: > +1 (binding) > > - downloaded and compiled source code > - verified signatures

Re: customising security across the whole of Confluent platform

Hi Joris, I have forwarded your mail to *secur...@confluent.io * since it is about security in the Confluent Platform rather than in Apache Kafka. Regards, Rajini On Tue, Sep 17, 2019 at 11:35 AM Joris Peeters wrote: > Hello, > > I am trying to come up with a good security approach for a

TSU NOTIFICATION - Encryption

SUBMISSION TYPE: TSU SUBMITTED BY: Rajini Sivaram SUBMITTED FOR:The Apache Software Foundation POINT OF CONTACT: Secretary, The Apache Software Foundation FAX: +1-919-573-9199 MANUFACTURER(S): The Apache Software Foundation, Oracle PRODUCT

Re: [ANNOUNCE] New Committer: Randall Hauch

Congratulations, Randall! On Fri, Feb 15, 2019 at 11:56 AM Daniel Hanley wrote: > Congratulations Randall! > > On Fri, Feb 15, 2019 at 9:35 AM Viktor Somogyi-Vass < > viktorsomo...@gmail.com> > wrote: > > > Congrats Randall! :) > > > > On Fri, Feb 15, 2019 at 10:15 AM Satish Duggana < >

Re: [ANNOUNCE] New Committer: Vahid Hashemian

Congratulations, Vahid! Well deserved!! Regards, Rajini On Tue, Jan 15, 2019 at 10:45 PM Jason Gustafson wrote: > Hi All, > > The PMC for Apache Kafka has invited Vahid Hashemian as a project > committer and > we are > pleased to announce that he has accepted! > > Vahid has made numerous

Re: [VOTE] 2.0.1 RC0

+1 (binding) Checked source build and unit tests. Ran quickstart with source and binary. Thank you for managing the release, Manikumar! Regards, Rajini On Wed, Nov 7, 2018 at 6:18 PM Gwen Shapira wrote: > +1 (binding) > > Checked signatures, build and quickstart. > > Thank you for managing

Re: [VOTE] 2.0.1 RC0

+1 (binding) Checked source build and unit tests. Ran quickstart with source and binary. Thank you for managing the release, Manikumar! Regards, Rajini On Wed, Nov 7, 2018 at 6:18 PM Gwen Shapira wrote: > +1 (binding) > > Checked signatures, build and quickstart. > > Thank you for managing

Re: [ANNOUNCE] New Committer: Manikumar Reddy

Congratulations, Manikumar! On Thu, Oct 11, 2018 at 6:57 PM Suman B N wrote: > Congratulations Manikumar! > > On Thu, Oct 11, 2018 at 11:09 PM Jason Gustafson > wrote: > > > Hi all, > > > > The PMC for Apache Kafka has invited Manikumar Reddy as a committer and > we > > are > > pleased to

Re: [ANNOUNCE] New committer: Colin McCabe

Congratulations, Colin! Well deserved! Regards, Rajini On Tue, Sep 25, 2018 at 9:39 AM, Ismael Juma wrote: > Hi all, > > The PMC for Apache Kafka has invited Colin McCabe as a committer and we are > pleased to announce that he has accepted! > > Colin has contributed 101 commits and 8 KIPs

[ANNOUNCE] Apache Kafka 2.0.0 Released

Reftel, Manikumar Reddy, Manikumar Reddy O, manjuapu, Mats Julian Olsen, Matthias J. Sax, Max Zheng, maytals, Michael Arndt, Michael G. Noll, Mickael Maison, nafshartous, Nick Travers, nixsticks, Paolo Patierno, parafiend, Patrik Erdes, Radai Rosenblatt, Rajini Sivaram, Randall Hauch, ro7m, Robert

[RESULTS] [VOTE] Release Kafka version 2.0.0

This vote passes with 7 +1 votes (4 bindings) and no 0 or -1 votes. +1 votes PMC Members: * Guozhang Wang * Gwen Shapira * Jason Gustafson * Rajini Sivaram Committers * No votes Community: * Vahid Hashemian * Ted Yu * Ron Dagostino 0 votes * No votes -1 votes * No votes Vote

CVE-2018-1288: Authenticated Kafka clients may interfere with data replication

CVE-2018-1288: Authenticated Kafka clients may interfere with data replication Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, 1.0.0 Description: Authenticated Kafka users may

CVE-2017-12610: Authenticated Kafka clients may impersonate other users

- 0.11.0.2 or higher - 1.0.0 or higher Acknowledgements: This issue was reported by Rajini Sivaram. Regards, Rajini

[VOTE] 2.0.0 RC3

Hello Kafka users, developers and client-developers, This is the fourth candidate for release of Apache Kafka 2.0.0. This is a major version release of Apache Kafka. It includes 40 new KIPs and several critical bug fixes. Please see the 2.0.0 release plan for more details:

Re: [VOTE] 2.0.0 RC2

t; > (but does not require another RC), 1.2 (which became 2.0) is mentioned in > > the upgrade notes: > > > > http://kafka.apache.org/20/documentation.html#upgrade > > > > Ismael > > > > On Sun, Jul 15, 2018 at 9:25 AM Rajini Sivaram > > wrote: > > &

Re: [VOTE] 2.0.0 RC2

that this never worked properly. > > Ismael > > On Tue, Jul 10, 2018 at 10:17 AM Rajini Sivaram > wrote: > > > Hello Kafka users, developers and client-developers, > > > > > > This is the third candidate for release of Apache Kafka 2.0.0. > > &g

[VOTE] 2.0.0 RC2

Hello Kafka users, developers and client-developers, This is the third candidate for release of Apache Kafka 2.0.0. This is a major version release of Apache Kafka. It includes 40 new KIPs and several critical bug fixes. Please see the 2.0.0 release plan for more details:

Re: [ANNOUNCE] Apache Kafka 0.10.2.2 Released

> > > > Apache Kafka is in use at large and small companies worldwide, > including Capital One, Goldman Sachs, ING, LinkedIn, Netflix, > Pinterest, Rabobank, Target, The New York Times, Uber, Yelp, and > Zalando, among others. > > > > A big thank you for the following

Re: [ANNOUNCE] Apache Kafka 0.11.0.3 Released

or example, a connector to a relational database might > > > > capture every change to a table.three key capabilities: > > > > > > > > > > > > > > > > With these APIs, Kafka can be used for two broad classes of > > application: >

Re: [kafka-clients] [VOTE] 1.0.2 RC1

Hi Matthias, +1 (binding) Thank you for running the release. Ran quick start with binary, tests with source, checked javadocs. Regards, Rajini On Mon, Jul 2, 2018 at 9:34 PM, Harsha wrote: > +1. > > 1) Ran unit tests > 2) 3 node cluster , tested basic operations. > > Thanks, > Harsha > >

Re: [kafka-clients] [VOTE] 2.0.0 RC1

estamp. > https://repository.apache.org/content/groups/staging/org/ > apache/kafka/kafka_2.11/2.0.0/ > > On Sat, Jun 30, 2018 at 12:06 AM Rajini Sivaram > wrote: > >> Hello Kafka users, developers and client-developers, >> >> >> This is the se

Re: [kafka-clients] [VOTE] 0.11.0.3 RC0

Hi Matthias, +1 (binding) Verified binary using quick start, verified source by building and running tests, checked release notes. Thanks for running the release! Regards, Rajini On Fri, Jun 29, 2018 at 11:07 PM, Jun Rao wrote: > Hi, Matthias, > > Thanks for running the release. Verified

Re: [kafka-clients] [VOTE] 1.1.1 RC2

Hi Dong, +1 (binding) Verified binary using quick start, ran tests from source, checked release notes. Thanks for running the release! Regards, Rajini On Fri, Jun 29, 2018 at 11:11 PM, Jun Rao wrote: > Hi, Dong, > > Thanks for running the release. Verified quickstart on scala 2.12 binary.

[VOTE] 2.0.0 RC1

Hello Kafka users, developers and client-developers, This is the second candidate for release of Apache Kafka 2.0.0. This is a major version release of Apache Kafka. It includes 40 new KIPs and several critical bug fixes. Please see the 2.0.0 release plan for more details:

Re: [VOTE] 2.0.0 RC0

produce/consume compressed/uncompressed data to/from 2.0.0 brokers 3. End users can verify that their apps work correctly with the new release. Thank you! Rajini On Thu, Jun 21, 2018 at 12:24 PM, Rajini Sivaram wrote: > Sorry, the documentation does go live with the RC (thanks to Ism

Re: [VOTE] 2.0.0 RC0

Sorry, the documentation does go live with the RC (thanks to Ismael for pointing this out), so here are the links: * Documentation: http://kafka.apache.org/20/documentation.html * Protocol: http://kafka.apache.org/20/protocol.html Regards, Rajini On Wed, Jun 20, 2018 at 9:08 PM, Rajini

[VOTE] 2.0.0 RC0

Hello Kafka users, developers and client-developers, This is the first candidate for release of Apache Kafka 2.0.0. This is a major version release of Apache Kafka. It includes 40 new KIPs and several critical bug fixes. Please see the 2.0.0 release plan for more details:

Re: KIP-226 - Dynamic Broker Configuration

Hi Darshan, We currently allow only keystores to be dynamically updated. And you need to use kaka-configs.sh to update the keystore config. See https://kafka.apache.org/documentation/#dynamicbrokerconfigs. On Thu, Apr 19, 2018 at 6:51 AM, Darshan wrote: > Hi > >

Fwd: [ANNOUNCE] Apache Kafka 1.1.0 Released

Resending to kaka-clients group: -- Forwarded message -- From: Rajini Sivaram <rsiva...@apache.org> Date: Thu, Mar 29, 2018 at 10:27 AM Subject: [ANNOUNCE] Apache Kafka 1.1.0 Released To: annou...@apache.org, Users <users@kafka.apache.org>, dev < d...@kafka.apa

[ANNOUNCE] Apache Kafka 1.1.0 Released

Zheng, Maytee Chinavanichkit, Mickael Maison, Mikkin, mulvenna, Narendra kumar, Nick Chiu, Onur Karaman, Panuwat Anawatmongkhon, Paolo Patierno, parafiend, ppatierno, Prasanna Gautam, Radai Rosenblatt, Rajini Sivaram, Randall Hauch, Richard Yu, RichardYuSTUG, Robert Yokota, Rohan, Rohan Desai

Re: [VOTE] 1.1.0 RC4

This vote passes with 9 +1 votes (4 bindings) and no 0 or -1 votes. +1 votes PMC Members: * Jason Gustafson * Jun Rao * Gwen Shapira * Rajini Sivaram Committers: * No votes Community: * Ted Yu * Manikumar * Jeff Chao * Vahid Hashemian * Brett Rann 0 votes * No votes -1 votes * No votes

Re: [VOTE] 1.1.0 RC4

> > +1 from me. > > On Sat, Mar 24, 2018 at 11:49 AM, Rajini Sivaram <rajinisiva...@gmail.com> > wrote: > > > Hi Ted, > > > > Thank you for testing the RC. I haven't been able to recreate that > failure > > after running the test a 100 times. Was it a

[VOTE] 1.1.0 RC4

Hello Kafka users, developers and client-developers, This is the fifth candidate for release of Apache Kafka 1.1.0. https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=75957546 A few highlights: * Significant Controller improvements (much faster and session expiration edge cases

Re: [VOTE] 1.0.1 RC1

+1 Ran quickstart with binaries, built source and ran tests, Thank you for running the release, Ewen. Regards, Rajini On Thu, Feb 15, 2018 at 2:31 AM, Guozhang Wang wrote: > +1 > > Ran tests, verified web docs. > > On Wed, Feb 14, 2018 at 6:00 PM, Satish Duggana

Re: [ANNOUNCE] New Kafka PMC Member: Rajini Sivaram

Thanks everyone! Regards, Rajini On Thu, Jan 18, 2018 at 8:53 AM, Damian Guy <damian@gmail.com> wrote: > Congratulations Rajini! > > On Thu, 18 Jan 2018 at 00:57 Hu Xi <huxi...@hotmail.com> wrote: > > > Congratulations, Rajin

Re: [ANNOUNCE] New committer: Matthias J. Sax

Congratulations Matthias! On Sat, Jan 13, 2018 at 11:34 AM, Mickael Maison wrote: > Congratulations Matthias ! > > On Sat, Jan 13, 2018 at 7:01 AM, Paolo Patierno > wrote: > > Congratulations Matthias ! Very well deserved ! > >

Fwd: [ANNOUNCE] Apache Kafka 0.11.0.2 Released

, Manikumar Reddy, manjuapu, Mickael Maison, oleg, Onur Karaman, Rajini Sivaram, siva santhalingam, Xavier Léauté, Xin Li We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at http://kafka.apache.org/ Thank you! Regards

Re: [VOTE] 0.11.0.2 RC0

Correction from previous note: Vote closed with 3 binding PMC votes (Gwen, Guozhang, Ismael ) and 4 non-binding votes. On Thu, Nov 16, 2017 at 10:03 AM, Rajini Sivaram <rajinisiva...@gmail.com> wrote: > +1 from me > > The vote has passed with 4 binding votes (Gwen, Guozhang, Isma

Re: [VOTE] 0.11.0.2 RC0

g this release Rajini! > > On Sat, Nov 11, 2017 at 12:37 AM, Rajini Sivaram <rajinisiva...@gmail.com> > wrote: > > > Hello Kafka users, developers and client-developers, > > > > > > This is the first candidate for release of Apache Kafka 0.11.0.2. > > > >

Re: [VOTE] 0.11.0.2 RC0

Resending to include kafka-clients. On Sat, Nov 11, 2017 at 12:37 AM, Rajini Sivaram <rajinisiva...@gmail.com> wrote: > Hello Kafka users, developers and client-developers, > > > This is the first candidate for release of Apache Kafka 0.11.0.2. > > > This is a bug

[VOTE] 0.11.0.2 RC0

Hello Kafka users, developers and client-developers, This is the first candidate for release of Apache Kafka 0.11.0.2. This is a bug fix release and it includes fixes and improvements from 16 JIRAs, including a few critical bugs. Release notes for the 0.11.0.2 release:

Re: [ANNOUNCE] New committer: Onur Karaman

Congratulations, Onur! On Mon, Nov 6, 2017 at 8:10 PM, Dong Lin wrote: > Congratulations Onur! > > On Mon, Nov 6, 2017 at 9:24 AM, Jun Rao wrote: > > > Hi, everyone, > > > > The PMC of Apache Kafka is pleased to announce a new Kafka committer Onur > >

Re: Spring release using apache clients 11

David, The release plans are here: https://github.com/spring-projects/spring-kafka/ milestone/20?closed=1 We have already included TX and headers support to the current M3 which is planned just after the next SF 5.0 RC3, which is expected tomorrow. Regards, Rajini On Thu, Jul 20, 2017 at 5:01

Re: How to perform keytool operation using Java code

Hi Raghav, You could take a look at https://github.com/apache/kafka/blob/trunk/clients/src/test/java/org/apache/kafka/test/TestSslUtils.java Regards, Rajini On Wed, Jul 12, 2017 at 10:23 PM, Raghav wrote: > Guys, Would anyone know about it ? > > On Tue, Jul 11, 2017 at

Re: Kafka Authorization and ACLs Broken

i > > Now that 0.11.0 is out, can we use the Admin client ? Are there some > example code for these ? > > Thanks. > > On Wed, May 24, 2017 at 9:06 PM, Rajini Sivaram <rajinisiva...@gmail.com> > wrote: > >> Hi Raghav, >> >> Yes, you can create ACLs pr

Re: advertised.listeners

If you want to use different interfaces with the same security protocol, you can specify listener names. You can then also configure different security properties for internal/external if you need. listeners=INTERNAL://1.x.x.x:9092,EXTERNAL://172.x.x.x:9093

Re: Kafka Authorization and ACLs Broken

Raghav/Darshan, Can you try these steps on a clean installation of Kafka? It works for me, so hopefully it will work for you. And then you can adapt to your scenario. *Create keystores and truststores:* keytool -genkey -alias kafka -keystore server.keystore.jks -dname

Re: ACL with SSL is not working

0.0.23 on resource = > Cluster:kafka-cluster (kafka.authorizer.logger) > > On Mon, May 22, 2017 at 6:34 AM, Rajini Sivaram <rajinisiva...@gmail.com> > wrote: > > > Raghav, > > > > I don't believe we do reverse DNS lookup for matching ACL hosts. Have you >

Re: ACL with SSL is not working

Raghav, I don't believe we do reverse DNS lookup for matching ACL hosts. Have you tried defining ACLs with host IP address? On Mon, May 22, 2017 at 9:19 AM, Raghav wrote: > Hi > > I enabled the DEBUG logs on Kafka authorizer, and I see the following logs > for the given

Re: Securing Kafka - Keystore and Truststore question

> generate a keystone and trust store for them, and then ask them to use it > in their client, it works fine. It reduces the number of round trips. Let > me know if something like this is ok or can their be a security breach ? > > Thanks. > > Raghav > > > > O

Re: Securing Kafka - Keystore and Truststore question

in either keystone or trust store. > > Thanks for all your help. > > > > > On Thu, May 18, 2017 at 8:26 AM, Rajini Sivaram <rajinisiva...@gmail.com> > wrote: > >> Raghav, >> >> Perhaps what you want to do is: >> >> *You do (for the brokers

Re: Securing Kafka - Keystore and Truststore question

file > > > 3. Now, we add *client-cert-file* into the trust store of server, and > *server-cert-file* into the trust store of client. Given that each trust > store has other party's certificate in their trust store, does CA > certificate come into the picture ? > > On Thu,

Re: Securing Kafka - Keystore and Truststore question

; Another quick question: > > Say we chose to add our customer's certificates directly to our brokers > trust store and vice verse, could that work ? There is no documentation on > Kafka or Confluent site for this ? > > Thanks. > > > On Wed, May 17, 2017 at 1:56 PM, Raj

Re: Securing Kafka - Keystore and Truststore question

l.com> wrote: > >> Many thanks, Rajini. >> >> On Tue, May 16, 2017 at 8:43 AM, Rajini Sivaram <rajinisiva...@gmail.com> >> wrote: >> >>> Hi Raghav, >>> >>> If your Kafka broker is configured with *ssl.client.auth=re

Re: Securing Kafka - Keystore and Truststore question

certificate request to our private CA, which we then sign it, and > send them signed certificate and private CA's certificate. So there is one > round trip. Just wondering if we can reduce this 2 step into 1 step. > > Thanks. > > > > > > > > > > > >

Re: Securing Kafka - Keystore and Truststore question

Raqhav, 1. Clients need a keystore if you are using TLS client authentication. To enable client authentication, you need to configure ssl.client.auth in server.properties. This can be set to required|requested|none. If you don't enable client authentication, any client will be able to connect to

Re: [ANNOUNCE] New committer: Rajini Sivaram

number > > > 741598 Registered office: PO Box 41, North Harbour, Portsmouth, Hants. > > PO6 > > > 3AU > > > > > > > > > > > > From: Gwen Shapira <g...@confluent.io> > > > To: d...@kafka.apache.org, Users <users@kaf

Re: Consumption on a explicitly (dynamically) created topic has a 5 minute delay

This issue is being addressed in KAFKA-4631. See https://issues.apache.org/jira/browse/KAFKA-4631 and the discussion in the PR https://github.com/apache/kafka/pull/2622 for details. Regards, Rajini On Thu, Mar 2, 2017 at 4:35 AM, Jaikiran Pai wrote: > For future

Re: [kafka-clients] [VOTE] 0.10.2.0 RC2

+1 (non-binding) Ran quick start and some security tests on binary, checked source build and tests. Thank you, Rajini On Thu, Feb 16, 2017 at 2:04 AM, Jun Rao wrote: > Hi, Ewen, > > Thanks for running the release. +1. Verified quickstart on 2.10 binary. > > Jun > > On Tue,

Re: Passing SSL client principal to custom JAAS module with SSL or SASL_SSL

er class. > > I am happy to work on a pull request for this change. I'm not sure if a > change like this would require a KIP but I can start a dev list thread to > see what others think. > > > On Mon, Feb 13, 2017 at 7:10 AM, Rajini Sivaram <rajinisiva...@gmail.com> >

Re: Passing SSL client principal to custom JAAS module with SSL or SASL_SSL

Christopher, SSL client authentication is currently disabled when SASL_SSL is used, so it is not possible to use client certificate credentials with SASL_SSL. Are you expecting to authenticate clients using certificates as well as using SASL? Or do you just need some mechanism to get hold of the

Re: Kafka SSL encryption plus external CA

> steph...@simplemachines.com.au > simplemachines.com.au > Level 2, 145 William Street, Sydney NSW 2010 > > On 21 December 2016 at 12:22:54 am, Rajini Sivaram ( > rajinisiva...@gmail.com) wrote: > > Stephane, > > Bootstrap brokers are also verified by the client in exactly

Re: Kafka SSL encryption plus external CA

> *Stephane Maarek* | Developer > > +61 416 575 980 <+61%20416%20575%20980> > steph...@simplemachines.com.au > simplemachines.com.au > Level 2, 145 William Street, Sydney NSW 2010 > > On 20 December 2016 at 4:27:28 am, Rajini Sivaram (rajinisiva...@gmail.com) > wro

Re: Kafka ACL's with SSL Protocol is not working

that defines ACL), I just want > User_1 to produce messages and User_2 to consume messages. > > How can we achieve that. > > Thanks in advance > > On Mon, Dec 19, 2016 at 3:13 AM, Rajini Sivaram <rajinisiva...@gmail.com> > wrote: > >> Raghu, >> &

Re: Kafka ACL's with SSL Protocol is not working

tion: 0 Leader: 0 Replicas: 0 Isr: 0 > > Thanks in advance, > Raghu > > > On Fri, Dec 16, 2016 at 1:30 AM, Rajini Sivaram <rsiva...@pivotal.io> > wrote: > > > You need to set ssl.client.auth="required" in server.properties. > > > > Regards, &

Re: Kafka SSL encryption plus external CA

Stephane, If you are using a trusted CA like Verisign, clients don't need to specify a truststore. The host names specified in advertised.listeners in the broker must match the wildcard DNS names in the certificates if clients configure ssl.endpoint.identification.algorithm=https. If

Re: Kafka ACL's with SSL Protocol is not working

You need to set ssl.client.auth="required" in server.properties. Regards, Rajini On Wed, Dec 14, 2016 at 12:12 AM, Raghu B wrote: > Hi All, > > I am trying to enable ACL's in my Kafka cluster with along with SSL > Protocol. > > I tried with each and every parameters but

Re: Detecting when all the retries are expired for a message

ew KafkaProducer<>(properties); > > } > > > > private BufferedReader getBufferedReader(String filePath, String encoding) > throws UnsupportedEncodingException, FileNotFoundException { > > return new BufferedReader(new InputStreamReader(new >

Re: Detecting when all the retries are expired for a message

I believe batches in RecordAccumulator are expired after request.timeout.ms, so they wouldn't get retried in this case. I think the config options are quite confusing, making it hard to figure out the behavior without looking into the code. On Tue, Dec 6, 2016 at 10:10 AM, Asaf Mesika

Re: Can Kafka/SSL be terminated at a load balancer?

Ignore the comment about lookups. Your client is finding mybalancer01 since it was working earlier and kafka doesn't need to lookup mybalancer01. It will be good to check the jaas config and then run with debug logging. On Mon, Nov 21, 2016 at 5:16 PM, Rajini Sivaram < rajinis

Re: Can Kafka/SSL be terminated at a load balancer?

t; (which is a regression of where I was before we started trying to add SSL) > tells me there is something wrong in either server.properties or jaas.conf. > I've checked the Kafka broker logs (server.log) each time I try connecting > and this is the only line that gets printed: > > >

Re: Can Kafka/SSL be terminated at a load balancer?

Rule #1 and Rule #2 cannot co-exist. You are basically configuring your LB to point to a Kafka broker and you are pointing each Kafka broker to point to a LB. So you need a pair of ports with a security protocol for the connection to work. With two rules, Kafka picks up the wrong LB port for one

Re: Can Kafka/SSL be terminated at a load balancer?

et engineers worth their salt will configure their routers to > > static routes to loop around bogged-down routers > > > > MG>WDYT? > > > > Thanks again, just still a little uncertain about the traffic/ports > coming > > into the load balancer! > >

Re: Can Kafka/SSL be terminated at a load balancer?

ntext/9093? > > > Thanks again, just still a little uncertain about the traffic/ports coming > into the load balancer! > > > Best, > > Zac > > > From: Rajini Sivaram <rajinisiva...@googlemail.com> > Sent: Monday, November 21,

Re: Can Kafka/SSL be terminated at a load balancer?

ed to authenticate, correct? > > > Thanks again for all the great help so far, you've already helped me more > than you know! > > > Zac > > ____ > From: Rajini Sivaram <rajinisiva...@googlemail.com> > Sent: Monday, November 21, 2016 3:

Re: Can Kafka/SSL be terminated at a load balancer?

e case, do I still need to change server.properties, or can I > leave it like so: > > listeners=plaintext://:9092 > advertised.listeners=plaintext://mybalancer01.example.com:9092 > > Or could it just be: > > listeners=plaintext://:9092 > advertised.listeners=plaintext://m

Re: Can Kafka/SSL be terminated at a load balancer?

figs that will need to be made for the Ruby > clients to connect over SSL? > > > Thank you enormously here! > > > Best, > > Zac > > > > From: Rajini Sivaram <rajinisiva...@googlemail.com> > Sent: Friday, November 18,

Re: Massive SSL performance degredation

You can use the tools shipped with Kafka to measure latency. For latency at low load, run: - bin/kafka-run-class.sh kafka.tools.EndToEndLatency You may also find it useful to run producer performance test at different throughputs. The tool prints out latency as well: -

Re: Can Kafka/SSL be terminated at a load balancer?

Zac, Kafka has its own built-in load-balancing mechanism based on partition assignment. Requests are processed by partition leaders, distributing load across the brokers in the cluster. If you want to put a proxy like HAProxy with SSL termination in front of your brokers for added security, you

Re: connection closed by kafka

Broker closes client connections that are idle for a configurable period of time (broker property connections.max.idle.ms). The default idle time is 10 minutes which matches the close time in the logs. On Wed, Nov 2, 2016 at 2:43 PM, Jaikiran Pai wrote: > Which exact

Re: [ANNOUNCE] New committer: Jiangjie (Becket) Qin

Congratulations, Becket! On Mon, Oct 31, 2016 at 8:38 PM, Matthias J. Sax wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Congrats! > > On 10/31/16 11:01 AM, Renu Tewari wrote: > > Congratulations Becket!! Absolutely thrilled to hear this. Well > >

Re: difficulty to delete a topic because of its syntax

Hamza, Can you raise a JIRA with details on how the topic was created by Kafka with an invalid name? Sounds like there might be a missing validation somewhere. Regards, Rajini On Thu, Oct 6, 2016 at 10:12 AM, Hamza HACHANI wrote: > Thanks Todd, > > > I've resolved it

Re: SASL_PLAINTEXT Authentication/Connection failure

ForChanne > l$1.apply(ZkUtils.scala:166) > at > scala.collection.TraversableLike$$anonfun$map$ > 1.apply(TraversableLike.scala:244) > at > scala.collection.TraversableLike$$anonfun$map$ > 1.apply(TraversableLike.scala:244) > > What am I missing? > > >

Re: SASL_PLAINTEXT Authentication/Connection failure

Max, I think there is a typo in your configuration. You intended admin password to be admin-secret? KafkaServer { org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="admin-secret" user_admin="alice-secret" *=> Change to **"admin-secret"*

Re: Building API to make Kafka reactive

Hi Shekar, We are working on a reactive streams API for Kafka. It is in its very early experimental stage, but if you want to take a look, the code is in github ( https://github.com/reactor/reactor-kafka). I think you can add a session id without making it part of the Kafka API. In the coming

Re: Quotas feature Kafka 0.9.0.1

Liju, Quotas are not applied to the replica fetch followers. Regards, Rajini On Fri, Jun 3, 2016 at 7:25 PM, Liju John wrote: > Hi , > > We are exploring the new quotas feature with Kafka 0.9.01. > Could you please let me know if quotas feature works for fetch follower

Re: Broker replication error “Not authorized to access topics: [Topic authorization failed.] ”

The server configuration in http://stackoverflow.com/questions/37536259/broker-replication-error-not-authorized-to-access-topics-topic-authorization specifies security.inter.broker.protocol=PLAINTEXT. This would result in the principal "anonymous" to be used for inter-broker communication. Looks

Re: Using SSL with KafkaConsumer w/o client certificates

Have you configured a truststore in server.properties? You don't need this when using security.inter.broker.protocol=PLAINTEXT and client-auth is disabled, but you do need to set truststore for the client-mode connections made by the broker when security.inter.broker.protocol=SSL. If that still

Re: Using SSL with KafkaConsumer w/o client certificates

If your only listener is SSL, you should set security.inter.broker.protocol to SSL even for single-broker cluster since it is used by the controller. I would have expected an error in the logs though if this was not configured correctly. On Wed, Apr 20, 2016 at 1:34 AM,

Re: [DISCUSS] KIP-12 - Kafka Sasl/Kerberos implementation

When we were working on the client-side SSL implementation for Kafka, we found that returning selection interest from handshake() method wasn't sufficient to handle some of the SSL sequences. We resorted to managing the selection key and interest state within SSLChannel to avoid SSL-specific