After making the suggested change, I see this error during startup
[2016-04-20 18:03:10,522] INFO [Kafka Server 0], started
(kafka.server.KafkaServer)
[2016-04-20 18:03:11,093] WARN Failed to send SSL Close message
(org.apache.kafka.common.network.SslTransportLayer)
java.io.IOException: Broken pipe
at sun.nio.ch.FileDispatcherImpl.write0(Native Method)
at sun.nio.ch.SocketDispatcher.write(SocketDispatcher.java:47)
at sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:93)
at sun.nio.ch.IOUtil.write(IOUtil.java:65)
at sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:471)
at
org.apache.kafka.common.network.SslTransportLayer.flush(SslTransportLayer.java:194)
at
org.apache.kafka.common.network.SslTransportLayer.close(SslTransportLayer.java:161)
at
org.apache.kafka.common.network.KafkaChannel.close(KafkaChannel.java:50)
at org.apache.kafka.common.network.Selector.close(Selector.java:442)
at org.apache.kafka.common.network.Selector.poll(Selector.java:310)
at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:270)
at
kafka.utils.NetworkClientBlockingOps$.recurse$1(NetworkClientBlockingOps.scala:128)
at
kafka.utils.NetworkClientBlockingOps$.kafka$utils$NetworkClientBlockingOps$$pollUntilFound$extension(NetworkClientBlockingOps.scala:139)
at
kafka.utils.NetworkClientBlockingOps$.kafka$utils$NetworkClientBlockingOps$$pollUntil$extension(NetworkClientBlockingOps.scala:105)
at
kafka.utils.NetworkClientBlockingOps$.blockingReady$extension(NetworkClientBlockingOps.scala:58)
at
kafka.controller.RequestSendThread.brokerReady(ControllerChannelManager.scala:225)
at
kafka.controller.RequestSendThread.liftedTree1$1(ControllerChannelManager.scala:172)
at
kafka.controller.RequestSendThread.doWork(ControllerChannelManager.scala:171)
at kafka.utils.ShutdownableThread.run(ShutdownableThread.scala:63)
and also errors during shutdown
[2016-04-20 18:09:15,293] INFO [Kafka Server 0], Starting controlled
shutdown (kafka.server.KafkaServer)
[2016-04-20 18:09:15,330] WARN [Kafka Server 0], Error during controlled
shutdown, possibly because leader movement took longer than the configured
socket.timeout.ms: Connection to Node(0, debian, 9094) failed
(kafka.server.KafkaServer)
the relevant configs are
listeners=SSL://:9094
security.inter.broker.protocol=SSL
port=9094
Marko
> If your only listener is SSL, you should set
> security.inter.broker.protocol
> to SSL even for single-broker cluster since it is used by the controller.
> I
> would have expected an error in the logs though if this was not configured
> correctly.
>
> On Wed, Apr 20, 2016 at 1:34 AM, <ma...@kafkatool.com> wrote:
>
>> There is only one broker in this case. There are no errors (besides the
>> warning below) on either the broker or the client side. It just returns
>> an
>> empty topic list if plaintext is not configured, even though client is
>> using SSL in both cases.
>>
>> marko
>>
>> > Hi,
>> >
>> > That warning is harmless. Personally, I think it may be a good idea to
>> > remove as it confuses people in cases such as this.
>> >
>> > Do you have multiple brokers? Are the brokers configured to use SSL
>> for
>> > inter-broker communication (security.inter.broker.protocol)? This is
>> > required if the only listener is for SSL.
>> >
>> > Ismael
>> >
>> > On Wed, Apr 20, 2016 at 12:42 AM, <ma...@kafkatool.com> wrote:
>> >
>> >> What is the correct way of using SSL between the client and brokers
>> if
>> >> client certificates are not used? The broker (0.9.0.0) reports the
>> >> following in the log
>> >>
>> >> WARN SSL peer is not authenticated, returning ANONYMOUS instead
>> >>
>> >> as a result of this (I belive) KafkaConsumer.listTopics() returns an
>> >> empty
>> >> map. Does this require a custom Authenticator on the broker side? If
>> so,
>> >> are there examples on how to do that?
>> >>
>> >> Interestingly enough, modifying (no other changes)
>> >>
>> >> listeners=SSL://:9094
>> >>
>> >> to
>> >>
>> >> listeners=PLAINTEXT://:9093,SSL://:9094
>> >>
>> >> makes the listTopics() method to return the topics. If SSL is used by
>> >> the
>> >> consumer in both cases, I'm not sure why having the plaintext port
>> would
>> >> affect the SSL behavior.
>> >>
>> >> --
>> >> Best regards,
>> >> Marko
>> >> www.kafkatool.com
>> >>
>> >>
>> >
>>
>>
>>
>
>
> --
> Regards,
>
> Rajini
>
