We don't need JIRA for minor PRs. Just prefix "MINOR:" to PR title.
On Tue, Sep 6, 2016 at 9:16 AM, Jaikiran Pai <jai.forums2...@gmail.com> wrote: > Thanks Ismael, I'll raise a PR for this. As a process, is there a JIRA > that's expected to be filed for this before I raise a PR or would this be > OK without a JIRA? > > -Jaikiran > > On Monday 05 September 2016 03:55 PM, Ismael Juma wrote: > >> Hi Jaikiran, >> >> I agree that this is a valid configuration and the log level seems too >> high >> given that. The original motivation is explained in the PR: >> >> https://github.com/apache/kafka/pull/155/files#diff-fce430ae >> 21a0c98d82da6d4aa551f824L603 >> >> That is, help people figure out if client authentication was not setup >> correctly, but it seems like a better way to do that is to set >> `ssl.client.auth=required`. So I'd, personally, be fine with reducing the >> log level to info or debug. >> >> Ismael >> >> On Sun, Sep 4, 2016 at 3:01 PM, Jaikiran Pai <jai.forums2...@gmail.com> >> wrote: >> >> We just started enabling SSL for our Kafka brokers and (Java) clients and >>> among some of the issues we are running into, one of them is the flooding >>> of the server/broker Kafka logs where we are seeing these messages: >>> >>> [2016-09-02 08:07:13,773] WARN SSL peer is not authenticated, returning >>> ANONYMOUS instead (org.apache.kafka.common.network.SslTransportLayer) >>> [2016-09-02 08:07:15,710] WARN SSL peer is not authenticated, returning >>> ANONYMOUS instead (org.apache.kafka.common.network.SslTransportLayer) >>> [2016-09-02 08:07:15,711] WARN SSL peer is not authenticated, returning >>> ANONYMOUS instead (org.apache.kafka.common.network.SslTransportLayer) >>> [2016-09-02 08:07:15,711] WARN SSL peer is not authenticated, returning >>> ANONYMOUS instead (org.apache.kafka.common.network.SslTransportLayer) >>> [2016-09-02 08:07:15,712] WARN SSL peer is not authenticated, returning >>> ANONYMOUS instead (org.apache.kafka.common.network.SslTransportLayer) >>> .... >>> >>> They just keep going on and on. In our SSL setup, we have the broker >>> configured with the keystore and the Java clients have been configured >>> with >>> a proper truststore and all works fine except for these messages flooding >>> the logs. We don't have any ACLs setup nor have we enabled client auth >>> check. >>> >>> Looking at the code which generates this WARN message >>> https://github.com/apache/kafka/blob/trunk/clients/src/main/ >>> java/org/apache/kafka/common/network/SslTransportLayer.java#L638 and the >>> fact that the setup we have (where we just enable server/broker cert >>> validation) is, IMO, a valid scenario and not some exceptional/incorrect >>> setup issue, I think this log message is something that can be removed >>> from >>> the code (or at least logged at a very lower level given the frequency at >>> which this gets logged) >>> >>> Any thoughts on this? >>> >>> It's a pretty straightforward change and if this change is something that >>> sounds right, I can go ahead and submit a PR. >>> >>> P.S: This is both on 0.9.0.1 and latest 0.10.0.1. >>> >>> -Jaikiran >>> >>> >>> >
