Hi, I'd recommend turning up broker logs to DEBUG and looking at the controller's logs. The controller talks to nodes over the network and if it can't reach them because of ACLs, then you won't get a leader.
The only other note is to check if your brokers are talking to each other over TLS or plaintext. If they're going over plaintext you'll need to authenticate those hosts. If they're going over TLS, you'll need to ensure they're using the right client certs. Thanks Tom Crayford Heroku Kafka On Friday, 5 August 2016, Wannes De Smet <wannes...@gmail.com> wrote: > Hi all > > We are getting 'Leader not available' exception' when using ACLs with TLS > on a three node Kafka cluster, configured as [1]. The error occurs both > when trying to produce and consume from a topic, to which the producer > principal and all hosts have been granted access for testing, using the > following: > > ./kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer > --authorizer-properties zookeeper.connect=localhost:2181 --add > --allow-principal User:* --producer --topic topicName > > The same issue appears in another thread on this mailing list [2], though > no information is present on how to resolve this issue. We also tried using > 0.10.0.1 RC2, unfortunately to no effect. When the ACLs are not active, > everything works as expected. > > Another attempt to explicitly allow access to all Kafka cluster hosts with > the 'All' principal did not have any effect. > > Please advise how we might debug and resolve this issue. > > Thanks > Wannes > > [1] listeners=PLAINTEXT://:9092,SSL://:9093 ; inter-broker communication > is > using the PLAINTEXT default > [2] > http://mail-archives.apache.org/mod_mbox/kafka-users/201608. > mbox/%3CCANZ-JHHmL_E5xhcEdHeW0ZYME+M8iZsaz-D59UKL8HeWh3=PSw@ > mail.gmail.com%3E >
