Re: Required guidelines for kafka upgrade

ASHOK MACHERLA Fri, 03 May 2019 11:23:06 -0700

Dear Senthil

first of all thanks for help,


after I set like ssl.endpoint.identification.algorithm =   and then restart 
it's working fine.

after that I changed below parameters in all brokers

inter.broker.protocol.version=2.2.0
log.message.format.version=2.2.0

after that restarted one by one. ISR is showing 0,1,2 it's good,
but getting some SSL error, please look into these logs

[2019-05-03 11:00:37,789] INFO [SocketServer brokerId=0] Failed authentication 
with /192.168.175.128<http://192.168.175.128/> (SSL handshake failed) 
(org.apache.kafka.common.network.Selector)
[2019-05-03 11:01:19,611] INFO [SocketServer brokerId=0] Failed authentication 
with /192.168.175.128<http://192.168.175.128/> (SSL handshake failed) 
(org.apache.kafka.common.network.Selector)

getting logs all brokers,

I tried to produce sample messages to topic,
consumer is not print that messages .

please help us to fix this

Thanks a lot  senthill


Sent from Outlook<http://aka.ms/weboutlook>
________________________________
From: SenthilKumar K <senthilec...@gmail.com>
Sent: 03 May 2019 22:26
To: users@kafka.apache.org
Subject: Re: Required guidelines for kafka upgrade

Hi Ashok , From the logs its clear that problem with identification
algorithm.

at
org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:340)
... 15 more
Caused by: java.security.cert.CertificateException: Unknown identification
algorithm: " "

Set empty and restart your broker.

--Senthil

On Fri, May 3, 2019 at 10:20 PM SenthilKumar K <senthilec...@gmail.com>
wrote:

> Here is my server.properties.
>
>
> reserved.broker.max.id = 2147483647
> log.retention.bytes = 68719476736
> listeners = SSL://xxxxxx:9093
> socket.receive.buffer.bytes = 102400
> broker.id = xxx
> ssl.truststore.password = xxxxx
> auto.create.topics.enable = true
> ssl.enabled.protocols = TLSv1.2
> zookeeper.connect = xxxxx
> default.replication.factor = 2
> offsets.topic.replication.factor = 2
> log.message.timestamp.type = CreateTime
> min.insync.replicas = 2
> transaction.state.log.replication.factor = 2
> security.inter.broker.protocol = SSL
> socket.send.buffer.bytes = 102400
> num.partitions = 40
> ssl.secure.random.implementation = xxxxx
> ssl.key.password = xxxx
> log.retention.ms = 3600000
> log.cleaner.delete.retention.ms = 300000
> message.max.bytes = 67108864
> ssl.endpoint.identification.algorithm =
> log.roll.ms = 1800000
> log.message.timestamp.difference.max.ms = 14400000
> ssl.keystore.location = xxxx
> log.retention.hours = 168
> log.retention.check.interval.ms = 180000
> inter.broker.protocol.version = 2.2.0
> socket.request.max.bytes = 104857600
> log.dirs = xxxxx
> ssl.keystore.password = xxxx
> ssl.truststore.location = xxxx
>
> Pls set `ssl.endpoint.identification.algorithm =  ` and restart your
> broker.
>
>
> On Fri, May 3, 2019 at 10:09 PM ASHOK MACHERLA <iash...@outlook.com>
> wrote:
>
>> Dear
>>
>>
>> Please find this below error
>>
>> org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake
>> failed
>> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
>> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1521)
>> at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:528)
>> at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1197)
>> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1165)
>> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
>> at
>> org.apache.kafka.common.network.SslTransportLayer.handshakeWrap(SslTransportLayer.java:448)
>> at
>> org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:313)
>> at
>> org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:265)
>> at
>> org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:170)
>> at
>> org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:536)
>> at org.apache.kafka.common.network.Selector.poll(Selector.java:472)
>> at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:535)
>> at
>> org.apache.kafka.clients.NetworkClientUtils.awaitReady(NetworkClientUtils.java:74)
>> at
>> kafka.server.ReplicaFetcherBlockingSend.sendRequest(ReplicaFetcherBlockingSend.scala:95)
>> at
>> kafka.server.ReplicaFetcherThread.fetchFromLeader(ReplicaFetcherThread.scala:193)
>> at
>> kafka.server.AbstractFetcherThread.processFetchRequest(AbstractFetcherThread.scala:280)
>> at
>> kafka.server.AbstractFetcherThread.$anonfun$maybeFetch$3(AbstractFetcherThread.scala:132)
>> at
>> kafka.server.AbstractFetcherThread.$anonfun$maybeFetch$3$adapted(AbstractFetcherThread.scala:131)
>> at scala.Option.foreach(Option.scala:274)
>> at
>> kafka.server.AbstractFetcherThread.maybeFetch(AbstractFetcherThread.scala:131)
>> at
>> kafka.server.AbstractFetcherThread.doWork(AbstractFetcherThread.scala:113)
>> at kafka.utils.ShutdownableThread.run(ShutdownableThread.scala:82)
>> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>> at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1709)
>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:318)
>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
>> at
>> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
>> at
>> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
>> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
>> at sun.security.ssl.Handshaker$1.run(Handshaker.java:970)
>> at sun.security.ssl.Handshaker$1.run(Handshaker.java:967)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459)
>> at
>> org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:402)
>> at
>> org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:484)
>> at
>> org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:340)
>> ... 15 more
>> Caused by: java.security.cert.CertificateException: Unknown
>> identification algorithm: " "
>> at
>> sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:462)
>> at
>> sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
>> at
>> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252)
>> at
>> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
>> at
>> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1626)
>> ... 24 more
>> [2019-05-03 06:36:23,840] INFO [ReplicaFetcher replicaId=0, leaderId=2,
>> fetcherId=0] Failed authentication with /192.168.175.130 (SSL handshake
>> failed) (org.apache.kafka.common.network.Selector)
>> [2019-05-03 06:36:23,842] ERROR [ReplicaFetcher replicaId=0, leaderId=2,
>> fetcherId=0] Connection to node 2 (/192.168.175.130:9092) failed
>> authentication due to: SSL handshake failed
>> (org.apache.kafka.clients.NetworkClient)
>> Sent from Outlook<http://aka.ms/weboutlook>
>> ________________________________
>> From: Harper Henn <harper.h...@datto.com>
>> Sent: 03 May 2019 21:35
>> To: users@kafka.apache.org
>> Subject: Re: Required guidelines for kafka upgrade
>>
>> What specific errors are you seeing in the server logs of the broker you
>> upgraded (can you copy/paste them)?
>>
>> On Fri, May 3, 2019 at 7:29 AM ASHOK MACHERLA <iash...@outlook.com>
>> wrote:
>>
>> > *Dear Senthil*
>> >
>> > As you suggested , I follow but I’m facing errors
>> >
>> > This is my old configurations which is Kafka (0.10.1) version
>> >
>> > *****************************************************************
>> >
>> > broker.id=0
>> >
>> > port=9092
>> >
>> > delete.topic.enable=true
>> >
>> > message.max.bytes=100000
>> >
>> > listeners=SSL://192.168.175.128:9092
>> >
>> > advertised.listeners=SSL://192.168.175.128:9092
>> >
>> > num.network.threads=3
>> >
>> > num.io.threads=8
>> >
>> > socket.send.buffer.bytes=102400
>> >
>> > socket.receive.buffer.bytes=102400
>> >
>> > socket.request.max.bytes=104857600
>> >
>> > log.dirs=/opt/kafka/kafka-logs
>> >
>> > num.partitions=3
>> >
>> > default.replication.factor=3
>> >
>> > auto.topic.creation.enable=false
>> >
>> > num.recovery.threads.per.data.dir=1
>> >
>> > log.retention.hours=168
>> >
>> > log.segment.bytes=1073741824
>> >
>> > log.retention.check.interval.ms=300000
>> >
>> > ssl.keystore.location=/opt/kafka/certificate/kafka.keystore.jks
>> >
>> > ssl.keystore.password=Sbi#123
>> >
>> > ssl.key.password=Sbi#123
>> >
>> > ssl.truststore.location=/opt/kafka/certificate/kafka.truststore.jks
>> >
>> > ssl.truststore.password=Sbi#123
>> >
>> > security.inter.broker.protocol=SSL
>> >
>> > zookeeper.connect=192.168.175.128:2181,192.168.175.129:2181,
>> > 192.168.175.130:2181
>> >
>> > zookeeper.connection.timeout.ms=6000
>> >
>> > *****************************************************************
>> >
>> > After that i added three parameters into server.properties which is *new
>> > kafka version (2.2.0)*
>> >
>> > inter.broker.protocol.version=0.10.1
>> >
>> > log.message.format.version=0.10.1
>> >
>> > ssl.endpoint.identification.algorithm=""
>> >
>> > After that I stopped one Kafka node, and then I started new Kafka
>> (2.2.0)
>> > version in same node.
>> >
>> > in this port is opening , it's showing 9092 port number
>> >
>> > but getting errors due to SSL issues
>> >
>> > I this position first node is running with new version (2.2.0) and
>> > remaining two nodes are running with previous version (0.10.1)
>> >
>> > I checked topic describe command on second node, here ISR is not syncing
>> > with new version,
>> >
>> > it's showing only 1,2, here "0" is missing it means first nodes was not
>> > syncing with remaining nodes,
>> >
>> > it’s should show like 0,1,2.
>> >
>> > Please help Senthil
>> >
>> > I tried so many options like below ,
>> >
>> > ssl.endpoint.identification.algorithm=""
>> >
>> > ssl.endpoint.identification.algorithm=" "
>> >
>> > ssl.endpoint.identification.algorithm="none"
>> >
>> > ssl.endpoint.identification.algorithm="null"
>> >
>> > ssl.endpoint.identification.algorithm=null
>> >
>> > ssl.endpoint.identification.algorithm=https
>> >
>> > please tell what correct value I should mention, and port is is showing
>> > but why it's ISR showing only 1,2 instead of 0,1,2
>> >
>> > is there any firewall settings problems?
>> >
>> > Please help us to fix this Senthil
>> >
>> > thanks
>> >
>> >
>> > Sent from Outlook <http://aka.ms/weboutlook>
>> > ------------------------------
>> > *From:* ASHOK MACHERLA <iash...@outlook.com>
>> > *Sent:* 02 May 2019 13:28
>> > *To:* users@kafka.apache.org
>> > *Subject:* Re: Required guidelines for kafka upgrade
>> >
>> > OK Senthil
>> >
>> > Thanks for your support and cooperation
>> >
>> > Sent from Outlook
>> >
>>
>

Re: Required guidelines for kafka upgrade

Reply via email to