You have to set the same endpoint algorithm (empty) in consumer client
properties.



On Sat, May 4, 2019, 12:15 AM ASHOK MACHERLA <iash...@outlook.com> wrote:

> Dear Senthil
>
> as you suggested I follow, Kafka Cluster is fine ISR showing 0,1,2
>
> but getting SSL error logs
>
> [2019-05-03 11:01:19,611] INFO [SocketServer brokerId=0] Failed
> authentication with /192.168.175.128<http://192.168.175.128/> (SSL
> handshake failed) (org.apache.kafka.common.network.Selector)
>
>
> when I tried to send some messages to one topic
> Producer::
> $ sh bin/kafka-console-producer.sh --broker-list 192.168.175.128:9092
> --topic otp-sms
> aaaaaaaaaaaaaaaaaaa
> bbbbbbbbbbbbbbbbbbbb
> ccccccccccccccccccccccccccc
>
> Consumer::
> $ sh bin/kafka-console-consumer.sh --bootstrap-server 192.168.175.128:9092
> --topic otp-sms
>
> it's not printing any messages , even when I try to pull messages from
> beginning also not working
>
> same above error getting
>
> Please help us Senthil, to fix this issue
>
> Thanks for your support...
>
>
> Sent from Outlook<http://aka.ms/weboutlook>
> ________________________________
> From: ASHOK MACHERLA <iash...@outlook.com>
> Sent: 03 May 2019 23:52
> To: users@kafka.apache.org
> Subject: Re: Required guidelines for kafka upgrade
>
> Dear Senthil
>
> first of all thanks for help,
>
> after I set like ssl.endpoint.identification.algorithm =   and then
> restart it's working fine.
>
> after that I changed below parameters in all brokers
>
> inter.broker.protocol.version=2.2.0
> log.message.format.version=2.2.0
>
> after that restarted one by one. ISR is showing 0,1,2 it's good,
> but getting some SSL error, please look into these logs
>
> [2019-05-03 11:00:37,789] INFO [SocketServer brokerId=0] Failed
> authentication with /192.168.175.128<http://192.168.175.128/> (SSL
> handshake failed) (org.apache.kafka.common.network.Selector)
> [2019-05-03 11:01:19,611] INFO [SocketServer brokerId=0] Failed
> authentication with /192.168.175.128<http://192.168.175.128/> (SSL
> handshake failed) (org.apache.kafka.common.network.Selector)
>
> getting logs all brokers,
>
> I tried to produce sample messages to topic,
> consumer is not print that messages .
>
> please help us to fix this
>
> Thanks a lot  senthill
>
>
> Sent from Outlook<http://aka.ms/weboutlook>
> ________________________________
> From: SenthilKumar K <senthilec...@gmail.com>
> Sent: 03 May 2019 22:26
> To: users@kafka.apache.org
> Subject: Re: Required guidelines for kafka upgrade
>
> Hi Ashok , From the logs its clear that problem with identification
> algorithm.
>
> at
>
> org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:340)
> ... 15 more
> Caused by: java.security.cert.CertificateException: Unknown identification
> algorithm: " "
>
> Set empty and restart your broker.
>
> --Senthil
>
> On Fri, May 3, 2019 at 10:20 PM SenthilKumar K <senthilec...@gmail.com>
> wrote:
>
> > Here is my server.properties.
> >
> >
> > reserved.broker.max.id = 2147483647
> > log.retention.bytes = 68719476736
> > listeners = SSL://xxxxxx:9093
> > socket.receive.buffer.bytes = 102400
> > broker.id = xxx
> > ssl.truststore.password = xxxxx
> > auto.create.topics.enable = true
> > ssl.enabled.protocols = TLSv1.2
> > zookeeper.connect = xxxxx
> > default.replication.factor = 2
> > offsets.topic.replication.factor = 2
> > log.message.timestamp.type = CreateTime
> > min.insync.replicas = 2
> > transaction.state.log.replication.factor = 2
> > security.inter.broker.protocol = SSL
> > socket.send.buffer.bytes = 102400
> > num.partitions = 40
> > ssl.secure.random.implementation = xxxxx
> > ssl.key.password = xxxx
> > log.retention.ms = 3600000
> > log.cleaner.delete.retention.ms = 300000
> > message.max.bytes = 67108864
> > ssl.endpoint.identification.algorithm =
> > log.roll.ms = 1800000
> > log.message.timestamp.difference.max.ms = 14400000
> > ssl.keystore.location = xxxx
> > log.retention.hours = 168
> > log.retention.check.interval.ms = 180000
> > inter.broker.protocol.version = 2.2.0
> > socket.request.max.bytes = 104857600
> > log.dirs = xxxxx
> > ssl.keystore.password = xxxx
> > ssl.truststore.location = xxxx
> >
> > Pls set `ssl.endpoint.identification.algorithm =  ` and restart your
> > broker.
> >
> >
> > On Fri, May 3, 2019 at 10:09 PM ASHOK MACHERLA <iash...@outlook.com>
> > wrote:
> >
> >> Dear
> >>
> >>
> >> Please find this below error
> >>
> >> org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake
> >> failed
> >> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine
> problem
> >> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1521)
> >> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:528)
> >> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1197)
> >> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1165)
> >> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
> >> at
> >>
> org.apache.kafka.common.network.SslTransportLayer.handshakeWrap(SslTransportLayer.java:448)
> >> at
> >>
> org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:313)
> >> at
> >>
> org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:265)
> >> at
> >>
> org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:170)
> >> at
> >>
> org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:536)
> >> at org.apache.kafka.common.network.Selector.poll(Selector.java:472)
> >> at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:535)
> >> at
> >>
> org.apache.kafka.clients.NetworkClientUtils.awaitReady(NetworkClientUtils.java:74)
> >> at
> >>
> kafka.server.ReplicaFetcherBlockingSend.sendRequest(ReplicaFetcherBlockingSend.scala:95)
> >> at
> >>
> kafka.server.ReplicaFetcherThread.fetchFromLeader(ReplicaFetcherThread.scala:193)
> >> at
> >>
> kafka.server.AbstractFetcherThread.processFetchRequest(AbstractFetcherThread.scala:280)
> >> at
> >>
> kafka.server.AbstractFetcherThread.$anonfun$maybeFetch$3(AbstractFetcherThread.scala:132)
> >> at
> >>
> kafka.server.AbstractFetcherThread.$anonfun$maybeFetch$3$adapted(AbstractFetcherThread.scala:131)
> >> at scala.Option.foreach(Option.scala:274)
> >> at
> >>
> kafka.server.AbstractFetcherThread.maybeFetch(AbstractFetcherThread.scala:131)
> >> at
> >>
> kafka.server.AbstractFetcherThread.doWork(AbstractFetcherThread.scala:113)
> >> at kafka.utils.ShutdownableThread.run(ShutdownableThread.scala:82)
> >> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine
> problem
> >> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> >> at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1709)
> >> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:318)
> >> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
> >> at
> >>
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
> >> at
> >>
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
> >> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
> >> at sun.security.ssl.Handshaker$1.run(Handshaker.java:970)
> >> at sun.security.ssl.Handshaker$1.run(Handshaker.java:967)
> >> at java.security.AccessController.doPrivileged(Native Method)
> >> at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459)
> >> at
> >>
> org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:402)
> >> at
> >>
> org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:484)
> >> at
> >>
> org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:340)
> >> ... 15 more
> >> Caused by: java.security.cert.CertificateException: Unknown
> >> identification algorithm: " "
> >> at
> >>
> sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:462)
> >> at
> >>
> sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
> >> at
> >>
> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252)
> >> at
> >>
> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
> >> at
> >>
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1626)
> >> ... 24 more
> >> [2019-05-03 06:36:23,840] INFO [ReplicaFetcher replicaId=0, leaderId=2,
> >> fetcherId=0] Failed authentication with /192.168.175.130 (SSL handshake
> >> failed) (org.apache.kafka.common.network.Selector)
> >> [2019-05-03 06:36:23,842] ERROR [ReplicaFetcher replicaId=0, leaderId=2,
> >> fetcherId=0] Connection to node 2 (/192.168.175.130:9092) failed
> >> authentication due to: SSL handshake failed
> >> (org.apache.kafka.clients.NetworkClient)
> >> Sent from Outlook<http://aka.ms/weboutlook>
> >> ________________________________
> >> From: Harper Henn <harper.h...@datto.com>
> >> Sent: 03 May 2019 21:35
> >> To: users@kafka.apache.org
> >> Subject: Re: Required guidelines for kafka upgrade
> >>
> >> What specific errors are you seeing in the server logs of the broker you
> >> upgraded (can you copy/paste them)?
> >>
> >> On Fri, May 3, 2019 at 7:29 AM ASHOK MACHERLA <iash...@outlook.com>
> >> wrote:
> >>
> >> > *Dear Senthil*
> >> >
> >> > As you suggested , I follow but I’m facing errors
> >> >
> >> > This is my old configurations which is Kafka (0.10.1) version
> >> >
> >> > *****************************************************************
> >> >
> >> > broker.id=0
> >> >
> >> > port=9092
> >> >
> >> > delete.topic.enable=true
> >> >
> >> > message.max.bytes=100000
> >> >
> >> > listeners=SSL://192.168.175.128:9092
> >> >
> >> > advertised.listeners=SSL://192.168.175.128:9092
> >> >
> >> > num.network.threads=3
> >> >
> >> > num.io.threads=8
> >> >
> >> > socket.send.buffer.bytes=102400
> >> >
> >> > socket.receive.buffer.bytes=102400
> >> >
> >> > socket.request.max.bytes=104857600
> >> >
> >> > log.dirs=/opt/kafka/kafka-logs
> >> >
> >> > num.partitions=3
> >> >
> >> > default.replication.factor=3
> >> >
> >> > auto.topic.creation.enable=false
> >> >
> >> > num.recovery.threads.per.data.dir=1
> >> >
> >> > log.retention.hours=168
> >> >
> >> > log.segment.bytes=1073741824
> >> >
> >> > log.retention.check.interval.ms=300000
> >> >
> >> > ssl.keystore.location=/opt/kafka/certificate/kafka.keystore.jks
> >> >
> >> > ssl.keystore.password=Sbi#123
> >> >
> >> > ssl.key.password=Sbi#123
> >> >
> >> > ssl.truststore.location=/opt/kafka/certificate/kafka.truststore.jks
> >> >
> >> > ssl.truststore.password=Sbi#123
> >> >
> >> > security.inter.broker.protocol=SSL
> >> >
> >> > zookeeper.connect=192.168.175.128:2181,192.168.175.129:2181,
> >> > 192.168.175.130:2181
> >> >
> >> > zookeeper.connection.timeout.ms=6000
> >> >
> >> > *****************************************************************
> >> >
> >> > After that i added three parameters into server.properties which is
> *new
> >> > kafka version (2.2.0)*
> >> >
> >> > inter.broker.protocol.version=0.10.1
> >> >
> >> > log.message.format.version=0.10.1
> >> >
> >> > ssl.endpoint.identification.algorithm=""
> >> >
> >> > After that I stopped one Kafka node, and then I started new Kafka
> >> (2.2.0)
> >> > version in same node.
> >> >
> >> > in this port is opening , it's showing 9092 port number
> >> >
> >> > but getting errors due to SSL issues
> >> >
> >> > I this position first node is running with new version (2.2.0) and
> >> > remaining two nodes are running with previous version (0.10.1)
> >> >
> >> > I checked topic describe command on second node, here ISR is not
> syncing
> >> > with new version,
> >> >
> >> > it's showing only 1,2, here "0" is missing it means first nodes was
> not
> >> > syncing with remaining nodes,
> >> >
> >> > it’s should show like 0,1,2.
> >> >
> >> > Please help Senthil
> >> >
> >> > I tried so many options like below ,
> >> >
> >> > ssl.endpoint.identification.algorithm=""
> >> >
> >> > ssl.endpoint.identification.algorithm=" "
> >> >
> >> > ssl.endpoint.identification.algorithm="none"
> >> >
> >> > ssl.endpoint.identification.algorithm="null"
> >> >
> >> > ssl.endpoint.identification.algorithm=null
> >> >
> >> > ssl.endpoint.identification.algorithm=https
> >> >
> >> > please tell what correct value I should mention, and port is is
> showing
> >> > but why it's ISR showing only 1,2 instead of 0,1,2
> >> >
> >> > is there any firewall settings problems?
> >> >
> >> > Please help us to fix this Senthil
> >> >
> >> > thanks
> >> >
> >> >
> >> > Sent from Outlook <http://aka.ms/weboutlook>
> >> > ------------------------------
> >> > *From:* ASHOK MACHERLA <iash...@outlook.com>
> >> > *Sent:* 02 May 2019 13:28
> >> > *To:* users@kafka.apache.org
> >> > *Subject:* Re: Required guidelines for kafka upgrade
> >> >
> >> > OK Senthil
> >> >
> >> > Thanks for your support and cooperation
> >> >
> >> > Sent from Outlook
> >> >
> >>
> >
>

Reply via email to