You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "zhu fangbo (JIRA)" <ji...@apache.org> on 2017/07/20 09:51:00 UTC

[jira] [Created] (KAFKA-5616) can not perform a rolling upgrade from a non-secure to a secure Kafka cluster

zhu fangbo created KAFKA-5616:
---------------------------------

             Summary: can not perform a rolling upgrade from a non-secure to a secure Kafka cluster
                 Key: KAFKA-5616
                 URL: https://issues.apache.org/jira/browse/KAFKA-5616
             Project: Kafka
          Issue Type: Bug
          Components: core
    Affects Versions: 0.10.1.1
            Reporter: zhu fangbo


I want to upgrade my unsecure kafka cluster to a secure one whitch support SASL_PLAINT protocol, but I failed to perfrom rolling upgrade. The only way I found to upgrade is to shutdown all brokers first and then restart all brokers with inter-broker security configured

h3. Before upgrade
Here is the secure configuration of broker 1：
{quote}listeners=PLAINTEXT://10.45.4.9:9092,SASL_PLAINTEXT://10.45.4.9:9099
sasl.enabled.mechanisms=PLAIN
authorizer.class.name = kafka.security.auth.SimpleAclAuthorizer
super.users=User:admin{quote}
I want to setup a cluster support both unsecure and secure client-broker connect, so i add a new endpoint to listeners with port  = 9099

h3. Start rolling upgrade
First, I restart broker-1 which is not the controller. below is part of  server.log shows start complete:
!http://olt6kofv9.bkt.clouddn.com/17-7-20/25775149.jpg!
seemed well, but there are no log print to show the replicamanger was started,and broker1 not go back to the ISR
!http://olt6kofv9.bkt.clouddn.com/17-7-20/55734691.jpg!
Besides, the preferred replica leader election was also failed
!http://olt6kofv9.bkt.clouddn.com/17-7-20/94837206.jpg!

h3. After rolling upgrade for all brokers
 After upgrade all brokers, it seems each broker can not connect to other brokers
!http://olt6kofv9.bkt.clouddn.com/17-7-20/84863343.jpg!
I restart broker 2 at last which is the controller, then broker 3 came to be controller, and it also failed to perform preferred replica leader election
!http://olt6kofv9.bkt.clouddn.com/17-7-20/70680876.jpg!

h3. Shutdown all and restart 
The cluster works well when  I shutdown all brokers and restart all with inter-broker security configurations like this:
{quote}listeners=PLAINTEXT://10.45.4.9:9092,SASL_PLAINTEXT://10.45.4.9:9099
#advertised.listeners=SASL_PLAINTEXT://10.45.4.9:9099
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=PLAIN{quote}
replica fetch thread was started
!http://olt6kofv9.bkt.clouddn.com/17-7-20/98186199.jpg!
and ISR was normal
!http://olt6kofv9.bkt.clouddn.com/17-7-20/13606263.jpg!







--
This message was sent by Atlassian JIRA
(v6.4.14#64029)