You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "Ismael Juma (JIRA)" <ji...@apache.org> on 2017/07/20 15:58:00 UTC
[jira] [Commented] (KAFKA-5616) unable perform a rolling upgrade
from a non-secure to a secure Kafka cluster
[ https://issues.apache.org/jira/browse/KAFKA-5616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16094875#comment-16094875 ]
Ismael Juma commented on KAFKA-5616:
------------------------------------
Did you follow these instructions?
http://docs.confluent.io/current/kafka/incremental-security-upgrade.html
> unable perform a rolling upgrade from a non-secure to a secure Kafka cluster
> ----------------------------------------------------------------------------
>
> Key: KAFKA-5616
> URL: https://issues.apache.org/jira/browse/KAFKA-5616
> Project: Kafka
> Issue Type: Bug
> Components: core
> Affects Versions: 0.10.1.1
> Reporter: zhu fangbo
>
> I want to upgrade my unsecure kafka cluster to a secure one whitch support SASL_PLAINT protocol, but I failed to perfrom rolling upgrade. The only way I found to upgrade is to shutdown all brokers first and then restart all brokers with inter-broker security configured
> h3. Before upgrade
> Here is the secure configuration of broker 1:
> {quote}listeners=PLAINTEXT://10.45.4.9:9092,SASL_PLAINTEXT://10.45.4.9:9099
> sasl.enabled.mechanisms=PLAIN
> authorizer.class.name = kafka.security.auth.SimpleAclAuthorizer
> super.users=User:admin{quote}
> I want to setup a cluster support both unsecure and secure client-broker connect, so i add a new endpoint to listeners with port = 9099
> h3. Start rolling upgrade
> First, I restart broker-1 which is not the controller. below is part of server.log shows start complete:
> !http://olt6kofv9.bkt.clouddn.com/17-7-20/25775149.jpg!
> seemed well, but there are no log print to show the replicamanger was started,and broker1 not go back to the ISR
> !http://olt6kofv9.bkt.clouddn.com/17-7-20/55734691.jpg!
> Besides, the preferred replica leader election was also failed
> !http://olt6kofv9.bkt.clouddn.com/17-7-20/94837206.jpg!
> h3. After rolling upgrade for all brokers
> After upgrade all brokers, it seems each broker can not connect to other brokers
> !http://olt6kofv9.bkt.clouddn.com/17-7-20/84863343.jpg!
> I restart broker 2 at last which is the controller, then broker 3 came to be controller, and it also failed to perform preferred replica leader election
> !http://olt6kofv9.bkt.clouddn.com/17-7-20/70680876.jpg!
> h3. Shutdown all and restart
> The cluster works well when I shutdown all brokers and restart all with inter-broker security configurations like this:
> {quote}listeners=PLAINTEXT://10.45.4.9:9092,SASL_PLAINTEXT://10.45.4.9:9099
> #advertised.listeners=SASL_PLAINTEXT://10.45.4.9:9099
> security.inter.broker.protocol=SASL_PLAINTEXT
> sasl.mechanism.inter.broker.protocol=PLAIN{quote}
> replica fetch thread was started
> !http://olt6kofv9.bkt.clouddn.com/17-7-20/98186199.jpg!
> and ISR was normal
> !http://olt6kofv9.bkt.clouddn.com/17-7-20/13606263.jpg!
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)