You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "Randall Hauch (Jira)" <ji...@apache.org> on 2020/04/01 18:37:00 UTC
[jira] [Commented] (KAFKA-9768) rest.advertised.listener
configuration is not handled properly by the worker
[ https://issues.apache.org/jira/browse/KAFKA-9768?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17073073#comment-17073073 ]
Randall Hauch commented on KAFKA-9768:
--------------------------------------
Is it true that one can order the listeners such that the listener that matches the advertised listener comes first? If so, let's document that as a workaround.
> rest.advertised.listener configuration is not handled properly by the worker
> ----------------------------------------------------------------------------
>
> Key: KAFKA-9768
> URL: https://issues.apache.org/jira/browse/KAFKA-9768
> Project: Kafka
> Issue Type: Bug
> Components: KafkaConnect
> Reporter: Chris Egerton
> Assignee: Chris Egerton
> Priority: Major
>
> The {{rest.advertised.listener}} config can currently be set to either "http" or "https", and a listener with that protocol should be used when advertising the URL of the worker to other members of the Connect cluster.
> For example, someone might configure their worker with a {{listeners}} value of {{[https://localhost:42069,http://localhost:4761|https://localhost:42069%2Chttp//localhost:4761]}} and a {{rest.advertised.listener}} value of {{http}}, which should cause the worker to listen on port {{42069}} with TLS and port {{4761}} with plaintext, and advertise the URL {{[http://localhost:4761|http://localhost:4761/]}} to other workers.
> However, the worker instead advertises the URL {{[https://localhost:42069|https://localhost:42069/]}} to other workers. This is because the {{RestServer}} class, which is responsible for determining which URL to advertise to other workers, simply [chooses the first listener whose name begins with the protocol|https://github.com/apache/kafka/blob/0f48446690e42b78a9a6b8c6a9bbab9f01d84cb1/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/rest/RestServer.java#L422] specified in the {{rest.advertised.listener}} config.
> This breaks because "http" is a prefix of "https", so if the advertised listener is "http" but the first listener that's found starts with "https://", that listener will still be chosen.
> This bug has been present since SSL support (and the {{rest.advertised.listener}} config) were added via [KIP-208|https://cwiki.apache.org/confluence/display/KAFKA/KIP-208%3A+Add+SSL+support+to+Kafka+Connect+REST+interface], in release 1.1.0.
> This bug should only present in the case where a user has set {{rest.advertised.listener}} to {{http}} but the {{listeners}} list begins with a listener that uses {{https}}. A workaround can be performed by changing the order of the {{listeners}} list to put the desired advertised listener at the beginning.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)