You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by "Chris Egerton (Jira)" <ji...@apache.org> on 2023/03/06 16:03:00 UTC
[jira] [Created] (KAFKA-14781) MM2 logs misleading error during topic ACL sync when broker does not have authorizer configured
Chris Egerton created KAFKA-14781:
-------------------------------------
Summary: MM2 logs misleading error during topic ACL sync when broker does not have authorizer configured
Key: KAFKA-14781
URL: https://issues.apache.org/jira/browse/KAFKA-14781
Project: Kafka
Issue Type: Bug
Components: mirrormaker
Reporter: Chris Egerton
When there is no broker-side authorizer configured on a Kafka cluster targeted by MirrorMaker 2, users see error-level log messages like this one:{{{}{}}}
{quote}[2023-03-06 10:53:57,488] ERROR [MirrorSourceConnector|worker] Scheduler for MirrorSourceConnector caught exception in scheduled task: syncing topic ACLs (org.apache.kafka.connect.mirror.Scheduler:102)
java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.SecurityDisabledException: No Authorizer is configured on the broker
at java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:395)
at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1999)
at org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:165)
at org.apache.kafka.connect.mirror.MirrorSourceConnector.listTopicAclBindings(MirrorSourceConnector.java:456)
at org.apache.kafka.connect.mirror.MirrorSourceConnector.syncTopicAcls(MirrorSourceConnector.java:342)
at org.apache.kafka.connect.mirror.Scheduler.run(Scheduler.java:93)
at org.apache.kafka.connect.mirror.Scheduler.executeThread(Scheduler.java:112)
at org.apache.kafka.connect.mirror.Scheduler.lambda$scheduleRepeating$0(Scheduler.java:50)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305)
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: org.apache.kafka.common.errors.SecurityDisabledException: No Authorizer is configured on the broker
{quote}
This can be misleading as it looks like something is wrong with MM2 or the Kafka cluster. In reality, it's usually fine, since topic ACL syncing is enabled by default and it's reasonable for Kafka clusters (especially in testing/dev environments) to not have authorizers enabled.
We should try to catch this specific case and downgrade the severity of the log message from {{ERROR}} to either {{INFO}} or {{{}DEBUG{}}}. We may also consider suggesting to users that they disable topic ACL syncing if their Kafka cluster doesn't have authorization set up, but this should probably only be emitted once over the lifetime of the connector in order to avoid generating log spam.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)