You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by "Chris Egerton (Jira)" <ji...@apache.org> on 2023/03/08 15:27:00 UTC
[jira] [Resolved] (KAFKA-14781) MM2 logs misleading error during topic ACL sync when broker does not have authorizer configured
[ https://issues.apache.org/jira/browse/KAFKA-14781?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chris Egerton resolved KAFKA-14781.
-----------------------------------
Fix Version/s: 3.5.0
Resolution: Fixed
> MM2 logs misleading error during topic ACL sync when broker does not have authorizer configured
> -----------------------------------------------------------------------------------------------
>
> Key: KAFKA-14781
> URL: https://issues.apache.org/jira/browse/KAFKA-14781
> Project: Kafka
> Issue Type: Bug
> Components: mirrormaker
> Reporter: Chris Egerton
> Assignee: Chris Egerton
> Priority: Major
> Fix For: 3.5.0
>
>
> When there is no broker-side authorizer configured on a Kafka cluster targeted by MirrorMaker 2, users see error-level log messages like this one:{{{}{}}}
> {quote}[2023-03-06 10:53:57,488] ERROR [MirrorSourceConnector|worker] Scheduler for MirrorSourceConnector caught exception in scheduled task: syncing topic ACLs (org.apache.kafka.connect.mirror.Scheduler:102)
> java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.SecurityDisabledException: No Authorizer is configured on the broker
> at java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:395)
> at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1999)
> at org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:165)
> at org.apache.kafka.connect.mirror.MirrorSourceConnector.listTopicAclBindings(MirrorSourceConnector.java:456)
> at org.apache.kafka.connect.mirror.MirrorSourceConnector.syncTopicAcls(MirrorSourceConnector.java:342)
> at org.apache.kafka.connect.mirror.Scheduler.run(Scheduler.java:93)
> at org.apache.kafka.connect.mirror.Scheduler.executeThread(Scheduler.java:112)
> at org.apache.kafka.connect.mirror.Scheduler.lambda$scheduleRepeating$0(Scheduler.java:50)
> at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
> at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305)
> at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305)
> at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
> at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> at java.base/java.lang.Thread.run(Thread.java:829)
> Caused by: org.apache.kafka.common.errors.SecurityDisabledException: No Authorizer is configured on the broker
> {quote}
> This can be misleading as it looks like something is wrong with MM2 or the Kafka cluster. In reality, it's usually fine, since topic ACL syncing is enabled by default and it's reasonable for Kafka clusters (especially in testing/dev environments) to not have authorizers enabled.
> We should try to catch this specific case and downgrade the severity of the log message from {{ERROR}} to either {{INFO}} or {{{}DEBUG{}}}. We may also consider suggesting to users that they disable topic ACL syncing if their Kafka cluster doesn't have authorization set up, but this should probably only be emitted once over the lifetime of the connector in order to avoid generating log spam.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)