You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by GitBox <gi...@apache.org> on 2021/11/16 23:25:17 UTC

[GitHub] [kafka] rondagostino commented on a change in pull request #11503: KAFKA-13456: controller.listener.names required in KRaft

rondagostino commented on a change in pull request #11503:
URL: https://github.com/apache/kafka/pull/11503#discussion_r750751689



##########
File path: core/src/main/scala/kafka/server/KafkaConfig.scala
##########
@@ -2007,8 +2007,13 @@ class KafkaConfig private(doLog: Boolean, val props: java.util.Map[_, _], dynami
       "offsets.commit.required.acks must be greater or equal -1 and less or equal to offsets.topic.replication.factor")
     require(BrokerCompressionCodec.isValid(compressionType), "compression.type : " + compressionType + " is not valid." +
       " Valid options are " + BrokerCompressionCodec.brokerCompressionOptions.mkString(","))
-    require(!processRoles.contains(ControllerRole) || controllerListeners.nonEmpty,
-      s"${KafkaConfig.ControllerListenerNamesProp} cannot be empty if the server has the controller role")
+    if (usesSelfManagedQuorum) {

Review comment:
       I'm in agreement with not allowing `listeners` to contain the `controller.listener.names` values(s).  I'll rework tghe PR to do that.
   
   FYI, just as a sanity check, I confirmed that I was able to get a separate controller and broker working using our QuickStart files with the following changes:
   
   **controller.properties**
   ```
   listeners=SASL_PLAINTEXT://:9093
   listener.name.sasl_plaintext.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule Required unsecuredLoginStringClaim_sub="broker";
   sasl.enabled.mechanisms=OAUTHBEARER
   sasl.mechanism.controller.protocol=OAUTHBEARER
   controller.listener.names=SASL_PLAINTEXT
   ```
   
   **broker.properties**
   ```
   listener.security.protocol.map=CONTROLLER:SASL_PLAINTEXT,PLAINTEXT:PLAINTEXT,SSL:SSL,SASL_PLAINTEXT:SASL_PLAINTEXT,SASL_SSL:SASL_SSL
   sasl.mechanism.controller.protocol=OAUTHBEARER
   listener.name.controller.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule Required unsecuredLoginStringClaim_sub="broker";
   ```
   
   I was able to do this both with requiring the additional listener on the broker (the initial version of this PR) and not (the way the code works without this PR).
   
   So while the "listener" terminology is unfortunate in that the broker is not "listening" on it, I have confirmed that everything works as expected.
   
   I'll work on this more tomorrow.
   
   




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org