You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@kafka.apache.org by "M. Manna" <ma...@gmail.com> on 2017/08/04 15:46:10 UTC

Console Producer/Consumer - Leader Not Available when implemented with TLS/SSL

Hello,

I wanted to add TLS/SSL to my kafka setup. To start with, I went through
the kafka SSL documenation on main website. I have done the following:

1) Imported the signed certificates to keystore
2) Imported the root CA
3) Verified that the keystore and trust store password are correct by using
keytool.
4) Started zookeeper and kafka.
5) Confirmed the following from server.log file:


 Registered broker 0 at path /brokers/ids/0 with addresses:
EndPoint(localhost,9092,ListenerName(PLAINTEXT),PLAINTEXT),EndPoint(localhost,9093,ListenerName(SSL),SSL)
(kafka.utils.ZkUtils)

my server.properties file have both listeners and advertised.listeners set
to the following:

PLAINTEXT://localhost:9092,SSL://localhost:9093

I also have automatic topic creation enabled. When I do:

kafka-console-producer.bat --broker-list localhost:9093 --topic test_ssl
--producer.config ..\..\config\producer.properties

I am getting the following error:
[2017-08-04 16:28:15,265] WARN Error while fetching metadata with
correlation id 0 : {test_ssl=LEADER_NOT_AVAILABLE}
(org.apache.kafka.clients.NetworkClient)
[2017-08-04 16:28:15,372] WARN Error while fetching metadata with
correlation id 1 : {test_ssl=LEADER_NOT_AVAILABLE}
(org.apache.kafka.clients.NetworkClient)
[2017-08-04 16:28:15,474] WARN Error while fetching metadata with
correlation id 2 : {test_ssl=LEADER_NOT_AVAILABLE}
(org.apache.kafka.clients.NetworkClient)
[2017-08-04 16:28:20,302] WARN Error while fetching metadata with
correlation id 3 : {test_ssl=LEADER_NOT_AVAILABLE}
(org.apache.kafka.clients.NetworkClient)
[2017-08-04 16:28:20,406] WARN Error while fetching metadata with
correlation id 4 : {test_ssl=LEADER_NOT_AVAILABLE}
(org.apache.kafka.clients.NetworkClient)
[2017-08-04 16:28:20,512] WARN Error while fetching metadata with
correlation id 5 : {test_ssl=LEADER_NOT_AVAILABLE}
(org.apache.kafka.clients.NetworkClient)

I can confirm from kafka-topics command (also, server.log) that the topic
"test_ssl" creation was successful. I hope it's not because of this
underscore "_".

If there was a handshake issue, it would have been caught in the logs (I
think), but it looks like my SSL config has been accepted correctly. Just
wanted to know if I have missed something which I cannot quit spot here.

Kindest Regards,