kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ASHOK MACHERLA <iAsh...@outlook.com>
Subject Re: Required guidelines for kafka upgrade
Date Fri, 03 May 2019 16:22:01 GMT
Dear


Please find this below error

org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1521)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:528)
at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1197)
at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1165)
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
at org.apache.kafka.common.network.SslTransportLayer.handshakeWrap(SslTransportLayer.java:448)
at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:313)
at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:265)
at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:170)
at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:536)
at org.apache.kafka.common.network.Selector.poll(Selector.java:472)
at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:535)
at org.apache.kafka.clients.NetworkClientUtils.awaitReady(NetworkClientUtils.java:74)
at kafka.server.ReplicaFetcherBlockingSend.sendRequest(ReplicaFetcherBlockingSend.scala:95)
at kafka.server.ReplicaFetcherThread.fetchFromLeader(ReplicaFetcherThread.scala:193)
at kafka.server.AbstractFetcherThread.processFetchRequest(AbstractFetcherThread.scala:280)
at kafka.server.AbstractFetcherThread.$anonfun$maybeFetch$3(AbstractFetcherThread.scala:132)
at kafka.server.AbstractFetcherThread.$anonfun$maybeFetch$3$adapted(AbstractFetcherThread.scala:131)
at scala.Option.foreach(Option.scala:274)
at kafka.server.AbstractFetcherThread.maybeFetch(AbstractFetcherThread.scala:131)
at kafka.server.AbstractFetcherThread.doWork(AbstractFetcherThread.scala:113)
at kafka.utils.ShutdownableThread.run(ShutdownableThread.scala:82)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1709)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:318)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:970)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:967)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459)
at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:402)
at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:484)
at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:340)
... 15 more
Caused by: java.security.cert.CertificateException: Unknown identification algorithm: " "
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:462)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1626)
... 24 more
[2019-05-03 06:36:23,840] INFO [ReplicaFetcher replicaId=0, leaderId=2, fetcherId=0] Failed
authentication with /192.168.175.130 (SSL handshake failed) (org.apache.kafka.common.network.Selector)
[2019-05-03 06:36:23,842] ERROR [ReplicaFetcher replicaId=0, leaderId=2, fetcherId=0] Connection
to node 2 (/192.168.175.130:9092) failed authentication due to: SSL handshake failed (org.apache.kafka.clients.NetworkClient)
Sent from Outlook<http://aka.ms/weboutlook>
________________________________
From: Harper Henn <harper.henn@datto.com>
Sent: 03 May 2019 21:35
To: users@kafka.apache.org
Subject: Re: Required guidelines for kafka upgrade

What specific errors are you seeing in the server logs of the broker you
upgraded (can you copy/paste them)?

On Fri, May 3, 2019 at 7:29 AM ASHOK MACHERLA <iAshok7@outlook.com> wrote:

> *Dear Senthil*
>
> As you suggested , I follow but I’m facing errors
>
> This is my old configurations which is Kafka (0.10.1) version
>
> *****************************************************************
>
> broker.id=0
>
> port=9092
>
> delete.topic.enable=true
>
> message.max.bytes=100000
>
> listeners=SSL://192.168.175.128:9092
>
> advertised.listeners=SSL://192.168.175.128:9092
>
> num.network.threads=3
>
> num.io.threads=8
>
> socket.send.buffer.bytes=102400
>
> socket.receive.buffer.bytes=102400
>
> socket.request.max.bytes=104857600
>
> log.dirs=/opt/kafka/kafka-logs
>
> num.partitions=3
>
> default.replication.factor=3
>
> auto.topic.creation.enable=false
>
> num.recovery.threads.per.data.dir=1
>
> log.retention.hours=168
>
> log.segment.bytes=1073741824
>
> log.retention.check.interval.ms=300000
>
> ssl.keystore.location=/opt/kafka/certificate/kafka.keystore.jks
>
> ssl.keystore.password=Sbi#123
>
> ssl.key.password=Sbi#123
>
> ssl.truststore.location=/opt/kafka/certificate/kafka.truststore.jks
>
> ssl.truststore.password=Sbi#123
>
> security.inter.broker.protocol=SSL
>
> zookeeper.connect=192.168.175.128:2181,192.168.175.129:2181,
> 192.168.175.130:2181
>
> zookeeper.connection.timeout.ms=6000
>
> *****************************************************************
>
> After that i added three parameters into server.properties which is *new
> kafka version (2.2.0)*
>
> inter.broker.protocol.version=0.10.1
>
> log.message.format.version=0.10.1
>
> ssl.endpoint.identification.algorithm=""
>
> After that I stopped one Kafka node, and then I started new Kafka (2.2.0)
> version in same node.
>
> in this port is opening , it's showing 9092 port number
>
> but getting errors due to SSL issues
>
> I this position first node is running with new version (2.2.0) and
> remaining two nodes are running with previous version (0.10.1)
>
> I checked topic describe command on second node, here ISR is not syncing
> with new version,
>
> it's showing only 1,2, here "0" is missing it means first nodes was not
> syncing with remaining nodes,
>
> it’s should show like 0,1,2.
>
> Please help Senthil
>
> I tried so many options like below ,
>
> ssl.endpoint.identification.algorithm=""
>
> ssl.endpoint.identification.algorithm=" "
>
> ssl.endpoint.identification.algorithm="none"
>
> ssl.endpoint.identification.algorithm="null"
>
> ssl.endpoint.identification.algorithm=null
>
> ssl.endpoint.identification.algorithm=https
>
> please tell what correct value I should mention, and port is is showing
> but why it's ISR showing only 1,2 instead of 0,1,2
>
> is there any firewall settings problems?
>
> Please help us to fix this Senthil
>
> thanks
>
>
> Sent from Outlook <http://aka.ms/weboutlook>
> ------------------------------
> *From:* ASHOK MACHERLA <iashok7@outlook.com>
> *Sent:* 02 May 2019 13:28
> *To:* users@kafka.apache.org
> *Subject:* Re: Required guidelines for kafka upgrade
>
> OK Senthil
>
> Thanks for your support and cooperation
>
> Sent from Outlook
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message