英文:
Strimzi kafka - kafka connect not getting installed
问题
根据提供的日志,看起来你的Kafka Connect 在与 Kafka 集群建立连接时遇到了SSL认证问题,导致连接失败。错误消息中提到了"Failed to process post-handshake messages"和"Tag mismatch",这通常表示SSL握手过程中发生了问题。
为了解决这个问题,你可以采取以下步骤:
-
检查证书配置:确保Kafka Connect 的TLS/SSL证书配置正确。检查证书文件的位置、密码和类型是否都正确。
-
检查Kafka集群配置:确保Kafka Connect 的配置与Kafka集群的配置匹配,包括安全协议、信任库等。确保Kafka集群的连接信息正确,如
bootstrap.servers。 -
检查证书匹配:确保Kafka Connect 使用的证书与Kafka集群期望的证书匹配。这包括证书的有效性和相关密钥的匹配。
-
检查网络连接:确保Kafka Connect 能够与Kafka集群建立网络连接,确保防火墙或网络策略没有阻止连接。
-
详细日志:检查Kafka Connect 的详细日志以获取更多信息,有助于确定SSL握手中的问题。
如果你能提供更多有关证书、Kafka集群配置和Kafka Connect 配置的信息,将更容易帮助你解决这个问题。同时,你可以考虑查看Kafka Connect的官方文档以获取更多关于TLS/SSL配置的信息。
英文:
I've Strimzi Kafka setup on GKE, and it is working fine.
I've a requirement to setup MirrorMaker2 to push data from source kafka topic to target Kafka topic.
From what i understand, MirrorMaker2 requires KafkaConnect.
I'm trying to install KafkaConnect on the GKE cluster in namespace kafka-connect, the yaml used is the following.
apiVersion: kafka.strimzi.io/v1beta2kind: KafkaConnectmetadata:name: my-connect-cluster# annotations:# strimzi.io/use-connector-resources: "true"spec:version: 3.0.0replicas: 1bootstrapServers: versa-kafka-gke-kafka-bootstrap:9093tls:trustedCertificates:- secretName: versa-kafka-gke-cluster-ca-certcertificate: ca.crtconfig:group.id: connect-clusteroffset.storage.topic: connect-cluster-offsetsconfig.storage.topic: connect-cluster-configsstatus.storage.topic: connect-cluster-status# -1 means it will use the default replication factor configured in the brokerconfig.storage.replication.factor: -1offset.storage.replication.factor: -1status.storage.replication.factor: -1
Command run to install:
kubectl apply -f kafka-connect.yaml -n kafka-connect
Note : Strimzi kafka is installed in namespace 'kafka', version - 3.0.0
I was expecting the KafkaConnect to get installed & the pods to be installed as well, however KafkaConnect resource is created, but not showing as Ready.
Also, the pods are not getting created.
(base) Karans-MacBook-Pro:kafkaConnect karanalang$ kc get kafkaconnect my-connect-cluster -n kafka-connectNAME DESIRED REPLICAS READYmy-connect-cluster 1
On describing the my-connect-cluster, here is the output (not showing any errors)
(base) Karans-MacBook-Pro:kafkaConnect karanalang$ kc describe kafkaconnect my-connect-cluster -n kafka-connectName: my-connect-clusterNamespace: kafka-connectLabels: <none>Annotations: <none>API Version: kafka.strimzi.io/v1beta2Kind: KafkaConnectMetadata:Creation Timestamp: 2023-02-16T06:38:41ZGeneration: 1Managed Fields:API Version: kafka.strimzi.io/v1beta2Fields Type: FieldsV1fieldsV1:f:metadata:f:annotations:.:f:kubectl.kubernetes.io/last-applied-configuration:f:spec:.:f:bootstrapServers:f:config:.:f:config.storage.replication.factor:f:config.storage.topic:f:group.id:f:offset.storage.replication.factor:f:offset.storage.topic:f:status.storage.replication.factor:f:status.storage.topic:f:replicas:f:tls:.:f:trustedCertificates:f:version:Manager: kubectl-client-side-applyOperation: UpdateTime: 2023-02-16T06:38:41ZResource Version: 266457732UID: bdd697f8-e38a-466b-8ddf-81ed1ae54efeSpec:Bootstrap Servers: versa-kafka-gke-kafka-bootstrap:9093Config:config.storage.replication.factor: -1config.storage.topic: connect-cluster-configsgroup.id: connect-clusteroffset.storage.replication.factor: -1offset.storage.topic: connect-cluster-offsetsstatus.storage.replication.factor: -1status.storage.topic: connect-cluster-statusReplicas: 1Tls:Trusted Certificates:Certificate: ca.crtSecret Name: versa-kafka-gke-cluster-ca-certVersion: 3.0.0Events: <none>
How do i debug/fix this ?
tia!
Update :
Based on note from Jakub, i re-installed kafkaconnect in the same namespace as Strimzi kafka (i.e. namespace - kafka), and pods are coming up now. However the logs show error as shown below :
(base) Karans-MacBook-Pro:kafkaConnect karanalang$ kc logs -f pod/my-connect-cluster-connect-67f76f5d89-nv9sj -n kafkaPreparing truststoreCertificate was added to keystorePreparing truststore is completeStarting Kafka Connect with configuration:# Bootstrap serversbootstrap.servers=versa-kafka-gke-w-kafka-bootstrap:9093# REST Listenersrest.port=8083rest.advertised.host.name=10.6.0.199rest.advertised.port=8083# Pluginsplugin.path=/opt/kafka/plugins# Provided configurationoffset.storage.topic=connect-cluster-offsetsvalue.converter=org.apache.kafka.connect.json.JsonConverterconfig.storage.topic=connect-cluster-configskey.converter=org.apache.kafka.connect.json.JsonConvertergroup.id=connect-clusterstatus.storage.topic=connect-cluster-statusconfig.storage.replication.factor=-1offset.storage.replication.factor=-1status.storage.replication.factor=-1security.protocol=SSLproducer.security.protocol=SSLconsumer.security.protocol=SSLadmin.security.protocol=SSL# TLS / SSLssl.truststore.location=/tmp/kafka/cluster.truststore.p12ssl.truststore.password=[hidden]ssl.truststore.type=PKCS12producer.ssl.truststore.location=/tmp/kafka/cluster.truststore.p12producer.ssl.truststore.password=[hidden]consumer.ssl.truststore.location=/tmp/kafka/cluster.truststore.p12consumer.ssl.truststore.password=[hidden]admin.ssl.truststore.location=/tmp/kafka/cluster.truststore.p12admin.ssl.truststore.password=[hidden]# Additional configurationclient.rack=2023-02-17 06:43:08,952 INFO WorkerInfo values:jvm.args = -Xms128M, -XX:+UseG1GC, -XX:MaxGCPauseMillis=20, -XX:InitiatingHeapOccupancyPercent=35, -XX:+ExplicitGCInvokesConcurrent, -XX:MaxInlineLevel=15, -Djava.awt.headless=true, -Dcom.sun.management.jmxremote, -Dcom.sun.management.jmxremote.authenticate=false, -Dcom.sun.management.jmxremote.ssl=false, -Dkafka.logs.dir=/opt/kafka, -Dlog4j.configuration=file:/opt/kafka/custom-config/log4j.propertiesjvm.spec = Red Hat, Inc., OpenJDK 64-Bit Server VM, 11.0.12, 11.0.12+7-LTSjvm.classpath = /opt/kafka/bin/../libs/accessors-smart-2.4.7.jar:/opt/kafka/bin/../libs/activation-1.1.1.jar:/opt/kafka/bin/../libs/annotations-13.0.jar:/opt/kafka/bin/../libs/aopalliance-repackaged-2.6.1.jar:/opt/kafka/bin/../libs/argparse4j-0.7.0.jar:/opt/kafka/bin/../libs/audience-annotations-0.5.0.jar:/opt/kafka/bin/../libs/automaton-1.11-8.jar:/opt/kafka/bin/../libs/checker-qual-3.5.0.jar:/opt/kafka/bin/../libs/commons-cli-1.4.jar:/opt/kafka/bin/../libs/commons-lang-2.6.jar:/opt/kafka/bin/../libs/commons-lang3-3.8.1.jar:/opt/kafka/bin/../libs/connect-api-3.0.0.jar:/opt/kafka/bin/../libs/connect-basic-auth-extension-3.0.0.jar:/opt/kafka/bin/../libs/connect-file-3.0.0.jar:/opt/kafka/bin/../libs/connect-json-3.0.0.jar:/opt/kafka/bin/../libs/connect-mirror-3.0.0.jar:/opt/kafka/bin/../libs/connect-mirror-client-3.0.0.jar:/opt/kafka/bin/../libs/connect-runtime-3.0.0.jar:/opt/kafka/bin/../libs/connect-transforms-......2023-02-17 06:43:24,944 INFO Added alias 'InsertHeader' to plugin 'org.apache.kafka.connect.transforms.InsertHeader' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]2023-02-17 06:43:24,945 INFO Added alias 'RegexRouter' to plugin 'org.apache.kafka.connect.transforms.RegexRouter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]2023-02-17 06:43:24,945 INFO Added alias 'TimestampRouter' to plugin 'org.apache.kafka.connect.transforms.TimestampRouter' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]2023-02-17 06:43:24,945 INFO Added alias 'ValueToKey' to plugin 'org.apache.kafka.connect.transforms.ValueToKey' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]2023-02-17 06:43:24,945 INFO Added alias 'HasHeaderKey' to plugin 'org.apache.kafka.connect.transforms.predicates.HasHeaderKey' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]2023-02-17 06:43:24,945 INFO Added alias 'RecordIsTombstone' to plugin 'org.apache.kafka.connect.transforms.predicates.RecordIsTombstone' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]2023-02-17 06:43:24,945 INFO Added alias 'TopicNameMatches' to plugin 'org.apache.kafka.connect.transforms.predicates.TopicNameMatches' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]2023-02-17 06:43:24,945 INFO Added alias 'BasicAuthSecurityRestExtension' to plugin 'org.apache.kafka.connect.rest.basic.auth.extension.BasicAuthSecurityRestExtension' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]2023-02-17 06:43:24,945 INFO Added aliases 'AllConnectorClientConfigOverridePolicy' and 'All' to plugin 'org.apache.kafka.connect.connector.policy.AllConnectorClientConfigOverridePolicy' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]2023-02-17 06:43:24,945 INFO Added aliases 'NoneConnectorClientConfigOverridePolicy' and 'None' to plugin 'org.apache.kafka.connect.connector.policy.NoneConnectorClientConfigOverridePolicy' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]2023-02-17 06:43:24,945 INFO Added aliases 'PrincipalConnectorClientConfigOverridePolicy' and 'Principal' to plugin 'org.apache.kafka.connect.connector.policy.PrincipalConnectorClientConfigOverridePolicy' (org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader) [main]2023-02-17 06:43:25,347 INFO DistributedConfig values:access.control.allow.methods =access.control.allow.origin =admin.listeners = nullbootstrap.servers = [versa-kafka-gke-w-kafka-bootstrap:9093]client.dns.lookup = use_all_dns_ipsclient.id =config.providers = []config.storage.replication.factor = -1config.storage.topic = connect-cluster-configsconnect.protocol = sessionedconnections.max.idle.ms = 540000connector.client.config.override.policy = Allgroup.id = connect-clusterheader.converter = class org.apache.kafka.connect.storage.SimpleHeaderConverterheartbeat.interval.ms = 3000inter.worker.key.generation.algorithm = HmacSHA256inter.worker.key.size = nullinter.worker.key.ttl.ms = 3600000inter.worker.signature.algorithm = HmacSHA256inter.worker.verification.algorithms = [HmacSHA256]key.converter = class org.apache.kafka.connect.json.JsonConverterlisteners = [http://:8083]metadata.max.age.ms = 300000metric.reporters = []metrics.num.samples = 2metrics.recording.level = INFOmetrics.sample.window.ms = 30000offset.flush.interval.ms = 60000offset.flush.timeout.ms = 5000offset.storage.partitions = 25offset.storage.replication.factor = -1offset.storage.topic = connect-cluster-offsetsplugin.path = [/opt/kafka/plugins]rebalance.timeout.ms = 60000receive.buffer.bytes = 32768reconnect.backoff.max.ms = 1000reconnect.backoff.ms = 50request.timeout.ms = 40000response.http.headers.config =rest.advertised.host.name = 10.6.0.199rest.advertised.listener = nullrest.advertised.port = 8083rest.extension.classes = []retry.backoff.ms = 100sasl.client.callback.handler.class = nullsasl.jaas.config = nullsasl.kerberos.kinit.cmd = /usr/bin/kinitsasl.kerberos.min.time.before.relogin = 60000sasl.kerberos.service.name = nullsasl.kerberos.ticket.renew.jitter = 0.05sasl.kerberos.ticket.renew.window.factor = 0.8sasl.login.callback.handler.class = nullsasl.login.class = nullsasl.login.refresh.buffer.seconds = 300sasl.login.refresh.min.period.seconds = 60sasl.login.refresh.window.factor = 0.8sasl.login.refresh.window.jitter = 0.05sasl.mechanism = GSSAPIscheduled.rebalance.max.delay.ms = 300000security.protocol = SSLsend.buffer.bytes = 131072session.timeout.ms = 10000socket.connection.setup.timeout.max.ms = 30000socket.connection.setup.timeout.ms = 10000ssl.cipher.suites = nullssl.client.auth = nonessl.enabled.protocols = [TLSv1.2, TLSv1.3]ssl.endpoint.identification.algorithm = httpsssl.engine.factory.class = nullssl.key.password = nullssl.keymanager.algorithm = SunX509ssl.keystore.certificate.chain = nullssl.keystore.key = nullssl.keystore.location = nullssl.keystore.password = nullssl.keystore.type = JKSssl.protocol = TLSv1.3ssl.provider = nullssl.secure.random.implementation = nullssl.trustmanager.algorithm = PKIXssl.truststore.certificates = nullssl.truststore.location = /tmp/kafka/cluster.truststore.p12ssl.truststore.password = [hidden]ssl.truststore.type = PKCS12status.storage.partitions = 5status.storage.replication.factor = -1status.storage.topic = connect-cluster-statustask.shutdown.graceful.timeout.ms = 5000topic.creation.enable = truetopic.tracking.allow.reset = truetopic.tracking.enable = truevalue.converter = class org.apache.kafka.connect.json.JsonConverterworker.sync.timeout.ms = 3000worker.unsync.backoff.ms = 300000(org.apache.kafka.connect.runtime.distributed.DistributedConfig) [main]2023-02-17 06:43:25,355 INFO Creating Kafka admin client (org.apache.kafka.connect.util.ConnectUtils) [main]2023-02-17 06:43:25,359 INFO AdminClientConfig values:bootstrap.servers = [versa-kafka-gke-w-kafka-bootstrap:9093]client.dns.lookup = use_all_dns_ipsclient.id =connections.max.idle.ms = 300000default.api.timeout.ms = 60000metadata.max.age.ms = 300000metric.reporters = []metrics.num.samples = 2metrics.recording.level = INFOmetrics.sample.window.ms = 30000receive.buffer.bytes = 65536reconnect.backoff.max.ms = 1000reconnect.backoff.ms = 50request.timeout.ms = 30000retries = 2147483647retry.backoff.ms = 100sasl.client.callback.handler.class = nullsasl.jaas.config = nullsasl.kerberos.kinit.cmd = /usr/bin/kinitsasl.kerberos.min.time.before.relogin = 60000sasl.kerberos.service.name = nullsasl.kerberos.ticket.renew.jitter = 0.05sasl.kerberos.ticket.renew.window.factor = 0.8sasl.login.callback.handler.class = nullsasl.login.class = nullsasl.login.refresh.buffer.seconds = 300sasl.login.refresh.min.period.seconds = 60sasl.login.refresh.window.factor = 0.8sasl.login.refresh.window.jitter = 0.05sasl.mechanism = GSSAPIsecurity.protocol = SSLsecurity.providers = nullsend.buffer.bytes = 131072socket.connection.setup.timeout.max.ms = 30000socket.connection.setup.timeout.ms = 10000ssl.cipher.suites = nullssl.enabled.protocols = [TLSv1.2, TLSv1.3]ssl.endpoint.identification.algorithm = httpsssl.engine.factory.class = nullssl.key.password = nullssl.keymanager.algorithm = SunX509ssl.keystore.certificate.chain = nullssl.keystore.key = nullssl.keystore.location = nullssl.keystore.password = nullssl.keystore.type = JKSssl.protocol = TLSv1.3ssl.provider = nullssl.secure.random.implementation = nullssl.trustmanager.algorithm = PKIXssl.truststore.certificates = nullssl.truststore.location = /tmp/kafka/cluster.truststore.p12ssl.truststore.password = [hidden]ssl.truststore.type = PKCS12(org.apache.kafka.clients.admin.AdminClientConfig) [main]2023-02-17 06:43:27,848 WARN The configuration 'producer.ssl.truststore.password' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig) [main]2023-02-17 06:43:27,849 WARN The configuration 'group.id' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig) [main]2023-02-17 06:43:27,849 WARN The configuration 'rest.advertised.port' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig) [main]2023-02-17 06:43:27,849 WARN The configuration 'plugin.path' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig) [main]2023-02-17 06:43:27,850 WARN The configuration 'admin.security.protocol' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig) [main]2023-02-17 06:43:27,850 WARN The configuration 'consumer.ssl.truststore.location' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig) [main]2023-02-17 06:43:27,850 WARN The configuration 'producer.ssl.truststore.location' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig) [main]2023-02-17 06:43:27,850 WARN The configuration 'status.storage.replication.factor' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig) [main]2023-02-17 06:43:27,850 WARN The configuration 'offset.storage.topic' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig) [main]2023-02-17 06:43:27,850 WARN The configuration 'consumer.security.protocol' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig) [main]2023-02-17 06:43:27,851 WARN The configuration 'value.converter' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig) [main]2023-02-17 06:43:27,851 WARN The configuration 'key.converter' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig) [main]2023-02-17 06:43:27,851 WARN The configuration 'admin.ssl.truststore.password' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig) [main]2023-02-17 06:43:27,851 WARN The configuration 'consumer.ssl.truststore.password' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig) [main]2023-02-17 06:43:27,851 WARN The configuration 'config.storage.topic' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig) [main]2023-02-17 06:43:27,851 WARN The configuration 'producer.security.protocol' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig) [main]2023-02-17 06:43:27,852 WARN The configuration 'rest.advertised.host.name' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig) [main]2023-02-17 06:43:27,852 WARN The configuration 'status.storage.topic' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig) [main]2023-02-17 06:43:27,852 WARN The configuration 'client.rack' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig) [main]2023-02-17 06:43:27,852 WARN The configuration 'rest.port' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig) [main]2023-02-17 06:43:27,853 WARN The configuration 'config.storage.replication.factor' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig) [main]2023-02-17 06:43:27,853 WARN The configuration 'offset.storage.replication.factor' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig) [main]2023-02-17 06:43:27,855 WARN The configuration 'admin.ssl.truststore.location' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig) [main]2023-02-17 06:43:27,856 INFO Kafka version: 3.0.0 (org.apache.kafka.common.utils.AppInfoParser) [main]2023-02-17 06:43:27,857 INFO Kafka commitId: 8cb0a5e9d3441962 (org.apache.kafka.common.utils.AppInfoParser) [main]2023-02-17 06:43:27,857 INFO Kafka startTimeMs: 1676616207856 (org.apache.kafka.common.utils.AppInfoParser) [main]2023-02-17 06:43:30,857 INFO [AdminClient clientId=adminclient-1] Failed re-authentication with versa-kafka-gke-w-kafka-bootstrap/10.6.131.57 (Failed to process post-handshake messages) (org.apache.kafka.common.network.Selector) [kafka-admin-client-thread | adminclient-1]2023-02-17 06:43:30,867 ERROR [AdminClient clientId=adminclient-1] Connection to node -1 (versa-kafka-gke-w-kafka-bootstrap/10.6.131.57:9093) failed authentication due to: Failed to process post-handshake messages (org.apache.kafka.clients.NetworkClient) [kafka-admin-client-thread | adminclient-1]2023-02-17 06:43:30,870 WARN [AdminClient clientId=adminclient-1] Metadata update failed due to authentication error (org.apache.kafka.clients.admin.internals.AdminMetadataManager) [kafka-admin-client-thread | adminclient-1]org.apache.kafka.common.errors.SslAuthenticationException: Failed to process post-handshake messagesCaused by: javax.net.ssl.SSLException: Tag mismatch!at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:349)at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:292)at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:287)at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:123)at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:681)at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:636)at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:454)at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:433)at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:637)at org.apache.kafka.common.network.SslTransportLayer.read(SslTransportLayer.java:567)at org.apache.kafka.common.network.NetworkReceive.readFrom(NetworkReceive.java:95)at org.apache.kafka.common.network.KafkaChannel.receive(KafkaChannel.java:452)at org.apache.kafka.common.network.KafkaChannel.read(KafkaChannel.java:402)at org.apache.kafka.common.network.Selector.attemptRead(Selector.java:674)at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:576)at org.apache.kafka.common.network.Selector.poll(Selector.java:481)at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:551)at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1389)at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1320)at java.base/java.lang.Thread.run(Thread.java:829)Caused by: javax.crypto.AEADBadTagException: Tag mismatch!at java.base/com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:623)at java.base/com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1116)at java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1053)at java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:941)at java.base/com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:491)at java.base/javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:779)at java.base/javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730)at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2497)at java.base/sun.security.ssl.SSLCipher$T13GcmReadCipherGenerator$GcmReadCipher.decrypt(SSLCipher.java:1903)at java.base/sun.security.ssl.SSLEngineInputRecord.decodeInputRecord(SSLEngineInputRecord.java:240)at java.base/sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:197)at java.base/sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:160)at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:111)... 16 more2023-02-17 06:43:30,946 INFO App info kafka.admin.client for adminclient-1 unregistered (org.apache.kafka.common.utils.AppInfoParser) [kafka-admin-client-thread | adminclient-1]2023-02-17 06:43:30,947 INFO [AdminClient clientId=adminclient-1] Metadata update failed (org.apache.kafka.clients.admin.internals.AdminMetadataManager) [kafka-admin-client-thread | adminclient-1]org.apache.kafka.common.errors.TimeoutException: The AdminClient thread has exited. Call: fetchMetadata2023-02-17 06:43:30,948 INFO [AdminClient clientId=adminclient-1] Metadata update failed (org.apache.kafka.clients.admin.internals.AdminMetadataManager) [kafka-admin-client-thread | adminclient-1]org.apache.kafka.common.errors.TimeoutException: The AdminClient thread has exited. Call: fetchMetadata2023-02-17 06:43:30,949 INFO [AdminClient clientId=adminclient-1] Timed out 2 remaining operation(s) during close. (org.apache.kafka.clients.admin.KafkaAdminClient) [kafka-admin-client-thread | adminclient-1]2023-02-17 06:43:30,959 INFO Metrics scheduler closed (org.apache.kafka.common.metrics.Metrics) [kafka-admin-client-thread | adminclient-1]2023-02-17 06:43:30,960 INFO Closing reporter org.apache.kafka.common.metrics.JmxReporter (org.apache.kafka.common.metrics.Metrics) [kafka-admin-client-thread | adminclient-1]2023-02-17 06:43:30,961 INFO Metrics reporters closed (org.apache.kafka.common.metrics.Metrics) [kafka-admin-client-thread | adminclient-1]2023-02-17 06:43:30,961 ERROR Stopping due to error (org.apache.kafka.connect.cli.ConnectDistributed) [main]org.apache.kafka.connect.errors.ConnectException: Failed to connect to and describe Kafka cluster. Check worker's broker connection and security properties.at org.apache.kafka.connect.util.ConnectUtils.lookupKafkaClusterId(ConnectUtils.java:70)at org.apache.kafka.connect.util.ConnectUtils.lookupKafkaClusterId(ConnectUtils.java:51)at org.apache.kafka.connect.cli.ConnectDistributed.startConnect(ConnectDistributed.java:97)at org.apache.kafka.connect.cli.ConnectDistributed.main(ConnectDistributed.java:80)Caused by: java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.SslAuthenticationException: Failed to process post-handshake messagesat java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:395)at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1999)at org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:165)at org.apache.kafka.connect.util.ConnectUtils.lookupKafkaClusterId(ConnectUtils.java:64)... 3 moreCaused by: org.apache.kafka.common.errors.SslAuthenticationException: Failed to process post-handshake messagesCaused by: javax.net.ssl.SSLException: Tag mismatch!at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:349)at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:292)at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:287)at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:123)at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:681)at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:636)at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:454)at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:433)at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:637)at org.apache.kafka.common.network.SslTransportLayer.read(SslTransportLayer.java:567)at org.apache.kafka.common.network.NetworkReceive.readFrom(NetworkReceive.java:95)at org.apache.kafka.common.network.KafkaChannel.receive(KafkaChannel.java:452)at org.apache.kafka.common.network.KafkaChannel.read(KafkaChannel.java:402)at org.apache.kafka.common.network.Selector.attemptRead(Selector.java:674)at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:576)at org.apache.kafka.common.network.Selector.poll(Selector.java:481)at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:551)at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1389)at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1320)at java.base/java.lang.Thread.run(Thread.java:829)Caused by: javax.crypto.AEADBadTagException: Tag mismatch!at java.base/com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:623)at java.base/com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1116)at java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1053)at java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:941)at java.base/com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:491)at java.base/javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:779)at java.base/javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730)at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2497)at java.base/sun.security.ssl.SSLCipher$T13GcmReadCipherGenerator$GcmReadCipher.decrypt(SSLCipher.java:1903)at java.base/sun.security.ssl.SSLEngineInputRecord.decodeInputRecord(SSLEngineInputRecord.java:240)at java.base/sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:197)at java.base/sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:160)at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:111)... 16 more
Pls note :
Strimzi Kafka version - 3.0.0, hence I've changed the version of kafkaconnect to - 3.0.0 as well.
答案1
得分: 1
你说你想使用MirrorMaker2吗?那么你应该使用那个种类,而不是KafkaConnect。详见https://strimzi.io/blog/2020/03/30/introducing-mirrormaker2/
另外,正如评论所提到的,确保操作员正在监视你安装资源的命名空间。仅仅因为你可以获取/描述资源并不意味着操作员知道它,或正在处理它(查看它的日志)。
英文:
You say you want to use MirrorMaker2? Then you should be using that kind, not KafkaConnect.
https://strimzi.io/blog/2020/03/30/introducing-mirrormaker2/
And, as commented, ensure the operator is watching the namespace where you install any resources. Just because you can get/describe the resource doesn't mean the operator knows about it, or is processing it (look at its logs)
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论