All configs set on `StreamsConfig` should be "forwarded" to every client.
On startup, each client logs its config. Can you double check if the
forwarding is done correctly?
What I don't understand is:
> I am passing the right SSLconfig and Kstreams topologies are able
>> to connect and consume data.
But also
>> Issue is we see in between is that the StreamThreads *launched internally*
>> are missing the SSL configuration, like "ssl.keystore.location" etc. and
>> create Consumer/Producer/AdminConfig with default config.
Both statements seem to contradict each other. Toplogies are executed by
`StreamThreads` and thus, only if the internal Consumer client can
connect to the broker, data would be piped through the topology.
However, the log line you show says "restore consumer" -- note that
there are two consumers! Could it be that you only forward the
ssl-configs to the main consumer?
How do you exactly set the ssl-configs?
-Matthias
On 9/24/20 10:27 AM, Devendra Bisht wrote:
> Hello,
>
> Guys, I am trying to connect with a Kafka cluster v2.4, which has TLS
> enabled, I am passing the right SSLconfig and Kstreams topologies are able
> to connect and consume data.
>
> Issue is we see in between is that the StreamThreads *launched internally*
> are missing the SSL configuration, like "ssl.keystore.location" etc. and
> create Consumer/Producer/AdminConfig with default config.
>
> My question is, is there a way to specify some global configuration or
> override the default config which these StreamThreads use? As what's
> happening is due to this default config (which misses SSL key/truststore),
> the client does not provide a client X.509 cert and the server responds
> with an unexpected server_hello message right before completing the
> handshake.
>
> *Logs:*
>
> *00:15:50.863 [main] INFO o.a.k.s.p.internals.StreamThread - stream-thread
> [streams-processor-b02e0a4e-1197-43d4-a8c7-bf78c7f65824-StreamThread-1]
> Creating restore consumer client*
>
> * ssl.keystore.location = null ssl.keystore.password = null*
> *......*
>
>
> *javax.net.ssl|ERROR|51|kafka-admin-client-thread |
> streams-processor-b02e0a4e-1197-43d4-a8c7-bf78c7f65824-admin|2020-09-22
> 24:15:51.007 IST|TransportContext.java:318|Fatal (UNEXPECTED_MESSAGE):
> Unexpected handshake message: server_hello ("throwable" : {
> javax.net.ssl.SSLProtocolException: Unexpected handshake message:
> server_hello*
>
>
> Cheers
>
On startup, each client logs its config. Can you double check if the
forwarding is done correctly?
What I don't understand is:
> I am passing the right SSLconfig and Kstreams topologies are able
>> to connect and consume data.
But also
>> Issue is we see in between is that the StreamThreads *launched internally*
>> are missing the SSL configuration, like "ssl.keystore.location" etc. and
>> create Consumer/Producer/AdminConfig with default config.
Both statements seem to contradict each other. Toplogies are executed by
`StreamThreads` and thus, only if the internal Consumer client can
connect to the broker, data would be piped through the topology.
However, the log line you show says "restore consumer" -- note that
there are two consumers! Could it be that you only forward the
ssl-configs to the main consumer?
How do you exactly set the ssl-configs?
-Matthias
On 9/24/20 10:27 AM, Devendra Bisht wrote:
> Hello,
>
> Guys, I am trying to connect with a Kafka cluster v2.4, which has TLS
> enabled, I am passing the right SSLconfig and Kstreams topologies are able
> to connect and consume data.
>
> Issue is we see in between is that the StreamThreads *launched internally*
> are missing the SSL configuration, like "ssl.keystore.location" etc. and
> create Consumer/Producer/AdminConfig with default config.
>
> My question is, is there a way to specify some global configuration or
> override the default config which these StreamThreads use? As what's
> happening is due to this default config (which misses SSL key/truststore),
> the client does not provide a client X.509 cert and the server responds
> with an unexpected server_hello message right before completing the
> handshake.
>
> *Logs:*
>
> *00:15:50.863 [main] INFO o.a.k.s.p.internals.StreamThread - stream-thread
> [streams-processor-b02e0a4e-1197-43d4-a8c7-bf78c7f65824-StreamThread-1]
> Creating restore consumer client*
>
> * ssl.keystore.location = null ssl.keystore.password = null*
> *......*
>
>
> *javax.net.ssl|ERROR|51|kafka-admin-client-thread |
> streams-processor-b02e0a4e-1197-43d4-a8c7-bf78c7f65824-admin|2020-09-22
> 24:15:51.007 IST|TransportContext.java:318|Fatal (UNEXPECTED_MESSAGE):
> Unexpected handshake message: server_hello ("throwable" : {
> javax.net.ssl.SSLProtocolException: Unexpected handshake message:
> server_hello*
>
>
> Cheers
>
Comments
Post a Comment