schema-registry icon indicating copy to clipboard operation
schema-registry copied to clipboard

Published 20 hours ago verified publisher icon confluentinc

Schema registry won't start when using Kafka named listeners and security protocol map

Open comdw opened this issue 8 years ago • 31 comments

I'm using the relatively recent feature to separate internal and external listeners in Kafka. E.g.:

Broker config:

listeners=INTERNAL_PLAINTEXT://0.0.0.0:9092,EXTERNAL_PLAINTEXT://0.0.0.0:32092
advertised.listeners=INTERNAL_PLAINTEXT://kafka-0.broker.default.svc.cluster.local:9092,EXTERNAL_PLAINTEXT://$kafkaserver-0:32092
listener.security.protocol.map=INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT
inter.broker.listener.name=INTERNAL_PLAINTEXT

Error when starting schema registry: No endpoints found for security protocol [PLAINTEXT]. Endpoints found in ZK [{EXTERNAL_PLAINTEXT=kafkaserver-0:32092, INTERNAL_PLAINTEXT=kafka-0.broker.default.svc.cluster.local:9092}]

I've also tried adding a specific bootstrap server (kafkastore.bootstrap.servers) and tried setting kafkastore.security.protocol to INTERNAL_PLAINTEXT, but that made no difference.

I assume this just isn't supported yet, are there plans to do so? Ideally schema registry should be able to use just bootstrap servers instead of (zookeeper) connection url...

comdw avatar Oct 16 '17 09:10 comdw

+1. Using 3.3.0 containers with internal and external listeners. Same error, I haven't found a work around.

tompscanlan avatar Nov 29 '17 14:11 tompscanlan

I've also come across this issue, is there any admin willing to comment?

rhaarm avatar Dec 13 '17 19:12 rhaarm

I just ran into this as well... anyone? Bueller?

snagafritz avatar Dec 21 '17 22:12 snagafritz

+1. I am having the same issue. The schema registry seems to look for a PLAINTEXT endpoint, not taking any named listeners and security mappings into account.

PHameete avatar Feb 01 '18 16:02 PHameete

same here

xcompile avatar Apr 12 '18 05:04 xcompile

Same issue here

keslerm avatar May 08 '18 18:05 keslerm

Same issue here

ntmyahk avatar Jun 09 '18 03:06 ntmyahk

As a hacky workaround, if you name the internal protocol PLAINTEXT instead of INTERNAL_PLAINTEXT or INSIDE or whatever, then it works okay AFAICT.

anjackson avatar Jun 18 '18 12:06 anjackson

Yes, that's exactly the workaround I'm using currently :-)

PHameete avatar Jun 18 '18 13:06 PHameete

Is there any plans to fix this issue?

sk0va avatar Nov 02 '18 16:11 sk0va

As a hacky workaround, if you name the internal protocol PLAINTEXT instead of INTERNAL_PLAINTEXT or INSIDE or whatever, then it works okay AFAICT.

You are the best!

esin avatar Jan 08 '19 09:01 esin

same issue here

lssilva avatar Feb 17 '19 10:02 lssilva

Same here. Would be great to git this fixed.

DavidNavalho avatar Feb 19 '19 17:02 DavidNavalho

Getting the same error on kafka-rest-proxy 5.2.1

dipeshpp avatar May 06 '19 23:05 dipeshpp

+1 for this feature

chasdevs avatar Jun 10 '19 13:06 chasdevs

+1

neothor avatar Jun 14 '19 08:06 neothor

+1

rawyler avatar Jul 16 '19 09:07 rawyler

+1!!!!

lee1409 avatar Jul 31 '19 06:07 lee1409

+1!!!!!

yeryomenkom avatar Aug 29 '19 13:08 yeryomenkom

+1

ankit45621 avatar Sep 17 '19 11:09 ankit45621

@dipeshpp Have you got solution yet?

ankit45621 avatar Sep 17 '19 11:09 ankit45621

Documentation

kafkastore.bootstrap.servers

A list of Kafka brokers to connect to. For example, PLAINTEXT://hostname:9092,SSL://hostname2:9092

The effect of this setting depends on whether you specify kafkastore.connection.url.

If kafkastore.connection.url is not specified, the Kafka cluster containing these bootstrap servers is used both to coordinate Schema Registry instances (primary election) and to store schema data.

If kafkastore.connection.url is specified, this setting is used to control how Schema Registry connects to Kafka to store schema data and is particularly important when Kafka security is enabled. When this configuration is not specified, Schema Registry's internal Kafka clients will get their Kafka bootstrap server list from ZooKeeper (configured with kafkastore.connection.url). In that case, all available listeners matching the kafkastore.security.protocol setting is used.

By specifying this configuration, you can control which endpoints are used to connect to Kafka. Kafka may expose multiple endpoints that all will be stored in ZooKeeper, but Schema Registry may need to be configured with just one of those endpoints, for example to control which security protocol it uses.

if using DOCKER these settings must be placed on environment section as snake case and prefixed with SCHEMA_REGISTRY_

rodrigoreis avatar Sep 19 '19 14:09 rodrigoreis

+1 to this. I have OUTSIDE and INSIDE registered and this happens when I start up Kafka Connect:

java.lang.RuntimeException: No endpoints found for security protocol [PLAINTEXT]. Endpoints found in ZK [{OUTSIDE=192.168.122.98:9092, INSIDE=10.0.0.85:29092}] at io.confluent.admin.utils.cli.KafkaReadyCommand.main(KafkaReadyCommand.java:143)

sibblegp avatar Jan 08 '20 01:01 sibblegp

@dipeshpp Have you got solution yet?

Have you got any solution yet for this problem

karthikkalkur avatar Feb 04 '20 14:02 karthikkalkur

I have specified kafkastore.bootstrap.servers as e.g. PLAINTEXT://kafka:9092 and removed kafkastore.connection.url and it worked. Having both specified did not work, the bootstrap servers have been ignored.

https://docs.confluent.io/current/schema-registry/installation/config.html#kafkastore-bootstrap-servers

ksilin avatar Feb 12 '20 06:02 ksilin

The given workaround solved it for me, but it isn't pretty.

+1 on a proper fix!

wilterdinkrobert avatar Mar 12 '20 08:03 wilterdinkrobert

+1

CH-karthikprasad avatar Apr 09 '20 19:04 CH-karthikprasad

+1

maxant avatar May 02 '20 19:05 maxant

If you have SCHEMA_REGISTRY_KAFKASTORE_CONNECTION_URL set for the Schemar-Registry service, remove this setting and set SCHEMA_REGISTRY_KAFKASTORE_BOOTSTRAP_SERVERS ot one of the bootstrap servers.

For example, the relevant environment of my Kafka service is

      KAFKA_LISTENERS: "INTERNAL://kafka:9090, EXTERNAL://:9092"
      KAFKA_ADVERTISED_LISTENERS: "INTERNAL://kafka:9090, EXTERNAL://localhost:9092"
      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: "INTERNAL:PLAINTEXT, EXTERNAL:PLAINTEXT"
      KAFKA_INTER_BROKER_LISTENER_NAME: INTERNAL

So, for the Schemar-Registry service I set

      SCHEMA_REGISTRY_KAFKASTORE_BOOTSTRAP_SERVERS: "PLAINTEXT://kafka:9090"

and it works fine.

Reference: kafkastore.connection.url is deprecated.

SergiyKolesnikov avatar Jul 07 '20 18:07 SergiyKolesnikov

I found out when you use only kafkastore.bootstrap.servers and set the debug mode to true, it works fine. What a BUGGGGG!

configurationOverrides:
        kafkastore.bootstrap.servers: PLAINTEXT://kafka.namespace.svc.cluster.local:9092
        debug: true

Alizandieh avatar Sep 16 '21 10:09 Alizandieh