Skip to content

Dynamically reload metricsreporter keystore (and truststore) #1148

New issue
New issue
Open
#2206
Open
Dynamically reload metricsreporter keystore (and truststore)#1148
#2206
Assignees
Lincong
Labels
functionalityA feature request.good first issueA good fit as a first issue in the project.robustnessMakes the project tolerate or handle perturbations.
@Daan12345678

Description

@Daan12345678
Daan12345678
opened on Mar 17, 2020

We use short lived certificates to authenticate to Kafka. Is it possible to tell the metricsreporter to refresh it's certificates (keystore/truststore) without stopping the Kafka process?
We have tried the following:

/opt/kafka/bin/kafka-configs.sh --bootstrap-server ${bootstrap-server} --command-config /opt/kafka/config/kafka-client.properties --entity-type brokers --entity-name $(grep broker.id /data/kafka/meta.properties | awk -F "=" '{print$2}') --alter --add-config listener.name.ssl.truststore.location=/opt/kafka/config/kafka-keystore.jks,listener.name.ssl.keystore.location=/opt/kafka/config/kafka-keystore.jks,cruise.control.metrics.reporter.ssl.keystore.location=/opt/kafka/config/kafka-keystore.jks,cruise.control.metrics.reporter.ssl.truststore.location=/opt/kafka/config/kafka-keystore.jks

Logs:

[2020-03-17 10:10:35,126] ERROR [Producer clientId=CruiseControlMetricsReporter] Connection to node 1026 (${broker}/${broker_ip}:9093) failed authentication due to: SSL handshake failed (org.apache.kafka.clients.NetworkClient)

This does work for the Kafka broker, but not for the metricsreporter.
Any idea on how to do this?

Metadata

Metadata

Assignees

Labels

functionalityA feature request.good first issueA good fit as a first issue in the project.robustnessMakes the project tolerate or handle perturbations.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions