0

I am running a Kafka / Zk cluster in AWS MSK, and am connecting schema registry to it.

If I specify the broker list in kafkastore.bootstrap.servers, it connects fine (using protocol SSL). However, if I remove bootstrap server config and switch to a Zookeeper query for broker discovery using kafkastore.connection.url, then I am unable to connect to the cluster. It is because of what Zookeeper is returning from broker queries and how S.R. uses it:

$ ./bin/zkCli.sh -server z-1.cluster.address:2181
> ls /brokers/ids
[1, 2]
> get /brokers/ids/1
{
  "listener_security_protocol_map": {
    "CLIENT_SECURE": "SSL",
    "REPLICATION": "PLAINTEXT",
    "REPLICATION_SECURE": "SSL"
  },
  "endpoints": [
    "CLIENT_SECURE://b-1.cluster.address:9094",
    "REPLICATION://b-1-internal.cluster.address:9093",
    "REPLICATION_SECURE://b-1-internal.cluster.address:9095"
  ],
  ....
}

I am guessing that by specifying SSL protocol, it resolves the map back and then connects to both CLIENT_SECURE and REPLICATION_SECURE endpoints. However, all -internal.cluster.address endpoints are inaccessible.

It is possible to configure S.R to only use CLIENT_SECURE endpoints and not try connect to REPLICATION_SECURE ones?

It is related to https://github.com/confluentinc/schema-registry/issues/1126

Brett
  • 5,690
  • 6
  • 36
  • 63
  • 1
    There's not much advantage to use Zookeeper election – OneCricketeer Feb 10 '20 at 15:35
  • thanks @cricket_007 - im using the broker list, will stick to that. just wondering on the capability. – Brett Feb 10 '20 at 17:56
  • What concerns do you have? The end-goal is to remove dependence on ZK entirely https://cwiki.apache.org/confluence/display/KAFKA/KIP-500%3A+Replace+ZooKeeper+with+a+Self-Managed+Metadata+Quorum – OneCricketeer Feb 10 '20 at 20:24

0 Answers0