Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bitnami/kafka] 3.5.1 Error SSL Handshake at Kraft Broker Startup with Docker Compose Configuration #53286

Closed
hrfdev0174 opened this issue Nov 29, 2023 · 6 comments
Closed

[bitnami/kafka] 3.5.1 Error SSL Handshake at Kraft Broker Startup with Docker Compose Configuration #53286

hrfdev0174 opened this issue Nov 29, 2023 · 6 comments
Assignees
@andresbono
Labels
in-progress kafka tech-issues The user has a technical issue about an application

Comments

@hrfdev0174
Copy link

hrfdev0174 commented Nov 29, 2023
edited by carrodher
Loading

Name and Version

bitnami/kafka:3.5.1

What architecture are you using?

None

What steps will reproduce the bug?

Using image docker.io/bitnami/kafka:3.5.1 and docker compose
On Red Hat Enterprise Linux release 8.8 (Ootpa) server
Using the configuration of docker-compose-cluster.yml file and Security parameters as described in https://github.com/bitnami/containers/tree/main/bitnami/kafka#security

Configuration in docker compose yaml file used:

version: "2"

services:
  kafka:
    image: docker.io/bitnami/kafka:3.5.1
    container_name: kafka_certi
    hostname: certi-kafka01.domain.com
    networks:
      - kafka_network
    ports:
      - '9092'
    restart: always
    volumes:
      - /kafka-data:/bitnami/kafka"
      - /kafka-data/config/certs/kafka.truststore.jks:/bitnami/kafka/config/certs/kafka.truststore.jks
      - /kafka-data/config/certs/kafka.keystore.jks:/bitnami/kafka/config/certs/kafka.keystore.jks
      - /kafka-data/config/kafka_server_jaas.conf:/bitnami/kafka/config/kafka_server_jaas.conf
    environment:
      - KAFKA_CFG_NODE_ID=0
      - KAFKA_CFG_PROCESS_ROLES=controller,broker
      - KAFKA_CFG_CONTROLLER_QUORUM_VOTERS=0@kafka:9093
      - KAFKA_CFG_LISTENERS=SASL_SSL://:9092,CONTROLLER://:9093
      - KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=CONTROLLER:SASL_PLAINTEXT,SASL_SSL:SASL_SSL
      - KAFKA_CFG_ADVERTISED_LISTENERS=SASL_SSL://:9092
      - KAFKA_CLIENT_USERS=user
      - KAFKA_CLIENT_PASSWORDS=password
      - KAFKA_CFG_CONTROLLER_LISTENER_NAMES=CONTROLLER
      - KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL=PLAIN
      - KAFKA_CONTROLLER_USER=controller_user
      - KAFKA_CONTROLLER_PASSWORD=controller_password
      - KAFKA_CFG_INTER_BROKER_LISTENER_NAME=SASL_SSL
      - KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL=PLAIN
      - KAFKA_INTER_BROKER_USER=controller_user
      - KAFKA_INTER_BROKER_PASSWORD=controller_password
      # Broker security settings
      - KAFKA_CFG_SSL_TRUSTSTORE_LOCATION=/bitnami/kafka/config/certs/kafka.truststore.jks
      - KAFKA_CFG_SSL_TRUSTSTORE_PASSWORD=***
      - KAFKA_CFG_SSL_KEYSTORE_LOCATION=/bitnami/kafka/config/certs/kafka.keystore.jks
      - KAFKA_CFG_SSL_KEYSTORE_PASSWORD=***
      - KAFKA_CFG_SASL_ENABLED_MECHANISMS=PLAIN
      - KAFKA_TLS_TYPE=JKS
      # JVM Options
      - KAFKA_HEAP_OPTS=-Xms1g -Xmx2g -XX:MaxRAM=2g
      # Timezone
      - TZ=America/Lima
      - BITNAMI_DEBUG=true
networks:
  kafka_network:
    driver: bridge
    name: "kafka_network"

Start the broker service with docker compose

docker compose up

What is the expected behavior?

What is expected is that the broker server starts successfully.

What do you see instead?

The broker server crashes and terminates with status code 1.
The log is the following:

kafka_certi  | kafka 19:55:15.89
kafka_certi  | kafka 19:55:15.89 Welcome to the Bitnami kafka container
kafka_certi  | kafka 19:55:15.89 Subscribe to project updates by watching https://github.com/bitnami/containers
kafka_certi  | kafka 19:55:15.89 Submit issues and feature requests at https://github.com/bitnami/containers/issues
kafka_certi  | kafka 19:55:15.89
kafka_certi  | kafka 19:55:15.89 INFO  ==> ** Starting Kafka setup **
kafka_certi  | kafka 19:55:15.93 DEBUG ==> Validating settings in KAFKA_* env vars...
kafka_certi  | kafka 19:55:16.89 INFO  ==> Initializing Kafka...
kafka_certi  | kafka 19:55:16.90 INFO  ==> Copying truststore /bitnami/kafka/config/certs/kafka.truststore.jks to /opt/bitnami/kafka/config/certs
kafka_certi  | kafka 19:55:16.90 INFO  ==> No injected configuration files found, creating default config files
kafka_certi  | kafka 19:55:17.05 INFO  ==> Initializing KRaft storage metadata
kafka_certi  | kafka 19:55:17.05 WARN  ==> KAFKA_KRAFT_CLUSTER_ID not set - If using multiple nodes then you must use the same Cluster ID for each one
kafka_certi  | kafka 19:55:17.93 INFO  ==> Generated Kafka cluster ID '7GFuPPn9TFmV4ea2ZNHXZA'
kafka_certi  | kafka 19:55:17.93 INFO  ==> Formatting storage directories to add metadata...
kafka_certi  | Formatting /bitnami/kafka/data with metadata.version 3.5-IV2.
kafka_certi  |
kafka_certi  | kafka 19:55:19.00 INFO  ==> ** Kafka setup finished! **
kafka_certi  | kafka 19:55:19.01 INFO  ==> ** Starting Kafka **
kafka_certi  | [2023-11-28 19:55:19,453] INFO Registered kafka:type=kafka.Log4jController MBean (kafka.utils.Log4jControllerRegistration$)
kafka_certi  | [2023-11-28 19:55:19,665] INFO Setting -D jdk.tls.rejectClientInitiatedRenegotiation=true to disable client-initiated TLS renegotiation (org.apache.zookeeper.common.X509Util)
kafka_certi  | [2023-11-28 19:55:19,767] INFO Registered signal handlers for TERM, INT, HUP (org.apache.kafka.common.utils.LoggingSignalHandler)
kafka_certi  | [2023-11-28 19:55:19,769] INFO [ControllerServer id=0] Starting controller (kafka.server.ControllerServer)
kafka_certi  | [2023-11-28 19:55:20,041] INFO Updated connection-accept-rate max connection creation rate to 2147483647 (kafka.network.ConnectionQuotas)
kafka_certi  | [2023-11-28 19:55:20,104] INFO Successfully logged in. (org.apache.kafka.common.security.authenticator.AbstractLogin)
kafka_certi  | [2023-11-28 19:55:20,116] INFO [SocketServer listenerType=CONTROLLER, nodeId=0] Created data-plane acceptor and processors for endpoint : ListenerName(CONTROLLER) (kafka.network.SocketServer)
kafka_certi  | [2023-11-28 19:55:20,118] INFO [SharedServer id=0] Starting SharedServer (kafka.server.SharedServer)
kafka_certi  | [2023-11-28 19:55:20,167] INFO [LogLoader partition=__cluster_metadata-0, dir=/bitnami/kafka/data] Loading producer state till offset 0 with message format version 2 (kafka.log.UnifiedLog$)
kafka_certi  | [2023-11-28 19:55:20,168] INFO [LogLoader partition=__cluster_metadata-0, dir=/bitnami/kafka/data] Reloading from producer snapshot and rebuilding producer state from offset 0 (kafka.log.UnifiedLog$)
kafka_certi  | [2023-11-28 19:55:20,168] INFO [LogLoader partition=__cluster_metadata-0, dir=/bitnami/kafka/data] Producer state recovery took 0ms for snapshot load and 0ms for segment recovery from offset 0 (kafka.log.UnifiedLog$)
kafka_certi  | [2023-11-28 19:55:20,189] INFO Initialized snapshots with IDs Set() from /bitnami/kafka/data/__cluster_metadata-0 (kafka.raft.KafkaMetadataLog$)
kafka_certi  | [2023-11-28 19:55:20,200] INFO [raft-expiration-reaper]: Starting (kafka.raft.TimingWheelExpirationService$ExpiredOperationReaper)
kafka_certi  | [2023-11-28 19:55:20,299] INFO [RaftManager id=0] Completed transition to Unattached(epoch=0, voters=[0], electionTimeoutMs=1473) from null (org.apache.kafka.raft.QuorumState)
kafka_certi  | [2023-11-28 19:55:20,303] INFO [RaftManager id=0] Completed transition to CandidateState(localId=0, epoch=1, retries=1, voteStates={0=GRANTED}, highWatermark=Optional.empty, electionTimeoutMs=1282) from Unattached(epoch=0, voters=[0], electionTimeoutMs=1473) (org.apache.kafka.raft.QuorumState)
kafka_certi  | [2023-11-28 19:55:20,308] INFO [RaftManager id=0] Completed transition to Leader(localId=0, epoch=1, epochStartOffset=0, highWatermark=Optional.empty, voterStates={0=ReplicaState(nodeId=0, endOffset=Optional.empty, lastFetchTimestamp=-1, lastCaughtUpTimestamp=-1, hasAcknowledgedLeader=true)}) from CandidateState(localId=0, epoch=1, retries=1, voteStates={0=GRANTED}, highWatermark=Optional.empty, electionTimeoutMs=1282) (org.apache.kafka.raft.QuorumState)
kafka_certi  | [2023-11-28 19:55:20,325] INFO [kafka-0-raft-outbound-request-thread]: Starting (kafka.raft.RaftSendThread)
kafka_certi  | [2023-11-28 19:55:20,325] INFO [kafka-0-raft-io-thread]: Starting (kafka.raft.KafkaRaftManager$RaftIoThread)
kafka_certi  | [2023-11-28 19:55:20,336] INFO [ControllerServer id=0] Waiting for controller quorum voters future (kafka.server.ControllerServer)
kafka_certi  | [2023-11-28 19:55:20,336] INFO [MetadataLoader id=0] initializeNewPublishers: the loader is still catching up because we still don't know the high water mark yet. (org.apache.kafka.image.loader.MetadataLoader)
kafka_certi  | [2023-11-28 19:55:20,336] INFO [ControllerServer id=0] Finished waiting for controller quorum voters future (kafka.server.ControllerServer)
kafka_certi  | [2023-11-28 19:55:20,338] INFO [RaftManager id=0] High watermark set to LogOffsetMetadata(offset=1, metadata=Optional[(segmentBaseOffset=0,relativePositionInSegment=91)]) for the first time for epoch 1 based on indexOfHw 0 and voters [ReplicaState(nodeId=0, endOffset=Optional[LogOffsetMetadata(offset=1, metadata=Optional[(segmentBaseOffset=0,relativePositionInSegment=91)])], lastFetchTimestamp=-1, lastCaughtUpTimestamp=-1, hasAcknowledgedLeader=true)] (org.apache.kafka.raft.LeaderState)
kafka_certi  | [2023-11-28 19:55:20,345] INFO [RaftManager id=0] Registered the listener org.apache.kafka.image.loader.MetadataLoader@1041373495 (org.apache.kafka.raft.KafkaRaftClient)
kafka_certi  | [2023-11-28 19:55:20,351] INFO [MetadataLoader id=0] handleCommit: The loader is still catching up because we have loaded up to offset -1, but the high water mark is 1 (org.apache.kafka.image.loader.MetadataLoader)
kafka_certi  | [2023-11-28 19:55:20,356] INFO [QuorumController id=0] Creating new QuorumController with clusterId 7GFuPPn9TFmV4ea2ZNHXZA, authorizer Optional.empty. (org.apache.kafka.controller.QuorumController)
kafka_certi  | [2023-11-28 19:55:20,356] INFO [RaftManager id=0] Registered the listener org.apache.kafka.controller.QuorumController$QuorumMetaLogListener@711914488 (org.apache.kafka.raft.KafkaRaftClient)
kafka_certi  | [2023-11-28 19:55:20,357] INFO [QuorumController id=0] Becoming the active controller at epoch 1, committed offset -1, committed epoch -1 (org.apache.kafka.controller.QuorumController)
kafka_certi  | [2023-11-28 19:55:20,359] INFO [QuorumController id=0] The metadata log appears to be empty. Appending 1 bootstrap record(s) at metadata.version 3.5-IV2 from the binary bootstrap metadata file: /bitnami/kafka/data/bootstrap.checkpoint. (org.apache.kafka.controller.QuorumController)
kafka_certi  | [2023-11-28 19:55:20,360] INFO [QuorumController id=0] Setting metadata version to 3.5-IV2 (org.apache.kafka.controller.FeatureControlManager)
kafka_certi  | [2023-11-28 19:55:20,360] INFO [controller-0-ThrottledChannelReaper-Fetch]: Starting (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,360] INFO [QuorumController id=0] Transitioning ZK migration state from NONE to NONE (org.apache.kafka.controller.FeatureControlManager)
kafka_certi  | [2023-11-28 19:55:20,361] INFO [controller-0-ThrottledChannelReaper-Produce]: Starting (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,362] INFO [controller-0-ThrottledChannelReaper-Request]: Starting (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,366] INFO [controller-0-ThrottledChannelReaper-ControllerMutation]: Starting (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,377] INFO [ExpirationReaper-0-AlterAcls]: Starting (kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper)
kafka_certi  | [2023-11-28 19:55:20,378] INFO [SocketServer listenerType=CONTROLLER, nodeId=0] Enabling request processing. (kafka.network.SocketServer)
kafka_certi  | [2023-11-28 19:55:20,380] INFO Awaiting socket connections on 0.0.0.0:9093. (kafka.network.DataPlaneAcceptor)
kafka_certi  | [2023-11-28 19:55:20,389] INFO [ControllerServer id=0] Waiting for all of the authorizer futures to be completed (kafka.server.ControllerServer)
kafka_certi  | [2023-11-28 19:55:20,390] INFO [ControllerServer id=0] Finished waiting for all of the authorizer futures to be completed (kafka.server.ControllerServer)
kafka_certi  | [2023-11-28 19:55:20,390] INFO [ControllerServer id=0] Waiting for all of the SocketServer Acceptors to be started (kafka.server.ControllerServer)
kafka_certi  | [2023-11-28 19:55:20,390] INFO [ControllerServer id=0] Finished waiting for all of the SocketServer Acceptors to be started (kafka.server.ControllerServer)
kafka_certi  | [2023-11-28 19:55:20,392] INFO [MetadataLoader id=0] handleCommit: The loader finished catching up to the current high water mark of 3 (org.apache.kafka.image.loader.MetadataLoader)
kafka_certi  | [2023-11-28 19:55:20,393] INFO [ControllerServer id=0] Waiting for the controller metadata publishers to be installed (kafka.server.ControllerServer)
kafka_certi  | [2023-11-28 19:55:20,394] INFO [ControllerServer id=0] Finished waiting for the controller metadata publishers to be installed (kafka.server.ControllerServer)
kafka_certi  | [2023-11-28 19:55:20,394] INFO [BrokerServer id=0] Transition from SHUTDOWN to STARTING (kafka.server.BrokerServer)
kafka_certi  | [2023-11-28 19:55:20,394] INFO [BrokerServer id=0] Starting broker (kafka.server.BrokerServer)
kafka_certi  | [2023-11-28 19:55:20,395] INFO [MetadataLoader id=0] InitializeNewPublishers: initializing SnapshotGenerator with a snapshot at offset 2 (org.apache.kafka.image.loader.MetadataLoader)
kafka_certi  | [2023-11-28 19:55:20,396] INFO [MetadataLoader id=0] InitializeNewPublishers: initializing DynamicConfigPublisher controller id=0 with a snapshot at offset 2 (org.apache.kafka.image.loader.MetadataLoader)
kafka_certi  | [2023-11-28 19:55:20,396] INFO [MetadataLoader id=0] InitializeNewPublishers: initializing DynamicClientQuotaPublisher controller id=0 with a snapshot at offset 2 (org.apache.kafka.image.loader.MetadataLoader)
kafka_certi  | [2023-11-28 19:55:20,397] INFO [MetadataLoader id=0] InitializeNewPublishers: initializing ScramPublisher controller id=0 with a snapshot at offset 2 (org.apache.kafka.image.loader.MetadataLoader)
kafka_certi  | [2023-11-28 19:55:20,397] INFO [MetadataLoader id=0] InitializeNewPublishers: initializing ControllerMetadataMetricsPublisher with a snapshot at offset 2 (org.apache.kafka.image.loader.MetadataLoader)
kafka_certi  | [2023-11-28 19:55:20,401] INFO [broker-0-ThrottledChannelReaper-Fetch]: Starting (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,402] INFO [broker-0-ThrottledChannelReaper-Produce]: Starting (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,402] INFO [broker-0-ThrottledChannelReaper-Request]: Starting (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,402] INFO [broker-0-ThrottledChannelReaper-ControllerMutation]: Starting (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,417] INFO [BrokerServer id=0] Waiting for controller quorum voters future (kafka.server.BrokerServer)
kafka_certi  | [2023-11-28 19:55:20,417] INFO [BrokerServer id=0] Finished waiting for controller quorum voters future (kafka.server.BrokerServer)
kafka_certi  | [2023-11-28 19:55:20,422] INFO [broker-0-to-controller-forwarding-channel-manager]: Starting (kafka.server.BrokerToControllerRequestThread)
kafka_certi  | [2023-11-28 19:55:20,424] INFO [broker-0-to-controller-forwarding-channel-manager]: Recorded new controller, from now on will use node kafka:9093 (id: 0 rack: null) (kafka.server.BrokerToControllerRequestThread)
kafka_certi  | [2023-11-28 19:55:20,451] INFO Updated connection-accept-rate max connection creation rate to 2147483647 (kafka.network.ConnectionQuotas)
kafka_certi  | [2023-11-28 19:55:20,452] WARN Broker configuration 'ssl.client.auth' is applied only to SSL listeners. Listener-prefixed configuration can be used to enable SSL client authentication for SASL_SSL listeners. In future releases, broker-wide option without listener prefix may be applied to SASL_SSL listeners as well. All configuration options intended for specific listeners should be listener-prefixed. (org.apache.kafka.common.network.ChannelBuilders)
kafka_certi  | [2023-11-28 19:55:20,452] INFO Successfully logged in. (org.apache.kafka.common.security.authenticator.AbstractLogin)
kafka_certi  | [2023-11-28 19:55:20,726] INFO [BrokerServer id=0] Transition from STARTING to STARTED (kafka.server.BrokerServer)
kafka_certi  | [2023-11-28 19:55:20,728] ERROR [BrokerServer id=0] Fatal error during broker startup. Prepare to shutdown (kafka.server.BrokerServer)
kafka_certi  | org.apache.kafka.common.KafkaException: org.apache.kafka.common.config.ConfigException: Invalid value javax.net.ssl.SSLHandshakeException: No available authentication scheme for configuration A client SSLEngine created with the provided settings can't connect to a server SSLEngine created with those settings.
kafka_certi  |  at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:184)
kafka_certi  |  at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:192)
kafka_certi  |  at org.apache.kafka.common.network.ChannelBuilders.serverChannelBuilder(ChannelBuilders.java:107)
kafka_certi  |  at kafka.network.Processor.<init>(SocketServer.scala:973)
kafka_certi  |  at kafka.network.Acceptor.newProcessor(SocketServer.scala:879)
kafka_certi  |  at kafka.network.Acceptor.$anonfun$addProcessors$1(SocketServer.scala:849)
kafka_certi  |  at scala.collection.immutable.Range.foreach$mVc$sp(Range.scala:158)
kafka_certi  |  at kafka.network.Acceptor.addProcessors(SocketServer.scala:848)
kafka_certi  |  at kafka.network.DataPlaneAcceptor.configure(SocketServer.scala:523)
kafka_certi  |  at kafka.network.SocketServer.createDataPlaneAcceptorAndProcessors(SocketServer.scala:251)
kafka_certi  |  at kafka.network.SocketServer.$anonfun$new$31(SocketServer.scala:175)
kafka_certi  |  at kafka.network.SocketServer.$anonfun$new$31$adapted(SocketServer.scala:175)
kafka_certi  |  at scala.collection.mutable.ResizableArray.foreach(ResizableArray.scala:62)
kafka_certi  |  at scala.collection.mutable.ResizableArray.foreach$(ResizableArray.scala:55)
kafka_certi  |  at scala.collection.mutable.ArrayBuffer.foreach(ArrayBuffer.scala:49)
kafka_certi  |  at kafka.network.SocketServer.<init>(SocketServer.scala:175)
kafka_certi  |  at kafka.server.BrokerServer.startup(BrokerServer.scala:237)
kafka_certi  |  at kafka.server.KafkaRaftServer.$anonfun$startup$2(KafkaRaftServer.scala:96)
kafka_certi  |  at kafka.server.KafkaRaftServer.$anonfun$startup$2$adapted(KafkaRaftServer.scala:96)
kafka_certi  |  at scala.Option.foreach(Option.scala:407)
kafka_certi  |  at kafka.server.KafkaRaftServer.startup(KafkaRaftServer.scala:96)
kafka_certi  |  at kafka.Kafka$.main(Kafka.scala:113)
kafka_certi  |  at kafka.Kafka.main(Kafka.scala)
kafka_certi  | Caused by: org.apache.kafka.common.config.ConfigException: Invalid value javax.net.ssl.SSLHandshakeException: No available authentication scheme for configuration A client SSLEngine created with the provided settings can't connect to a server SSLEngine created with those settings.
kafka_certi  |  at org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:102)
kafka_certi  |  at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:180)
kafka_certi  |  ... 22 more
kafka_certi  | [2023-11-28 19:55:20,730] INFO [BrokerServer id=0] Transition from STARTED to SHUTTING_DOWN (kafka.server.BrokerServer)
kafka_certi  | [2023-11-28 19:55:20,730] INFO [BrokerServer id=0] shutting down (kafka.server.BrokerServer)
kafka_certi  | [2023-11-28 19:55:20,731] INFO [BrokerLifecycleManager id=0] Skipping controlled shutdown because we are in state NOT_RUNNING. (kafka.server.BrokerLifecycleManager)
kafka_certi  | [2023-11-28 19:55:20,731] INFO [BrokerLifecycleManager id=0] beginShutdown: shutting down event queue. (org.apache.kafka.queue.KafkaEventQueue)
kafka_certi  | [2023-11-28 19:55:20,731] INFO [BrokerLifecycleManager id=0] Transitioning from NOT_RUNNING to SHUTTING_DOWN. (kafka.server.BrokerLifecycleManager)
kafka_certi  | [2023-11-28 19:55:20,732] INFO [broker-0-to-controller-forwarding-channel-manager]: Shutting down (kafka.server.BrokerToControllerRequestThread)
kafka_certi  | [2023-11-28 19:55:20,735] INFO [broker-0-to-controller-forwarding-channel-manager]: Stopped (kafka.server.BrokerToControllerRequestThread)
kafka_certi  | [2023-11-28 19:55:20,735] INFO [broker-0-to-controller-forwarding-channel-manager]: Shutdown completed (kafka.server.BrokerToControllerRequestThread)
kafka_certi  | [2023-11-28 19:55:20,736] INFO Broker to controller channel manager for forwarding shutdown (kafka.server.BrokerToControllerChannelManagerImpl)
kafka_certi  | [2023-11-28 19:55:20,736] INFO Shutting down. (kafka.log.LogManager)
kafka_certi  | [2023-11-28 19:55:20,750] INFO Shutdown complete. (kafka.log.LogManager)
kafka_certi  | [2023-11-28 19:55:20,751] INFO [broker-0-ThrottledChannelReaper-Fetch]: Shutting down (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,752] INFO [broker-0-ThrottledChannelReaper-Fetch]: Stopped (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,752] INFO [broker-0-ThrottledChannelReaper-Fetch]: Shutdown completed (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,752] INFO [broker-0-ThrottledChannelReaper-Produce]: Shutting down (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,752] INFO [broker-0-ThrottledChannelReaper-Produce]: Stopped (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,752] INFO [broker-0-ThrottledChannelReaper-Produce]: Shutdown completed (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,752] INFO [broker-0-ThrottledChannelReaper-Request]: Shutting down (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,752] INFO [broker-0-ThrottledChannelReaper-Request]: Stopped (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,752] INFO [broker-0-ThrottledChannelReaper-Request]: Shutdown completed (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,752] INFO [broker-0-ThrottledChannelReaper-ControllerMutation]: Shutting down (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,752] INFO [broker-0-ThrottledChannelReaper-ControllerMutation]: Stopped (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,753] INFO [broker-0-ThrottledChannelReaper-ControllerMutation]: Shutdown completed (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,754] INFO Broker and topic stats closed (kafka.server.BrokerTopicStats)
kafka_certi  | [2023-11-28 19:55:20,754] INFO [BrokerLifecycleManager id=0] closed event queue. (org.apache.kafka.queue.KafkaEventQueue)
kafka_certi  | [2023-11-28 19:55:20,754] INFO [BrokerServer id=0] shut down completed (kafka.server.BrokerServer)
kafka_certi  | [2023-11-28 19:55:20,755] INFO [BrokerServer id=0] Transition from SHUTTING_DOWN to SHUTDOWN (kafka.server.BrokerServer)
kafka_certi  | [2023-11-28 19:55:20,755] ERROR Exiting Kafka due to fatal exception during startup. (kafka.Kafka$)
kafka_certi  | org.apache.kafka.common.KafkaException: org.apache.kafka.common.config.ConfigException: Invalid value javax.net.ssl.SSLHandshakeException: No available authentication scheme for configuration A client SSLEngine created with the provided settings can't connect to a server SSLEngine created with those settings.
kafka_certi  |  at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:184)
kafka_certi  |  at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:192)
kafka_certi  |  at org.apache.kafka.common.network.ChannelBuilders.serverChannelBuilder(ChannelBuilders.java:107)
kafka_certi  |  at kafka.network.Processor.<init>(SocketServer.scala:973)
kafka_certi  |  at kafka.network.Acceptor.newProcessor(SocketServer.scala:879)
kafka_certi  |  at kafka.network.Acceptor.$anonfun$addProcessors$1(SocketServer.scala:849)
kafka_certi  |  at scala.collection.immutable.Range.foreach$mVc$sp(Range.scala:158)
kafka_certi  |  at kafka.network.Acceptor.addProcessors(SocketServer.scala:848)
kafka_certi  |  at kafka.network.DataPlaneAcceptor.configure(SocketServer.scala:523)
kafka_certi  |  at kafka.network.SocketServer.createDataPlaneAcceptorAndProcessors(SocketServer.scala:251)
kafka_certi  |  at kafka.network.SocketServer.$anonfun$new$31(SocketServer.scala:175)
kafka_certi  |  at kafka.network.SocketServer.$anonfun$new$31$adapted(SocketServer.scala:175)
kafka_certi  |  at scala.collection.mutable.ResizableArray.foreach(ResizableArray.scala:62)
kafka_certi  |  at scala.collection.mutable.ResizableArray.foreach$(ResizableArray.scala:55)
kafka_certi  |  at scala.collection.mutable.ArrayBuffer.foreach(ArrayBuffer.scala:49)
kafka_certi  |  at kafka.network.SocketServer.<init>(SocketServer.scala:175)
kafka_certi  |  at kafka.server.BrokerServer.startup(BrokerServer.scala:237)
kafka_certi  |  at kafka.server.KafkaRaftServer.$anonfun$startup$2(KafkaRaftServer.scala:96)
kafka_certi  |  at kafka.server.KafkaRaftServer.$anonfun$startup$2$adapted(KafkaRaftServer.scala:96)
kafka_certi  |  at scala.Option.foreach(Option.scala:407)
kafka_certi  |  at kafka.server.KafkaRaftServer.startup(KafkaRaftServer.scala:96)
kafka_certi  |  at kafka.Kafka$.main(Kafka.scala:113)
kafka_certi  |  at kafka.Kafka.main(Kafka.scala)
kafka_certi  | Caused by: org.apache.kafka.common.config.ConfigException: Invalid value javax.net.ssl.SSLHandshakeException: No available authentication scheme for configuration A client SSLEngine created with the provided settings can't connect to a server SSLEngine created with those settings.
kafka_certi  |  at org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:102)
kafka_certi  |  at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:180)
kafka_certi  |  ... 22 more
kafka_certi  | [2023-11-28 19:55:20,756] INFO [ControllerServer id=0] shutting down (kafka.server.ControllerServer)
kafka_certi  | [2023-11-28 19:55:20,756] INFO [raft-expiration-reaper]: Shutting down (kafka.raft.TimingWheelExpirationService$ExpiredOperationReaper)
kafka_certi  | [2023-11-28 19:55:20,801] INFO [raft-expiration-reaper]: Stopped (kafka.raft.TimingWheelExpirationService$ExpiredOperationReaper)
kafka_certi  | [2023-11-28 19:55:20,801] INFO [raft-expiration-reaper]: Shutdown completed (kafka.raft.TimingWheelExpirationService$ExpiredOperationReaper)
kafka_certi  | [2023-11-28 19:55:20,802] INFO [kafka-0-raft-io-thread]: Shutting down (kafka.raft.KafkaRaftManager$RaftIoThread)
kafka_certi  | [2023-11-28 19:55:20,802] INFO [RaftManager id=0] Beginning graceful shutdown (org.apache.kafka.raft.KafkaRaftClient)
kafka_certi  | [2023-11-28 19:55:20,803] INFO [RaftManager id=0] Graceful shutdown completed (org.apache.kafka.raft.KafkaRaftClient)
kafka_certi  | [2023-11-28 19:55:20,803] INFO [kafka-0-raft-io-thread]: Completed graceful shutdown of RaftClient (kafka.raft.KafkaRaftManager$RaftIoThread)
kafka_certi  | [2023-11-28 19:55:20,803] INFO [kafka-0-raft-io-thread]: Stopped (kafka.raft.KafkaRaftManager$RaftIoThread)
kafka_certi  | [2023-11-28 19:55:20,803] INFO [kafka-0-raft-io-thread]: Shutdown completed (kafka.raft.KafkaRaftManager$RaftIoThread)
kafka_certi  | [2023-11-28 19:55:20,805] INFO [kafka-0-raft-outbound-request-thread]: Shutting down (kafka.raft.RaftSendThread)
kafka_certi  | [2023-11-28 19:55:20,805] INFO [kafka-0-raft-outbound-request-thread]: Stopped (kafka.raft.RaftSendThread)
kafka_certi  | [2023-11-28 19:55:20,805] INFO [kafka-0-raft-outbound-request-thread]: Shutdown completed (kafka.raft.RaftSendThread)
kafka_certi  | [2023-11-28 19:55:20,808] INFO [ProducerStateManager partition=__cluster_metadata-0]Wrote producer snapshot at offset 3 with 0 producer ids in 2 ms. (org.apache.kafka.storage.internals.log.ProducerStateManager)
kafka_certi  | [2023-11-28 19:55:20,815] INFO [SocketServer listenerType=CONTROLLER, nodeId=0] Stopping socket server request processors (kafka.network.SocketServer)
kafka_certi  | [2023-11-28 19:55:20,819] INFO [SocketServer listenerType=CONTROLLER, nodeId=0] Stopped socket server request processors (kafka.network.SocketServer)
kafka_certi  | [2023-11-28 19:55:20,819] INFO [QuorumController id=0] QuorumController#beginShutdown: shutting down event queue. (org.apache.kafka.queue.KafkaEventQueue)
kafka_certi  | [2023-11-28 19:55:20,819] ERROR [QuorumController id=0] writeNoOpRecord: unable to start processing because of RejectedExecutionException. Reason: null (org.apache.kafka.controller.QuorumController)
kafka_certi  | [2023-11-28 19:55:20,819] INFO [SocketServer listenerType=CONTROLLER, nodeId=0] Shutting down socket server (kafka.network.SocketServer)
kafka_certi  | [2023-11-28 19:55:20,825] INFO [SocketServer listenerType=CONTROLLER, nodeId=0] Shutdown completed (kafka.network.SocketServer)
kafka_certi  | [2023-11-28 19:55:20,825] INFO [data-plane Kafka Request Handler on Broker 0], shutting down (kafka.server.KafkaRequestHandlerPool)
kafka_certi  | [2023-11-28 19:55:20,827] INFO [data-plane Kafka Request Handler on Broker 0], shut down completely (kafka.server.KafkaRequestHandlerPool)
kafka_certi  | [2023-11-28 19:55:20,827] INFO [ExpirationReaper-0-AlterAcls]: Shutting down (kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper)
kafka_certi  | [2023-11-28 19:55:20,828] INFO [ExpirationReaper-0-AlterAcls]: Stopped (kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper)
kafka_certi  | [2023-11-28 19:55:20,828] INFO [ExpirationReaper-0-AlterAcls]: Shutdown completed (kafka.server.DelayedOperationPurgatory$ExpiredOperationReaper)
kafka_certi  | [2023-11-28 19:55:20,829] INFO [controller-0-ThrottledChannelReaper-Fetch]: Shutting down (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,829] INFO [controller-0-ThrottledChannelReaper-Fetch]: Stopped (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,829] INFO [controller-0-ThrottledChannelReaper-Fetch]: Shutdown completed (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,829] INFO [controller-0-ThrottledChannelReaper-Produce]: Shutting down (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,829] INFO [controller-0-ThrottledChannelReaper-Produce]: Stopped (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,829] INFO [controller-0-ThrottledChannelReaper-Produce]: Shutdown completed (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,829] INFO [controller-0-ThrottledChannelReaper-Request]: Shutting down (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,829] INFO [controller-0-ThrottledChannelReaper-Request]: Stopped (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,829] INFO [controller-0-ThrottledChannelReaper-Request]: Shutdown completed (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,829] INFO [controller-0-ThrottledChannelReaper-ControllerMutation]: Shutting down (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,830] INFO [controller-0-ThrottledChannelReaper-ControllerMutation]: Shutdown completed (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,830] INFO [QuorumController id=0] closed event queue. (org.apache.kafka.queue.KafkaEventQueue)
kafka_certi  | [2023-11-28 19:55:20,830] INFO [controller-0-ThrottledChannelReaper-ControllerMutation]: Stopped (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
kafka_certi  | [2023-11-28 19:55:20,831] INFO [SharedServer id=0] Stopping SharedServer (kafka.server.SharedServer)
kafka_certi  | [2023-11-28 19:55:20,831] INFO [MetadataLoader id=0] beginShutdown: shutting down event queue. (org.apache.kafka.queue.KafkaEventQueue)
kafka_certi  | [2023-11-28 19:55:20,831] INFO [SnapshotGenerator id=0] beginShutdown: shutting down event queue. (org.apache.kafka.queue.KafkaEventQueue)
kafka_certi  | [2023-11-28 19:55:20,832] INFO [SnapshotGenerator id=0] closed event queue. (org.apache.kafka.queue.KafkaEventQueue)
kafka_certi  | [2023-11-28 19:55:20,833] INFO [MetadataLoader id=0] closed event queue. (org.apache.kafka.queue.KafkaEventQueue)
kafka_certi  | [2023-11-28 19:55:20,833] INFO [SnapshotGenerator id=0] closed event queue. (org.apache.kafka.queue.KafkaEventQueue)
kafka_certi  | [2023-11-28 19:55:20,834] INFO Metrics scheduler closed (org.apache.kafka.common.metrics.Metrics)
kafka_certi  | [2023-11-28 19:55:20,834] INFO Metrics reporters closed (org.apache.kafka.common.metrics.Metrics)
kafka_certi  | [2023-11-28 19:55:20,841] INFO App info kafka.server for 0 unregistered (org.apache.kafka.common.utils.AppInfoParser)
kafka_certi  | [2023-11-28 19:55:20,841] INFO App info kafka.server for 0 unregistered (org.apache.kafka.common.utils.AppInfoParser)
kafka_certi exited with code 1

Additional information

The keystores were generated using wildcard certificate for the domain "*.domain.com" which is the domain assigned to the hostname.
@hrfdev0174 hrfdev0174 added the tech-issues The user has a technical issue about an application label Nov 29, 2023
@github-actions github-actions bot added the triage Triage is needed label Nov 29, 2023
@hrfdev0174
Copy link
Author

Docker version

Client: Docker Engine - Community
 Version:           24.0.5
 API version:       1.43
 Go version:        go1.20.6
 Git commit:        ced0996
 Built:             Fri Jul 21 20:36:32 2023
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          24.0.5
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.6
  Git commit:       a61e2b4
  Built:            Fri Jul 21 20:35:32 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.24
  GitCommit:        61f9fd88f79f081d64d6fa3bb1a0dc71ec870523
 runc:
  Version:          1.1.9
  GitCommit:        v1.1.9-0-gccaecfc
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Docker Compose version

Docker Compose version v2.21.0

@github-actions github-actions bot added in-progress and removed triage Triage is needed labels Nov 29, 2023
@hrfdev0174
Copy link
Author

Please @javsalgar your help with this issue.

@github-actions GitHub Actions
Copy link

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

@github-actions github-actions bot added the stale 15 days without activity label Dec 22, 2023
@github-actions GitHub Actions
Copy link

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.

@bitnami-bot bitnami-bot closed this as not planned Won't fix, can't repro, duplicate, stale Dec 28, 2023
@kalbhor
Copy link

kalbhor commented Mar 21, 2024
edited by carrodher
Loading

I'm facing the same error when running on 3.5. In fact kafka runs fine for me on 3.5.1 and 3.7 but fails on other tags (such as 3.5, 3.6). I'm using TLS certs in pem format with kraft mode.
I get the same error :

kafka_certi  | org.apache.kafka.common.KafkaException: org.apache.kafka.common.config.ConfigException: Invalid value javax.net.ssl.SSLHandshakeException: No available authentication scheme for configuration A client SSLEngine created with the provided settings can't connect to a server SSLEngine created with those settings.

@javsalgar javsalgar changed the title [bitnami/kafka:3.5.1] Error SSL Handshake at Kraft Broker Startup with Docker Compose Configuration [bitnami/kafka] 3.5.` Error SSL Handshake at Kraft Broker Startup with Docker Compose Configuration Mar 25, 2024
@javsalgar javsalgar changed the title [bitnami/kafka] 3.5.` Error SSL Handshake at Kraft Broker Startup with Docker Compose Configuration [bitnami/kafka] 3.5.1 Error SSL Handshake at Kraft Broker Startup with Docker Compose Configuration Mar 25, 2024
@javsalgar javsalgar added in-progress and removed stale 15 days without activity solved labels Mar 25, 2024
@github-actions github-actions bot assigned andresbono and unassigned javsalgar Mar 25, 2024
@andresbono
Copy link
Contributor

Hi, the original issue is quite old. Could you please share information about the specific environment you are using to run your Kafka deployment? I.e. Helm chart parameters, versions...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andresbono andresbono

Labels
in-progress kafka tech-issues The user has a technical issue about an application
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@andresbono @javsalgar @bitnami-bot @carrodher @kalbhor @hrfdev0174