I have a problem with Kafka messages (named secure.topic) protected by ACLs. My Groovy maker creates this error:
Error while fetching metadata with correlation id 9 : {secure.topic=LEADER_NOT_AVAILABLE}
Some configuration notes:
- 1 Kafka server, version 2.11_1.0.0 (both server and client Java libraries)
- the ACL theme is set to
All(also verified by --producer), and the user is the full name specified in the certificate - client authorization using self-generated certificates
Additional server configuration:
security.inter.broker.protocol = SSL
ssl.client.auth = required
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
If I remove the property authorizer.class.name, then my client can create messages (therefore without problems with SSL and certificates).
In addition, kafka-authorizer.log displays the following message:
[2018-01-25 11:57:02,779] INFO Principal = User:CN= User,OU=XXX,O=XXX,L=XXX,ST=Unknown,C=X is Denied Operation = ClusterAction from host = 127.0.0.1 on resource = Cluster:kafka-cluster (kafka.authorizer.logger)
, LEADER_NOT_AVAILABLE ACL?