Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-6041

Kafka: SSL handshake failed: Disconnected: connecting to a PLAINTEXT broker listener while using Vector as a Collector

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Major Major
    • Logging 5.9.7
    • Logging 5.9.0, Logging 5.9.1, Logging 5.9.2, Logging 5.9.3, Logging 5.9.4, Logging 5.9.5
    • Log Collection
    • False
    • None
    • False
    • NEW
    • NEW
    • Hide
      Before this update, the TLS section was added without checking broker URL schema, this is caused SSL connection errors if the URLs didn't start with 'tls'. With this change, the TLS section is only added if brokers URLs start with 'tls', it will prevent SSL connection errors.
      Show
      Before this update, the TLS section was added without checking broker URL schema, this is caused SSL connection errors if the URLs didn't start with 'tls'. With this change, the TLS section is only added if brokers URLs start with 'tls', it will prevent SSL connection errors.
    • Bug Fix
    • Important
    • Customer Escalated, Customer Reported

      Description of problem:

      -Kafka: SSL handshake failed: Disconnected: connecting to a PLAINTEXT broker listener while using Vector as a Collector.

      -Experiencing this issue with Logging 5.9.z
      -Log Forwarding to Kafka destination is working fine when using Fluentd as a collector, but it is not working with Vector as a collector.

      Version-Release number of selected component (if applicable):

      How reproducible:

      It can be reproduced:

      Steps to Reproduce:

      1. Install RHOCP Cluster.
      2. Install Cluster Logging Operator 5.9.z
      3. Create a ClusterLogging instance using Vector as a collector.
      4. Create a secret and a CLF instance with Kafka brokers: 
        apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name: instance
  namespace: openshift-logging
spec:
  outputs:
    - name: kafka-infra
      type: kafka
      secret:
        name: kafka-vector
      kafka:
        brokers:
          - tcp://XXXXX1:9092/9093
          - tcp://XXXXX2:9092/9093
          - tcp://XXXXX3:9092/9093
        topic: topic-logging-infra
  pipelines:
    - name: kafka-broker-1
      inputRefs:
        - infrastructure
      outputRefs:
        - kafka-infra
      5. Error in the collector pod logs: 
        YYYY-MM-DDTHH:MM:SS.XXXXZ ERROR librdkafka: librdkafka: FAIL [thrd:ssl://10.x.y.z:9093/bootstrap]: ssl://XXXXX1:909X/bootstrap: SSL handshake failed: Disconnected: connecting to a PLAINTEXT broker listener? (after 100ms in state SSL_HANDSHAKE, 1 identical error(s) suppressed)
YYYY-MM-DDTHH:MM:SS.XXXXZ ERROR rdkafka::client: librdkafka: Global error: BrokerTransportFailure (Local: Broker transport failure): sasl_ssl://XXXXX1:909X/bootstrap: SSL handshake failed: Disconnected: connecting to a PLAINTEXT broker listener? (after 101ms in state SSL_HANDSHAKE, 1 identical error(s) suppressed)

      Actual results:

      -Unable to forward logs to Kafka brokers when using Vector as a collector.
      -Tried with a single Kafka broker as well, but received same error logs.

      Expected results:

      -Logs need to be forwarded to External Kafka brokers.

      Additional info:

      • Secret was updated with SASL authentication and PLAINTEXT, but it did not help. 
          username: admin
  password: 'password'
  sasl.enable: 'true'
  security.protocol: 'SASL_PLAINTEXT'
      • Tried with a single Kafka broker as well, but received the same error logs.
      • Issue persists only when using Vector as a collector.
      • Broker is configured to accept the SSL Connection on the correct port.

              vparfono Vitalii Parfonov
              rhn-support-pripatil Prithviraj Patil
              Kabir Bharti Kabir Bharti
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: