kafka-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ij...@apache.org
Subject [kafka] branch 2.2 updated: MINOR: Improve log messages when authentications fail: (#6250)
Date Tue, 12 Feb 2019 20:40:47 GMT
This is an automated email from the ASF dual-hosted git repository.

ijuma pushed a commit to branch 2.2
in repository https://gitbox.apache.org/repos/asf/kafka.git


The following commit(s) were added to refs/heads/2.2 by this push:
     new 0f374af  MINOR: Improve log messages when authentications fail: (#6250)
0f374af is described below

commit 0f374af5132a15ce2a5e61a3e9c6f9784598781b
Author: Ismael Juma <ismael@juma.me.uk>
AuthorDate: Tue Feb 12 12:00:33 2019 -0800

    MINOR: Improve log messages when authentications fail: (#6250)
    
    - Include more detail in the client log message if the disconnection happens
    during authentication.
    - Include exception message in the Selector info entry when authentication
    fails and unwrap `DelayedResponseAuthenticationException`.
    - Remove duplicate debug log on authentication failure in the Selector.
---
 .../org/apache/kafka/clients/NetworkClient.java    | 11 ++++---
 .../org/apache/kafka/common/network/Selector.java  | 37 ++++++++++------------
 2 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/clients/src/main/java/org/apache/kafka/clients/NetworkClient.java b/clients/src/main/java/org/apache/kafka/clients/NetworkClient.java
index e7ba0e1..0c5230d 100644
--- a/clients/src/main/java/org/apache/kafka/clients/NetworkClient.java
+++ b/clients/src/main/java/org/apache/kafka/clients/NetworkClient.java
@@ -711,12 +711,15 @@ public class NetworkClient implements KafkaClient {
                 AuthenticationException exception = disconnectState.exception();
                 connectionStates.authenticationFailed(nodeId, now, exception);
                 metadataUpdater.handleAuthenticationFailure(exception);
-                log.error("Connection to node {} ({}) failed authentication due to: {}",
nodeId, disconnectState.remoteAddress(), exception.getMessage());
+                log.error("Connection to node {} ({}) failed authentication due to: {}",
nodeId,
+                    disconnectState.remoteAddress(), exception.getMessage());
                 break;
             case AUTHENTICATE:
-                // This warning applies to older brokers which don't provide feedback on
authentication failures
-                log.warn("Connection to node {} ({}) terminated during authentication. This
may indicate " +
-                        "that authentication failed due to invalid credentials.", nodeId,
disconnectState.remoteAddress());
+                log.warn("Connection to node {} ({}) terminated during authentication. This
may happen " +
+                    "due to any of the following reasons: (1) Authentication failed due to
invalid " +
+                    "credentials with brokers older than 1.0.0, (2) Firewall blocking Kafka
TLS " +
+                    "traffic (eg it may only allow HTTPS traffic), (3) Transient network
issue.",
+                    nodeId, disconnectState.remoteAddress());
                 break;
             case NOT_CONNECTED:
                 log.warn("Connection to node {} ({}) could not be established. Broker may
not be available.", nodeId, disconnectState.remoteAddress());
diff --git a/clients/src/main/java/org/apache/kafka/common/network/Selector.java b/clients/src/main/java/org/apache/kafka/common/network/Selector.java
index 7a4dd1b..e431e27 100644
--- a/clients/src/main/java/org/apache/kafka/common/network/Selector.java
+++ b/clients/src/main/java/org/apache/kafka/common/network/Selector.java
@@ -533,20 +533,7 @@ public class Selector implements Selectable, AutoCloseable {
 
                 /* if channel is not ready finish prepare */
                 if (channel.isConnected() && !channel.ready()) {
-                    try {
-                        channel.prepare();
-                    } catch (AuthenticationException e) {
-                        boolean isReauthentication = channel.successfulAuthentications()
> 0;
-                        if (isReauthentication)
-                            sensors.failedReauthentication.record();
-                        else
-                            sensors.failedAuthentication.record();
-                        log.info("Address {} failed {}authentication ({})",
-                            channel.socketDescription(),
-                            isReauthentication ? "re-" : "",
-                            e.getClass().getName());
-                        throw e;
-                    }
+                    channel.prepare();
                     if (channel.ready()) {
                         long readyTimeMs = time.milliseconds();
                         boolean isReauthentication = channel.successfulAuthentications()
> 1;
@@ -563,8 +550,8 @@ public class Selector implements Selectable, AutoCloseable {
                             if (!channel.connectedClientSupportsReauthentication())
                                 sensors.successfulAuthenticationNoReauth.record(1.0, readyTimeMs);
                         }
-                        log.debug("Address {} successfully {}authenticated",
-                            channel.socketDescription(), isReauthentication ? "re-" : "");
+                        log.debug("Successfully {}authenticated with {}", isReauthentication
?
+                            "re-" : "", channel.socketDescription());
                     }
                     List<NetworkReceive> responsesReceivedDuringReauthentication =
channel
                             .getAndClearResponsesReceivedDuringReauthentication();
@@ -605,12 +592,22 @@ public class Selector implements Selectable, AutoCloseable {
 
             } catch (Exception e) {
                 String desc = channel.socketDescription();
-                if (e instanceof IOException)
+                if (e instanceof IOException) {
                     log.debug("Connection with {} disconnected", desc, e);
-                else if (e instanceof AuthenticationException) // will be logged later as
error by clients
-                    log.debug("Connection with {} disconnected due to authentication exception",
desc, e);
-                else
+                } else if (e instanceof AuthenticationException) {
+                    boolean isReauthentication = channel.successfulAuthentications() >
0;
+                    if (isReauthentication)
+                        sensors.failedReauthentication.record();
+                    else
+                        sensors.failedAuthentication.record();
+                    String exceptionMessage = e.getMessage();
+                    if (e instanceof DelayedResponseAuthenticationException)
+                        exceptionMessage = e.getCause().getMessage();
+                    log.info("Failed {}authentication with {} ({})", isReauthentication ?
"re-" : "",
+                        desc, exceptionMessage);
+                } else {
                     log.warn("Unexpected error from {}; closing connection", desc, e);
+                }
 
                 if (e instanceof DelayedResponseAuthenticationException)
                     maybeDelayCloseOnAuthenticationFailure(channel);


Mime
View raw message