-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Connecting Schema-Registry ECS Container to AWS MSK #1126
Comments
You would need to set I would suggest just using Kafka master election rather than Zookeeper anyway |
Also running into this issue. Setting
|
Hi guys, I've been struggling with the exact issue for a couple of days, and I think I managed to connect my schema registry (on ECS) to MSK. I switched to Kafka master election by removing the Not entirely sure yet it is exactly what I want, but it sure is better to have the schema registry up and running! I hope this helps and I'll stick around for a little while. |
Hi, I have a working MSK cluster configured with SSl.
NB: here's my schema-registry.properties
Any idea? |
just a quick addition: even if the topic _schemas is not protected by any ACL, the same isse occurs... |
Hi Guys , I am facing the same issue .. Thanks in advance .. |
Hi Guys , Above suggested fix not working. Still not able to connect schema registry to MSK. I am running Docker in a separate instance and have connections enabled to MSK services.
Error faced when connecting with SCHEMA_REGISTRY_KAFKASTORE_CONNECTION_URL is below
Also tried to replace SCHEMA_REGISTRY_KAFKASTORE_CONNECTION_URL with SCHEMA_REGISTRY_KAFKASTORE_BOOTSTRAP_SERVERS
Still getting error with below message
Any know solution to this. |
So I go the config resolved: kafkastore.ssl.keytstore.location mis-spelt => should have been kafkastore.ssl.keystore.location Then I had an issue with ACL:
that's it!! @navinsnn53 kafkastore.bootstrap.servers=PLAINTEXT://b-2.kafkaclusternew.jbf0pp.c4.kafka.us-west-2.amazonaws.com:9092,PLAINTEXT://b-3.kafkaclusternew.jbf0pp.c4.kafka.us-west-2.amazonaws.com:9092,PLAINTEXT://b-1.kafkaclusternew.jbf0pp.c4.kafka.us-west-2.amazonaws.com:9092 Hope this helps |
I would like to share with you some additional tips how to setup Schema Registry (at the time of this writing the last stable edition is 5.3.1-1) to run inside AWS ECS using the AWS Fargate launch type. Using a serverless option can make your life easier in cases where you don't need full control over EC2 instances. I hope you will find the next couple of tricks useful. The decision about specifying brokers is explained in the section Single Primary Architecture of the Confluent's documentation. Schema Registry requires setting the
You can "insert" additional files into your container by using volumes. Confluent's Docker images follow the convention of exposing a container mount point via the P.S. You may also want to attach a web-based GUI to browse and manage the schemas inside the registry. There is an open-source project Landoop/schema-registry-ui (ships as a Docker image) that mimics the Confluent's Control Center. |
@pgottvalles are you using ACM PCA(Private Certificate Authority) to connect your Schema-Registry to MSK over TLS? According to the documentation, if you want to connect over TLS, it is only possible if you have PCA. Does someone know a different way or workaround, I don't want to spin up PCA just for that. |
Yes we are using ACM PCA. I think that would require serious hacking as MSK needs to be deployed with the PCA arn if you want to enable TLS and authorization Best regards |
Hello Guys .I am still getting same issue I tried PLAINTEXT:// without connection URL and with also . |
Anyone had any luck with establishing an MSK cluster with TLS, without running a PCA? It really hikes up the cost, particularly running multiple environments |
I finally got it to work with TLS (not mutual TLS) without a PCA. The key for me was to actually set the security protocol. My setup in Task definition:
And with @evarga tips as the Command. |
Trying to connect to brokers via Zookeeper in MSK fails because of the networking - Zookeeper returns both CLIENT_SECURE and REPLICATION_SECURE endpoints when using SSL through protocol mapping. The REPLICATION_SECURE endpoints are inaccessible outside of the cluster and will fail. If S.R. was able to filter by protocol mapping or endpoint, then it would solve it. See here: https://stackoverflow.com/questions/60149087/configure-schema-registry-to-only-use-client-secure-protcol-mapping-to-connect |
I had a very similar problem, but it was not with the schema-registry but with kafka-connect, I will leave my contribution here =). When you set up an msk cluster on aws, it recommends that you use 3 brokers, but you can also use only 2. Well, that was what worked for me. |
Thanks @evarga /@ppiazzolla, I am trying to run the docker schema registry container within an EC2 instance which has access to MSK cluster, however not sure if I have specified the
If i do not include the sh command, the container comes up cleanly and only works in locally(i.e. |
Hi Everyone,
I am trying for the past days to connect my Schema Registry ECS container to AWS MSK but the container keeps stopping.
2019-05-22 14:06:17 at io.confluent.admin.utils.cli.KafkaReadyCommand.main(KafkaReadyCommand.java:143) 2019-05-22 14:06:17java.lang.RuntimeException: No endpoints found for security protocol [PLAINTEXT]. Endpoints found in ZK [{REPLICATION=b-1-internal.TESTCLUSTER.ttx77r.c3.kafka.eu-west-1.amazonaws.com:9093, CLIENT=b-1.TESTCLUSTER.ttx77r.c3.kafka.eu-west-1.amazonaws.com:9092}] 2019-05-22 14:06:17[main] ERROR io.confluent.admin.utils.cli.KafkaReadyCommand - Error while running kafka-ready. 2019-05-22 14:06:16[main-EventThread] INFO org.apache.zookeeper.ClientCnxn - EventThread shut down for session: 0x3000003ecf70041 2019-05-22 14:06:16[main] INFO org.apache.zookeeper.ZooKeeper - Session: 0x3000003ecf70041 closed 2019-05-22 14:06:16[main-SendThread(172.xxx.xxx.xxx:2181)] INFO org.apache.zookeeper.ClientCnxn - Session establishment complete on server 172.xxx.xxx.xxx/172.xxx.xxx.xxx:2181, sessionid = 0x3000003ecf70041, negotiated timeout = 40000 2019-05-22 14:06:16[main-SendThread(172.xxx.xxx.xxx:2181)] INFO org.apache.zookeeper.ClientCnxn - Socket connection established to 172.xxx.xxx.xxx/172.xxx.xxx.xxx:2181, initiating session 2019-05-22 14:06:16[main-SendThread(172.xxx.xxx.xxx:2181)] INFO org.apache.zookeeper.ClientCnxn - Opening socket
I am passing the following parameters:
`
Has anyone tried before and succeeded on connecting the two?
Thank you!
The text was updated successfully, but these errors were encountered: