THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- What impact (if any) will there be on existing users?
Users who use Kafka clusters with Zookeeper clients older than 3.5.x won't be able to communicate with a Zookeeper cluster using 3.8.1. As mentioned in the accompanying JIRA ticket Apache Kafka has been using Zookeeper 3.5.x since version 2.4
...
so versions above and including
...
it should be
...
safe for this upgrade. It is acceptable to break compatibility with Apache Kafka versions prior to 2.4 as they are considered beyond their end of life and are not maintained (source: Time Based Release Plan#WhatIsOurEOLPolicy).
- Below is an analysis of changes introduced in 3.7.0 and 3.8.0 and whether they will introduce breaking changes in Kafka or not.
These are the configurations that Kafka passes onto Zookeeper clients :
...
(
...
https://github.com/apache/kafka/blob/trunk/core/src/main/scala/kafka/server/KafkaConfig.scala#L285):
"zookeeper.connect"
"zookeeper.session.timeout.ms"
"zookeeper.connection.timeout.ms"
"zookeeper.set.acl"
"zookeeper.max.in.flight.requests"
"zookeeper.ssl.client.enable"
"zookeeper.clientCnxnSocket"
"zookeeper.ssl.keystore.location"
"zookeeper.ssl.keystore.password"
"zookeeper.ssl.keystore.type"
"zookeeper.ssl.truststore.location"
"zookeeper.ssl.truststore.password"
"zookeeper.ssl.truststore.type"
"zookeeper.ssl.protocol"
"zookeeper.ssl.enabled.protocols"
"zookeeper.ssl.cipher.suites"
"zookeeper.ssl.endpoint.identification.algorithm"
"zookeeper.ssl.crl.enable"
"zookeeper.ssl.ocsp.enable"
Notable Kafka
Below is a list of changes to behaviours which Kafka uses to communicate with Zookeeper:
Kafka-related changes in Zookeeper 3.7.0
- Zookeeper now allows multiple super users. Kafka does not pass on the value of zookeeper.superUser to its Zookeeper client so this change should not affect itthe proposed upgrade.Jira server ASF JIRA serverId 5aa69414-a9e9-3523-82ec-879b028fb15b key ZOOKEEPER-3959
- Quotas which were previously logged but not enforced are now enforced. These quotas have to do with create/update/delete etc. operations. This will affect Kafka users who put quotas in their Zookeeper clusters as they will become enforceable.Jira server ASF JIRA serverId 5aa69414-a9e9-3523-82ec-879b028fb15b key ZOOKEEPER-3301
- Kerberos authentication over SSL is now supported. Kafka does not support Kerberos authentication with Zookeeper so this change should not affect itthe proposed upgrade.Jira server ASF JIRA serverId 5aa69414-a9e9-3523-82ec-879b028fb15b key ZOOKEEPER-3482
- User enforced authentication was only available for SASL before this change. User Now user enforced authentication extends to all other types of authentication supported by Zookeeper. The point of this change is that no additional ACLs are needed to prevent unauthenticated access if one authentication method is enabled. This will affect users who used unauthenticated users while having an authentication mechanism.Jira server ASF JIRA serverId 5aa69414-a9e9-3523-82ec-879b028fb15b key ZOOKEEPER-3561
Notable Kafka-related changes in Zookeeper 3.8.0
- Zookeeper used to use plaintext password passwords for its trust and key stores. This change makes files which store those passwords to take precedence, but they don't remove the already working logic. This change should not affect the proposed upgrade.Jira server ASF JIRA serverId 5aa69414-a9e9-3523-82ec-879b028fb15b key ZOOKEEPER-4396
- If we are changing behavior how will we phase out the older behavior? It should gradually be phased out as users update their Kafka versions
- If we need special migration tools, describe them here. N/A
- When will we remove the existing behavior? N/A
...