Errors when trying to create Kafka topics with SSL enabled
search cancel

Errors when trying to create Kafka topics with SSL enabled

book

Article ID: 395624

calendar_today

Updated On: 04-28-2025

Products

Network Observability

Issue/Introduction


We have two nodes in our cluster and SSL is enabled. We tried the kafka-topics.sh script commands and got this error:


cd /opt/CA/netops-kafka/kafka/bin

./kafka-topics.sh --bootstrap-server <host name>.<Your domain>:9092 --create --topic netops.product.heartbeat --partitions 1 --config retention.ms=86400000

WARNING: Due to limitations in metric names, topics with a period ('.') or underscore ('_') could collide. To avoid issues it is best to use either, but not both.
Error while executing topic command : The AdminClient thread has exited. Call: createTopics

[2025-04-28 13:56:55,935] ERROR org.apache.kafka.common.errors.TimeoutException: The AdminClient thread has exited. Call: createTopics
 (org.apache.kafka.tools.TopicCommand)

[2025-04-28 13:56:55,940] ERROR Uncaught exception in thread 'kafka-admin-client-thread | adminclient-1': (org.apache.kafka.common.utils.KafkaThread)
java.lang.OutOfMemoryError: Java heap space
    at java.base/java.nio.HeapByteBuffer.<init>(HeapByteBuffer.java:64)
    at java.base/java.nio.ByteBuffer.allocate(ByteBuffer.java:363)
    at org.apache.kafka.common.memory.MemoryPool$1.tryAllocate(MemoryPool.java:30)
    at org.apache.kafka.common.network.NetworkReceive.readFrom(NetworkReceive.java:103)
    at org.apache.kafka.common.network.KafkaChannel.receive(KafkaChannel.java:462)
    at org.apache.kafka.common.network.KafkaChannel.read(KafkaChannel.java:412)
    at org.apache.kafka.common.network.Selector.attemptRead(Selector.java:694)
    at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:596)
    at org.apache.kafka.common.network.Selector.poll(Selector.java:501)
    at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:596)
    at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1542)
    at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1473)
    at java.base/java.lang.Thread.run(Thread.java:840)

Cause


The Kafka server was configured to use SSL but its client scripts do not detect nor handle the connection failure well. The scripts do not handle the tls handshake and 
   as a result generate an Out of Memory error.

Resolution


Create a client.properties file containing the configured keystore/truststore information as well as defining SSL as the protocol and pass the file to the command line execution.


 cd /opt/CA/netops-kafka

 vim kafka/config/client.properties

ssl.keystore.location=/opt/CA/netops-kafka/ssl/kafka.broker.keystore.p12
ssl.keystore.password=changeit
ssl.key.password=changeit
ssl.keystore.type=PKCS12
ssl.truststore.location=/opt/CA/netops-kafka/ssl/kafka.broker.truststore.p12
ssl.truststore.password=changeit
ssl.truststore.type=PKCS12
security.protocol=SSL


 ** adjust values above as needed for the current environment


include --command-config ../config/client.properties as part of the command and it will work and not generate the OOM error


cd /opt/CA/netops-kafka/kafka/bin

./kafka-topics.sh --command-config ../config/client.properties --bootstrap-server <hostname>.<Your domain>:9092 --create --topic netops.product.heartbeat --partitions 1 --config retention.ms=86400000



  Created topic netops.product.heartbeat.

Powered by Wolken Software