upgraded_kafka_client_version_to_3.9.0 #279
Conversation
adkharat
force-pushed
the
upgrade_kafka_client_version_cve_2022_34917
branch
from
2576948 to
a15a170
Compare
|
Build on |
|
@imjalpreet can you please review the changes. |
adkharat
changed the title
|
@ZacBlanco FYI |
| @@ -41,6 +41,7 @@ jar { | |||
|
|
|||
| shadowJar { | |||
| version = '' | |||
| zip64 = true | |||
There was a problem hiding this comment.
@ZacBlanco on gradle build, I am getting error
Execution failed for task ':tempto-examples:shadowJar'.
> shadow.org.apache.tools.zip.Zip64RequiredException: archive contains more than 65535 entries.
Here, ShadowJar plugin is creating a JAR file that exceeds the limit of 65,535 entries. This might due to the ZIP format limitation that ShadowJar uses by default. Link
There was a problem hiding this comment.
Got it, thanks for the explanation. This is fine then I guess. We were probably close to the limit and the newer version pushed us over? It would be good to know the number of entries before/after this change, but I don't think it's worth trying to fix
|
@ZacBlanco Latest Kafka version is 3.9.0. |
adkharat
changed the title
adkharat
force-pushed
the
upgrade_kafka_client_version_cve_2022_34917
branch
from
d2d3660 to
6bf9291
Compare
| @@ -113,7 +111,7 @@ ext.tempto_runner = project(':tempto-runner') | |||
| ext.tempto_ldap = project(':tempto-ldap') | |||
| ext.tempto_kafka = project(':tempto-kafka') | |||
| ext.expected_result_generator = project(':expected-result-generator') | |||
| ext.tempto_version = '1.53' | |||
| ext.tempto_version = '1.54' | |||
There was a problem hiding this comment.
This should only be upgraded and set to a non-SNAPSHOT version during the release process. It looks like after the last release it wasn't properly updated. Since we already release 1.53, this should be 1.54-SNAPSHOT. During release we will update to 1.54, and then move to 1.55-SNAPSHOT afterwards.
So could you set this to 1.54-SNAPSHOT for now?
There was a problem hiding this comment.
@ZacBlanco Done. Updated to 1.54-SNAPSHOT
adkharat
force-pushed
the
upgrade_kafka_client_version_cve_2022_34917
branch
2 times, most recently
from
c6a547a to
411394e
Compare
|
@ZacBlanco I don't see an option to merge the PR. If no additional approvals are required, could you please merge these PR? |
|
I can't merge it. I don't have write access to this repository. @imjalpreet if you have time could you also review? The jar is not automatically published. Someone with write access has to publish it to maven central. We also need to verify that the latest jar update doesn't break the presto-product-tests CI on the presto repository. @tdcmeehan can merge after we get Jalpreet's review and verify that the CI does not break. |
build.gradle
Outdated
| @@ -113,7 +111,7 @@ ext.tempto_runner = project(':tempto-runner') | |||
| ext.tempto_ldap = project(':tempto-ldap') | |||
| ext.tempto_kafka = project(':tempto-kafka') | |||
| ext.expected_result_generator = project(':expected-result-generator') | |||
| ext.tempto_version = '1.53' | |||
| ext.tempto_version = '1.54-SNAPSHOT' | |||
There was a problem hiding this comment.
I think, before there should be a release prep commit to update ext.tempto_version from 1.53 to 1.54-SNAPSHOT? something like -
c1eec18
Then in your PR, you should change version from 1.54-SNAPSHOT to 1.54 for next release.
There was a problem hiding this comment.
I think, before there should be a release prep commit to update ext.tempto_version from
1.53to1.54-SNAPSHOT? something like - c1eec18Then in your PR, you should change version from
1.54-SNAPSHOTto1.54for next release.
I checked the previous commits and can confirmed that no commits were pushed earlier for 1.54-SNAPSHOT.
From an example I found, the process involves first merging 1.54-SNAPSHOT and then creating another PR on top of it for 1.54.
Here are the previous PRs for reference:
Let me know, Shall I create a new PR for 1.54-SNAPSHOT ? and once it's merged, 1.54 will be updated with this current PR.
build.gradle
Outdated
| @@ -102,8 +101,7 @@ ext.libraries = [ | |||
| commons_cli : "commons-cli:commons-cli:${versions.commons_cli}", | |||
| thrift : "org.apache.thrift:libthrift:${versions.thrift}", | |||
| kafka_clients : "org.apache.kafka:kafka-clients:${versions.kafka}", | |||
| kafka : "org.apache.kafka:kafka_2.12:${versions.kafka}", | |||
| zkclient : "com.101tec:zkclient:${versions.zkclient}" | |||
| kafka : "org.apache.kafka:kafka_2.12:${versions.kafka}" | |||
There was a problem hiding this comment.
Curious, which class is getting used from this library?
There was a problem hiding this comment.
Classes with package names starting with org.apache.kafka.clients will originate from the kafka_clients library.
For example:-
import org.apache.kafka.clients.producer.KafkaProducer;
import org.apache.kafka.clients.admin.AdminClient;
Classes with package names starting with org.apache.kafka.common will originate from the kafka library.
For example:-
import org.apache.kafka.common.errors.TopicExistsException;
import org.apache.kafka.common.serialization.ByteArraySerializer
Both are being used in KafkaTableManager.java
There was a problem hiding this comment.
Hi @adkharat
I just checked I see below classes that you mentioned are coming from kafka-clients-3.9.0.jar nothing from these are from org.apache.kafka:kafka_2.12:${versions.kafka}
org/apache/kafka/clients/producer/KafkaProducer.class
org/apache/kafka/clients/admin/AdminClient.class
org/apache/kafka/common/errors/TopicExistsException.class
org/apache/kafka/common/serialization/ByteArraySerializer.class
So I am curious do we even need "org.apache.kafka:kafka_2.12:${versions.kafka}" in this upgrade?
There was a problem hiding this comment.
@agrawalreetika
That is the case then not required.
But kafka: "org.apache.kafka:kafka_2.12:${versions.kafka} is referenced in the tempto-kafka/build.gradle file. Build will fails if it's removed.
I think, in tempto-kafka/build.gradle file, we need to replace the reference to libraries.kafka with libraries.kafka_clients. Then we are good to remove.
I have pushed changes.
| Properties properties = new Properties(); | ||
| properties.put(AdminClientConfig.BOOTSTRAP_SERVERS_CONFIG, brokerHost + ":" + brokerPort); | ||
| AdminClient adminClient = AdminClient.create(properties); | ||
| try { |
There was a problem hiding this comment.
We can use try-with-resources instead for handling close of adminClient
| properties.put(AdminClientConfig.BOOTSTRAP_SERVERS_CONFIG, brokerHost + ":" + brokerPort); | ||
| AdminClient adminClient = AdminClient.create(properties); | ||
| try { | ||
| routine.accept(adminClient); |
There was a problem hiding this comment.
What would happen if there is an issue/exception while doing above? Should we add a catch and logger for it?
There was a problem hiding this comment.
@agrawalreetika added catch to handle exception and logged error.
adkharat
force-pushed
the
upgrade_kafka_client_version_cve_2022_34917
branch
3 times, most recently
from
10ff64e to
ba6b9dc
Compare
@tdcmeehan Done. Rebased |
adkharat
force-pushed
the
upgrade_kafka_client_version_cve_2022_34917
branch
3 times, most recently
from
0603fa5 to
f364578
Compare
upgraded_kafka_client_version_to_3.9.0 upgraded_kafka_client_version_to_2.8.2 undo commented code removed zkclient Upgraded kafka version to 3.7.1 upgraded to 3.9.0 updated version to 1.54-SNAPSHOT Prepare 1.54 development release iteration upgraded_kafka_client_version_to_3.9.0 added topic check before deletion added retry in topic deletion
adkharat
force-pushed
the
upgrade_kafka_client_version_cve_2022_34917
branch
from
203cbe8 to
132bb5a
Compare
Existing kafka version = 0.11.0.2
Upgraded Kafka version = 3.9.0
With reference to prestodb/presto PR Fix CVE-2022-34917
Kafka 3.9.0 depricates direct Zookeeper interactions:
Upgrading depricates below AdminUtils methods:
FYI:
kafka.utils.ZkUtils was deprecated since 2.0.0.
2.0.0- > ZKUtils present
2.3.1 -> ZKUtils present
2.4.0 -> ZKUtils removed
2.8.2 -> ZKUtils not present (Version 2.8.2 has some vulnerability)
3.7.1 -> ZKUtils not present (No vulnerability)
3.9.0 -> ZKUtils not present (Latest version + No vulnerability)