Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_msk_cluster - output bootstrap_brokers returns empty #8952

Closed
cdenneen opened this issue Jun 11, 2019 · 8 comments · Fixed by #8957
Closed

aws_msk_cluster - output bootstrap_brokers returns empty #8952

cdenneen opened this issue Jun 11, 2019 · 8 comments · Fixed by #8957
Assignees
@bflad
Labels
documentation Introduces or discusses updates to documentation. service/kafka Issues and PRs that pertain to the kafka service.
Milestone
v2.16.0

Comments

@cdenneen
Copy link

Based on example (https://www.terraform.io/docs/providers/aws/r/msk_cluster.html#) I've setup 2 outputs (one for bootstrap_brokers and the other for zookeeper_connect_string):

output "zookeeper_connect_string" {
    value = "${aws_msk_cluster.kafka.zookeeper_connect_string}"
}

output "bootstrap_brokers" {
    value = "${aws_msk_cluster.kafka.bootstrap_brokers}"
}

However only zookeeper_connect_string returns during cluster creation.

Apply complete! Resources: 4 added, 0 changed, 0 destroyed.

Outputs:

bootstrap_brokers =
zookeeper_connect_string = 10.1.13.241:2181,10.1.11.98:2181,10.1.12.107:2181
@bflad bflad added the service/kafka Issues and PRs that pertain to the kafka service. label Jun 12, 2019
@bflad
Copy link
Contributor

bflad commented Jun 12, 2019
edited
Loading

Hi @cdenneen 👋 Thanks for reporting this and sorry you ran into trouble here.

A few questions for you:

  • Is the bootstrap_brokers_tls attribute value filled in during creation?
  • Does the bootstrap_brokers output value eventually fill in after a certain period of time?

If you are setting up client broker encryption in transit with just the TLS setting like the below:

resource "aws_msk_cluster" "example" {
  # ... other configuration ...
  encryption_info {
    # ... other configuration ...
    encryption_in_transit {
      client_broker = "TLS"
    }
  }
}

It is expected that the bootstrap_brokers value is empty, while the bootstrap_brokers_tls value is filled. We should certainly update our documentation for this case. 👍 Please let us know.

@bflad bflad added the waiting-response Maintainers are waiting on response from community or contributor. label Jun 12, 2019
bflad added a commit that referenced this issue Jun 12, 2019
@bflad
docs/resource/aws_msk_cluster: Additional information about bootstrap…
5f4b2c9 
…_brokers and bootstrap_brokers_tls

Reference: #8952

Specifying only TLS encryption in transit for client-broker communication was a recent feature addition. Here we update the example and attribute references to account for the cases where the values should be filled in depending on that encryption in transit setting.
@bflad bflad mentioned this issue Jun 12, 2019
Merged
@bflad bflad self-assigned this Jun 12, 2019
@cdenneen
Copy link
Author

Ok probably should change example to output the bootstrap_servers_tls instead. Thanks for clarifying.

@ghost ghost removed the waiting-response Maintainers are waiting on response from community or contributor. label Jun 12, 2019
@bflad bflad added the documentation Introduces or discusses updates to documentation. label Jun 12, 2019
@bflad
Copy link
Contributor

bflad commented Jun 12, 2019

I have submitted the following documentation pull request, if you would like to look: #8957

@adv4000
Copy link
Contributor

adv4000 commented Jun 13, 2019

I have same issue
The following output return empty string:

output "msk_kafka_connections" {
  value = "${aws_msk_cluster.datalake.bootstrap_brokers}"
}

I'am not using any TLS
Tried to output also ${aws_msk_cluster.datalake.bootstrap_brokers_tls} got error:
Resource 'aws_msk_cluster.datalake' does not have attribute 'bootstrap_brokers_tls'
This is my cluster:

resource "aws_msk_cluster" "datalake" {
  cluster_name           = "${var.msk_cluster_name}"
  kafka_version          = "${var.kafka_version}"
  number_of_broker_nodes = "${var.number_of_broker_nodes}"
  enhanced_monitoring    = "${var.monitoring_level}"

  broker_node_group_info {
    instance_type   = "${var.instance_type}"
    ebs_volume_size = "${var.ebs_volume_size}"

    client_subnets = [
      "${data.terraform_remote_state.network.private_subnets.0}",
      "${data.terraform_remote_state.network.private_subnets.1}",
      "${data.terraform_remote_state.network.private_subnets.2}",
    ]

    security_groups = ["${aws_security_group.kafka_sg.id}"]
  }

  tags = {
    Name = "${var.msk_cluster_name}-cluster"
  }
}

Definitely BUG

@bflad
Copy link
Contributor

bflad commented Jun 13, 2019
edited
Loading

Hi @adv4000 -- sorry for the frustrating situation.

Over in #8953 (comment) we noticed that while the AWS MSK documentation states the default value of client-broker encryption in transit is TLS_PLAINTEXT, which would populate both bootstrap_brokers and bootstrap_brokers_tls, that this is not true in the us-east-1 AWS region where it defaults to TLS and would only populate bootstrap_brokers_tls. This may be true in other AWS regions as well. That outcome of any MSK team feedback there will determine how we handle the behavior and document the example on the resource documentation page.

Regarding the error does not have attribute 'bootstrap_brokers_tls', can you please verify that you are running Terraform AWS Provider version 2.14.0, which contains that new attribute? Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

@adv4000
Copy link
Contributor

adv4000 commented Jun 13, 2019
edited
Loading

Hi @bflad
Yes I had previous version of AWS Provider, just updated it to 2.14 and now terraform apply
Show this:
encryption_info.0.encryption_in_transit.0.client_broker: "TLS" => "TLS_PLAINTEXT" (forces new resource)
Probably in previous version it was set to TLS and in 2.14 it set to TLS_PLAINTEXT as default.

I have recreated MKS Cluster from beginning and now output show this:

output "msk_kafka_connections" {
  value = "${aws_msk_cluster.datalake.bootstrap_brokers}"
}

Still Empty

output "msk_kafka_connections_tls" {
  value = "${aws_msk_cluster.datalake.bootstrap_brokers_tls}"
}

Show connections string with port 9094.

I'am using eu-west-1 Ireland

@adv4000
Copy link
Contributor

adv4000 commented Jun 14, 2019

I would recommend to make Reference only one Kafka Bootstrap, and not two References if they cannot exist together. one is always empty.

By now I will use this to output whatever is not empty:

output "msk_kafka_connections" {
  value = "${aws_msk_cluster.mvp.bootstrap_brokers != "" ? aws_msk_cluster.mvp.bootstrap_brokers : aws_msk_cluster.mvp.bootstrap_brokers_tls}"
}

@bflad bflad added this to the v2.16.0 milestone Jun 18, 2019
@ghost
Copy link

ghost commented Nov 3, 2019

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Nov 3, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@bflad bflad

Labels
documentation Introduces or discusses updates to documentation. service/kafka Issues and PRs that pertain to the kafka service.
Projects
None yet
Milestone
v2.16.0
3 participants
@bflad @cdenneen @adv4000