You are viewing documentation for an older version (2.0) of Kafka. For up-to-date documentation, see the latest version.
Broker Configs
Broker Configs
The essential configurations are the following:
broker.idlog.dirszookeeper.connectTopic-level configurations and defaults are discussed in more detail below.Name Description Type Default Valid Values Importance Dynamic Update Mode zookeeper.connect Zookeeper host string string high read-only advertised.host.name DEPRECATED: only used when `advertised.listeners` or `listeners` are not set. Use `advertised.listeners` instead. Hostname to publish to ZooKeeper for clients to use. In IaaS environments, this may need to be different from the interface to which the broker binds. If this is not set, it will use the value for `host.name` if configured. Otherwise it will use the value returned from java.net.InetAddress.getCanonicalHostName(). string null high read-only advertised.listeners Listeners to publish to ZooKeeper for clients to use, if different than the `listeners` config property. In IaaS environments, this may need to be different from the interface to which the broker binds. If this is not set, the value for `listeners` will be used. Unlike `listeners` it is not valid to advertise the 0.0.0.0 meta-address. string null high per-broker advertised.port DEPRECATED: only used when `advertised.listeners` or `listeners` are not set. Use `advertised.listeners` instead. The port to publish to ZooKeeper for clients to use. In IaaS environments, this may need to be different from the port to which the broker binds. If this is not set, it will publish the same port that the broker binds to. int null high read-only auto.create.topics.enable Enable auto creation of topic on the server boolean true high read-only auto.leader.rebalance.enable Enables auto leader balancing. A background thread checks and triggers leader balance if required at regular intervals boolean true high read-only background.threads The number of threads to use for various background processing tasks int 10 [1,...] high cluster-wide broker.id The broker id for this server. If unset, a unique broker id will be generated.To avoid conflicts between zookeeper generated broker id's and user configured broker id's, generated broker ids start from reserved.broker.max.id + 1. int -1 high read-only compression.type Specify the final compression type for a given topic. This configuration accepts the standard compression codecs ('gzip', 'snappy', 'lz4'). It additionally accepts 'uncompressed' which is equivalent to no compression; and 'producer' which means retain the original compression codec set by the producer. string producer high cluster-wide delete.topic.enable Enables delete topic. Delete topic through the admin tool will have no effect if this config is turned off boolean true high read-only host.name DEPRECATED: only used when `listeners` is not set. Use `listeners` instead. hostname of broker. If this is set, it will only bind to this address. If this is not set, it will bind to all interfaces string "" high read-only leader.imbalance.check.interval.seconds The frequency with which the partition rebalance check is triggered by the controller long 300 high read-only leader.imbalance.per.broker.percentage The ratio of leader imbalance allowed per broker. The controller would trigger a leader balance if it goes above this value per broker. The value is specified in percentage. int 10 high read-only listeners Listener List - Comma-separated list of URIs we will listen on and the listener names. If the listener name is not a security protocol, listener.security.protocol.map must also be set. Specify hostname as 0.0.0.0 to bind to all interfaces. Leave hostname empty to bind to default interface. Examples of legal listener lists: PLAINTEXT://myhost:9092,SSL://:9091 CLIENT://0.0.0.0:9092,REPLICATION://localhost:9093 string null high per-broker log.dir The directory in which the log data is kept (supplemental for log.dirs property) string /tmp/kafka-logs high read-only log.dirs The directories in which the log data is kept. If not set, the value in log.dir is used string null high read-only log.flush.interval.messages The number of messages accumulated on a log partition before messages are flushed to disk long 9223372036854775807 [1,...] high cluster-wide log.flush.interval.ms The maximum time in ms that a message in any topic is kept in memory before flushed to disk. If not set, the value in log.flush.scheduler.interval.ms is used long null high cluster-wide log.flush.offset.checkpoint.interval.ms The frequency with which we update the persistent record of the last flush which acts as the log recovery point int 60000 [0,...] high read-only log.flush.scheduler.interval.ms The frequency in ms that the log flusher checks whether any log needs to be flushed to disk long 9223372036854775807 high read-only log.flush.start.offset.checkpoint.interval.ms The frequency with which we update the persistent record of log start offset int 60000 [0,...] high read-only log.retention.bytes The maximum size of the log before deleting it long -1 high cluster-wide log.retention.hours The number of hours to keep a log file before deleting it (in hours), tertiary to log.retention.ms property int 168 high read-only log.retention.minutes The number of minutes to keep a log file before deleting it (in minutes), secondary to log.retention.ms property. If not set, the value in log.retention.hours is used int null high read-only log.retention.ms The number of milliseconds to keep a log file before deleting it (in milliseconds), If not set, the value in log.retention.minutes is used long null high cluster-wide log.roll.hours The maximum time before a new log segment is rolled out (in hours), secondary to log.roll.ms property int 168 [1,...] high read-only log.roll.jitter.hours The maximum jitter to subtract from logRollTimeMillis (in hours), secondary to log.roll.jitter.ms property int 0 [0,...] high read-only log.roll.jitter.ms The maximum jitter to subtract from logRollTimeMillis (in milliseconds). If not set, the value in log.roll.jitter.hours is used long null high cluster-wide log.roll.ms The maximum time before a new log segment is rolled out (in milliseconds). If not set, the value in log.roll.hours is used long null high cluster-wide log.segment.bytes The maximum size of a single log file int 1073741824 [14,...] high cluster-wide log.segment.delete.delay.ms The amount of time to wait before deleting a file from the filesystem long 60000 [0,...] high cluster-wide message.max.bytes The largest record batch size allowed by Kafka. If this is increased and there are consumers older than 0.10.2, the consumers' fetch size must also be increased so that the they can fetch record batches this large.
In the latest message format version, records are always grouped into batches for efficiency. In previous message format versions, uncompressed records are not grouped into batches and this limit only applies to a single record in that case.
This can be set per topic with the topic level
max.message.bytesconfig.int 1000012 [0,...] high cluster-wide min.insync.replicas When a producer sets acks to "all" (or "-1"), min.insync.replicas specifies the minimum number of replicas that must acknowledge a write for the write to be considered successful. If this minimum cannot be met, then the producer will raise an exception (either NotEnoughReplicas or NotEnoughReplicasAfterAppend).
When used together, min.insync.replicas and acks allow you to enforce greater durability guarantees. A typical scenario would be to create a topic with a replication factor of 3, set min.insync.replicas to 2, and produce with acks of "all". This will ensure that the producer raises an exception if a majority of replicas do not receive a write.int 1 [1,...] high cluster-wide num.io.threads The number of threads that the server uses for processing requests, which may include disk I/O int 8 [1,...] high cluster-wide num.network.threads The number of threads that the server uses for receiving requests from the network and sending responses to the network int 3 [1,...] high cluster-wide num.recovery.threads.per.data.dir The number of threads per data directory to be used for log recovery at startup and flushing at shutdown int 1 [1,...] high cluster-wide num.replica.alter.log.dirs.threads The number of threads that can move replicas between log directories, which may include disk I/O int null high read-only num.replica.fetchers Number of fetcher threads used to replicate messages from a source broker. Increasing this value can increase the degree of I/O parallelism in the follower broker. int 1 high cluster-wide offset.metadata.max.bytes The maximum size for a metadata entry associated with an offset commit int 4096 high read-only offsets.commit.required.acks The required acks before the commit can be accepted. In general, the default (-1) should not be overridden short -1 high read-only offsets.commit.timeout.ms Offset commit will be delayed until all replicas for the offsets topic receive the commit or this timeout is reached. This is similar to the producer request timeout. int 5000 [1,...] high read-only offsets.load.buffer.size Batch size for reading from the offsets segments when loading offsets into the cache (soft-limit, overridden if records are too large). int 5242880 [1,...] high read-only offsets.retention.check.interval.ms Frequency at which to check for stale offsets long 600000 [1,...] high read-only offsets.retention.minutes Offsets older than this retention period will be discarded int 10080 [1,...] high read-only offsets.topic.compression.codec Compression codec for the offsets topic - compression may be used to achieve "atomic" commits int 0 high read-only offsets.topic.num.partitions The number of partitions for the offset commit topic (should not change after deployment) int 50 [1,...] high read-only offsets.topic.replication.factor The replication factor for the offsets topic (set higher to ensure availability). Internal topic creation will fail until the cluster size meets this replication factor requirement. short 3 [1,...] high read-only offsets.topic.segment.bytes The offsets topic segment bytes should be kept relatively small in order to facilitate faster log compaction and cache loads int 104857600 [1,...] high read-only port DEPRECATED: only used when `listeners` is not set. Use `listeners` instead. the port to listen and accept connections on int 9092 high read-only queued.max.requests The number of queued requests allowed before blocking the network threads int 500 [1,...] high read-only quota.consumer.default DEPRECATED: Used only when dynamic default quotas are not configured for long 9223372036854775807 [1,...] high read-only quota.producer.default DEPRECATED: Used only when dynamic default quotas are not configured for , or long 9223372036854775807 [1,...] high read-only replica.fetch.min.bytes Minimum bytes expected for each fetch response. If not enough bytes, wait up to replicaMaxWaitTimeMs int 1 high read-only replica.fetch.wait.max.ms max wait time for each fetcher request issued by follower replicas. This value should always be less than the replica.lag.time.max.ms at all times to prevent frequent shrinking of ISR for low throughput topics int 500 high read-only replica.high.watermark.checkpoint.interval.ms The frequency with which the high watermark is saved out to disk long 5000 high read-only replica.lag.time.max.ms If a follower hasn't sent any fetch requests or hasn't consumed up to the leaders log end offset for at least this time, the leader will remove the follower from isr long 10000 high read-only replica.socket.receive.buffer.bytes The socket receive buffer for network requests int 65536 high read-only replica.socket.timeout.ms The socket timeout for network requests. Its value should be at least replica.fetch.wait.max.ms int 30000 high read-only request.timeout.ms The configuration controls the maximum amount of time the client will wait for the response of a request. If the response is not received before the timeout elapses the client will resend the request if necessary or fail the request if retries are exhausted. int 30000 high read-only socket.receive.buffer.bytes The SO_RCVBUF buffer of the socket sever sockets. If the value is -1, the OS default will be used. int 102400 high read-only socket.request.max.bytes The maximum number of bytes in a socket request int 104857600 [1,...] high read-only socket.send.buffer.bytes The SO_SNDBUF buffer of the socket sever sockets. If the value is -1, the OS default will be used. int 102400 high read-only transaction.max.timeout.ms The maximum allowed timeout for transactions. If a client’s requested transaction time exceed this, then the broker will return an error in InitProducerIdRequest. This prevents a client from too large of a timeout, which can stall consumers reading from topics included in the transaction. int 900000 [1,...] high read-only transaction.state.log.load.buffer.size Batch size for reading from the transaction log segments when loading producer ids and transactions into the cache (soft-limit, overridden if records are too large). int 5242880 [1,...] high read-only transaction.state.log.min.isr Overridden min.insync.replicas config for the transaction topic. int 2 [1,...] high read-only transaction.state.log.num.partitions The number of partitions for the transaction topic (should not change after deployment). int 50 [1,...] high read-only transaction.state.log.replication.factor The replication factor for the transaction topic (set higher to ensure availability). Internal topic creation will fail until the cluster size meets this replication factor requirement. short 3 [1,...] high read-only transaction.state.log.segment.bytes The transaction topic segment bytes should be kept relatively small in order to facilitate faster log compaction and cache loads int 104857600 [1,...] high read-only transactional.id.expiration.ms The maximum amount of time in ms that the transaction coordinator will wait before proactively expire a producer's transactional id without receiving any transaction status updates from it. int 604800000 [1,...] high read-only unclean.leader.election.enable Indicates whether to enable replicas not in the ISR set to be elected as leader as a last resort, even though doing so may result in data loss boolean false high cluster-wide zookeeper.connection.timeout.ms The max time that the client waits to establish a connection to zookeeper. If not set, the value in zookeeper.session.timeout.ms is used int null high read-only zookeeper.max.in.flight.requests The maximum number of unacknowledged requests the client will send to Zookeeper before blocking. int 10 [1,...] high read-only zookeeper.session.timeout.ms Zookeeper session timeout int 6000 high read-only zookeeper.set.acl Set client to use secure ACLs boolean false high read-only broker.id.generation.enable Enable automatic broker id generation on the server. When enabled the value configured for reserved.broker.max.id should be reviewed. boolean true medium read-only broker.rack Rack of the broker. This will be used in rack aware replication assignment for fault tolerance. Examples: `RACK1`, `us-east-1d` string null medium read-only connections.max.idle.ms Idle connections timeout: the server socket processor threads close the connections that idle more than this long 600000 medium read-only controlled.shutdown.enable Enable controlled shutdown of the server boolean true medium read-only controlled.shutdown.max.retries Controlled shutdown can fail for multiple reasons. This determines the number of retries when such failure happens int 3 medium read-only controlled.shutdown.retry.backoff.ms Before each retry, the system needs time to recover from the state that caused the previous failure (Controller fail over, replica lag etc). This config determines the amount of time to wait before retrying. long 5000 medium read-only controller.socket.timeout.ms The socket timeout for controller-to-broker channels int 30000 medium read-only default.replication.factor default replication factors for automatically created topics int 1 medium read-only delegation.token.expiry.time.ms The token validity time in seconds before the token needs to be renewed. Default value 1 day. long 86400000 [1,...] medium read-only delegation.token.master.key Master/secret key to generate and verify delegation tokens. Same key must be configured across all the brokers. If the key is not set or set to empty string, brokers will disable the delegation token support. password null medium read-only delegation.token.max.lifetime.ms The token has a maximum lifetime beyond which it cannot be renewed anymore. Default value 7 days. long 604800000 [1,...] medium read-only delete.records.purgatory.purge.interval.requests The purge interval (in number of requests) of the delete records request purgatory int 1 medium read-only fetch.purgatory.purge.interval.requests The purge interval (in number of requests) of the fetch request purgatory int 1000 medium read-only group.initial.rebalance.delay.ms The amount of time the group coordinator will wait for more consumers to join a new group before performing the first rebalance. A longer delay means potentially fewer rebalances, but increases the time until processing begins. int 3000 medium read-only group.max.session.timeout.ms The maximum allowed session timeout for registered consumers. Longer timeouts give consumers more time to process messages in between heartbeats at the cost of a longer time to detect failures. int 300000 medium read-only group.min.session.timeout.ms The minimum allowed session timeout for registered consumers. Shorter timeouts result in quicker failure detection at the cost of more frequent consumer heartbeating, which can overwhelm broker resources. int 6000 medium read-only inter.broker.listener.name Name of listener used for communication between brokers. If this is unset, the listener name is defined by security.inter.broker.protocol. It is an error to set this and security.inter.broker.protocol properties at the same time. string null medium read-only inter.broker.protocol.version Specify which version of the inter-broker protocol will be used. This is typically bumped after all brokers were upgraded to a new version. Example of some valid values are: 0.8.0, 0.8.1, 0.8.1.1, 0.8.2, 0.8.2.0, 0.8.2.1, 0.9.0.0, 0.9.0.1 Check ApiVersion for the full list. string 2.0-IV1 medium read-only log.cleaner.backoff.ms The amount of time to sleep when there are no logs to clean long 15000 [0,...] medium cluster-wide log.cleaner.dedupe.buffer.size The total memory used for log deduplication across all cleaner threads long 134217728 medium cluster-wide log.cleaner.delete.retention.ms How long are delete records retained? long 86400000 medium cluster-wide log.cleaner.enable Enable the log cleaner process to run on the server. Should be enabled if using any topics with a cleanup.policy=compact including the internal offsets topic. If disabled those topics will not be compacted and continually grow in size. boolean true medium read-only log.cleaner.io.buffer.load.factor Log cleaner dedupe buffer load factor. The percentage full the dedupe buffer can become. A higher value will allow more log to be cleaned at once but will lead to more hash collisions double 0.9 medium cluster-wide log.cleaner.io.buffer.size The total memory used for log cleaner I/O buffers across all cleaner threads int 524288 [0,...] medium cluster-wide log.cleaner.io.max.bytes.per.second The log cleaner will be throttled so that the sum of its read and write i/o will be less than this value on average double 1.7976931348623157E308 medium cluster-wide log.cleaner.min.cleanable.ratio The minimum ratio of dirty log to total log for a log to eligible for cleaning double 0.5 medium cluster-wide log.cleaner.min.compaction.lag.ms The minimum time a message will remain uncompacted in the log. Only applicable for logs that are being compacted. long 0 medium cluster-wide log.cleaner.threads The number of background threads to use for log cleaning int 1 [0,...] medium cluster-wide log.cleanup.policy The default cleanup policy for segments beyond the retention window. A comma separated list of valid policies. Valid policies are: "delete" and "compact" list delete [compact, delete] medium cluster-wide log.index.interval.bytes The interval with which we add an entry to the offset index int 4096 [0,...] medium cluster-wide log.index.size.max.bytes The maximum size in bytes of the offset index int 10485760 [4,...] medium cluster-wide log.message.format.version Specify the message format version the broker will use to append messages to the logs. The value should be a valid ApiVersion. Some examples are: 0.8.2, 0.9.0.0, 0.10.0, check ApiVersion for more details. By setting a particular message format version, the user is certifying that all the existing messages on disk are smaller or equal than the specified version. Setting this value incorrectly will cause consumers with older versions to break as they will receive messages with a format that they don't understand. string 2.0-IV1 medium read-only log.message.timestamp.difference.max.ms The maximum difference allowed between the timestamp when a broker receives a message and the timestamp specified in the message. If log.message.timestamp.type=CreateTime, a message will be rejected if the difference in timestamp exceeds this threshold. This configuration is ignored if log.message.timestamp.type=LogAppendTime.The maximum timestamp difference allowed should be no greater than log.retention.ms to avoid unnecessarily frequent log rolling. long 9223372036854775807 medium cluster-wide log.message.timestamp.type Define whether the timestamp in the message is message create time or log append time. The value should be either `CreateTime` or `LogAppendTime` string CreateTime [CreateTime, LogAppendTime] medium cluster-wide log.preallocate Should pre allocate file when create new segment? If you are using Kafka on Windows, you probably need to set it to true. boolean false medium cluster-wide log.retention.check.interval.ms The frequency in milliseconds that the log cleaner checks whether any log is eligible for deletion long 300000 [1,...] medium read-only max.connections.per.ip The maximum number of connections we allow from each ip address. This can be set to 0 if there are overrides configured using max.connections.per.ip.overrides property int 2147483647 [0,...] medium read-only max.connections.per.ip.overrides A comma-separated list of per-ip or hostname overrides to the default maximum number of connections. An example value is "hostName:100,127.0.0.1:200" string "" medium read-only max.incremental.fetch.session.cache.slots The maximum number of incremental fetch sessions that we will maintain. int 1000 [0,...] medium read-only num.partitions The default number of log partitions per topic int 1 [1,...] medium read-only password.encoder.old.secret The old secret that was used for encoding dynamically configured passwords. This is required only when the secret is updated. If specified, all dynamically encoded passwords are decoded using this old secret and re-encoded using password.encoder.secret when broker starts up. password null medium read-only password.encoder.secret The secret used for encoding dynamically configured passwords for this broker. password null medium read-only principal.builder.class The fully qualified name of a class that implements the KafkaPrincipalBuilder interface, which is used to build the KafkaPrincipal object used during authorization. This config also supports the deprecated PrincipalBuilder interface which was previously used for client authentication over SSL. If no principal builder is defined, the default behavior depends on the security protocol in use. For SSL authentication, the principal name will be the distinguished name from the client certificate if one is provided; otherwise, if client authentication is not required, the principal name will be ANONYMOUS. For SASL authentication, the principal will be derived using the rules defined by sasl.kerberos.principal.to.local.rulesif GSSAPI is in use, and the SASL authentication ID for other mechanisms. For PLAINTEXT, the principal will be ANONYMOUS.class null medium per-broker producer.purgatory.purge.interval.requests The purge interval (in number of requests) of the producer request purgatory int 1000 medium read-only queued.max.request.bytes The number of queued bytes allowed before no more requests are read long -1 medium read-only replica.fetch.backoff.ms The amount of time to sleep when fetch partition error occurs. int 1000 [0,...] medium read-only replica.fetch.max.bytes The number of bytes of messages to attempt to fetch for each partition. This is not an absolute maximum, if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that progress can be made. The maximum record batch size accepted by the broker is defined via message.max.bytes(broker config) ormax.message.bytes(topic config).int 1048576 [0,...] medium read-only replica.fetch.response.max.bytes Maximum bytes expected for the entire fetch response. Records are fetched in batches, and if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that progress can be made. As such, this is not an absolute maximum. The maximum record batch size accepted by the broker is defined via message.max.bytes(broker config) ormax.message.bytes(topic config).int 10485760 [0,...] medium read-only reserved.broker.max.id Max number that can be used for a broker.id int 1000 [0,...] medium read-only sasl.client.callback.handler.class The fully qualified name of a SASL client callback handler class that implements the AuthenticateCallbackHandler interface. class null medium read-only sasl.enabled.mechanisms The list of SASL mechanisms enabled in the Kafka server. The list may contain any mechanism for which a security provider is available. Only GSSAPI is enabled by default. list GSSAPI medium per-broker sasl.jaas.config JAAS login context parameters for SASL connections in the format used by JAAS configuration files. JAAS configuration file format is described here. The format for the value is: ' loginModuleClass controlFlag (optionName=optionValue)*;'. For brokers, the config must be prefixed with listener prefix and SASL mechanism name in lower-case. For example, listener.name.sasl_ssl.scram-sha-256.sasl.jaas.config=com.example.ScramLoginModule required;password null medium per-broker sasl.kerberos.kinit.cmd Kerberos kinit command path. string /usr/bin/kinit medium per-broker sasl.kerberos.min.time.before.relogin Login thread sleep time between refresh attempts. long 60000 medium per-broker sasl.kerberos.principal.to.local.rules A list of rules for mapping from principal names to short names (typically operating system usernames). The rules are evaluated in order and the first rule that matches a principal name is used to map it to a short name. Any later rules in the list are ignored. By default, principal names of the form {username}/{hostname}@{REALM} are mapped to {username}. For more details on the format please see security authorization and acls. Note that this configuration is ignored if an extension of KafkaPrincipalBuilder is provided by the principal.builder.classconfiguration.list DEFAULT medium per-broker sasl.kerberos.service.name The Kerberos principal name that Kafka runs as. This can be defined either in Kafka's JAAS config or in Kafka's config. string null medium per-broker sasl.kerberos.ticket.renew.jitter Percentage of random jitter added to the renewal time. double 0.05 medium per-broker sasl.kerberos.ticket.renew.window.factor Login thread will sleep until the specified window factor of time from last refresh to ticket's expiry has been reached, at which time it will try to renew the ticket. double 0.8 medium per-broker sasl.login.callback.handler.class The fully qualified name of a SASL login callback handler class that implements the AuthenticateCallbackHandler interface. For brokers, login callback handler config must be prefixed with listener prefix and SASL mechanism name in lower-case. For example, listener.name.sasl_ssl.scram-sha-256.sasl.login.callback.handler.class=com.example.CustomScramLoginCallbackHandler class null medium read-only sasl.login.class The fully qualified name of a class that implements the Login interface. For brokers, login config must be prefixed with listener prefix and SASL mechanism name in lower-case. For example, listener.name.sasl_ssl.scram-sha-256.sasl.login.class=com.example.CustomScramLogin class null medium read-only sasl.login.refresh.buffer.seconds The amount of buffer time before credential expiration to maintain when refreshing a credential, in seconds. If a refresh would otherwise occur closer to expiration than the number of buffer seconds then the refresh will be moved up to maintain as much of the buffer time as possible. Legal values are between 0 and 3600 (1 hour); a default value of 300 (5 minutes) is used if no value is specified. This value and sasl.login.refresh.min.period.seconds are both ignored if their sum exceeds the remaining lifetime of a credential. Currently applies only to OAUTHBEARER. short 300 medium per-broker sasl.login.refresh.min.period.seconds The desired minimum time for the login refresh thread to wait before refreshing a credential, in seconds. Legal values are between 0 and 900 (15 minutes); a default value of 60 (1 minute) is used if no value is specified. This value and sasl.login.refresh.buffer.seconds are both ignored if their sum exceeds the remaining lifetime of a credential. Currently applies only to OAUTHBEARER. short 60 medium per-broker sasl.login.refresh.window.factor Login refresh thread will sleep until the specified window factor relative to the credential's lifetime has been reached, at which time it will try to refresh the credential. Legal values are between 0.5 (50%) and 1.0 (100%) inclusive; a default value of 0.8 (80%) is used if no value is specified. Currently applies only to OAUTHBEARER. double 0.8 medium per-broker sasl.login.refresh.window.jitter The maximum amount of random jitter relative to the credential's lifetime that is added to the login refresh thread's sleep time. Legal values are between 0 and 0.25 (25%) inclusive; a default value of 0.05 (5%) is used if no value is specified. Currently applies only to OAUTHBEARER. double 0.05 medium per-broker sasl.mechanism.inter.broker.protocol SASL mechanism used for inter-broker communication. Default is GSSAPI. string GSSAPI medium per-broker sasl.server.callback.handler.class The fully qualified name of a SASL server callback handler class that implements the AuthenticateCallbackHandler interface. Server callback handlers must be prefixed with listener prefix and SASL mechanism name in lower-case. For example, listener.name.sasl_ssl.plain.sasl.server.callback.handler.class=com.example.CustomPlainCallbackHandler. class null medium read-only security.inter.broker.protocol Security protocol used to communicate between brokers. Valid values are: PLAINTEXT, SSL, SASL_PLAINTEXT, SASL_SSL. It is an error to set this and inter.broker.listener.name properties at the same time. string PLAINTEXT medium read-only ssl.cipher.suites A list of cipher suites. This is a named combination of authentication, encryption, MAC and key exchange algorithm used to negotiate the security settings for a network connection using TLS or SSL network protocol. By default all the available cipher suites are supported. list "" medium per-broker ssl.client.auth Configures kafka broker to request client authentication. The following settings are common: ssl.client.auth=requiredIf set to required client authentication is required.ssl.client.auth=requestedThis means client authentication is optional. unlike requested , if this option is set client can choose not to provide authentication information about itselfssl.client.auth=noneThis means client authentication is not needed.
string none [required, requested, none] medium per-broker ssl.enabled.protocols The list of protocols enabled for SSL connections. list TLSv1.2,TLSv1.1,TLSv1 medium per-broker ssl.key.password The password of the private key in the key store file. This is optional for client. password null medium per-broker ssl.keymanager.algorithm The algorithm used by key manager factory for SSL connections. Default value is the key manager factory algorithm configured for the Java Virtual Machine. string SunX509 medium per-broker ssl.keystore.location The location of the key store file. This is optional for client and can be used for two-way authentication for client. string null medium per-broker ssl.keystore.password The store password for the key store file. This is optional for client and only needed if ssl.keystore.location is configured. password null medium per-broker ssl.keystore.type The file format of the key store file. This is optional for client. string JKS medium per-broker ssl.protocol The SSL protocol used to generate the SSLContext. Default setting is TLS, which is fine for most cases. Allowed values in recent JVMs are TLS, TLSv1.1 and TLSv1.2. SSL, SSLv2 and SSLv3 may be supported in older JVMs, but their usage is discouraged due to known security vulnerabilities. string TLS medium per-broker ssl.provider The name of the security provider used for SSL connections. Default value is the default security provider of the JVM. string null medium per-broker ssl.trustmanager.algorithm The algorithm used by trust manager factory for SSL connections. Default value is the trust manager factory algorithm configured for the Java Virtual Machine. string PKIX medium per-broker ssl.truststore.location The location of the trust store file. string null medium per-broker ssl.truststore.password The password for the trust store file. If a password is not set access to the truststore is still available, but integrity checking is disabled. password null medium per-broker ssl.truststore.type The file format of the trust store file. string JKS medium per-broker alter.config.policy.class.name The alter configs policy class that should be used for validation. The class should implement the org.apache.kafka.server.policy.AlterConfigPolicyinterface.class null low read-only alter.log.dirs.replication.quota.window.num The number of samples to retain in memory for alter log dirs replication quotas int 11 [1,...] low read-only alter.log.dirs.replication.quota.window.size.seconds The time span of each sample for alter log dirs replication quotas int 1 [1,...] low read-only authorizer.class.name The authorizer class that should be used for authorization string "" low read-only client.quota.callback.class The fully qualified name of a class that implements the ClientQuotaCallback interface, which is used to determine quota limits applied to client requests. By default, or quotas stored in ZooKeeper are applied. For any given request, the most specific quota that matches the user principal of the session and the client-id of the request is applied. class null low read-only create.topic.policy.class.name The create topic policy class that should be used for validation. The class should implement the org.apache.kafka.server.policy.CreateTopicPolicyinterface.class null low read-only delegation.token.expiry.check.interval.ms Scan interval to remove expired delegation tokens. long 3600000 [1,...] low read-only listener.security.protocol.map Map between listener names and security protocols. This must be defined for the same security protocol to be usable in more than one port or IP. For example, internal and external traffic can be separated even if SSL is required for both. Concretely, the user could define listeners with names INTERNAL and EXTERNAL and this property as: `INTERNAL:SSL,EXTERNAL:SSL`. As shown, key and value are separated by a colon and map entries are separated by commas. Each listener name should only appear once in the map. Different security (SSL and SASL) settings can be configured for each listener by adding a normalised prefix (the listener name is lowercased) to the config name. For example, to set a different keystore for the INTERNAL listener, a config with name `listener.name.internal.ssl.keystore.location` would be set. If the config for the listener name is not set, the config will fallback to the generic config (i.e. `ssl.keystore.location`). string PLAINTEXT:PLAINTEXT,SSL:SSL,SASL_PLAINTEXT:SASL_PLAINTEXT,SASL_SSL:SASL_SSL low per-broker log.message.downconversion.enable This configuration controls whether down-conversion of message formats is enabled to satisfy consume requests. When set to false, broker will not perform down-conversion for consumers expecting an older message format. The broker responds withUNSUPPORTED_VERSIONerror for consume requests from such older clients. This configurationdoes not apply to any message format conversion that might be required for replication to followers.boolean true low cluster-wide metric.reporters A list of classes to use as metrics reporters. Implementing the org.apache.kafka.common.metrics.MetricsReporterinterface allows plugging in classes that will be notified of new metric creation. The JmxReporter is always included to register JMX statistics.list "" low cluster-wide metrics.num.samples The number of samples maintained to compute metrics. int 2 [1,...] low read-only metrics.recording.level The highest recording level for metrics. string INFO low read-only metrics.sample.window.ms The window of time a metrics sample is computed over. long 30000 [1,...] low read-only password.encoder.cipher.algorithm The Cipher algorithm used for encoding dynamically configured passwords. string AES/CBC/PKCS5Padding low read-only password.encoder.iterations The iteration count used for encoding dynamically configured passwords. int 4096 [1024,...] low read-only password.encoder.key.length The key length used for encoding dynamically configured passwords. int 128 [8,...] low read-only password.encoder.keyfactory.algorithm The SecretKeyFactory algorithm used for encoding dynamically configured passwords. Default is PBKDF2WithHmacSHA512 if available and PBKDF2WithHmacSHA1 otherwise. string null low read-only quota.window.num The number of samples to retain in memory for client quotas int 11 [1,...] low read-only quota.window.size.seconds The time span of each sample for client quotas int 1 [1,...] low read-only replication.quota.window.num The number of samples to retain in memory for replication quotas int 11 [1,...] low read-only replication.quota.window.size.seconds The time span of each sample for replication quotas int 1 [1,...] low read-only ssl.endpoint.identification.algorithm The endpoint identification algorithm to validate server hostname using server certificate. string https low per-broker ssl.secure.random.implementation The SecureRandom PRNG implementation to use for SSL cryptography operations. string null low per-broker transaction.abort.timed.out.transaction.cleanup.interval.ms The interval at which to rollback transactions that have timed out int 60000 [1,...] low read-only transaction.remove.expired.transaction.cleanup.interval.ms The interval at which to remove transactions that have expired due to transactional.id.expiration.mspassingint 3600000 [1,...] low read-only zookeeper.sync.time.ms How far a ZK follower can be behind a ZK leader int 2000 low read-only
More details about broker configuration can be found in the scala class kafka.server.KafkaConfig.
Updating Broker Configs
From Kafka version 1.1 onwards, some of the broker configs can be updated without restarting the broker. See the Dynamic Update Mode column in Broker Configs for the update mode of each broker config.
read-only: Requires a broker restart for updateper-broker: May be updated dynamically for each brokercluster-wide: May be updated dynamically as a cluster-wide default. May also be updated as a per-broker value for testing.
To alter the current broker configs for broker id 0 (for example, the number of log cleaner threads):
> bin/kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers --entity-name 0 --alter --add-config log.cleaner.threads=2
To describe the current dynamic broker configs for broker id 0:
> bin/kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers --entity-name 0 --describe
To delete a config override and revert to the statically configured or default value for broker id 0 (for example, the number of log cleaner threads):
> bin/kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers --entity-name 0 --alter --delete-config log.cleaner.threads
Some configs may be configured as a cluster-wide default to maintain consistent values across the whole cluster. All brokers in the cluster will process the cluster default update. For example, to update log cleaner threads on all brokers:
> bin/kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers --entity-default --alter --add-config log.cleaner.threads=2
To describe the currently configured dynamic cluster-wide default configs:
> bin/kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers --entity-default --describe
All configs that are configurable at cluster level may also be configured at per-broker level (e.g. for testing). If a config value is defined at different levels, the following order of precedence is used:
- Dynamic per-broker config stored in ZooKeeper
- Dynamic cluster-wide default config stored in ZooKeeper
- Static broker config from
server.properties - Kafka default, see broker configs
Updating Password Configs Dynamically
Password config values that are dynamically updated are encrypted before storing in ZooKeeper. The broker config password.encoder.secret must be configured in server.properties to enable dynamic update of password configs. The secret may be different on different brokers.
The secret used for password encoding may be rotated with a rolling restart of brokers. The old secret used for encoding passwords currently in ZooKeeper must be provided in the static broker config password.encoder.old.secret and the new secret must be provided in password.encoder.secret. All dynamic password configs stored in ZooKeeper will be re-encoded with the new secret when the broker starts up.
In Kafka 1.1.x, all dynamically updated password configs must be provided in every alter request when updating configs using kafka-configs.sh even if the password config is not being altered. This constraint will be removed in a future release.
Updating Password Configs in ZooKeeper Before Starting Brokers
From Kafka 2.0.0 onwards, kafka-configs.sh enables dynamic broker configs to be updated using ZooKeeper before starting brokers for bootstrapping. This enables all password configs to be stored in encrypted form, avoiding the need for clear passwords in server.properties. The broker config password.encoder.secret must also be specified if any password configs are included in the alter command. Additional encryption parameters may also be specified. Password encoder configs will not be persisted in ZooKeeper. For example, to store SSL key password for listener INTERNAL on broker 0:
> bin/kafka-configs.sh --zookeeper localhost:2181 --entity-type brokers --entity-name 0 --alter --add-config
'listener.name.internal.ssl.key.password=key-password,password.encoder.secret=secret,password.encoder.iterations=8192'
The configuration listener.name.internal.ssl.key.password will be persisted in ZooKeeper in encrypted form using the provided encoder configs. The encoder secret and iterations are not persisted in ZooKeeper.
Updating SSL Keystore of an Existing Listener
Brokers may be configured with SSL keystores with short validity periods to reduce the risk of compromised certificates. Keystores may be updated dynamically without restarting the broker. The config name must be prefixed with the listener prefix listener.name.{listenerName}. so that only the keystore config of a specific listener is updated. The following configs may be updated in a single alter request at per-broker level:
ssl.keystore.typessl.keystore.locationssl.keystore.passwordssl.key.password
If the listener is the inter-broker listener, the update is allowed only if the new keystore is trusted by the truststore configured for that listener. For other listeners, no trust validation is performed on the keystore by the broker. Certificates must be signed by the same certificate authority that signed the old certificate to avoid any client authentication failures.
Updating SSL Truststore of an Existing Listener
Broker truststores may be updated dynamically without restarting the broker to add or remove certificates. Updated truststore will be used to authenticate new client connections. The config name must be prefixed with the listener prefix listener.name.{listenerName}. so that only the truststore config of a specific listener is updated. The following configs may be updated in a single alter request at per-broker level:
ssl.truststore.typessl.truststore.locationssl.truststore.password
If the listener is the inter-broker listener, the update is allowed only if the existing keystore for that listener is trusted by the new truststore. For other listeners, no trust validation is performed by the broker before the update. Removal of CA certificates used to sign client certificates from the new truststore can lead to client authentication failures.
Updating Default Topic Configuration
Default topic configuration options used by brokers may be updated without broker restart. The configs are applied to topics without a topic config override for the equivalent per-topic config. One or more of these configs may be overridden at cluster-default level used by all brokers.
log.segment.byteslog.roll.mslog.roll.hourslog.roll.jitter.mslog.roll.jitter.hourslog.index.size.max.byteslog.flush.interval.messageslog.flush.interval.mslog.retention.byteslog.retention.mslog.retention.minuteslog.retention.hourslog.index.interval.byteslog.cleaner.delete.retention.mslog.cleaner.min.compaction.lag.mslog.cleaner.min.cleanable.ratiolog.cleanup.policylog.segment.delete.delay.msunclean.leader.election.enablemin.insync.replicasmax.message.bytescompression.typelog.preallocatelog.message.timestamp.typelog.message.timestamp.difference.max.ms
From Kafka version 2.0.0 onwards, unclean leader election is automatically enabled by the controller when the config unclean.leader.election.enable is dynamically updated. In Kafka version 1.1.x, changes to unclean.leader.election.enable take effect only when a new controller is elected. Controller re-election may be forced by running:
> bin/zookeeper-shell.sh localhost
rmr /controller
Updating Log Cleaner Configs
Log cleaner configs may be updated dynamically at cluster-default level used by all brokers. The changes take effect on the next iteration of log cleaning. One or more of these configs may be updated:
log.cleaner.threadslog.cleaner.io.max.bytes.per.secondlog.cleaner.dedupe.buffer.sizelog.cleaner.io.buffer.sizelog.cleaner.io.buffer.load.factorlog.cleaner.backoff.ms
Updating Thread Configs
The size of various thread pools used by the broker may be updated dynamically at cluster-default level used by all brokers. Updates are restricted to the range currentSize / 2 to currentSize * 2 to ensure that config updates are handled gracefully.
num.network.threadsnum.io.threadsnum.replica.fetchersnum.recovery.threads.per.data.dirlog.cleaner.threadsbackground.threads
Adding and Removing Listeners
Listeners may be added or removed dynamically. When a new listener is added, security configs of the listener must be provided as listener configs with the listener prefix listener.name.{listenerName}.. If the new listener uses SASL, the JAAS configuration of the listener must be provided using the JAAS configuration property sasl.jaas.config with the listener and mechanism prefix. See JAAS configuration for Kafka brokers for details.
In Kafka version 1.1.x, the listener used by the inter-broker listener may not be updated dynamically. To update the inter-broker listener to a new listener, the new listener may be added on all brokers without restarting the broker. A rolling restart is then required to update inter.broker.listener.name.
In addition to all the security configs of new listeners, the following configs may be updated dynamically at per-broker level:
listenersadvertised.listenerslistener.security.protocol.map
Inter-broker listener must be configured using the static broker configuration inter.broker.listener.name or inter.broker.security.protocol.