Create a MirrorMaker2 Source Connector

You can use a MirrorMaker2 Source connector to import messages from another Kafka cluster. You can also use it to:

  • Replicate messages from an external Kafka or Redpanda cluster.

  • Create topics on the local cluster, with a configuration matching external topics.

  • Replicate topic access-control lists (ACLs).

Prerequisites

  • The external Kafka cluster must be accessible.

  • A service account with full access to the external cluster must be available. You can also use a service account with read-only ACLs when the offset-syncs topic location is set to target. You must have describe and/or describe-configs ACLs for the connector to read topic configurations on the source cluster and create the topics on the target cluster, unless you create the topics yourself.

Limitations

  • ACLs are copied, but service accounts are not created.

  • Only topic ACLs are copied (group ACLs are not).

  • Only ACLs for topics matching the connector configuration are copied (write ACLs are not copied).

  • All permissions ACLs are downgraded to read-only.

Create a MirrorMaker2 Source connector

To create the MirrorMaker2 Source connector:

  1. In Redpanda Cloud, click Connectors in the navigation menu, and then click Create Connector.

  2. Select Import from Kafka cluster topics.

  3. On the Create Connector form page, specify the following required connector configuration options:

    Property Description

    Regexes of topics to import

    Comma-separated topic names and regexes you want to replicate.

    Source cluster broker list

    A comma-separated list of host/port pairs to use for establishing the initial connection to the Kafka cluster. The client will make use of all servers regardless of which servers are specified here for bootstrapping. This list only impacts the initial hosts used to discover the full set of servers, and should be in the form host1:port1,host2:port2,.... Because these servers are only used for the initial connection to discover the full cluster membership (which may change dynamically), it need not contain the full set of servers (you may want more than one, though, in case a server is down).

    Source cluster security protocol

    The protocol to use to communicate with source brokers. Default is PLAINTEXT.

    Sync topic configs enabled

    Specifies whether to periodically configure remote topics to match their corresponding upstream topics.

    Sync topic ACLs enabled

    Specifies whether or not to periodically configure remote topic ACLs to match their corresponding upstream topics.

    Connector name

    Globally-unique name to use for this connector.
    If the source cluster doesn’t have ACL’s applied, MirrorMaker2 fails. To tell Redpanda not to try to sync ACLs, disable Sync topic configs enabled, or on on the JSON tab, set sync.topic.acls.enabled = false.

  4. Click Next. Review the connector properties specified, then click Create.

Offsets are not guaranteed to match between the source and target. For example, if data-retention deletes occur on the source topic and the earliest offset is #5000, then when that event is created on the target topic the offset for that event will be #0.

Events written on the target topic use the timestamp that was set on the source event. For example, if the source event has a timestamp 2023-05-22 17:00, then this would also be the timestamp on the target event.

Map data

The value converter does not require any schema; it copies data as bytes.

Test the connection

After the connector is created:

  • Ensure that there are no errors in logs and in Redpanda Console.

  • Confirm that Redpanda topics are being replicated. You should see messages coming into the topics.

Troubleshoot

Most MirrorMaker2 Source connector issues are reported as a failed task at the time of creation. Select Show Logs to view error details.

Message Action

Connection to node -1 (/127.0.0.1:9092) could not be established. Broker may not be available. / LOGS: Timed out while checking for or creating topic 'mm2-offset-syncs.target.internal'. This could indicate a connectivity issue / TimeoutException: Timed out waiting for a node assignment

Make sure broker URLs are correct and that the security.protocol is correct.

SaslAuthenticationException: SASL authentication failed: security: Invalid credentials

Confirm that the username and password specified are correct.

Terminated during authentication. This may happen due to any of the following reasons: (1) Authentication failed due to invalid credentials with brokers older than 1.0.0, (2) Firewall blocking Kafka TLS traffic (eg it may only allow HTTPS traffic), (3) Transient network issue

Error indicates that the SSL should be enabled using Source cluster security protocol (use SSL or SASL_SSL).

RecordTooLargeException: The message is N bytes (…​)

Use producer.override.max.request.size property to change max request size.

RecordTooLargeException: The request included (…​)

The target server is not able to receive messages because it is too large in size. Disabled compression can be a root cause. Consider enabling compression: "Compression type": "snappy",

Scheduler for MirrorSourceConnector caught exception in scheduled task: syncing topic ACLs

MirrorMaker2 requires an authorizer to be configured by the broker side, but it is not. Change the Sync topic ACLs enabled MirrorMaker2 property to false (default is true) to disable ACL syncing.

TopicAuthorizationException: Topic authorization failed

Confirm the service account for the source cluster contains describe and/or describe-configs ACLs.