在 SSL 模式下使用 apache kafka [英] Using apache kafka in SSL mode
问题描述
我正在尝试在 SSL [1-way] 模式下设置 kafka.我已经阅读了官方文档并成功生成了证书.我会记下 2 种不同情况的行为.这种设置只有一个经纪人和一个动物园管理员.
I'm trying to set up kafka in SSL [1-way] mode. I've gone through the official documentation and successfully generated the certificates. I'll note down the behavior for 2 different cases. This setup has only one broker and one zookeeper.
我的server.properties
文件中的相关条目如下:
Relevant entries in my server.properties
file are as follows:
listeners=PLAINTEXT://localhost:9092, SSL://localhost:9093
ssl.keystore.location=/Users/xyz/home/ssl/server.keystore.jks
ssl.keystore.password=****
ssl.key.password=****
我在 kafka 配置目录中添加了一个 client-ssl.properties
,其中包含以下条目:
I've added a client-ssl.properties
in kafka config dir with following entries:
security.protocol=SSL
ssl.truststore.location=/Users/xyz/home/ssl/client.truststore.jks
ssl.truststore.password=****
如果我将 bootstrap.servers=localhost:9093
或 bootstrap.servers=localhost:9092
放在我的 config/producer.properties
文件中,我的控制台生产者/消费者工作正常.这是预期的行为吗?如果是,那为什么?因为我特别想在 SSL 模式下从生产者/消费者连接到 localhost:9093
.
If I put bootstrap.servers=localhost:9093
or bootstrap.servers=localhost:9092
in my config/producer.properties
file, my console-producers/consumers work fine. Is that the intended behavior? If yes, then why? Because I'm specifically trying to connect to localhost:9093
from producer/consumer in SSL mode.
我的server.properties
文件中的相关条目如下:
Relevant entries in my server.properties
file are as follows:
security.inter.broker.protocol=SSL
listeners=SSL://localhost:9093
ssl.keystore.location=/Users/xyz/home/ssl/server.keystore.jks
ssl.keystore.password=****
ssl.key.password=****
我的 client-ssl.properties
文件保持不变.我将 bootstrap.servers=localhost:9093
放在 producer.properties
文件中.现在,我的生产者/消费者都无法连接到 kafka.我收到以下消息:
My client-ssl.properties
file remains the same. I put bootstrap.servers=localhost:9093
in producer.properties
file. Now, none of my producer/consumer can connect to kafka. I get the following msg:
WARN Error while fetching metadata with correlation id 0 : {test=LEADER_NOT_AVAILABLE} (org.apache.kafka.clients.NetworkClient)
我做错了什么?
在所有这些情况下,我都使用以下命令来启动生产者/消费者:
In all these cases I'm using the following commands to start producers/consumers:
./kafka-console-producer.sh --broker-list localhost:9093 --topic test --producer.config ../config/client-ssl.properties
./kafka-console-consumer.sh --bootstrap-server localhost:9093 --topic test --consumer.config ../config/client-ssl.properties
推荐答案
确保证书中的通用名称 (CN) 与主机名匹配.SSL 协议根据主机名验证 CN.我想在这里你应该有 CN=localhost.我遇到了类似的问题,我就是这样解决的.
Make sure that the common names (CN) in your certificates match your hostname. SSL protocol verify CN against hostname. I guess here you should have CN=localhost. I had a similar issue and that's how I fixed it.
这篇关于在 SSL 模式下使用 apache kafka的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!