Kafka0.10 sasl/普通生产者超时

c3frrgcw  于 2021-06-07  发布在  Kafka
关注(0)|答案(1)|浏览(771)

我在cloudera中运行了一个3代理kerberisedkafka0.10安装,我正在尝试用sasl/plain进行身份验证
我将kafka\u server\u jaas.conf传递到每个代理上的jvm中。 KafkaServer { org.apache.kafka.common.security.plain.PlainLoginModule required username=admin password=password1 user_admin=password1 user_remote=password1; }; 我的 server.properties (或 kafka.properties 当cloudera重命名它时)设置如下; listeners=SASL_SSL://10.10.3.47:9093 # ip set for each broker advertised.listeners=SASL_SSL://10.10.3.47:9093 # ip set for each broker sasl.enabled.mechanisms=GSSAPI,PLAIN security.inter.broker.protocol=SASL_SSL sasl.mechanism.inter.broker.protocol=GSSAPI 当kafka启动时,代理间的通信一切正常,但是当我尝试使用console producer连接时,我得到一个超时,更新元数据失败 bin/kafka-consolproducer --broker-list 10.10.3.161:9093 --topic test1 --producer.config client.properties.plain client.properties.plain设置为 security.protocol=SASL_SSL sasl.mechanism=PLAIN 最后,客户端jaas.conf KafkaClient { org.apache.kafka.common.security.plain.PlainLoginModule required username="remote" password="password1"; }; 据我所知,我已经正确地遵循了所有的指示,有人看到什么不对劲吗?
更新我已经把控制台消费者的日志记录打开了一点,我得到以下错误; [2017-03-02 13:17:50,817] TRACE SSLHandshake NEED_UNWRAP channelId -1, handshakeResult Status = OK HandshakeStatus = FINISHED bytesConsumed = 101 bytesProduced = 0, appReadBuffer pos 0, netReadBuffer pos 0, netWriteBuffer pos 101 (org.apache.kafka.common.network.SslTransportLayer) [2017-03-02 13:17:50,817] TRACE SSLHandshake FINISHED channelId -1, appReadBuffer pos 0, netReadBuffer pos 0, netWriteBuffer pos 101 (org.apache.kafka.common.network.SslTransportLayer) [2017-03-02 13:17:50,817] DEBUG Set SASL client state to RECEIVE_HANDSHAKE_RESPONSE (org.apache.kafka.common.security.authenticator.SaslClientAuthenticator) [2017-03-02 13:17:50,818] DEBUG Set SASL client state to INITIAL (org.apache.kafka.common.security.authenticator.SaslClientAuthenticator) [2017-03-02 13:17:50,819] DEBUG Set SASL client state to INTERMEDIATE (org.apache.kafka.common.security.authenticator.SaslClientAuthenticator) [2017-03-02 13:17:50,820] DEBUG Connection with <IPADDESS_REMOVED> disconnected (org.apache.kafka.common.network.Selector) java.io.EOFException at org.apache.kafka.common.network.SslTransportLayer.read(SslTransportLayer.java:488) at org.apache.kafka.common.network.NetworkReceive.readFromReadableChannel(NetworkReceive.java:81) at org.apache.kafka.common.network.NetworkReceive.readFrom(NetworkReceive.java:71) at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.receiveResponseOrToken(SaslClientAuthenticator.java:239) at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.authenticate(SaslClientAuthenticator.java:182) at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:64) at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:318) at org.apache.kafka.common.network.Selector.poll(Selector.java:283) at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:260) at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.clientPoll(ConsumerNetworkClient.java:360) at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.poll(ConsumerNetworkClient.java:224) at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.poll(ConsumerNetworkClient.java:192) at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.awaitMetadataUpdate(ConsumerNetworkClient.java:134) at org.apache.kafka.clients.consumer.internals.AbstractCoordinator.ensureCoordinatorReady(AbstractCoordinator.java:183) at org.apache.kafka.clients.consumer.KafkaConsumer.pollOnce(KafkaConsumer.java:974) at org.apache.kafka.clients.consumer.KafkaConsumer.poll(KafkaConsumer.java:938) at kafka.consumer.NewShinyConsumer.<init>(BaseConsumer.scala:61) at kafka.tools.ConsoleConsumer$.run(ConsoleConsumer.scala:64) at kafka.tools.ConsoleConsumer$.main(ConsoleConsumer.scala:51) at kafka.tools.ConsoleConsumer.main(ConsoleConsumer.scala) [2017-03-02 13:17:50,821] DEBUG Node -1 disconnected. (org.apache.kafka.clients.NetworkClient)

apache-kafkasasljaas

1条答案

按热度按时间
wqnecbli

wqnecbli1#

我和saslèu明文认证也有类似的问题。我能够连接到代理(通过kafkapython),但是我从生产者发送的任何消息都会超时。
我最终为saslèu纯文本和纯文本监听器做了广告,但只是通过aws安全组公开了saslèu纯文本监听器。
我的服务器_jaas.conf基本上是相同的。
my server.properties使用了以下设置:

security.inter.broker.protocol=PLAINTEXT
sasl.mechanism.inter.broker.protocol=PLAIN
sasl.enabled.mechanisms=PLAIN
advertised.listeners=SASL_PLAINTEXT://example.com:9095,PLAINTEXT://example.com:9092
listeners = SASL_PLAINTEXT://0.0.0.0:9095,PLAINTEXT://0.0.0.0:9092

我在用kafka python客户机调试它,我的命令看起来像这样(python)

from kafka import KafkaProducer
producer = KafkaProducer(bootstrap_servers='example.com:9095', security_protocol="SASL_PLAINTEXT", sasl_mechanism='PLAIN', sasl_plain_username='username', sasl_plain_password='password')

有了这个设置,我就可以拥有用户名/密码身份验证,还可以生成和使用到代理的消息,而不需要超时。
希望这能有所帮助:)

赞(0)分享  回复(0)举报  2021-06-07
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com