我尝试在两个不同的主机中使用这个docker compose文件在docker中启动Kafka:
version: "2"
services:
zookeeper:
image: confluentinc/cp-zookeeper:5.5.7
restart: unless-stopped
container_name: zookeeper
ports:
- "2181:2181"
environment:
ZOOKEEPER_TICK_TIME: 2000
ZOOKEEPER_CLIENT_PORT: 2181
kafka:
image: confluentinc/cp-kafka:5.5.7
restart: unless-stopped
container_name: kafka
depends_on:
- zookeeper
ports:
- "9092:9092"
environment:
KAFKA_BROKER_ID: 1
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
KAFKA_LISTENERS: SSL://:9092
KAFKA_ADVERTISED_LISTENERS: SSL://:9092
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1
KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1
KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 0
KAFKA_AUTO_CREATE_TOPICS_ENABLE: false
KAFKA_DELETE_TOPIC_ENABLE: true
KAFKA_SSL_KEYSTORE_FILENAME: broker.keystore.jks
KAFKA_SSL_KEYSTORE_CREDENTIALS: pass
KAFKA_SSL_KEY_CREDENTIALS: pass
KAFKA_SSL_TRUSTSTORE_FILENAME: broker.truststore.jks
KAFKA_SSL_TRUSTSTORE_CREDENTIALS: pass
KAFKA_SSL_CLIENT_AUTH: requested
KAFKA_SECURITY_PROTOCOL: SSL
KAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: " "
KAFKA_SECURITY_INTER_BROKER_PROTOCOL: SSL
volumes:
- ./secrets:/etc/kafka/secrets
在一个主机上一切正常,但在另一个主机上我会出错
"Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)
org.apache.kafka.common.KafkaException: org.apache.kafka.common.config.ConfigException: Invalid value javax.net.ssl.SSLHandshakeException: General SSLEngine problem for configuration A client SSLEngine created with the provided settings can't connect to a server SSLEngine created with those settings."
我使用不同的证书.唯一的区别,正如我所看到的,它是不同的签名算法-在主机上,所有的好它的SHA-512与RSA,而我有一个错误,它的SHA-384与ECDSA和不同的密钥大小- 2048位vs 4096.但正如我在谷歌中发现,Kafka将与他们两个一起工作。我没有可能改变证书-我需要找到解决方案与此证书。
导致此错误的原因是什么?
1条答案
按热度按时间0sgqnhkj1#
我找到了解决方案。问题是在我使用的证书中-它不包含在密钥使用字段“客户端身份验证”中。当我尝试运行最新版本的Kafka时发现了它,这个版本给了我关于密钥使用字段的错误。