Python Kafka confluent SSL config using keytool pem file

2guxujil  于 2024-01-06  发布在  Apache
关注(0)|答案(2)|浏览(133)

我有这个keytool bash文件,加载我的证书:

regions=( us-east us-west )
CACERT_FILE="${JAVA_HOME}/lib/security/cacerts"
mkdir /keys

echo "Loading Certs"

curl -s <url> > /keys/root_ca.pem
keytool -importcert -keystore ${CACERT_FILE} -alias root -storepass <pass> -file /keys/root_ca.pem -trustcacerts -noprompt

for i in "${regions[@]}"
do
  echo "Importing intermediate CA from $i"
  curl -s <region url> > /keys/${i}.pem
  keytool -importcert -keystore ${CACERT_FILE} -alias ${i} -storepass <pass> -file /keys/${i}.pem -trustcacerts -noprompt
done

echo "Done loading certs"

字符串
使用这些命令,confluent Kafka的正确配置是什么?
此外,我不知道这是否会有帮助,但我认为PEM使用TLS 1.2

apache-kafka

2条答案

按热度按时间
eh57zj3b

eh57zj3b1#

右配置-

ssl_cafile=/keys/root_ca.pem
    ssl_certfile=/keys/${i}.pem
    ssl_keyfile=/keys/user.key.pem
    ssl_password=<key password>

字符串
您需要将${i}替换为相应的区域名称。例如,如果您连接到美国东部地区,则需要使用以下配置:

ssl_certfile=/keys/us-east.pem


ssl_cafile参数指向根CA证书文件。ssl_certfile参数指向要连接到的区域的中间CA证书文件。ssl_keyfile参数指向用户的证书文件。ssl_password参数是用户证书文件的密码。
电子邮件:info@Python Confluent-Kafka SSL Configuration
https://docs.confluent.io/platform/current/kafka/authentication_ssl.html PEM文件使用TLS 1.2。
检查上述过程,我认为它应该是工作

赞(0)分享  回复(0)举报  2024-01-06
nnsrf1az

nnsrf1az2#

该脚本首先创建/keys/目录,然后导入证书并设置别名。假设服务器配置了SSL,对于us-east,下面是一个python消费者的例子:

from confluent_kafka import Consumer

# Kafka broker URL for us-east region
bootstrap_servers = 'your_us_east_kafka_broker_url:9092'

# Consumer group 
group_id = 'your_consumer_group_id'

 
    # SSL configurations
ssl_ca_location = '/keys/root_ca.pem'
ssl_cert_location = '/keys/us-east.pem'
ssl_key_location = '/keys/us-east.key.pem'  # Replace with the correct key file 
ssl_password = 'your_keystore_password'  # Replace with the correct pwd

    
consumer_config = {
    'bootstrap.servers': bootstrap_servers,
    'group.id': group_id,
    'security.protocol': 'ssl',
    'ssl.ca.location': ssl_ca_location,
    'ssl.certificate.location': ssl_cert_location,
    'ssl.key.location': ssl_key_location,
    'ssl.key.password': ssl_password,
    'auto.offset.reset': 'earliest',  # Adjust as needed
    'enable.auto.commit': False  # Disable auto-commit to have control over committing offsets
}

# Create Kafka consumer
consumer = Consumer(consumer_config)

# Subscribe to topics
topics = ['your_topic']
consumer.subscribe(topics)

# Consume messages
...

字符串

赞(0)分享  回复(0)举报  2024-01-06
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com