1. 首页
  2. 问答
  3. 卡夫卡0.10 SASL /纯生产者超时

卡夫卡0.10 SASL /纯生产者超时

2017-03-01 120 views
0

我有一个3经纪人kerberised卡夫卡0.10安装在运行Cloudera的,我试图用SASL认证/纯卡夫卡0.10 SASL /纯生产者超时

我传递kafka_server_jaas.conf到JVM上每个经纪人。

KafkaServer { org.apache.kafka.common.security.plain.PlainLoginModule required username=admin password=password1 user_admin=password1 user_remote=password1; };

server.properties(或kafka.properties如Cloudera的将其重命名),如下设置;

listeners=SASL_SSL://10.10.3.47:9093 # ip set for each broker advertised.listeners=SASL_SSL://10.10.3.47:9093 # ip set for each broker sasl.enabled.mechanisms=GSSAPI,PLAIN security.inter.broker.protocol=SASL_SSL sasl.mechanism.inter.broker.protocol=GSSAPI

当卡夫卡启动时,经纪人之间的沟通是一切正常,但当我尝试使用控制台制造商连接我得到一个超时未能更新元数据

bin/kafka-consolproducer --broker-list 10.10.3.161:9093 --topic test1 --producer.config client.properties.plain

client.properties.plain设置为

security.protocol=SASL_SSL sasl.mechanism=PLAIN

最后,客户端的Jaas.conf

KafkaClient { org.apache.kafka.common.security.plain.PlainLoginModule required username="remote" password="password1"; };

至于我可以告诉我正确执行了所有的说明,任何人都可以看到什么错?

更新 我已经把控制台消费者的日志记录上了一下,我收到以下错误;

[2017-03-02 13:17:50,817] TRACE SSLHandshake NEED_UNWRAP channelId -1, handshakeResult Status = OK HandshakeStatus = FINISHED bytesConsumed = 101 bytesProduced = 0, appReadBuffer pos 0, netReadBuffer pos 0, netWriteBuffer pos 101 (org.apache.kafka.common.network.SslTransportLayer) [2017-03-02 13:17:50,817] TRACE SSLHandshake FINISHED channelId -1, appReadBuffer pos 0, netReadBuffer pos 0, netWriteBuffer pos 101 (org.apache.kafka.common.network.SslTransportLayer) [2017-03-02 13:17:50,817] DEBUG Set SASL client state to RECEIVE_HANDSHAKE_RESPONSE (org.apache.kafka.common.security.authenticator.SaslClientAuthenticator) [2017-03-02 13:17:50,818] DEBUG Set SASL client state to INITIAL (org.apache.kafka.common.security.authenticator.SaslClientAuthenticator) [2017-03-02 13:17:50,819] DEBUG Set SASL client state to INTERMEDIATE (org.apache.kafka.common.security.authenticator.SaslClientAuthenticator) [2017-03-02 13:17:50,820] DEBUG Connection with <IPADDESS_REMOVED> disconnected (org.apache.kafka.common.network.Selector) java.io.EOFException at org.apache.kafka.common.network.SslTransportLayer.read(SslTransportLayer.java:488) at org.apache.kafka.common.network.NetworkReceive.readFromReadableChannel(NetworkReceive.java:81) at org.apache.kafka.common.network.NetworkReceive.readFrom(NetworkReceive.java:71) at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.receiveResponseOrToken(SaslClientAuthenticator.java:239) at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.authenticate(SaslClientAuthenticator.java:182) at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:64) at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:318) at org.apache.kafka.common.network.Selector.poll(Selector.java:283) at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:260) at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.clientPoll(ConsumerNetworkClient.java:360) at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.poll(ConsumerNetworkClient.java:224) at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.poll(ConsumerNetworkClient.java:192) at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.awaitMetadataUpdate(ConsumerNetworkClient.java:134) at org.apache.kafka.clients.consumer.internals.AbstractCoordinator.ensureCoordinatorReady(AbstractCoordinator.java:183) at org.apache.kafka.clients.consumer.KafkaConsumer.pollOnce(KafkaConsumer.java:974) at org.apache.kafka.clients.consumer.KafkaConsumer.poll(KafkaConsumer.java:938) at kafka.consumer.NewShinyConsumer.<init>(BaseConsumer.scala:61) at kafka.tools.ConsoleConsumer$.run(ConsoleConsumer.scala:64) at kafka.tools.ConsoleConsumer$.main(ConsoleConsumer.scala:51) at kafka.tools.ConsoleConsumer.main(ConsoleConsumer.scala) [2017-03-02 13:17:50,821] DEBUG Node -1 disconnected. (org.apache.kafka.clients.NetworkClient)

来源

2017-03-01 owen79

+0

我遇到了包含性能测试生产者工具相同的问题。我很难过。 –

+0

你可以试用0.10.2吗?在配置0.10.0的sasl明文时,我遇到了类似的问题,我升级到了0.10.2(代理和客户端库)并且工作。 – basit

+0

仅限于我们可以使用的版本 - 与Cloudera支持的组合的偏差可能会导致问题。他们正在研究它......让人放心的是它们也有问题。如果发现解决方案,我会报告。 – owen79

回答

1

我有SASL_PLAINTEXT AUTH类似的问题。我能够连接到代理(通过kafka-python),但是我从制作者发送的任何消息都会超时。

我最终宣布了SASL_PLAINTEXT和PLAINTEXT侦听器,但只通过AWS安全组公开暴露了SASL_PLAINTEXT侦听器。

我的server_jaas.conf基本上是一样的。

我server.properties使用这些设置:

security.inter.broker.protocol=PLAINTEXT 
sasl.mechanism.inter.broker.protocol=PLAIN 
sasl.enabled.mechanisms=PLAIN 
advertised.listeners=SASL_PLAINTEXT://example.com:9095,PLAINTEXT://example.com:9092 
listeners = SASL_PLAINTEXT://0.0.0.0:9095,PLAINTEXT://0.0.0.0:9092

我与卡夫卡的Python客户端调试这和我的命令看起来像这样(蟒蛇)

from kafka import KafkaProducer 
producer = KafkaProducer(bootstrap_servers='example.com:9095', security_protocol="SASL_PLAINTEXT", sasl_mechanism='PLAIN', sasl_plain_username='username', sasl_plain_password='password')

有了这个设置我能够进行用户名/密码认证,并且可以在不超时的情况下产生并使用消息给代理。

希望这有助于某种方式:)

来源

2017-03-28 20:59:34

相关问题

 相关问题