我已经启动了一个独立的kafka服务器(版本2.11-0.11.0.1),其中包含1个节点和1个zookeeper,我正在尝试使用acls实现ssl但无法生成 . 执行以下步骤:
- Started kafka node using following configurations ie (server.properties):
broker.id = 0
听众= PLAINTEXT://127.0.0.1:9092,SSL://127.0.0.1:9093
advertised.listeners = SSL://127.0.0.1:9093
num.network.threads = 3
num.io.threads = 8
socket.send.buffer.bytes = 102400 socket.receive.buffer.bytes = 102400
socket.request.max.bytes = 104857600
log.dirs = / TMP / Kafka -日志
num.partitions = 1
num.recovery.threads.per.data.dir = 1
offsets.topic.replication.factor = 1
transaction.state.log.replication.factor = 1
transaction.state.log.min.isr = 1
log.segment.bytes = 1073741824
zookeeper.connect =本地主机:2181
zookeeper.connection.timeout.ms = 6000
group.initial.rebalance.delay.ms = 0
ssl.keystore.location = / u / jewel / ssl acl / kafka_2.11-0.11.0.1 / kaf-new / server.keystore.jks
ssl.keystore.password = test1234
ssl.key.password = test1234
ssl.truststore.location = / u / jewel / ssl acl / kafka_2.11-0.11.0.1 / kaf-new / server.truststore.jks
ssl.truststore.password = test1234
authorizer.class.name = kafka.security.auth.SimpleAclAuthorizer
allow.everyone.if.no.acl.found = FALSE
super.users =用户:CN =宝石,OU = ATOS,O = ATOS,L =妈妈,ST =玛哈曼,C =在
ssl.client.auth = required ssl.enabled.protocols = TLSv1.2,TLSv1.1,TLSv1
ssl.keystore.type = JKS
ssl.truststore.type = JKS
inter.broker.listener.name = SSL
- Modified producer.properties as follows:
bootstrap.servers =本地主机:9093
compression.type =无
ssl.keystore.location = / u / jewel / ssl acl / kafka_2.11-0.11.0.1 / prod / server.keystore.jks
ssl.keystore.password = test123
ssl.key.password = test123
security.protocol = SSL
ssl.truststore.location = / u / jewel / ssl acl / kafka_2.11-0.11.0.1 / kaf-new / client.truststore.jks
ssl.truststore.password = test1234
ssl.enabled.protocols = TLSv1.2工作,TLSv1.1,使用TLSv1
ssl.keystore.type = JKS
ssl.truststore.type = JKS
- Have create the ACLS at zookeeper with following command :
bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:CN=jewel,OU=atos,O=atos,L=mum,ST=maha,C=in --producer --topic
确保嘿
- Try producing to topics with following command:
bin / kafka-console-producer.sh --broker-list localhost:9093 --topic secured-hey --producer.config config / producer.properties
- It Fails with the following error:
WARN在身份验证期间终止与节点-1的连接 . 这可能表示由于凭据无效而导致身份验证失败 . (org.apache.kafka.clients.NetworkClient)
您能否建议我可以做些什么来继续深造,我们将非常感谢您的帮助 .