Description: 使用SASL / SCRAM或SASL / PLAINTEXT进行身份验证大约需要9秒钟才能完成 . 这是正常的吗?
How to reproduce:
-
一个Kafka代理实例(v1.1.0)
-
一个C# 生产环境 者(Confluent Kafka Client v0.11.4)执行以下操作:
var producerConfig =
PropertiesUtils.ReadPropertiesFile("producer.properties");
using (var producer = new Producer(producerConfig, null, new StringSerializer(Encoding.UTF8)))
{
while (true)
{
Console.Write("message: ");
string msg = Console.ReadLine();
producer.ProduceAsync("test-topic", null, msg);
}
}
- 一个C#使用者(Confluent Kafka Client v0.11.4)执行以下操作:
var config = PropertiesUtils.ReadPropertiesFile("consumer.properties");
using (var consumer = new Consumer(config, null, new StringDeserializer(Encoding.UTF8)))
{
consumer.OnMessage += (_, msg)
=>
{
Console.WriteLine(msg.Value);
};
consumer.OnError += (_, error)
=> Console.WriteLine($"Error: {error}");
consumer.OnConsumeError += (_, msg)
=> Console.WriteLine($"Consume error ({msg.TopicPartitionOffset}): {msg.Error}");
consumer.Subscribe("test-topic");
while (true)
{
try
{
consumer.Poll(TimeSpan.FromMilliseconds(1000));
}
catch(Exception e)
{
Console.WriteLine(e.Message);
}
}
}
- server.properties:
broker.id = 0 num.network.threads = 3 num.io.threads = 8 socket.send.buffer.bytes = 102400 socket.receive.buffer.bytes = 102400 socket.request.max.bytes = 104857600 session.timeout .ms = 1000 group.initial.rebalance.delay.ms = 0 listeners = SASL_SSL:// localhost:9093 ssl.keystore.type = JKS ssl.keystore.location = ... ssl.keystore.password = ... ssl .key.password = ... ssl.truststore.type = JKS ssl.truststore.location = ... ssl.truststore.password = ... ssl.protocol = TLS ssl.enabled.protocols = TLSv1.2,TLSv1 . 1,TLSv1 ssl.client.auth = required security.inter.broker.protocol = SASL_SSL ssl.secure.random.implementation = SHA1PRNG sasl.enabled.mechanisms = PLAIN,SCRAM-SHA-256 sasl.mechanism.inter.broker.protocol = PLAIN log.dirs = ... num.partitions = 1 num.recovery.threads.per.data.dir = 1 offsets.topic.replication.factor = 1 transaction.state.log.replication.factor = 1 transaction.state .log.min.isr = 1 log.retention.hours = 168 log.retention.bytes = 1073741824 log.segment.bytes = 1073741824 log.retention.check.interval.ms = 300000 num.replica.fetchers = 1 zookeeper.connect = localhost:2181 zookeeper.connection.timeout.ms = 6000 group.initial.rebalance.delay.ms = 0
- consumer.properties:
bootstrap.servers = localhost:9093 group.id = test-consumer-group fetch.min.bytes = 1 fetch.wait.max.ms = 1 auto.offset.reset = latest socket.blocking.max.ms = 1 fetch .error.backoff.ms = 1 ssl.ca.location = ... ssl.certificate.location = ... ssl.key.location = ... ssl.key.password = .. security.protocol = SASL_SSL sasl . mechanisms = PLAIN sasl.username = ... sasl.password = ...
- producer.properties
bootstrap.servers = localhost:9093 compression.type = none linger.ms = 0 retries = 0 acks = 0 ssl.ca.location = ... ssl.certificate.location = ... ssl.key.location = .. .ssl.key.password = ... security.protocol = SASL_SSL sasl.mechanisms = PLAIN sasl.username = ... sasl.password = ...
- 运行消费者 . 从请求到完成,完成SASL握手大约需要9秒钟 . 这是日志:
[2018-07-06 17:03:37,673] DEBUG将SASL服务器状态设置为HANDSHAKE_OR_VERSIONS_REQUEST(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)[2018-07-06 17:03:37,673] DEBUG处理Kafka请求API_VERSIONS(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)[2018-07-06 17:03:37,673] DEBUG将SASL服务器状态设置为HANDSHAKE_REQUEST(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator )[2018-07-06 17:03:37,673] DEBUG处理Kafka请求SASL_HANDSHAKE(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)[2018-07-06 17:03:37,674] DEBUG使用SASL机制' PLAIN'由客户端提供(org.apache.kafka.common.security.authenticator.SaslServerAuthenticator)[2018-07-06 17:03:46,805] DEBUG将SASL服务器状态设置为AUTHENTICATE(org.apache.kafka.common.security . authenticator.SaslServerAuthenticator)[2018-07-06 17:03:46,807] DEBUG将SASL服务器状态设置为COMPLETE(org.apache.kafka.common.security.authentica tor.SaslServerAuthenticator)
Remarks :
-
我在运行 生产环境 者时观察到相同的持续时间
-
我在使用SCRAM-256进行身份验证时观察到相同的持续时间
-
我在运行Java客户端时观察到相同的持续时间(
kafka-console-consumer
和kafka-console-producer
)
UPDATE: 按照@edenhill的建议当我在Ubuntu虚拟机上设置代理并从Windows连接客户端时,不再观察到延迟 . 我想知道为什么SSL握手和SASL身份验证在Windows上都需要10秒钟!