所以我尝试在我的集群中写一个主题,生产者在一个独立的设备上,而不是代理和动物园管理员服务器。我使用 SSL_SASL 身份验证,我认为身份验证存在问题,但我没有收到任何关于此的日志消息,所以我可能是错的。当我运行这个命令时:
bin/kafka-console-producer.sh --broker-list raspberrypi:9092 --topic my-topic --producer.config config/producer.properties
我得到这个重复的崩溃:
[2023-04-19 12:55:38,819] WARN [Producer clientId=console-producer] 无法建立与节点 -1 (raspberrypi/192.168.1.104:9092) 的连接。经纪人可能不可用。 (org.apache.kafka.clients.NetworkClient) [2023-04-19 12:55:38,819] WARN [Producer clientId=console-producer] Bootstrap broker raspberrypi:9092 (id: -1 rack: null) 断开连接 (org.apache.kafka.clients.NetworkClient)
但是当我尝试在与代理相同的机器上执行相同的命令时,它工作得很好。
服务器.properties
broker.id=0
confluent.http.server.listeners=
listeners=SASL_SSL://raspberrypi:9092,SASL_SSL1://192.168.1.104:9093
advertised.listeners=SASL_SSL://raspberrypi:9092,SASL_SSL1://192.168.1.104:9093
listener.security.protocol.map=SASL_SSL:SASL_SSL,SASL_SSL1:SASL_SSL
zookeeper.connect=raspberrypi:2182
log.dirs=/tmp/data/broker-0
num.network.threads=3
num.io.threads=8
socket.send.buffer.bytes=102400
socket.receive.buffer.bytes=102400
socket.request.max.bytes=104857600
num.partitions=3
num.recovery.threads.per.data.dir=1
offsets.topic.replication.factor=1
transaction.state.log.replication.factor=1
transaction.state.log.min.isr=1
log.retention.hours=168
log.segment.bytes=1073741824
log.retention.check.interval.ms=300000
zookeeper.connection.timeout.ms=18000
group.initial.rebalance.delay.ms=0
# Properties for SSL Zookeeper Security between Zookeeper and Broker
zookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
zookeeper.ssl.client.enable=true
zookeeper.ssl.protocol=TLSv1.2
zookeeper.ssl.truststore.location=/home/pi/kafka_2.13-3.4.0/ssl/kafka.broker.truststore.jks
zookeeper.ssl.truststore.password=exjobb123
zookeeper.ssl.keystore.location=/home/pi/kafka_2.13-3.4.0/ssl/kafka.broker.keystore.jks
zookeeper.ssl.keystore.password=exjobb123
zookeeper.set.acl=true
# Properties for SSL Kafka Security between Broker and its clients
ssl.truststore.location=/home/pi/kafka_2.13-3.4.0/ssl/kafka.broker.truststore.jks
ssl.truststore.password=exjobb123
ssl.keystore.location=/home/pi/kafka_2.13-3.4.0/ssl/kafka.broker.keystore.jks
ssl.keystore.password=exjobb123
ssl.key.password=exjobb123
security.inter.broker.protocol=SASL_SSL
ssl.client.auth=required
ssl.protocol=TLSv1.2
#Properties for SASL between a broker and its client
sasl.enabled.mechanisms=SCRAM-SHA-512
sasl.mechanism.inter.broker.protocol=SCRAM-SHA-512
listener.name.sasl_ssl.scram-sha-512.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="kafka-admin" password="exjobb123";
listener.name.sasl_ssl1.scram-sha-512.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="kafka-admin" password="exjobb123";
super.users=User:kafka-admin
#Properties for Authorization
authorizer.class.name=kafka.security.authorizer.AclAuthorizer
producer.properties
bootstrap.servers=raspberrypi:9092
compression.type=none
security.protocol=SASL_SSL
ssl.protocol=TLSv1.2
ssl.truststore.location=/home/exjobb/ssl/kafka.producer.truststore.jks
ssl.truststore.password=exjobb123
sasl.mechanism=SCRAM-SHA-512
sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="sasl-producer" password="exjobb123";
我试图让防火墙上的端口 9092 和 9093 无济于事,正如我所说,我也尝试在与代理相同的机器上运行生产者,然后它工作正常。经纪人和动物园管理员的日志也没有说什么。
非常感谢任何帮助,如果您需要我可能错过的任何其他信息,请告诉我。
这意味着只在端口 9092 上接受来自主机名
raspberrypilisteners=...://raspberrypi:9092
如果您使用
192.168.1.104:9093您不需要在 listeners 和/或 advertised.listeners 中同时列出主机名和 IP,但 listeners 是一个绑定地址。将其更改为
0.0.0.0:<port>除此之外,尚不清楚您是如何允许
sasl-producerkafka-acls旁注:Redpanda 在 Raspberry pi 上的资源密集度较低,同时仍保持 Kafka 兼容性。您在技术上也不再需要 Zookeeper。
+ 切勿将重要数据存储在 /tmp 下