在kafka集群上启用ssl时,kafka连接无法启动
问题描述:
我正在评估kafka汇合平台4.0版。但是,当我在kafka集群上启用ssl时,kafka连接无法启动。在kafka集群上启用ssl时,kafka连接无法启动
详细记录如下:
[2017-12-18 04:38:55,747] ERROR Uncaught exception in herder work thread, exiting: (org.apache.kafka.connect.runtime.distributed.DistributedHerder:218)
org.apache.kafka.connect.errors.ConnectException: Timed out while checking for or creating topic(s) 'connect-offsets'. This could indicate a connectivity issue, unavailable topic partitions, or if this is your first use of the topic it may have taken too long to create.
at org.apache.kafka.connect.util.TopicAdmin.createTopics(TopicAdmin.java:243)
at org.apache.kafka.connect.storage.KafkaOffsetBackingStore$1.run(KafkaOffsetBackingStore.java:99)
at org.apache.kafka.connect.util.KafkaBasedLog.start(KafkaBasedLog.java:126)
at org.apache.kafka.connect.storage.KafkaOffsetBackingStore.start(KafkaOffsetBackingStore.java:109)
at org.apache.kafka.connect.runtime.Worker.start(Worker.java:144)
at org.apache.kafka.connect.runtime.AbstractHerder.startServices(AbstractHerder.java:100)
at org.apache.kafka.connect.runtime.distributed.DistributedHerder.run(DistributedHerder.java:205)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.kafka.common.errors.TimeoutException: Timed out waiting for a node assignment.
[2017-12-18 04:38:55,752] INFO Kafka Connect stopping (org.apache.kafka.connect.runtime.Connect:65)
[2017-12-18 04:38:55,753] INFO Stopping REST server (org.apache.kafka.connect.runtime.rest.RestServer:154)
[2017-12-18 04:38:55,761] INFO Stopped [email protected]{HTTP/1.1}{0.0.0.0:8083} (org.eclipse.jetty.server.ServerConnector:306)
[2017-12-18 04:38:55,783] INFO Stopped [email protected]{/,null,UNAVAILABLE} (org.eclipse.jetty.server.handler.ContextHandler:865)
[2017-12-18 04:38:55,786] INFO REST server stopped (org.apache.kafka.connect.runtime.rest.RestServer:165)
[2017-12-18 04:38:55,787] INFO Herder stopping (org.apache.kafka.connect.runtime.distributed.DistributedHerder:389)
[2017-12-18 04:39:00,788] INFO Herder stopped (org.apache.kafka.connect.runtime.distributed.DistributedHerder:409)
[2017-12-18 04:39:00,789] INFO Kafka Connect stopped (org.apache.kafka.connect.runtime.Connect:70)
我已经检查了卡夫卡的经纪人,他们仍然运行正常。
bin/confluent status
connect is [DOWN]
kafka-rest is [UP]
schema-registry is [DOWN]
kafka is [UP]
zookeeper is [UP]
任何额外的配置,我错过了?
请指教?
答
在Kafka集群上启用安全选项后,您需要为Kafka Connect工作人员启用等效选项。
例如,对于基本的SSL配置,您可能需要设置是这样的:
security.protocol=SSL
ssl.truststore.location=/var/private/ssl/kafka.client.truststore.jks
ssl.truststore.password=<your-pass>
到你的工人的配置。 (要与汇合CLI尝试为你展示上面,这个文件是./etc/schema-registry/connect-avro-distributed.properties
)
您可在此了解更多关于如何设置卡夫卡连接与安全:
https://docs.confluent.io/current/connect/security.html
,并了解所有可用这里连接工人安全相关的属性:
它与customzied卡夫卡的代理端口一个问题,因为我换了经纪人默认端口从'9092'到'9094'。只有当我改回默认端口时,kafka连接才起作用。我的问题是,有没有办法开始kafka连接conect到定制的kafka端口? @Konstantine – Joey
我已经更新了'./etc/module-registry/connect-avro-distributed.properties'文件中的boostrap.servers。卡夫卡连接正在工作。 btw,我有关于在zookeeper上启用SSL的问题,截至目前,我只看到了ssl设置,用于从客户端连接到kafka服务器,并且仅限inte-brokers。但是对于连接到zookeeper,没有可用的SSL设置,因为它是我们组织中的安全问题。谢谢 – Joey