1. 首頁
  2. 問答
  3. 在kafka集羣上啓用ssl時,kafka連接無法啓動

在kafka集羣上啓用ssl時,kafka連接無法啓動

2017-12-18 186 views
0

我正在評估kafka匯合平臺4.0版。但是,當我在kafka集羣上啓用ssl時,kafka連接無法啓動。在kafka集羣上啓用ssl時,kafka連接無法啓動

詳細記錄如下:

[2017-12-18 04:38:55,747] ERROR Uncaught exception in herder work thread, exiting: (org.apache.kafka.connect.runtime.distributed.DistributedHerder:218) 
org.apache.kafka.connect.errors.ConnectException: Timed out while checking for or creating topic(s) 'connect-offsets'. This could indicate a connectivity issue, unavailable topic partitions, or if this is your first use of the topic it may have taken too long to create. 
     at org.apache.kafka.connect.util.TopicAdmin.createTopics(TopicAdmin.java:243) 
     at org.apache.kafka.connect.storage.KafkaOffsetBackingStore$1.run(KafkaOffsetBackingStore.java:99) 
     at org.apache.kafka.connect.util.KafkaBasedLog.start(KafkaBasedLog.java:126) 
     at org.apache.kafka.connect.storage.KafkaOffsetBackingStore.start(KafkaOffsetBackingStore.java:109) 
     at org.apache.kafka.connect.runtime.Worker.start(Worker.java:144) 
     at org.apache.kafka.connect.runtime.AbstractHerder.startServices(AbstractHerder.java:100) 
     at org.apache.kafka.connect.runtime.distributed.DistributedHerder.run(DistributedHerder.java:205) 
     at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) 
     at java.util.concurrent.FutureTask.run(FutureTask.java:266) 
     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) 
     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) 
     at java.lang.Thread.run(Thread.java:745) 
Caused by: org.apache.kafka.common.errors.TimeoutException: Timed out waiting for a node assignment. 
[2017-12-18 04:38:55,752] INFO Kafka Connect stopping (org.apache.kafka.connect.runtime.Connect:65) 
[2017-12-18 04:38:55,753] INFO Stopping REST server (org.apache.kafka.connect.runtime.rest.RestServer:154) 
[2017-12-18 04:38:55,761] INFO Stopped [email protected]{HTTP/1.1}{0.0.0.0:8083} (org.eclipse.jetty.server.ServerConnector:306) 
[2017-12-18 04:38:55,783] INFO Stopped [email protected]{/,null,UNAVAILABLE} (org.eclipse.jetty.server.handler.ContextHandler:865) 
[2017-12-18 04:38:55,786] INFO REST server stopped (org.apache.kafka.connect.runtime.rest.RestServer:165) 
[2017-12-18 04:38:55,787] INFO Herder stopping (org.apache.kafka.connect.runtime.distributed.DistributedHerder:389) 
[2017-12-18 04:39:00,788] INFO Herder stopped (org.apache.kafka.connect.runtime.distributed.DistributedHerder:409) 
[2017-12-18 04:39:00,789] INFO Kafka Connect stopped (org.apache.kafka.connect.runtime.Connect:70)

我已經檢查了卡夫卡的經紀人,他們仍然運行正常。

bin/confluent status 
connect is [DOWN] 
kafka-rest is [UP] 
schema-registry is [DOWN] 
kafka is [UP] 
zookeeper is [UP]

任何額外的配置,我錯過了?

請指教?

來源

2017-12-18 Joey

回答

0

在Kafka集羣上啓用安全選項後,您需要爲Kafka Connect工作人員啓用等效選項。

例如,對於基本的SSL配置,您可能需要設置是這樣的:

security.protocol=SSL 
ssl.truststore.location=/var/private/ssl/kafka.client.truststore.jks 
ssl.truststore.password=<your-pass>

到你的工人的配置。 (要與匯合CLI嘗試爲你展示上面,這個文件是./etc/schema-registry/connect-avro-distributed.properties

您可在此瞭解更多關於如何設置卡夫卡連接與安全:

https://docs.confluent.io/current/connect/security.html

,並瞭解所有可用這裏連接工人安全相關的屬性:

https://docs.confluent.io/current/connect/allconfigs.html

來源

2017-12-18 06:39:46

+0

它與customzied卡夫卡的代理端口一個問題,因爲我換了經紀人默認端口從'9092'到'9094'。只有當我改回默認端口時,kafka連接才起作用。我的問題是,有沒有辦法開始kafka連接conect到定製的kafka端口? @Konstantine – Joey

+0

我已經更新了'./etc/module-registry/connect-avro-distributed.properties'文件中的boostrap.servers。卡夫卡連接正在工作。 btw,我有關於在zookeeper上啓用SSL的問題,截至目前,我只看到了ssl設置,用於從客戶端連接到kafka服務器,並且僅限inte-brokers。但是對於連接到zookeeper,沒有可用的SSL設置,因爲它是我們組織中的安全問題。謝謝 – Joey

相關問題

 相關問題