我无法将安全性集成到启用ssl的kafka 1.0。以下是对my server.properties的更改
security.inter.broker.protocol=SSL
listeners=PLAINTEXT://localhost:9092,SSL://localhost:9094
这是我的听众
advertised.listeners=PLAINTEXT://EXTERNAL_IP:9092,SSL://EXTERNAL_IP:9094
ssl.keystore.location=/var/private/ssl/server.keystore.jks
ssl.keystore.password=PASSWORD
ssl.key.password=PASSWORD
ssl.truststore.location=/var/private/ssl/server.truststore.jks
ssl.truststore.password=PASSWORD
ssl.client.auth=required
ssl.keystore.type=JKS
ssl.truststore.type=JKS
其他配置包括
broker.id=1
advertised.host.name=EXTERNAL_IP_ADDRESS
host.name=0.0.0.0
num.network.threads=3
num.io.threads=8
auto.create.topics.enable=false
min.insync.replicas=2
log.dirs=/kafka1,/kafka2
num.partitions=10
num.recovery.threads.per.data.dir=2
offsets.topic.replication.factor=2
transaction.state.log.replication.factor=2
transaction.state.log.min.isr=2
log.retention.hours=24
log.retention.bytes=200073741824
zookeeper.connect=BROKER1_INTERNAL_IP:2181,BROKER2_INTERNAL_IP:2181,BROKER3_INTERNAL_IP:2181
security.inter.broker.protocol=SSL
我对我的3个经纪人也做了同样的事情,总是只有两个经纪人开始工作,而第三个经纪人抛出了许多“无法建立”的信息。例如,broker-1和broker-3似乎已经开始了
[2018-04-12 13:50:00,406] INFO [KafkaServer id=1] started (kafka.server.KafkaServer)
[2018-04-12 13:49:57,942] INFO [KafkaServer id=3] started (kafka.server.KafkaServer)
但是服务器2正在抛出这些
[2018-04-12 13:58:34,247] WARN [Controller id=2, targetBrokerId=1] Connection to node 1 could not be established. Broker may not be available. (org.apache.kafka.clients.NetworkClient)
[2018-04-12 13:58:34,254] WARN [Controller id=2, targetBrokerId=3] Connection to node 3 could not be established. Broker may not be available. (org.apache.kafka.clients.NetworkClient)
[2018-04-12 13:58:34,349] WARN [Controller id=2, targetBrokerId=2] Connection to node 2 could not be established. Broker may not be available. (org.apache.kafka.clients.NetworkClient)
如果我移除 security.inter.broker.protocol=SSL
一切正常。但是没有安全措施。有谁能指导我解决这个问题吗?
我删除了纯文本,现在我在3个代理之一中得到了这个错误
org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1529)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1214)
at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186)
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
at org.apache.kafka.common.network.SslTransportLayer.handshakeWrap(SslTransportLayer.java:435)
at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:301)
at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:255)
at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:79)
at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:460)
at org.apache.kafka.common.network.Selector.poll(Selector.java:398)
at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:460)
at org.apache.kafka.clients.NetworkClientUtils.awaitReady(NetworkClientUtils.java:71)
at kafka.server.ReplicaFetcherBlockingSend.sendRequest(ReplicaFetcherBlockingSend.scala:91)
at kafka.server.ReplicaFetcherThread.fetchEpochsFromLeader(ReplicaFetcherThread.scala:312)
at kafka.server.AbstractFetcherThread.maybeTruncate(AbstractFetcherThread.scala:130)
at kafka.server.AbstractFetcherThread.doWork(AbstractFetcherThread.scala:102)
at kafka.utils.ShutdownableThread.run(ShutdownableThread.scala:64)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:330)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:992)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:989)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467)
at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:389)
at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:469)
at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:328)
... 11 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601)
... 20 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 26 more
暂无答案!
目前还没有任何答案,快来回答吧!