1. 首页
  2. 问答
  3. 在kafka集群上启用ssl时,kafka连接无法启动

在kafka集群上启用ssl时,kafka连接无法启动

2017-12-18 190 views
0

我正在评估kafka汇合平台4.0版。但是,当我在kafka集群上启用ssl时,kafka连接无法启动。在kafka集群上启用ssl时,kafka连接无法启动

详细记录如下:

[2017-12-18 04:38:55,747] ERROR Uncaught exception in herder work thread, exiting: (org.apache.kafka.connect.runtime.distributed.DistributedHerder:218) 
org.apache.kafka.connect.errors.ConnectException: Timed out while checking for or creating topic(s) 'connect-offsets'. This could indicate a connectivity issue, unavailable topic partitions, or if this is your first use of the topic it may have taken too long to create. 
     at org.apache.kafka.connect.util.TopicAdmin.createTopics(TopicAdmin.java:243) 
     at org.apache.kafka.connect.storage.KafkaOffsetBackingStore$1.run(KafkaOffsetBackingStore.java:99) 
     at org.apache.kafka.connect.util.KafkaBasedLog.start(KafkaBasedLog.java:126) 
     at org.apache.kafka.connect.storage.KafkaOffsetBackingStore.start(KafkaOffsetBackingStore.java:109) 
     at org.apache.kafka.connect.runtime.Worker.start(Worker.java:144) 
     at org.apache.kafka.connect.runtime.AbstractHerder.startServices(AbstractHerder.java:100) 
     at org.apache.kafka.connect.runtime.distributed.DistributedHerder.run(DistributedHerder.java:205) 
     at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) 
     at java.util.concurrent.FutureTask.run(FutureTask.java:266) 
     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) 
     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) 
     at java.lang.Thread.run(Thread.java:745) 
Caused by: org.apache.kafka.common.errors.TimeoutException: Timed out waiting for a node assignment. 
[2017-12-18 04:38:55,752] INFO Kafka Connect stopping (org.apache.kafka.connect.runtime.Connect:65) 
[2017-12-18 04:38:55,753] INFO Stopping REST server (org.apache.kafka.connect.runtime.rest.RestServer:154) 
[2017-12-18 04:38:55,761] INFO Stopped [email protected]{HTTP/1.1}{0.0.0.0:8083} (org.eclipse.jetty.server.ServerConnector:306) 
[2017-12-18 04:38:55,783] INFO Stopped [email protected]{/,null,UNAVAILABLE} (org.eclipse.jetty.server.handler.ContextHandler:865) 
[2017-12-18 04:38:55,786] INFO REST server stopped (org.apache.kafka.connect.runtime.rest.RestServer:165) 
[2017-12-18 04:38:55,787] INFO Herder stopping (org.apache.kafka.connect.runtime.distributed.DistributedHerder:389) 
[2017-12-18 04:39:00,788] INFO Herder stopped (org.apache.kafka.connect.runtime.distributed.DistributedHerder:409) 
[2017-12-18 04:39:00,789] INFO Kafka Connect stopped (org.apache.kafka.connect.runtime.Connect:70)

我已经检查了卡夫卡的经纪人,他们仍然运行正常。

bin/confluent status 
connect is [DOWN] 
kafka-rest is [UP] 
schema-registry is [DOWN] 
kafka is [UP] 
zookeeper is [UP]

任何额外的配置,我错过了?

请指教?

来源

2017-12-18 Joey

回答

0

在Kafka集群上启用安全选项后,您需要为Kafka Connect工作人员启用等效选项。

例如,对于基本的SSL配置,您可能需要设置是这样的:

security.protocol=SSL 
ssl.truststore.location=/var/private/ssl/kafka.client.truststore.jks 
ssl.truststore.password=<your-pass>

到你的工人的配置。 (要与汇合CLI尝试为你展示上面,这个文件是./etc/schema-registry/connect-avro-distributed.properties

您可在此了解更多关于如何设置卡夫卡连接与安全:

https://docs.confluent.io/current/connect/security.html

,并了解所有可用这里连接工人安全相关的属性:

https://docs.confluent.io/current/connect/allconfigs.html

来源

2017-12-18 06:39:46

+0

它与customzied卡夫卡的代理端口一个问题,因为我换了经纪人默认端口从'9092'到'9094'。只有当我改回默认端口时,kafka连接才起作用。我的问题是,有没有办法开始kafka连接conect到定制的kafka端口? @Konstantine – Joey

+0

我已经更新了'./etc/module-registry/connect-avro-distributed.properties'文件中的boostrap.servers。卡夫卡连接正在工作。 btw,我有关于在zookeeper上启用SSL的问题,截至目前,我只看到了ssl设置,用于从客户端连接到kafka服务器,并且仅限inte-brokers。但是对于连接到zookeeper,没有可用的SSL设置,因为它是我们组织中的安全问题。谢谢 – Joey

相关问题

 相关问题