这是我想要做的事情
这是我的设置。我跟着Apache Kafka - Security
我创建了两个服务器文件。对于我有的简单经纪人
broker.id=0
listeners=PLAINTEXT://localhost:9092
num.network.threads=3
num.io.threads=8
socket.send.buffer.bytes=102400
socket.receive.buffer.bytes=102400
socket.request.max.bytes=104857600
log.dirs=/tmp/kafka-logs
num.partitions=1
num.recovery.threads.per.data.dir=1
log.retention.hours=168
log.segment.bytes=1073741824
log.retention.check.interval.ms=300000
zookeeper.connect=localhost:2181
zookeeper.connection.timeout.ms=6000
对于我的第二个经纪人,我想为客户端进行SSL身份验证。所以我有
broker.id=1
listeners=PLAINTEXT://localhost:9094,SSL://localhost:9093
allow.everyone.if.no.acl.found=false
ssl.client.auth=required
ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1
ssl.keystore.location=/path/to/server.keystore.jks
ssl.keystore.password=localhost
ssl.key.password=localhost
ssl.truststore.location=/path/to/server.truststore.jks
ssl.truststore.password=localhost
num.network.threads=3
num.io.threads=8
socket.send.buffer.bytes=102400
socket.receive.buffer.bytes=102400
socket.request.max.bytes=104857600
log.dirs=/tmp/SSLserver/kafka-logs
num.partitions=1
num.recovery.threads.per.data.dir=1
log.retention.hours=168
log.segment.bytes=1073741824
log.retention.check.interval.ms=300000
zookeeper.connect=localhost:2181
zookeeper.connection.timeout.ms=6000
我将它们作为单独的进程启动。他们两个都很好。
现在我还为两个客户端创建了SSL密钥和自签名证书。一个生产者和一个消费者。
我将使用的制作人配置是producerclient.properties:
security.protocol=SSL
ssl.truststore.location=/path/to/producer.truststore.jks
ssl.truststore.password=producer
ssl.keystore.location=/path/to/producer.keystore.jks
ssl.keystore.password=producer
ssl.key.password=producer
和消费者consumerclient.properties类似:
security.protocol=SSL
ssl.truststore.location=/path/to/consumer.truststore.jks
ssl.truststore.password=consumer
ssl.keystore.location=/path/to/consumer.keystore.jks
ssl.keystore.password=consumer
ssl.key.password=consumer
接下来我创建了新主题:
kafka-topics.bat --create --topic ssltest2 --zookeeper "localhost:2181" --partitions 1 --replication-factor 1
现在我将此主题的ACL设置为:
kafka-acls.bat --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:abtProducer --producer --topic ssltest2
最后,当我尝试制作:
kafka-console-producer.bat --broker-list localhost:9093 --topic ssltest2 --producer.config ..\..\config\producerclient.properties`
当我尝试推送消息时,请说test我
[2016-04-20 13:44:36,633] WARN无法发送SSL关闭消息(org.apache.kafka.common.network.SslTransportLayer)java.io.IOException:已建立的连接已被软件中止你的主机 at sun.nio.ch.SocketDispatcher.write0(Native Method) at sun.nio.ch.SocketDispatcher.write(SocketDispatcher.java:51) 在sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:93) at sun.nio.ch.IOUtil.write(IOUtil.java:65) at sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:471) 在org.apache.kafka.common.network.SslTransportLayer.flush(SslTransportLayer.java:194) 在org.apache.kafka.common.network.SslTransportLayer.close(SslTransportLayer.java:161) 在org.apache.kafka.common.network.KafkaChannel.close(KafkaChannel.java:45) 在org.apache.kafka.common.network.Selector.close(Selector.java:442) 在org.apache.kafka.common.network.Selector.poll(Selector.java:310) 在org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:256) 在org.apache.kafka.clients.producer.internals.Sender.run(Sender.java:216) 在org.apache.kafka.clients.producer.internals.Sender.run(Sender.java:128) 在java.lang.Thread.run(Thread.java:745)
我不知道这是什么。我的设置有什么问题?