Kafka Controller无法连接到经纪人

时间:2016-11-25 13:44:06

标签: apache-kafka

我有一个3节点Kafka集群(版本0.10.1.0)。我按照kafka security documentation上的步骤进行了操作。以下是我的一个Kafka服务器的相关配置。

listeners=SSL://myhostname:9093
security.inter.broker.protocol=SSL
advertised.listeners=SSL://myhostname:9093
# In order to enable hostname verification
ssl.endpoint.identification.algorithm=HTTPS

ssl.client.auth=required

# certificate file locations
ssl.keystore.location=/location/server1.keystore.jks
ssl.keystore.password=changeit
ssl.key.password=changeit
ssl.truststore.location=/location/server.truststore.jks
ssl.truststore.password=changeit

# Supported TLS versions
ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1

我为所有Kafka服务器定义了3个不同的密钥库,并使用相同的CA对其进行了签名。当我启动Kafka服务器时,控制器日志会不断记录以下警告日志。

WARN [Controller-0-to-broker-2-send-thread], Controller 0's connection to broker host3:9093 (id: 2 rack: null) was unsuccessful (kafka.controller.RequestSendThread)
java.io.IOException: Connection to host3:9093 (id: 2 rack: null) failed
    at kafka.utils.NetworkClientBlockingOps$.awaitReady$1(NetworkClientBlockingOps.scala:83)
    at kafka.utils.NetworkClientBlockingOps$.blockingReady$extension(NetworkClientBlockingOps.scala:93)
    at kafka.controller.RequestSendThread.brokerReady(ControllerChannelManager.scala:230)
    at kafka.controller.RequestSendThread.liftedTree1$1(ControllerChannelManager.scala:182)
    at kafka.controller.RequestSendThread.doWork(ControllerChannelManager.scala:181)
    at kafka.utils.ShutdownableThread.run(ShutdownableThread.scala:63)
WARN [Controller-0-to-broker-0-send-thread], Controller 0's connection to broker host1:9093 (id: 0 rack: null) was unsuccessful (kafka.controller.RequestSendThread)
java.io.IOException: Connection to host1:9093 (id: 0 rack: null) failed
    at kafka.utils.NetworkClientBlockingOps$.awaitReady$1(NetworkClientBlockingOps.scala:83)
    at kafka.utils.NetworkClientBlockingOps$.blockingReady$extension(NetworkClientBlockingOps.scala:93)
    at kafka.controller.RequestSendThread.brokerReady(ControllerChannelManager.scala:230)
    at kafka.controller.RequestSendThread.liftedTree1$1(ControllerChannelManager.scala:182)
    at kafka.controller.RequestSendThread.doWork(ControllerChannelManager.scala:181)
    at kafka.utils.ShutdownableThread.run(ShutdownableThread.scala:63)
WARN [Controller-0-to-broker-1-send-thread], Controller 0's connection to broker host2:9093 (id: 1 rack: null) was unsuccessful (kafka.controller.RequestSendThread)
java.io.IOException: Connection to host2:9093 (id: 1 rack: null) failed
    at kafka.utils.NetworkClientBlockingOps$.awaitReady$1(NetworkClientBlockingOps.scala:83)
    at kafka.utils.NetworkClientBlockingOps$.blockingReady$extension(NetworkClientBlockingOps.scala:93)
    at kafka.controller.RequestSendThread.brokerReady(ControllerChannelManager.scala:230)
    at kafka.controller.RequestSendThread.liftedTree1$1(ControllerChannelManager.scala:182)
    at kafka.controller.RequestSendThread.doWork(ControllerChannelManager.scala:181)
    at kafka.utils.ShutdownableThread.run(ShutdownableThread.scala:63)

在我看来,这比警告更严重。

你知道可能是什么问题吗?

提前致谢。

1 个答案:

答案 0 :(得分:4)

我发现了问题,它是关于证书创建的。请参阅Confluent's documentation它说:

  

确保公用名(CN)与完全限定名完全匹配   服务器的域名(FQDN)。客户将CN与CN进行比较   DNS域名,以确保它确实连接到所需的   服务器,而不是恶意服务器。

我重新生成证书并且有效!

相关问题
最新问题