如何使用默认信任库在kafka上设置SSL?

时间:2017-04-04 09:49:41

标签: java ssl apache-kafka

我继承了一个kafka集群,并且遇到了我需要修复的SSL错误。密钥库的设置如下(我们通过Ansible部署Docker容器,这就是为什么设置名称不是默认的kafka容器)。我们的证书由Go Daddy签名,因此我们需要使用默认的Java信任库,并且不需要自签名证书(这是我使用过的大部分教程)。

KAFKA_LISTENERS: "SSL://0.0.0.0:9092"
KAFKA_ADVERTISED_LISTENERS: "SSL://{{ db_host }}:9092"
KAFKA_SECURITY_INTER_BROKER_PROTOCOL: SSL
KAFKA_SSL_KEYSTORE_LOCATION: "/kafka/ssl/{{ keystore_name }}"
KAFKA_SSL_KEYSTORE_PASSWORD: "{{ keystore_password }}"
KAFKA_SSL_KEY_PASSWORD: "{{ key_password }}"

我得到的错误是:

[2017-03-31 15:04:45,683] WARN Failed to send SSL Close message (org.apache.kafka.common.network.SslTransportLayer)
java.io.IOException: Broken pipe
at sun.nio.ch.FileDispatcherImpl.write0(Native Method)
at sun.nio.ch.SocketDispatcher.write(SocketDispatcher.java:47)
at sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:93)
at sun.nio.ch.IOUtil.write(IOUtil.java:65)
at sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:471)
at org.apache.kafka.common.network.SslTransportLayer.flush(SslTransportLayer.java:195)
at org.apache.kafka.common.network.SslTransportLayer.close(SslTransportLayer.java:163)
at org.apache.kafka.common.utils.Utils.closeAll(Utils.java:690)
at org.apache.kafka.common.network.KafkaChannel.close(KafkaChannel.java:47)
at org.apache.kafka.common.network.Selector.close(Selector.java:471)
at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:348)
at org.apache.kafka.common.network.Selector.poll(Selector.java:283)
at kafka.network.Processor.poll(SocketServer.scala:472)
at kafka.network.Processor.run(SocketServer.scala:412)
at java.lang.Thread.run(Thread.java:745)

有谁知道什么可能是错的?我是否需要明确告诉kafka使用默认信任库?

谢谢!

0 个答案:

没有答案