我正在尝试通过SASL_Plaintext将数据从Nifi 1.7.1发布到Kafka 0.10。我们已经测试过Kafka Brokers可用并且可以通过Kafka Server上的命令行通过主题接收。仍然PublishKafka_0_10失败,并显示以下日志:
2018-09-12 10:37:46,648 INFO [NiFi Web Server-365] o.a.n.c.s.StandardProcessScheduler Starting PublishKafka_0_10[id=ccfbf7e8-0165-1000-528f-6771c455e664]
2018-09-12 10:37:46,648 INFO [Timer-Driven Process Thread-9] o.a.n.c.s.TimerDrivenSchedulingAgent Scheduled PublishKafka_0_10[id=ccfbf7e8-0165-1000-528f-6771c455e664] to run with 1 threads
2018-09-12 10:37:46,658 INFO [Timer-Driven Process Thread-9] o.a.k.clients.producer.ProducerConfig ProducerConfig values:
acks = 1
batch.size = 16384
block.on.buffer.full = false
bootstrap.servers = [ourkafkaserver:9092]
buffer.memory = 33554432
client.id =
compression.type = none
connections.max.idle.ms = 540000
interceptor.classes = null
key.serializer = class org.apache.kafka.common.serialization.ByteArraySerializer
linger.ms = 0
max.block.ms = 20000
max.in.flight.requests.per.connection = 5
max.request.size = 1048576
metadata.fetch.timeout.ms = 60000
metadata.max.age.ms = 300000
metric.reporters = []
metrics.num.samples = 2
metrics.sample.window.ms = 30000
partitioner.class = class org.apache.kafka.clients.producer.internals.DefaultPartitioner
receive.buffer.bytes = 32768
reconnect.backoff.ms = 50
request.timeout.ms = 30000
retries = 6
retry.backoff.ms = 100
sasl.jaas.config = null
sasl.kerberos.kinit.cmd = /usr/bin/kinit
sasl.kerberos.min.time.before.relogin = 60000
sasl.kerberos.service.name = kafka
sasl.kerberos.ticket.renew.jitter = 0.05
sasl.kerberos.ticket.renew.window.factor = 0.8
sasl.mechanism = GSSAPI
security.protocol = SASL_PLAINTEXT
send.buffer.bytes = 131072
ssl.cipher.suites = null
ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1]
ssl.endpoint.identification.algorithm = null
ssl.key.password = null
ssl.keymanager.algorithm = SunX509
ssl.keystore.location = null
ssl.keystore.password = null
ssl.keystore.type = JKS
ssl.protocol = TLS
ssl.provider = null
ssl.secure.random.implementation = null
ssl.trustmanager.algorithm = PKIX
ssl.truststore.location = null
ssl.truststore.password = null
ssl.truststore.type = JKS
timeout.ms = 30000
value.serializer = class org.apache.kafka.common.serialization.ByteArraySerializer
2018-09-12 10:37:46,675 INFO [Timer-Driven Process Thread-9] o.a.k.c.s.authenticator.AbstractLogin Successfully logged in.
2018-09-12 10:37:46,675 INFO [kafka-kerberos-refresh-thread-our@nifiprincipal] o.a.k.c.security.kerberos.KerberosLogin [Principal=our@nifiprincipal]: TGT refresh thread started.
2018-09-12 10:37:46,675 INFO [kafka-kerberos-refresh-thread-our@nifiprincipal] o.a.k.c.security.kerberos.KerberosLogin [Principal=our@nifiprincipal]: TGT valid starting at: Wed Sep 12 10:37:46 UTC 2018
2018-09-12 10:37:46,676 INFO [kafka-kerberos-refresh-thread-our@nifiprincipal] o.a.k.c.security.kerberos.KerberosLogin [Principal=our@nifiprincipal]: TGT expires: Thu Sep 13 11:37:46 UTC 2018
2018-09-12 10:37:46,676 INFO [kafka-kerberos-refresh-thread-our@nifiprincipal] o.a.k.c.security.kerberos.KerberosLogin [Principal=our@nifiprincipal]: TGT refresh sleeping until: Thu Sep 13 06:45:43 UTC 2018
2018-09-12 10:37:46,676 INFO [Timer-Driven Process Thread-9] o.a.kafka.common.utils.AppInfoParser Kafka version : 0.10.2.1
2018-09-12 10:37:46,676 INFO [Timer-Driven Process Thread-9] o.a.kafka.common.utils.AppInfoParser Kafka commitId : e89bffd6b2eff799
2018-09-12 10:38:26,678 ERROR [Timer-Driven Process Thread-9] o.a.n.p.kafka.pubsub.PublishKafka_0_10 PublishKafka_0_10[id=ccfbf7e8-0165-1000-528f-6771c455e664] Failed to send all message for StandardFlowFileRecord[uuid=b2470c67-4c6e-4dd6-a969-f46e1da5673f,claim=StandardContentClaim [resourceClaim=StandardResourceClaim[id=1536744161212-1, container=default, section=1], offset=429, length=39],offset=0,name=10269008232495292,size=39] to Kafka; routing to failure due to org.apache.kafka.common.errors.TimeoutException: Failed to update metadata after 20000 ms.: org.apache.kafka.common.errors.TimeoutException: Failed to update metadata after 20000 ms.
org.apache.kafka.common.errors.TimeoutException: Failed to update metadata after 20000 ms.
2018-09-12 10:38:26,679 ERROR [Timer-Driven Process Thread-9] o.a.n.p.kafka.pubsub.PublishKafka_0_10 PublishKafka_0_10[id=ccfbf7e8-0165-1000-528f-6771c455e664] Failed to send all message for StandardFlowFileRecord[uuid=5c24d2ec-9f09-44e4-91ea-237f2bfedefa,claim=StandardContentClaim [resourceClaim=StandardResourceClaim[id=1536744161212-1, container=default, section=1], offset=468, length=39],offset=0,name=10269023234631434,size=39] to Kafka; routing to failure due to org.apache.kafka.common.errors.TimeoutException: Failed to update metadata after 20000 ms.: org.apache.kafka.common.errors.TimeoutException: Failed to update metadata after 20000 ms.
org.apache.kafka.common.errors.TimeoutException: Failed to update metadata after 20000 ms.
2018-09-12 10:38:26,679 INFO [Timer-Driven Process Thread-9] o.a.kafka.clients.producer.KafkaProducer Closing the Kafka producer with timeoutMillis = 20000 ms.
2018-09-12 10:38:26,679 WARN [kafka-kerberos-refresh-thread-our@nifiprincipal] o.a.k.c.security.kerberos.KerberosLogin [Principal=our@nifiprincipal]: TGT renewal thread has been interrupted and will exit.
我找到了参数sasl.kerberos.kinit.cmd = / usr / bin / kinit。是否需要在那个地方使用kinit还是Nifi将使用Java获得Kerberos票证?
还有其他提示为什么会失败?我们在启动过程中使用以下命令提供jaas.conf文件
java.arg.50=-Djava.security.auth.login.config=/path/to/our/kerberos/jaas.conf
bootstrap.conf文件中,它包含以下内容:
KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="/path/to/our/kerberos/nifi.keytab"
serviceName="kafka"
principal="our@nifiprincipal";
};