kafka-python生产者-SSL连接失败-仅Trustore

时间:2019-06-07 16:19:51

标签: python ssl apache-kafka kafka-python apache-kafka-security

我正在尝试通过python将消息发布到kafka主题,并且收到错误消息。我可以通过CLI连接和发布。希望获得一些指导。我已经用Google搜索并阅读了文档。谢谢!

成功的CLI命令:

 kafka-console-producer --broker-list 
 123.45.67.891:1234,123.45.67.892:1234,123.45.67.893:1234 -- 
 producer.config C:\Users\fake_user\Kafka\client-ssl.properties --topic FakeTopic

 Contents of client-ssl.properties:
   security.protocol = SSL
   ssl.truststore.location = C:/Users/fake_user/Kafka/kafka-truststore
   ssl.truststore.password = fakepass

代码:

from kafka import KafkaProducer

  producer = KafkaProducer(bootstrap_servers=['123.45.67.891:1234', '123.45.67.892:1234', '123.45.67.893:1234'],
                           security_protocol='SSL',
                           ssl_certfile=r'C:\Users\fake_user\Kafka\kafka-truststore',
                           ssl_password='fakepass')

  producer.send('FakeTopic', value='python_test', key='test')

结果错误:

Traceback (most recent call last):
  File "kafka_post_test.py", line 6, in <module>
    ssl_password='fakepass')
  File "C:\Users\fake_user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\kafka\producer\kafka.py", line 381, in __init__
    **self.config)
  File "C:\Users\fake_user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\kafka\client_async.py", line 239, in __init__
    self.config['api_version'] = self.check_version(timeout=check_timeout)
  File "C:\Users\fake_user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\kafka\client_async.py", line 874, in check_version
    version = conn.check_version(timeout=remaining, strict=strict, topics=list(self.config['bootstrap_topics_filter']))
  File "C:\Users\fake_user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\kafka\conn.py", line 1078, in check_version
    if not self.connect_blocking(timeout_at - time.time()):
  File "C:\Users\fake_user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\kafka\conn.py", line 331, in connect_blocking
    self.connect()
  File "C:\Users\fake_user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\kafka\conn.py", line 420, in connect
    if self._try_handshake():
  File "C:\Users\fake_user\AppData\Local\Programs\Python\Python37-32\lib\site-packages\kafka\conn.py", line 496, in _try_handshake
    self._sock.do_handshake()
  File "C:\Users\fake_user\AppData\Local\Programs\Python\Python37-32\lib\ssl.py", line 1117, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1051)

2 个答案:

答案 0 :(得分:1)

查看此link.

您必须将Java运行的几乎所有程序的SSL证书添加到JVM密钥库中。

答案 1 :(得分:0)

我发现默认情况下,python-kafka库将ssl_cafile属性设置为None。将其设置为默认操作系统(在Linux上为/etc/pki/tls/cert.pem)使我可以连接到kafka代理。

https://kafka-python.readthedocs.io/en/master/_modules/kafka/producer/kafka.html#KafkaProducer.send

相关问题
最新问题