当前位置: 首页 > 知识库问答 >
问题:

docker-compose zookeeper kafka -错误cnxn.saslServer为空:cnxn对象未正确初始化其saslServer

包永新
2023-03-14

我正在尝试使用docker-compose来启动zk/kafka。

version: '2'
services:
  zookeeper-1:
    image: confluentinc/cp-zookeeper:6.1.4
    environment:
      ZOOKEEPER_SERVER_ID: 1
      ZOOKEEPER_CLIENT_PORT: 2181
      ZOOKEEPER_TICK_TIME: 2000
      ZOOKEEPER_INIT_LIMIT: 10
      ZOOKEEPER_SYNC_LIMIT: 5
      ZOOKEEPER_DATADIR_AUTOCREATE: "false"
      ZOOKEEPER_MAX_CLIENT_CNXNS: 60
      ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT: 12
      ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL: 168
      ZOOKEEPER_ADMIN_ENABLE_SERVER: "false"
      ZOOKEEPER_SERVER_1: zookeeper-1:12881:13881
      ZOOKEEPER_AUTH_PROVIDER_1: org.apache.zookeeper.server.auth.SASLAuthenticationProvider
      ZOOKEEPER_REQUIRE_CLIENT_AUTH_SCHEME: sasl
      ZOOKEEPER_JAAS_LOGIN_RENEW: 3600000
      ZOOKEEPER_SECURE_CLIENT_PORT: 12181
      ZOOKEEPER_AUTH_PROVIDER_X509: org.apache.zookeeper.server.auth.X509AuthenticationProvider
      ZOOKEEPER_SERVER_CNXN_FACTORY: org.apache.zookeeper.server.NettyServerCnxnFactory
      ZOOKEEPER_SSL_PROTOCOL: TLSv1.2      
      ZOOKEEPER_SSL_TRUSTSTORE_LOCATION: /etc/kafka/secrets/truststore.jks
      ZOOKEEPER_SSL_TRUSTSTORE_PASSWORD: password
      ZOOKEEPER_SSL_KEYSTORE_LOCATION: /etc/kafka/secrets/zookeeper.server1.keystore.jks
      ZOOKEEPER_SSL_KEYSTORE_PASSWORD: password
      ZOOKEEPER_SSL_CLIENT_AUTH: none

      KAFKA_OPTS: "-Djava.security.auth.login.config=/etc/kafka/secrets/zookeeper_jaas.conf"
    ports:
      - 12181:12181
    volumes:
      - /var/ssl:/etc/kafka/secrets

  kafka-1:
    image: confluentinc/cp-kafka:latest
    depends_on:
      - zookeeper-1
    ports:
      - 29092:9092
    volumes:
      - /var/ssl:/etc/kafka/secrets
    environment:
      KAFKA_BROKER_ID: 1
      KAFKA_ADVERTISED_LISTENERS: SASL_SSL://kafka-1:9092
      KAFKA_NUM_PARTITIONS: 4
      KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 2
      KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 2
      KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 2
      KAFKA_AUTO_CREATE_TOPICS_ENABLE: "false"
      KAFKA_ZOOKEEPER_CONNECT: zookeeper-1:12181
      KAFKA_ZOOKEEPER_CLIENT_CNXN_SOCKET: org.apache.zookeeper.ClientCnxnSocketNetty
      KAFKA_ZOOKEEPER_SSL_CLIENT_ENABLE: "true"
      KAFKA_ZOOKEEPER_SSL_PROTOCOL: TLSv1.2
      KAFKA_ZOOKEEPER_SSL_TRUSTSTORE_LOCATION: /etc/kafka/secrets/truststore.jks
      KAFKA_ZOOKEEPER_SSL_TRUSTSTORE_PASSWORD: password
      KAFKA_ZOOKEEPER_SET_ACL: "false"
      KAFKA_SECURITY_INTER_BROKER_PROTOCOL: SASL_SSL
      KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
      KAFKA_SASL_ENABLED_MECHANISMS: PLAIN
      KAFKA_SSL_CLIENT_AUTH: none
      KAFKA_SSL_KEYSTORE_FILENAME: kafka.server1.keystore.jks
      KAFKA_SSL_KEYSTORE_CREDENTIALS: keystore_credentials
      KAFKA_SSL_KEY_CREDENTIALS: keystore_credentials
      KAFKA_SSL_TRUSTSTORE_FILENAME: truststore.jks
      KAFKA_SSL_TRUSTSTORE_CREDENTIALS: keystore_credentials
      KAFKA_SSL_ENABLED_PROTOCOLS: TLSv1.2
      
      KAFKA_OPTS: "-Djava.security.auth.login.config=/etc/kafka/secrets/kafka_server_jaas.conf"
#!/usr/bin/env bash

export DIR=/var/ssl
export PASSWORD=password
export DNS=localhost

echo subjectAltName=DNS:$DNS,DNS:zookeeper-1,DNS:kafka-1 > openssl.cnf

openssl req -x509 -new -sha256 -newkey rsa:2048 -keyout CA.key -days 7300 -out CA.crt -subj "/CN=$DNS" -passout pass:$PASSWORD
keytool -keystore truststore.jks -alias CA -importcert -file CA.crt -storepass $PASSWORD -noprompt

openssl req -new -sha256 -newkey rsa:2048 -keyout zookeeper.server${instance}.key -subj "/CN=$DNS" -out zookeeper.server${instance}.csr -passout pass:$PASSWORD
openssl x509 -req -extfile openssl.cnf -in zookeeper.server${instance}.csr -CA CA.crt -CAkey CA.key -CAcreateserial -out zookeeper.server${instance}.crt -days 7300 -sha256 -passin pass:$PASSWORD
openssl pkcs12 -export -in zookeeper.server${instance}.crt -inkey zookeeper.server${instance}.key -out zookeeper.server${instance}.p12 -name zookeeper.server${instance} -CAfile CA.crt -caname CA -passin pass:$PASSWORD -passout pass:$PASSWORD
keytool -importkeystore -deststorepass $PASSWORD -destkeypass $PASSWORD -destkeystore zookeeper.server${instance}.keystore.jks -srckeystore zookeeper.server${instance}.p12 -srcstoretype pkcs12 -srcstorepass $PASSWORD -alias zookeeper.server${instance}
keytool -keystore zookeeper.server${instance}.keystore.jks -alias CA -importcert -file CA.crt -storepass $PASSWORD -noprompt

openssl req -new -sha256 -newkey rsa:2048 -keyout kafka.server${instance}.key -subj "/CN=$DNS" -out kafka.server${instance}.csr -passout pass:$PASSWORD
openssl x509 -req -extfile openssl.cnf -in kafka.server${instance}.csr -CA CA.crt -CAkey CA.key -CAcreateserial -out kafka.server${instance}.crt -days 7300 -sha256 -passin pass:$PASSWORD
openssl pkcs12 -export -in kafka.server${instance}.crt -inkey kafka.server${instance}.key -out kafka.server${instance}.p12 -name kafka.server${instance} -CAfile CA.crt -caname CA -passin pass:$PASSWORD -passout pass:$PASSWORD
keytool -importkeystore -deststorepass $PASSWORD -destkeypass $PASSWORD -destkeystore kafka.server${instance}.keystore.jks -srckeystore kafka.server${instance}.p12 -srcstoretype pkcs12 -srcstorepass $PASSWORD -alias kafka.server${instance}
keytool -keystore kafka.server${instance}.keystore.jks -alias CA -importcert -file CA.crt -storepass $PASSWORD -noprompt

echo -n password > /var/ssl/keystore_credentials
KafkaServer {
    org.apache.kafka.common.security.plain.PlainLoginModule required
    username="kafka_broker_admin"
    password="password"
    user_kafka_broker_admin="password"
    user_zookeeper="password"
};

Client {
    org.apache.kafka.common.security.plain.PlainLoginModule required
    username="zookeeper"
    password="password";
};
Server {
    org.apache.zookeeper.server.auth.DigestLoginModule required
    user_zookeeper="password";
};
docker-compose up -d

zookeeper-1 _ 1 |[2022-01-17 12:30:34,845]信息绑定到端口0 . 0 . 0 . 0/0 . 0 . 0:2181 (org.apache.zookeeper . server . nettyservercnxnfactory)< br > zookeeper-1 _ 1 |[2022-01-17 12:30:34,886]信息绑定到端口2181(org . Apache . zookeeper) reconfigEnabled = false(org.apache . zookeeper . server . prerequestprocessor)< br > zookeeper-1 _ 1 |[2022-01-17 12:30:34,903]INFO zookeeper . client . portunification = false(org . Apache . zookeeper . server . nettyservercnxnfactory)< br > zookeeper-1 _ 1 |[2022-01-17 12:30:34,938] INFO使用org . Apache (org . Apache . zookeeper . server . zookeeper server)< br >

我配置或做错了什么?谢了。

共有1个答案

申屠宏胜
2023-03-14

在澄清了您的需求后,我发现有三件事需要解决:

    < li >值< code >/etc/Kafka/secrets/zookeeper . server 1 . keystore . jks 应为< code >/etc/Kafka/secrets/zookeeper . server . keystore . jks ,因为TLS/SSL脚本会生成该名称。 < Li > zookeeper密钥库也是如此 < li >启动时,请求一个名为< code > keystore _ credentials 的额外文件。只需用< code>password创建它(您的jks密码)

我仍然有一个问题,但似乎更进一步,你的错误:

io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: no cipher suites in common 

这似乎与您的SSL脚本更相关

 类似资料:
  • 问题内容: 我在用Java工作。 我通常会这样设置一些对象: 问题是:在此示例中是否等于,按原样我可以假定对未初始化的对象进行空检查将是准确的? 问题答案: 正确,未显式初始化的引用类型的静态成员和实例成员都由Java 设置为。相同的规则适用于数组成员。 根据Java语言规范的第4.12.5节: 变量的初始值 程序中的每个变量在使用值之前都必须具有一个值: 每个类变量,实例变量或数组组件在创建时均

  • 我们尝试使用Gherkin/Cucumber进行单元测试。在maven项目中,我们曾经使用JUnit/JMockit执行以下格式的单元测试,并且工作得很好。 旧的Junit测试类曾经工作过: 在开始使用Gherkin/Cucumber之后,我们正在用以下两个类编写单元类:

  • 问题内容: 我正在设置用于学习JavaEE7中CDI的基本环境。我有以下代码可以启动。只是启动和关闭。 我正在控制台上关注。 有问题的线是。这仅表示依赖注入将不起作用。但是我不确定是什么问题。我已经添加了。我什至没有达到初始化对象的目的,那为什么会出现这个问题呢? Weld的官方文档还给出了阅读此答案后得到的相同代码。“ Antonio Goncalves”撰写的“ Beginning Java

  • 我正试图在谷歌地图Android API v2中获得一个带有自定义图标的标记。我刚刚更改了Google提供的一个示例。我添加了到方法中的RawMapViewDemoActivity 但我总是得到一个“IBitmapDescriptorFactory未初始化”。 在BitmapDescriptorFactory中,它说: 在使用此类中的任何方法之前,您必须执行以下操作之一以确保初始化此类: > 等待

  • 我们的项目中有一个不可替代代币状态和不可替代代币合约的自定义实现。我们正在使用下面的代码来发行我们的自定义不可替代代币。 当试图将上面获得的事务构建器转换为有线事务时(< code > builder . towiretransaction(service hub);)我们在下面的堆栈跟踪中得到一个错误。