docker-compose zookeeper kafka -错误cnxn.saslServer为空:cnxn对象未正确初始化其saslServer
我正在尝试使用docker-compose来启动zk/kafka。
version: '2'
services:
zookeeper-1:
image: confluentinc/cp-zookeeper:6.1.4
environment:
ZOOKEEPER_SERVER_ID: 1
ZOOKEEPER_CLIENT_PORT: 2181
ZOOKEEPER_TICK_TIME: 2000
ZOOKEEPER_INIT_LIMIT: 10
ZOOKEEPER_SYNC_LIMIT: 5
ZOOKEEPER_DATADIR_AUTOCREATE: "false"
ZOOKEEPER_MAX_CLIENT_CNXNS: 60
ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT: 12
ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL: 168
ZOOKEEPER_ADMIN_ENABLE_SERVER: "false"
ZOOKEEPER_SERVER_1: zookeeper-1:12881:13881
ZOOKEEPER_AUTH_PROVIDER_1: org.apache.zookeeper.server.auth.SASLAuthenticationProvider
ZOOKEEPER_REQUIRE_CLIENT_AUTH_SCHEME: sasl
ZOOKEEPER_JAAS_LOGIN_RENEW: 3600000
ZOOKEEPER_SECURE_CLIENT_PORT: 12181
ZOOKEEPER_AUTH_PROVIDER_X509: org.apache.zookeeper.server.auth.X509AuthenticationProvider
ZOOKEEPER_SERVER_CNXN_FACTORY: org.apache.zookeeper.server.NettyServerCnxnFactory
ZOOKEEPER_SSL_PROTOCOL: TLSv1.2
ZOOKEEPER_SSL_TRUSTSTORE_LOCATION: /etc/kafka/secrets/truststore.jks
ZOOKEEPER_SSL_TRUSTSTORE_PASSWORD: password
ZOOKEEPER_SSL_KEYSTORE_LOCATION: /etc/kafka/secrets/zookeeper.server1.keystore.jks
ZOOKEEPER_SSL_KEYSTORE_PASSWORD: password
ZOOKEEPER_SSL_CLIENT_AUTH: none
KAFKA_OPTS: "-Djava.security.auth.login.config=/etc/kafka/secrets/zookeeper_jaas.conf"
ports:
- 12181:12181
volumes:
- /var/ssl:/etc/kafka/secrets
kafka-1:
image: confluentinc/cp-kafka:latest
depends_on:
- zookeeper-1
ports:
- 29092:9092
volumes:
- /var/ssl:/etc/kafka/secrets
environment:
KAFKA_BROKER_ID: 1
KAFKA_ADVERTISED_LISTENERS: SASL_SSL://kafka-1:9092
KAFKA_NUM_PARTITIONS: 4
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 2
KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 2
KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 2
KAFKA_AUTO_CREATE_TOPICS_ENABLE: "false"
KAFKA_ZOOKEEPER_CONNECT: zookeeper-1:12181
KAFKA_ZOOKEEPER_CLIENT_CNXN_SOCKET: org.apache.zookeeper.ClientCnxnSocketNetty
KAFKA_ZOOKEEPER_SSL_CLIENT_ENABLE: "true"
KAFKA_ZOOKEEPER_SSL_PROTOCOL: TLSv1.2
KAFKA_ZOOKEEPER_SSL_TRUSTSTORE_LOCATION: /etc/kafka/secrets/truststore.jks
KAFKA_ZOOKEEPER_SSL_TRUSTSTORE_PASSWORD: password
KAFKA_ZOOKEEPER_SET_ACL: "false"
KAFKA_SECURITY_INTER_BROKER_PROTOCOL: SASL_SSL
KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
KAFKA_SASL_ENABLED_MECHANISMS: PLAIN
KAFKA_SSL_CLIENT_AUTH: none
KAFKA_SSL_KEYSTORE_FILENAME: kafka.server1.keystore.jks
KAFKA_SSL_KEYSTORE_CREDENTIALS: keystore_credentials
KAFKA_SSL_KEY_CREDENTIALS: keystore_credentials
KAFKA_SSL_TRUSTSTORE_FILENAME: truststore.jks
KAFKA_SSL_TRUSTSTORE_CREDENTIALS: keystore_credentials
KAFKA_SSL_ENABLED_PROTOCOLS: TLSv1.2
KAFKA_OPTS: "-Djava.security.auth.login.config=/etc/kafka/secrets/kafka_server_jaas.conf"
#!/usr/bin/env bash
export DIR=/var/ssl
export PASSWORD=password
export DNS=localhost
echo subjectAltName=DNS:$DNS,DNS:zookeeper-1,DNS:kafka-1 > openssl.cnf
openssl req -x509 -new -sha256 -newkey rsa:2048 -keyout CA.key -days 7300 -out CA.crt -subj "/CN=$DNS" -passout pass:$PASSWORD
keytool -keystore truststore.jks -alias CA -importcert -file CA.crt -storepass $PASSWORD -noprompt
openssl req -new -sha256 -newkey rsa:2048 -keyout zookeeper.server${instance}.key -subj "/CN=$DNS" -out zookeeper.server${instance}.csr -passout pass:$PASSWORD
openssl x509 -req -extfile openssl.cnf -in zookeeper.server${instance}.csr -CA CA.crt -CAkey CA.key -CAcreateserial -out zookeeper.server${instance}.crt -days 7300 -sha256 -passin pass:$PASSWORD
openssl pkcs12 -export -in zookeeper.server${instance}.crt -inkey zookeeper.server${instance}.key -out zookeeper.server${instance}.p12 -name zookeeper.server${instance} -CAfile CA.crt -caname CA -passin pass:$PASSWORD -passout pass:$PASSWORD
keytool -importkeystore -deststorepass $PASSWORD -destkeypass $PASSWORD -destkeystore zookeeper.server${instance}.keystore.jks -srckeystore zookeeper.server${instance}.p12 -srcstoretype pkcs12 -srcstorepass $PASSWORD -alias zookeeper.server${instance}
keytool -keystore zookeeper.server${instance}.keystore.jks -alias CA -importcert -file CA.crt -storepass $PASSWORD -noprompt
openssl req -new -sha256 -newkey rsa:2048 -keyout kafka.server${instance}.key -subj "/CN=$DNS" -out kafka.server${instance}.csr -passout pass:$PASSWORD
openssl x509 -req -extfile openssl.cnf -in kafka.server${instance}.csr -CA CA.crt -CAkey CA.key -CAcreateserial -out kafka.server${instance}.crt -days 7300 -sha256 -passin pass:$PASSWORD
openssl pkcs12 -export -in kafka.server${instance}.crt -inkey kafka.server${instance}.key -out kafka.server${instance}.p12 -name kafka.server${instance} -CAfile CA.crt -caname CA -passin pass:$PASSWORD -passout pass:$PASSWORD
keytool -importkeystore -deststorepass $PASSWORD -destkeypass $PASSWORD -destkeystore kafka.server${instance}.keystore.jks -srckeystore kafka.server${instance}.p12 -srcstoretype pkcs12 -srcstorepass $PASSWORD -alias kafka.server${instance}
keytool -keystore kafka.server${instance}.keystore.jks -alias CA -importcert -file CA.crt -storepass $PASSWORD -noprompt
echo -n password > /var/ssl/keystore_credentials
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="kafka_broker_admin"
password="password"
user_kafka_broker_admin="password"
user_zookeeper="password"
};
Client {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="zookeeper"
password="password";
};
Server {
org.apache.zookeeper.server.auth.DigestLoginModule required
user_zookeeper="password";
};
docker-compose up -d
zookeeper-1 _ 1 |[2022-01-17 12:30:34,845]信息绑定到端口0 . 0 . 0 . 0/0 . 0 . 0:2181 (org.apache.zookeeper . server . nettyservercnxnfactory)< br > zookeeper-1 _ 1 |[2022-01-17 12:30:34,886]信息绑定到端口2181(org . Apache . zookeeper) reconfigEnabled = false(org.apache . zookeeper . server . prerequestprocessor)< br > zookeeper-1 _ 1 |[2022-01-17 12:30:34,903]INFO zookeeper . client . portunification = false(org . Apache . zookeeper . server . nettyservercnxnfactory)< br > zookeeper-1 _ 1 |[2022-01-17 12:30:34,938] INFO使用org . Apache (org . Apache . zookeeper . server . zookeeper server)< br >
我配置或做错了什么?谢了。
共有1个答案
在澄清了您的需求后,我发现有三件事需要解决:
-
< li >值< code >/etc/Kafka/secrets/zookeeper . server 1 . keystore . jks 应为< code >/etc/Kafka/secrets/zookeeper . server . keystore . jks ,因为TLS/SSL脚本会生成该名称。 < Li > zookeeper密钥库也是如此 < li >启动时,请求一个名为< code > keystore _ credentials 的额外文件。只需用< code>password创建它(您的jks密码)
我仍然有一个问题,但似乎更进一步,你的错误:
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: no cipher suites in common
这似乎与您的SSL脚本更相关
-
问题内容: 我在用Java工作。 我通常会这样设置一些对象: 问题是:在此示例中是否等于,按原样我可以假定对未初始化的对象进行空检查将是准确的? 问题答案: 正确,未显式初始化的引用类型的静态成员和实例成员都由Java 设置为。相同的规则适用于数组成员。 根据Java语言规范的第4.12.5节: 变量的初始值 程序中的每个变量在使用值之前都必须具有一个值: 每个类变量,实例变量或数组组件在创建时均
-
问题内容: 我正在设置用于学习JavaEE7中CDI的基本环境。我有以下代码可以启动。只是启动和关闭。 我正在控制台上关注。 有问题的线是。这仅表示依赖注入将不起作用。但是我不确定是什么问题。我已经添加了。我什至没有达到初始化对象的目的,那为什么会出现这个问题呢? Weld的官方文档还给出了阅读此答案后得到的相同代码。“ Antonio Goncalves”撰写的“ Beginning Java
-
我们尝试使用Gherkin/Cucumber进行单元测试。在maven项目中,我们曾经使用JUnit/JMockit执行以下格式的单元测试,并且工作得很好。 旧的Junit测试类曾经工作过: 在开始使用Gherkin/Cucumber之后,我们正在用以下两个类编写单元类:
-
我正试图在谷歌地图Android API v2中获得一个带有自定义图标的标记。我刚刚更改了Google提供的一个示例。我添加了到方法中的RawMapViewDemoActivity 但我总是得到一个“IBitmapDescriptorFactory未初始化”。 在BitmapDescriptorFactory中,它说: 在使用此类中的任何方法之前,您必须执行以下操作之一以确保初始化此类: > 等待
-
我们的项目中有一个不可替代代币状态和不可替代代币合约的自定义实现。我们正在使用下面的代码来发行我们的自定义不可替代代币。 当试图将上面获得的事务构建器转换为有线事务时(< code > builder . towiretransaction(service hub);)我们在下面的堆栈跟踪中得到一个错误。