当前位置: 首页 > 知识库问答 >
问题:

GCS连接器在启用SASL、SSL或SASL_SSL时失败

锺霍英
2023-03-14

我已经能够在不启用SASL或SSL的情况下成功连接GCS连接器。当我启用SASL和SSL时;connect-standalone似乎无法与代理进行通信。

问题似乎出在gcs-sink-license-manager上。这是我从日志中发现的,但它们对我真正弄清楚问题所在没有什么帮助....

[2018-12-19 16:29:05,645] INFO [AdminClient clientId=gcs-sink-license-manager] Metadata update failed (org.apache.kafka.clients.admin.internals.AdminMetadataManager:238)
org.apache.kafka.common.errors.TimeoutException: Timed out waiting to send the call.
[2018-12-19 16:29:05,647] ERROR WorkerConnector{id=gcs-sink} Error while starting connector (org.apache.kafka.connect.runtime.WorkerConnector:119)
org.apache.kafka.connect.errors.ConnectException: Timed out while checking for or creating topic(s) '_confluent-command'. This could indicate a connectivity issue, unavailable topic partitions, or if this is your first use of the topic it may have taken too long to create.
    at org.apache.kafka.connect.util.TopicAdmin.createTopics(TopicAdmin.java:251)
    at io.confluent.license.LicenseStore$1.run(LicenseStore.java:159)
    at org.apache.kafka.connect.util.KafkaBasedLog.start(KafkaBasedLog.java:126)
    at io.confluent.license.LicenseStore.start(LicenseStore.java:187)
    at io.confluent.license.LicenseManager.<init>(LicenseManager.java:42)
    at io.confluent.connect.gcs.GcsSinkConnector.checkLicense(GcsSinkConnector.java:80)
    at io.confluent.connect.gcs.GcsSinkConnector.start(GcsSinkConnector.java:67)
    at org.apache.kafka.connect.runtime.WorkerConnector.doStart(WorkerConnector.java:111)
    at org.apache.kafka.connect.runtime.WorkerConnector.start(WorkerConnector.java:136)
    at org.apache.kafka.connect.runtime.WorkerConnector.transitionTo(WorkerConnector.java:195)
    at org.apache.kafka.connect.runtime.Worker.startConnector(Worker.java:241)
    at org.apache.kafka.connect.runtime.standalone.StandaloneHerder.startConnector(StandaloneHerder.java:297)
    at org.apache.kafka.connect.runtime.standalone.StandaloneHerder.putConnectorConfig(StandaloneHerder.java:206)
    at org.apache.kafka.connect.cli.ConnectStandalone.main(ConnectStandalone.java:107)
Caused by: org.apache.kafka.common.errors.TimeoutException: Timed out waiting for a node assignment.
[2018-12-19 16:29:05,649] INFO Finished creating connector gcs-sink (org.apache.kafka.connect.runtime.Worker:257)
[2018-12-19 16:29:05,650] INFO Skipping reconfiguration of connector gcs-sink since it is not running (org.apache.kafka.connect.runtime.standalone.StandaloneHerder:329)
[2018-12-19 16:29:05,652] INFO Created connector gcs-sink (org.apache.kafka.connect.cli.ConnectStandalone:104)
connector.class="io.confluent.connect.gcs.GcsSinkConnector"
storage.class="io.confluent.connect.gcs.storage.GcsStorage"
bootstrap.servers=kafka1:19092
key.converter=org.apache.kafka.connect.json.JsonConverter
value.converter=org.apache.kafka.connect.json.JsonConverter
key.converter.schemas.enable=false
value.converter.schemas.enable=false
security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
offset.storage.file.filename=/tmp/connect.offsets
offset.flush.interval.ms=10000
plugin.path=/usr/share/java,/usr/share/confluent-hub-components
#Connector
format.class=io.confluent.connect.gcs.format.json.JsonFormat
partitioner.class=io.confluent.connect.storage.partitioner.DefaultPartitioner
flush.size=3
# confluent.license=

#GCS
name=gcs-sink
connector.class=io.confluent.connect.gcs.GcsSinkConnector
gcs.bucket.name=kafka-bucket-4c
gcs.part.size=5242880
gcs.credentials.path=/usr/share/assets/gcs-key.json
confluent.topic.bootstrap.servers=kafka1:19092
topics=sandbox
confluent.topic.replication.factor=1
#Storage
storage.class=io.confluent.connect.gcs.storage.GcsStorage
client.id=gcs-standalone-sink


# Sink authentication settings
consumer.log4j.root.loglevel=DEBUG
consumer.bootstrap.servers=kafka1:19092
consumer.sasl.mechanism=PLAIN
consumer.security.protocol=SASL_PLAINTEXT
consumer.ssl.endpoint.identification.algorithm=
FROM confluentinc/cp-kafka-connect

ADD assets /usr/share/assets

# ENV CONNECT_OPTS "-Djava.security.auth.login.config=/usr/share/assets/kafka_admin_account.conf -Djavax.net.ssl.trustStore=/usr/share/assets/secrets/kafka.client.truststore.jks -Djavax.net.ssl.trustStorePassword=changeit"
ENV KAFKA_OPTS "-Djava.security.auth.login.config=/usr/share/assets/secrets/kafka_admin_account.conf -Djavax.net.debug=all"
ENV CONNECT_OPTS "-Djava.security.auth.login.config=/usr/share/assets/secrets/kafka_admin_account.conf -Djavax.net.debug=all"

COPY assets/secrets/cacerts /usr/lib/jvm/zulu-8-amd64/jre/lib/security/cacerts

CMD ["/bin/bash", "-c", "connect-standalone ${CONNECT_PROPS} ${GCS_PROPS}"]
kafka1:
image: company-kafka-secure
# build: ./
depends_on:
- zookeeper
ports:
- 19091:19091
environment:
  KAFKA_BROKER_ID: 1
  KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
  KAFKA_ADVERTISED_LISTENERS: SASL_PLAINTEXT://kafka1:19092,EXT://localhost:19091
  KAFKA_LISTENERS: SASL_PLAINTEXT://:19092,EXT://:19091
  KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: SASL_PLAINTEXT:SASL_PLAINTEXT,EXT:SASL_PLAINTEXT
  KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
  KAFKA_SECURITY_INTER_BROKER_PROTOCOL: SASL_PLAINTEXT
  KAFKA_SASL_ENABLED_MECHANISMS: PLAIN
  KAFKA_ZOOKEEPER_CONNECTION_TIMEOUT_MS: 6000
  ZOOKEEPER_SASL_ENABLED: "false"
  KAFKA_AUTHORIZER_CLASS_NAME: com.us.digital.kafka.security.authorization.KafkaAuthorizer
  CONFLUENT_METRICS_ENABLE: "false"
volumes:
- ./secrets:/etc/kafka/secrets
networks:
- message_hub

kafka_gcs_connect:
build: ./kafka-connect
ports:
  - 28082:28082
depends_on:
- kafka1
- kafka3
- kafka2
- zookeeper
environment: 
  CONNECT_PROPS: /usr/share/assets/connect-standalone.sasl.properties
  CONNECT_REST_PORT: 28082
  GCS_PROPS: /usr/share/assets/gcs.sasl.properties
networks:
- message_hub

共有1个答案

吴涵育
2023-03-14
CONNECT_BOOTSTRAP_SERVERS=kafka1:19092,kafka2:29092,kafka3:39092
CONNECT_CONFLUENT_TOPIC_BOOTSTRAP_SERVERS=kafka1:19092,kafka2:29092,kafka3:39092
CONNECT_CONFLUENT_LICENSE=
CONNECT_KEY_CONVERTER=org.apache.kafka.connect.json.JsonConverter
CONNECT_VALUE_CONVERTER=org.apache.kafka.connect.json.JsonConverter
CONNECT_KEY_CONVERTER_SCHEMAS_ENABLE=false
CONNECT_VALUE_CONVERTER_SCHEMAS_ENABLE=false
CONNECT_CONFIG_STORAGE_TOPIC=connect-config
CONNECT_OFFSET_STORAGE_TOPIC=connect-offsets
CONNECT_STATUS_STORAGE_TOPIC=connect-status
CONNECT_REPLICATION_FACTOR=1
CONNECT_CONFIG_STORAGE_REPLICATION_FACTOR=1
CONNECT_OFFSET_STORAGE_REPLICATION_FACTOR=1
CONNECT_STATUS_STORAGE_REPLICATION_FACTOR=1
CONNECT_SECURITY_PROTOCOL=SASL_PLAINTEXT
CONNECT_SASL_MECHANISM=PLAIN
CONNECT_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM=
CONNECT_CONSUMER_BOOTSTRAP_SERVERS=kafka1:19092,kafka2:29092,kafka3:39092
CONNECT_CONSUMER_SECURITY_PROTOCOL=SASL_PLAINTEXT
CONNECT_CONSUMER_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM=
CONNECT_CONSUMER_SASL_MECHANISM=PLAIN
CONNECT_GROUP_ID=gcs-kafka-connector
CONNECT_INTERNAL_KEY_CONVERTER=org.apache.kafka.connect.json.JsonConverter
CONNECT_INTERNAL_VALUE_CONVERTER=org.apache.kafka.connect.json.JsonConverter
CONNECT_REST_PORT=28082
CONNECT_PLUGIN_PATH=/usr/share/java,/usr/share/confluent-hub-components
KAFKA_OPTS=-Djava.security.auth.login.config=/usr/share/assets/kafka_admin_account.conf

下面是我发现的使SASL与gcs连接器一起工作所需的所有属性。

 类似资料:
  • 我使用vert. x java客户端连接安慰服务器。当使用SSL证书进行连接时,收到以下SSL握手错误。我在代码中使用setTrust all(true)。有人能帮助解释错误的原因和解决方案吗? 以下是错误:SEVERE:未处理的异常java.lang.IllegalStateExctive:桥没有成功启动io.vertx.amqpbridge.impl.AmqpBridgeImpl.create

  • 我正在尝试使用SASL SSL安全协议(SCRAM-SHA-512)将Mule应用程序与Kafka集成。以下来自Mulesoft的知识文章说(只有版本3.0.6、3.0.7、3.0.8、3.0.9和3.0.10的Kafka连接器支持带有GSSAPI机制的SASL_SSL安全协议。当前的版本4.0.0不支持SASL_SSL,因为存在已知问题SE-15680。)。这是那篇文章的链接 https://h

  • 我正在尝试使用Spring连接到支持SSL的Cassandra。我已收到密钥库和信任库文件及其各自的密码。使用DevCenter工具,我能够使用这些文件和凭据连接到远程数据库。然而,当我尝试使用java进行连接时,我不断遇到以下异常: 客户端身份验证似乎未正确通过。 使用以下代码:

  • 错误:无法启动连接:错误:WebSocket无法连接。在服务器上找不到连接,endpoint可能不是信号器endpoint,服务器上不存在连接ID,或者存在阻止WebSocket的代理。如果有多台服务器,请检查是否启用了粘性会话。 WebSocketTransport.js:49WebSocket连接到“ws://xxxxxx/生产/网络服务/集线器/spreadhub”失败: Angular.t

  • 问题内容: 我正在与一个名为CommWeb的商户帐户集成,并向其URL(https://migs.mastercard.com.au/vpcdps)发送一个SSL帖子。当我尝试发送帖子时,出现以下异常: 执行该帖子的代码(我没有写过,并且已经存在于我们的代码库中)是: 商户帐户集成的文档对证书一无所知。他们确实提供了一些似乎盲目接受证书的示例JSP代码: 我们的Web应用程序有一个密钥库,我尝试使

  • 当我尝试连接https url时...我得到ssl握手失败...我使用vertx-version 但是在使用vertx的时候。这是握手的问题