在为代理到 Zookeeper 身份验证实现 SSL 时,我在代理 2 节点上遇到了以下异常
从 SSL 设置中,集群配置了 SSL 身份验证
Broker 1 成功连接到 zookeeper,但在 broker 2 上,出现异常 org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for/brokers/ids
同时,当我停止代理 1 并将代理 2 连接到 zookeeper 时,连接正在工作。问题是一个卡夫卡只连接到动物园管理员,另一个卡夫卡没有同时连接。
节点1:kafka1和zookeeper
节点2:kafka2
配置文件:
zookeeper.properties
clientPort=2181
secureClientPort=2182
authProvider.x509=org.apache.zookeeper.server.auth.X509AuthenticationProvider
serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
ssl.trustStore.location=/opt/kafka_2.13-2.5.0/ssl/kafka.zookeeper.truststore.jks
ssl.trustStore.password=123456
ssl.keyStore.location=/opt/kafka_2.13-2.5.0/ssl/kafka.zookeeper.keystore.jks
ssl.keyStore.password=123456
ssl.clientAuth=need
maxClientCnxns=0
admin.enableServer=false
server.1=localhost:2888:3888
server-0.properties
broker.id=0
listeners=SASL_SSL://172.31.70.27:9092
advertised.listeners=SASL_SSL://1172.31.70.27:9092
zookeeper.connect=172.31.70.27:2182
zookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
zookeeper.ssl.client.enable=true
zookeeper.ssl.protocol=TLSv1.2
zookeeper.ssl.truststore.location=/opt/kafka_2.13-2.5.0/ssl/kafka.broker0.truststore.jks
zookeeper.ssl.truststore.password=123456
zookeeper.ssl.keystore.location=/opt/kafka_2.13-2.5.0/ssl/kafka.broker0.keystore.jks
zookeeper.ssl.keystore.password=123456
zookeeper.set.acl=true
ssl.truststore.location=/opt/kafka_2.13-2.5.0/ssl/kafka.broker0.truststore.jks
ssl.truststore.password=Change@Ro0t
ssl.keystore.location=/opt/kafka_2.13-2.5.0/ssl/kafka.broker0.keystore.jks
ssl.keystore.password=Change@Ro0t
ssl.key.password=Change@Ro0t
security.inter.broker.protocol=SASL_SSL
ssl.client.auth=none
ssl.protocol=TLSv1.2
sasl.enabled.mechanisms=SCRAM-SHA-512
sasl.mechanism.inter.broker.protocol=SCRAM-SHA-512
listener.name.sasl_ssl.scram-sha-512.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="broker-admin" password="dev1234";
super.users=User:broker-admin
authorizer.class.name=kafka.security.authorizer.AclAuthorizer
server-1.properties
broker.id=1
listeners=SASL_SSL://172.31.76.221:9093
advertised.listeners=SASL_SSL://1172.31.76.221:9093
zookeeper.connect=172.31.70.27:2182
zookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
zookeeper.ssl.client.enable=true
zookeeper.ssl.protocol=TLSv1.2
zookeeper.ssl.truststore.location=/opt/kafka_2.13-2.5.0/ssl/kafka.broker0.truststore.jks
zookeeper.ssl.truststore.password=123456
zookeeper.ssl.keystore.location=/opt/kafka_2.13-2.5.0/ssl/kafka.broker0.keystore.jks
zookeeper.ssl.keystore.password=123456
zookeeper.set.acl=true
ssl.truststore.location=/opt/kafka_2.13-2.5.0/ssl/kafka.broker1.truststore.jks
ssl.truststore.password=Change@Ro0t
ssl.keystore.location=/opt/kafka_2.13-2.5.0/ssl/kafka.broker1.keystore.jks
ssl.keystore.password=Change@Ro0t
ssl.key.password=Change@Ro0t
security.inter.broker.protocol=SASL_SSL
ssl.client.auth=none
ssl.protocol=TLSv1.2
sasl.enabled.mechanisms=SCRAM-SHA-512
sasl.mechanism.inter.broker.protocol=SCRAM-SHA-512
listener.name.sasl_ssl.scram-sha-512.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="broker-admin" password="dev1234";
super.users=User:broker-admin
authorizer.class.name=kafka.security.authorizer.AclAuthorizer
[2021-05-13 10:44:37,659] INFO Session establishment complete on server ip-172-31-45-2.ec2.internal/172.31.45.2:2182, sessionid = 0x100009398f40002, negotiated timeout = 18000 (org.apache.zookeeper.ClientCnxn)
[2021-05-13 10:44:37,663] INFO [ZooKeeperClient Kafka server] Connected. (kafka.zookeeper.ZooKeeperClient)
[2021-05-13 10:44:37,801] ERROR Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)
org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /brokers/ids
[2021-05-13 10:44:37,804] INFO shutting down (kafka.server.KafkaServer)
[2021-05-13 10:44:37,808] INFO [ZooKeeperClient Kafka server] Closing. (kafka.zookeeper.ZooKeeperClient)
[2021-05-13 10:44:37,814] INFO channel is told closing (org.apache.zookeeper.ClientCnxnSocketNetty)
[2021-05-13 10:44:37,816] INFO EventThread shut down for session: 0x100009398f40002 (org.apache.zookeeper.ClientCnxn)
[2021-05-13 10:44:37,816] INFO Session: 0x100009398f40002 closed (org.apache.zookeeper.ZooKeeper)
[2021-05-13 10:44:37,817] INFO channel is disconnected: [id: 0x5856be9a, L:/172.31.45.2:52900 ! R:ip-172-31-45-2.ec2.internal/172.31.45.2:2182] (org.apache.zookeeper.ClientCnxnSocketNetty)
[2021-05-13 10:44:37,817] INFO channel is told closing (org.apache.zookeeper.ClientCnxnSocketNetty)
[2021-05-13 10:44:37,825] INFO [ZooKeeperClient Kafka server] Closed. (kafka.zookeeper.ZooKeeperClient)
[2021-05-13 10:44:37,828] INFO shut down completed (kafka.server.KafkaServer)
最佳答案
我没有看到任何 broker.id环境。您应该在代理配置文件中指定两个不同的代理 ID。
关于ssl - Kafka Broker SSL - NoAuth 异常 - KeeperErrorCode NoAuth for/brokers/ids,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/67514028/