security.protocol error when setting up basic Kafka consumer and producer in Go?

huangapple go评论89阅读模式
英文:

security.protocol error when setting up basic Kafka consumer and producer in Go?

问题

我正在尝试在Go中设置一个基本的Kafka客户端,按照这里详细说明的示例进行操作:https://docs.confluent.io/clients-confluent-kafka-go/current/overview.html#go-example-code 和 https://github.com/confluentinc/confluent-kafka-go

我按照给出的方式编写了消费者和生产者示例,如下所示:

func Produce() {

	p, err := kafka.NewProducer(&kafka.ConfigMap{"bootstrap.servers": "my-broker-name"})
	if err != nil {
		panic(err)
	}

	defer p.Close()

	go func() {
		for e := range p.Events() {
			switch ev := e.(type) {
			case *kafka.Message:
				if ev.TopicPartition.Error != nil {
					fmt.Printf("Delivery failed: %v\n", ev.TopicPartition)
				} else {
					fmt.Printf("Delivered message to %v\n", ev.TopicPartition)
				}
			}
		}
	}()

	topic := "myTopic"
	for _, word := range []string{"Welcome", "to", "the", "Confluent", "Kafka", "Golang", "client"} {
		p.Produce(&kafka.Message{
			TopicPartition: kafka.TopicPartition{Topic: &topic, Partition: kafka.PartitionAny},
			Value:          []byte(word),
		}, nil)
	}

	p.Flush(15 * 1000)
}

func Consume() {

	c, err := kafka.NewConsumer(&kafka.ConfigMap{
		"bootstrap.servers": "my-broker-name",
		"group.id":          "myGroup",
		"auto.offset.reset": "earliest",
	})

	if err != nil {
		panic(err)
	}

	c.SubscribeTopics([]string{"myTopic", "^aRegex.*[Tt]opic"}, nil)

	for {
		msg, err := c.ReadMessage(-1)
		if err == nil {
			fmt.Printf("Message on %s: %s\n", msg.TopicPartition, string(msg.Value))
		} else {
			fmt.Printf("Consumer error: %v (%v)\n", err, msg)
		}
	}
	
	c.Close()
}

(my-broker-name是我的主机名+端口的替代,我不想在这里包含)

然而,当运行produce函数时,它返回一个错误,说:

Disconnected while requesting ApiVersion: might be caused by incorrect security.protocol configuration (connecting to a SSL listener?) or broker version is < 0.10 (see api.version.request) (after 31ms in state APIVERSION_QUERY)

当运行consume函数时,我收到相同的错误,但还有一些其他的东西,说:

Consumer error: 1/1 brokers are down (<nil>)

我确定这不是真的。

不幸的是,我找不到任何关于这些错误的文档,也不知道如何解决它们。我该如何解决这个错误,以便能够向我的Broker生产和消费消息?

更新:

我获取了我的证书并将其转换为.pem文件,并将ConfigMap更改为以下内容:

p, err := kafka.NewProducer(&kafka.ConfigMap{
		"bootstrap.servers":         "my-broker:32500",
		"security.protocol":        "SSL",
		"ssl.certificate.location": "mycert.pem",
        "ssl.ca.location":          "ca-chain.pem"})
	if err != nil {
		panic(err)
	}

然而,现在返回的是:

client SSL authentication might be required (see ssl.key.location and ssl.certificate.location and consult the broker logs for more information)

这是否意味着证书有问题?还是我在某个地方漏掉了一步?

英文:

I am attempting to set up a basic Kafka client in Go - following the examples detailed here https://docs.confluent.io/clients-confluent-kafka-go/current/overview.html#go-example-code and https://github.com/confluentinc/confluent-kafka-go.

I wrote the consumer and producer examples the same way they were given, like so

func Produce() {
p, err := kafka.NewProducer(&amp;kafka.ConfigMap{&quot;bootstrap.servers&quot;: &quot;my-broker-name&quot;})
if err != nil {
panic(err)
}
defer p.Close()
go func() {
for e := range p.Events() {
switch ev := e.(type) {
case *kafka.Message:
if ev.TopicPartition.Error != nil {
fmt.Printf(&quot;Delivery failed: %v\n&quot;, ev.TopicPartition)
} else {
fmt.Printf(&quot;Delivered message to %v\n&quot;, ev.TopicPartition)
}
}
}
}()
topic := &quot;myTopic&quot;
for _, word := range []string{&quot;Welcome&quot;, &quot;to&quot;, &quot;the&quot;, &quot;Confluent&quot;, &quot;Kafka&quot;, &quot;Golang&quot;, &quot;client&quot;} {
p.Produce(&amp;kafka.Message{
TopicPartition: kafka.TopicPartition{Topic: &amp;topic, Partition: kafka.PartitionAny},
Value:          []byte(word),
}, nil)
}
p.Flush(15 * 1000)
}
func Consume() {
c, err := kafka.NewConsumer(&amp;kafka.ConfigMap{
&quot;bootstrap.servers&quot;: &quot;my-broker-name&quot;,
&quot;group.id&quot;:          &quot;myGroup&quot;,
&quot;auto.offset.reset&quot;: &quot;earliest&quot;,
})
if err != nil {
panic(err)
}
c.SubscribeTopics([]string{&quot;myTopic&quot;, &quot;^aRegex.*[Tt]opic&quot;}, nil)
for {
msg, err := c.ReadMessage(-1)
if err == nil {
fmt.Printf(&quot;Message on %s: %s\n&quot;, msg.TopicPartition, string(msg.Value))
} else {
fmt.Printf(&quot;Consumer error: %v (%v)\n&quot;, err, msg)
}
}
c.Close()
}

(my-broker-name is a substitute for my hostname + port, which I didn't want to include here)

However when running the produce function it returns an error saying

Disconnected while requesting ApiVersion: might be caused by incorrect security.protocol configuration (connecting to a SSL listener?) or broker version is &lt; 0.10 (see api.version.request) (after 31ms in state APIVERSION_QUERY)

and when running the consume function I receive the same error, but also something that says

Consumer error: 1/1 brokers are down (&lt;nil&gt;)

which I am certain is not the case.

I'm unfortunately unable to find any documentation on what these errors mean, or how to approach fixing them. How do I resolve the error so that I'm able to produce and consume to my Broker?

UPDATE:

I obtained my certificate and converted it to a .pem file, and changed the ConfigMap to the following:

p, err := kafka.NewProducer(&amp;kafka.ConfigMap{
&quot;bootstrap.servers&quot;: &quot;my-broker:32500&quot;,
&quot;security.protocol&quot;: &quot;SSL&quot;,
&quot;ssl.certificate.location&quot;: &quot;mycert.pem&quot;,
&quot;ssl.ca.location&quot;: &quot;ca-chain.pem&quot;})
if err != nil {
panic(err)
}

However, this is now returning

client SSL authentication might be required (see ssl.key.location and ssl.certificate.location and consult the broker logs for more information)

Does this mean that there is a problem with the Certificate? Or is there a step that I am missing somewhere?

答案1

得分: 1

您需要提供主机名和端口作为引导服务器

"bootstrap.servers": "host1:9092"

要连接到Kafka中的安全端口,您需要提供包含CA文件的信任存储配置,或者对于任何应用程序来说,都需要提供用于安全连接的配置。

https://www.google.com/amp/s/www.process-one.net/blog/using-tls-authentication-for-your-go-kafka-client/%3famp

https://github.com/FluuxIO/kafka/blob/master/examples/base-client/base-client.go#L6

kafka.ConfigMap{
"bootstrap.servers": "..",
"security.protocol": "SSL",
// 如果您使用SSL身份验证,请在此处提供客户端的密钥
"ssl.key.location": "path-to-private-key.pem",
"ssl.certificate.location": "path-to-public-key.pem",
"ssl.key.password": "如果有的话..",
}


对于您的新错误,请查看以下链接

https://stackoverflow.com/questions/9380403/what-does-ssl-ctx-use-privatekey-file-problems-getting-password-error-indica

英文:

You need to provide hostname and port as your bootstrap servers

  &quot;bootstrap.servers&quot;: &quot;host1:9092&quot;

To connect to secured port in kafka you need to provide truststore configuration that contains your ca file, or any application for secured connection for that matter

https://www.google.com/amp/s/www.process-one.net/blog/using-tls-authentication-for-your-go-kafka-client/%3famp

https://github.com/FluuxIO/kafka/blob/master/examples/base-client/base-client.go#L6

    kafka.ConfigMap{
&quot;bootstrap.servers&quot;̇: &quot;..&quot;,
&quot;security.protocol&quot;: &quot;SSL&quot;,
// If you&#39;re using SSL authentication, provide the client&#39;s key here
&quot;ssl.key.location&quot;: &quot;path-to-private-key.pem&quot;,
&quot;ssl.certificate.location&quot;: &quot;path-to-public-key.pem&quot;,
&quot;ssl.key.password&quot;: &quot;if any..&quot;,
}

For you new error look there

https://stackoverflow.com/questions/9380403/what-does-ssl-ctx-use-privatekey-file-problems-getting-password-error-indica

答案2

得分: 0

这里的解决方案是我缺少了ssl.key.location。我不得不向管理员请求密钥。一旦我包含了密钥,一切都正常工作了。我最终的配置如下所示:

c, err := kafka.NewConsumer(&kafka.ConfigMap{
	"bootstrap.servers":         "hostname:port-number",
	"security.protocol":        "SSL",
	"ssl.ca.location":          "ca-chain.pem",
	"ssl.key.location":         "key-location",
	"ssl.certificate.location": "mycert.pem",
})

if err != nil {
	panic(err)
}
英文:

The solution here was that I was missing ssl.key.location. I had to ask my administrator for the key. Once I included the key everything worked. The final configuration I had looked like the following:

c, err := kafka.NewConsumer(&amp;kafka.ConfigMap{
&quot;bootstrap.servers&quot;: &quot;hostname:port-number&quot;,
&quot;security.protocol&quot;: &quot;SSL&quot;,
&quot;ssl.ca.location&quot;: &quot;ca-chain.pem&quot;,
&quot;ssl.key.location&quot;: &quot;key-location&quot;,
&quot;ssl.certificate.location&quot;: &quot;mycert.pem&quot;})
if err != nil {
panic(err)
}

huangapple
  • 本文由 发表于 2021年7月22日 05:13:09
  • 转载请务必保留本文链接:https://go.coder-hub.com/68476527.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定