英文:
Benthos kafka consumer with ssl authentication
问题
我正在使用benthos(https://www.benthos.dev/)来消费来自Kafka主题的消息。
使用本地Kafka测试我的Benthos配置正常工作,但是当我使用生产Kafka部署测试相同的配置时,配置无法消费任何消息。
配置可以连接到Kafka,我能看到的最后一条日志如下。
"timestamp":"2021-12-10T00:22:44Z","service":"benthos","component":"benthos.input","level":"DEBUG","message":"Starting consumer group"}
当我使用没有SSL的本地Kafka运行相同的benthos配置时,我可以在上一条日志之后看到一条更多的日志。
{"timestamp":"2021-12-09T23:49:50Z","service":"benthos","component":"benthos.input","level":"DEBUG","message":"Consuming messages from topic 'topicname' partition '0'"}
我怀疑在使用启用了SSL的生产Kafka时缺少这个最后的跟踪可能是出错的线索,但我无法找出问题所在。有人可以帮忙吗?
这是我正在使用的Benthos配置。
input:
kafka:
addresses:
- kafka-server:443
topics:
- kafka-topic
tls:
enabled: true
root_cas_file: ssl/ca.crt
client_certs:
- cert_file: ssl/cert.pem
key_file: sl/key.pem
consumer_group: consumer-group
start_from_oldest: false
checkpoint_limit: 1
commit_period: 1s
max_processing_period: 600ms
group:
session_timeout: 50s
heartbeat_interval: 8s
rebalance_timeout: 60s
顺祝商祺,
Esteban Collado
英文:
I am using benthos (https://www.benthos.dev/) to consume messages from a Kafka topic.
Testing my Benthos configuration with a local kafka works fine, but when I test the same configuration using a production Kafka deployment, with SSL authentication, the Benthos configuration does not consume any messages.
The configuration can connect to Kafka, and the last log I can see is the following one.
"@timestamp":"2021-12-10T00:22:44Z","@service":"benthos","component":"benthos.input","level":"DEBUG","message":"Starting consumer group"}
When I run the same benthos configuration using a local kafka with no SSL, I can see one log more after the previous one.
{"@timestamp":"2021-12-09T23:49:50Z","@service":"benthos","component":"benthos.input","level":"DEBUG","message":"Consuming messages from topic 'topicname' partition '0'"}
I suspect that the lack of this last trace, when using the production kafka with SSL activated must be the clue of what is going wrong, but I am not able to figure out the problem. Could anyone help please ?
This is the Benthos configuraiton I am using.
input:
kafka:
addresses:
- kafka-server:443
topics:
- kafka-topic
tls:
enabled: true
root_cas_file: ssl/ca.crt
client_certs:
- cert_file: ssl/cert.pem
key_file: sl/key.pem
consumer_group: consumer-group
start_from_oldest: false
checkpoint_limit: 1
commit_period: 1s
max_processing_period: 600ms
group:
session_timeout: 50s
heartbeat_interval: 8s
rebalance_timeout: 60s
BR,
Esteban Collado
答案1
得分: 1
好的,我明白了。以下是翻译好的内容:
好的,我使用的 benthos 配置是正确的。问题出在 kafka 服务器端的一些 ACL 配置上。
英文:
Ok, the benthos configuraiton I was using is fine. The problem was some ACL configuration on the kafka server side.
答案2
得分: 0
对于任何想要测试使用Kafka TLS身份验证的人,我在这里提供了一个示例,我使用Terraform生成有效的证书,并在docker-compose环境中配置了Redpanda(提供与Kafka相同的API)和Benthos,以便它们可以通过TLS进行通信。
示例链接:这里
Redpanda链接:这里
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论