加菲猫
这家伙太懒,什么都没留下
这家伙太懒,什么都没留下
我正好有点问题 想请教一下,我搭了一个kafka集群,使用了SSL,kafka tool能连上,但只显示一个kafka broker,应该是集群没组好,但没找到原因。
broker1/docker-compose.yml
version: "3.8"
services:
zookeeper:
image: wurstmeister/zookeeper
container_name: zookeeper
# restart: always
ports:
- ${ZK_PORT_1}:2181
- ${ZK_PORT_1_2}:2888
- ${ZK_PORT_1_3}:3888
volumes:
- ./zookeeper/data:/opt/zookeeper/data
- ./zookeeper/logs:/opt/zookeeper/logs
environment:
TZ: Asia/Shanghai
CLIENT_PORT: 2181
TICK_TIME: 2000
ZOO_MY_ID: 1
ZOO_SERVERS: server.1=0.0.0.0:2888:3888 server.2=${SERVER_2}:${ZK_PORT_2_2}:${ZK_PORT_2_3}
kafka:
image: wurstmeister/kafka
container_name: kafka
# restart: always
ports:
- ${KAFKA_PORT_1}:${KAFKA_PORT_1}
volumes:
# - ./kafka/docker.sock:/var/run/docker.sock
- ./kafka/logs:/kafka
- ../.env/certs:/certs
depends_on:
- zookeeper
environment:
TZ: Asia/Shanghai
KAFKA_BROKER_ID: 1
KAFKA_LISTENERS: SSL://kafka:${KAFKA_PORT_1}
KAFKA_ADVERTISED_LISTENERS: SSL://${SERVER_1}:${KAFKA_PORT_1}
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 2
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181,${SERVER_2}:${ZK_PORT_2}
KAFKA_AUTO_CREATE_TOPICS_ENABLE: false
# 分区数
KAFKA_NUM_PARTITIONS: 1
# 副本数
KAFKA_DEFAULT_REPLICATION_FACTOR: 2
KAFKA_MIN_INSYNC_REPLICAS: 2
KAFKA_NUM_REPLICA_FETCHERS: 5
KAFKA_SSL_CLIENT_AUTH: required
KAFKA_SSL_SECURE_RANDOM_IMPLEMENTATION: SHA1PRNG
KAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: " "
KAFKA_SECURITY_INTER_BROKER_PROTOCOL: SSL
KAFKA_SSL_KEYSTORE_LOCATION: /certs/kafka.my.keystore.jks
KAFKA_SSL_KEYSTORE_PASSWORD: ${PASSWORD}
KAFKA_SSL_KEY_PASSWORD: ${PASSWORD}
KAFKA_SSL_TRUSTSTORE_LOCATION: /certs/kafka.truststore.jks
KAFKA_SSL_TRUSTSTORE_PASSWORD: ${PASSWORD}
broker2/docker-compose.yml
version: "3.8"
services:
zookeeper:
image: wurstmeister/zookeeper
container_name: zookeeper_2
# restart: always
ports:
- ${ZK_PORT_2}:2181
- ${ZK_PORT_2_2}:2888
- ${ZK_PORT_2_3}:3888
volumes:
- ./zookeeper/data:/opt/zookeeper/data
- ./zookeeper/logs:/opt/zookeeper/logs
# - ../.env/zookeeper_jaas.conf:/etc/kafka/zookeeper_jaas.conf
environment:
TZ: Asia/Shanghai
CLIENT_PORT: 2181
TICK_TIME: 2000
ZOO_MY_ID: 2
ZOO_SERVERS: server.1=${SERVER_1}:${ZK_PORT_1_2}:${ZK_PORT_1_3} server.2=0.0.0.0:2888:3888
# KAFKA_OPTS: -Djava.security.auth.login.config=/etc/kafka/zookeeper_jaas.conf
# -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
# -Dzookeeper.allowSaslFailedClients=false
# -Dzookeeper.requireClientAuthScheme=sasl
kafka:
image: wurstmeister/kafka
container_name: kafka_2
# restart: always
ports:
- ${KAFKA_PORT_2}:${KAFKA_PORT_2}
# - 29092:29092
volumes:
# - ./kafka/docker.sock:/var/run/docker.sock
- ./kafka/logs:/kafka
- ../.env/certs:/certs
# - ../.env/kafka_server_jaas.conf:/etc/kafka/kafka_server_jaas.conf
depends_on:
- zookeeper
environment:
TZ: Asia/Shanghai
KAFKA_BROKER_ID: 2
KAFKA_LISTENERS: SSL://kafka:${KAFKA_PORT_2}
KAFKA_ADVERTISED_LISTENERS: SSL://${SERVER_2}:${KAFKA_PORT_2}
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 2
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181,${SERVER_1}:${ZK_PORT_1}
KAFKA_AUTO_CREATE_TOPICS_ENABLE: false
# 分区数
KAFKA_NUM_PARTITIONS: 1
# 副本数
KAFKA_DEFAULT_REPLICATION_FACTOR: 2
KAFKA_MIN_INSYNC_REPLICAS: 2
KAFKA_NUM_REPLICA_FETCHERS: 5
KAFKA_SSL_CLIENT_AUTH: required
KAFKA_SSL_SECURE_RANDOM_IMPLEMENTATION: SHA1PRNG
KAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: " "
KAFKA_SECURITY_INTER_BROKER_PROTOCOL: SSL
KAFKA_SSL_KEYSTORE_LOCATION: /certs/kafka.my.keystore.jks
KAFKA_SSL_KEYSTORE_PASSWORD: ${PASSWORD}
KAFKA_SSL_KEY_PASSWORD: ${PASSWORD}
KAFKA_SSL_TRUSTSTORE_LOCATION: /certs/kafka.truststore.jks
KAFKA_SSL_TRUSTSTORE_PASSWORD: ${PASSWORD}
检查SSL配置是否有效的命令 过时了
openssl s_client -debug -connect localhost:9093 -tls1
现在的版本是:TLSv1.2,命令是:
openssl s_client -debug -connect localhost:9093 -tls1_2
通过 -help能查看具体操作:
openssl s_client -help
