堆栈内存溢出
  简体   繁体   English

KAFKA SSL 使用 pem 密钥和客户端证书连接

[英]KAFKA SSL connectivity using pem key and client certificate

 原文  2020-10-27 02:51:48       python/ apache-spark/ ssl/ pyspark/ apache-kafka

问题描述

I am able to connect to kafka and read data from CLI (bin/kafka-console-consumer.sh) using below ssl details in client.properties我能够使用 client.properties 中的以下 ssl 详细信息连接到 kafka 并从 CLI (bin/kafka-console-consumer.sh) 读取数据

ssl.keystore.location=/test/keystore.jks
ssl.keystore.password=abcd1234
ssl.key.password=abcd1234

Command: bin/kafka-console-consumer.sh --bootstrap-server 'server details'  --topic topic_name --consumer.config client.properties --group group-id

But I am unable to connect from python or spark using the same data但我无法使用相同的数据从 python 或 spark 连接

consumer = KafkaConsumer(topic,bootstrap_servers=bootstrap_server,security_protocol='SSL',sasl_mechanism='PLAIN',ssl_certfile='certificate.pem',ssl_keyfile='pk.key')

I tried changing multiple options in the above code, like adding check_host_name etc, but no luck.我尝试更改上面代码中的多个选项,例如添加 check_host_name 等,但没有成功。 The kafka is not owned by our teams, it a different team who manages it and when we request access we get a private key and certificate along with CA bundle and ARN name. kafka 不属于我们的团队,它是由另一个团队管理的,当我们请求访问时,我们会获得私钥和证书以及 CA 包和 ARN 名称。

From Spark(Python), I tried below code从 Spark(Python),我尝试了下面的代码

sdf1 = spark.readStream.format("kafka")
       .option("kafka.bootstrap.servers",bootstrap_server)
       .option("subscribe", topic_name)
       .option("startingOffsets", "latest")
       .option("kafka.security.protocol","SSL")
       .option("kafka.ssl.keystore.location",'keystore.jks')
       .option("kafka.ssl.keystore.password", '****')
       .option("kafka.ssl.key.password",'****')
       .load()

I am getting error like "org.apache.kafka.common.errors.GroupAuthorizationException: Not authorized to access group: spark-kafka-source-xxxxxxx-xxxxx-xxxxx"我收到类似“org.apache.kafka.common.errors.GroupAuthorizationException:未授权访问组:spark-kafka-source-xxxxxxx-xxxxx-xxxxx”的错误

The above error would be related to spark generating unique group id everytime it is accesseing.上述错误与每次访问时生成唯一组 ID 的火花有关。 Usage of group-id in spark dataframe is allowed only in spark 3.0 and above.仅在 spark 3.0 及更高版本中才允许在 spark dataframe 中使用 group-id。 I need option to fix this in spark 2.4.4.我需要在 spark 2.4.4 中修复此问题的选项。

Any suggestions would be appreciated.任何建议,将不胜感激。

1 个解决方案

解决方案1
 0  2020-10-27 07:58:08

You just need to give the principal you are using to authenticate access to the topic regardless of the consumer group.您只需要提供您正在使用的委托人来验证对主题的访问权限,而不考虑消费者组。 It would look like this:它看起来像这样:

kafka-acls --authorizer-properties zookeeper.connect=zk_ip_or_fqdn:2181  --add  --allow-principal User:"userName" --operation All --topic yourTopicName --group=*

userName (principal name) in your case will be the subject name of your SSL certificate, in the form of "CN=toto,OU=titi,...".您的用户名(主体名称)将是您的 SSL 证书的主题名称,格式为“CN=toto,OU=titi,...”。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用.pem证书和Python进行SSL连接 - SSL Connection Using .pem Certificate With Python 使用Pem证书打开SSL套接字 - Opening a SSL socket using a pem certificate 如何使用pyopenssl生成带有密码的pem密钥和证书? - How to generate pem key and certificate with password using pyopenssl? 卡夫卡 Python SSL 证书 - KAFKA Python SSL Certificate 使用PFX证书的Python请求将不起作用! -OpenSSL.SSL.Error:[('PEM例程']-是否需要PFX到PEM的转换? - Python Requests using PFX certificate wont work ! - OpenSSL.SSL.Error: [('PEM routines'] - PFX to PEM conversion necessary? HTTPS 连接使用 PEM 证书 - HTTPS connection using PEM Certificate 使用加密的PEM客户端证书调用REST API - Calling a REST api with an encrypted PEM client certificate 如何使用公共证书(.pem)作为密钥来计算文本的HMAC(hsa256) - How to calculate the HMAC(hsa256) of a text using a public certificate (.pem) as key Python-SSL客户端/服务器证书 - Python - SSL Client/Server Certificate Python3 - imaplib - 使用 pem 证书解密 - Python3 - imaplib - decrypt using pem certificate
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM