Kafka 配置 PKCS12 `ssl.keystore.location=user.p12` 无需访问本地文件系统
[英]Kafka Configure PKCS12 `ssl.keystore.location=user.p12` without access to local file system
问题描述
I can successfully connect to an SSL secured Kafka cluster with the following client properties:
我可以成功连接到具有以下客户端属性的 SSL 安全 Kafka 集群:
security.protocol=SSL
ssl.truststore.type=PKCS12
ssl.truststore.location=ca.p12
ssl.truststore.password=<redacted>
ssl.keystore.type=PKCS12
ssl.keystore.location=user.p12
ssl.keystore.password=<redacted>
However, I'm writing a Java app that is running in a managed cloud environment, where I don't have access to the file system.但是,我正在编写一个在托管云环境中运行的 Java 应用程序,我无法访问文件系统。 So I can't just give it a local file path to.p12 files.所以我不能只给它一个本地文件路径到.p12 文件。
Are there any other alternatives, like using loading from S3, or from memory, or from a JVM classpath resource?是否还有其他替代方法,例如使用从 S3、memory 或 JVM 类路径资源加载?
Specifically, this is a Flink app running on Amazon's Kinesis Analytics Managed Flink cluster service.具体来说,这是一个运行在 Amazon 的 Kinesis Analytics Managed Flink 集群服务上的 Flink 应用程序。
2 个解决方案
解决方案1
0 2021-12-16 20:38:31
Sure, you can download whatever you want from wherever before you give a properties object to a KafkaConsumer.当然,在将属性 object 提供给 KafkaConsumer 之前,您可以从任何地方下载任何您想要的东西。 However, the user running the Java process will need some access to the local filesystem in order to download files.但是,运行 Java 进程的用户需要访问本地文件系统才能下载文件。
I think packaging the files as part of your application JAR makes more sense, however, I don't know an easy way to refer to a classpath resource as if it were a regular filesystem path.我认为将文件打包为应用程序 JAR 的一部分更有意义,但是,我不知道一种简单的方法来引用类路径资源,就好像它是常规文件系统路径一样。 If the code runs in YARN cluster, you can try using yarn.provided.lib.dirs option when submitting as well如果代码在 YARN 集群中运行,您也可以在提交时尝试使用yarn.provided.lib.dirs选项
解决方案2
0 2022-06-21 16:29:47
I used a workaround tempoarily, upload your certificates to a fileshare and make your application, during initialization, dowload the certificates from the file share and save it to the location of choice like /home/site/ca.p12 then kakfa properties should read... ssl.truststore.location=/home/site/ca.p12...我暂时使用了一种解决方法,将您的证书上传到文件共享并让您的应用程序在初始化期间从文件共享下载证书并将其保存到选择的位置,例如 /home/site/ca.p12 然后 kakfa 属性应该读取。 .. ssl.truststore.location=/home/site/ca.p12...
Here are few lines of code to help you download and save your certificate.这里有几行代码可以帮助您下载和保存您的证书。
// Create the Azure Files client.
CloudFileClient fileClient = storageAccount.createCloudFileClient();
// Get a reference to the file share
CloudFileShare share = fileClient.getShareReference("[SHARENAME]");
// Get a reference to the root directory for the share.
CloudFileDirectory rootDir = share.getRootDirectoryReference();
// Get a reference to the directory where the file to be deleted is in
CloudFileDirectory containerDir = rootDir.getDirectoryReference("[DIRECTORY]");
CloudFile file = containerDir.getFileReference("[FILENAME]");
file.downloadToFile("/home/site/ca.p12");
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.