Kafka 使用 TLS 连接 mongoDB 接收器

Question

I set up my mongoDB cluster with TLS authentication.我使用 TLS 身份验证设置了我的 mongoDB 集群。

I can successfully connect on a mongos instance using :我可以使用以下方法成功连接 mongos 实例：

/opt/cluster/stacks/mongoDB/bin/mongosh --tls --host $(hostname).domain.name -tlsCAFile /opt/cluster/security/ssl/cert.pem --port 27017 /opt/cluster/stacks/mongoDB/bin/mongosh --tls --host $(hostname).domain.name -tlsCAFile /opt/cluster/security/ssl/cert.pem --port 27017

I have a Kafka connect mongoDB sink that has the following configuration :我有一个具有以下配置的 Kafka 连接 mongoDB 接收器：

{
  "name": "client-order-request-mongodb-sink",
  "config": {
    "connector.class": "com.mongodb.kafka.connect.MongoSinkConnector",
    "database":"Trading",
    "collection":"ClientOrderRequest",
    "topics":"ClientOrderRequest",
    "connection.uri":"mongodb://hostname1.domain.name:27017,pre-hostname2.domain.name:27017",
    "mongo.errors.tolerance": "all",
    "mongo.errors.log.enable": "true",
    "errors.log.include.messages": "true",
    "writemodel.strategy":"com.mongodb.kafka.connect.sink.writemodel.strategy.ReplaceOneBusinessKeyStrategy",
    "document.id.strategy": "com.mongodb.kafka.connect.sink.processor.id.strategy.PartialValueStrategy",
    "document.id.strategy.overwrite.existing": "true",
    "document.id.strategy.partial.value.projection.type": "allowlist",
    "document.id.strategy.partial.value.projection.list": "localReceiveTime,clientId,orderId"
  }
}

It is working fine if I redeploy mongoDB without authentication, but now when I try to instantiate it with the following curl command :如果我在没有身份验证的情况下重新部署 mongoDB，它工作正常，但是现在当我尝试使用以下 curl 命令实例化它时：

curl -X POST -H "Content-Type: application/json" --data '@connect-task-sink-mongodb-client-order-request.json' $KAFKA_CONNECT_LEADER_NODE/connectors/ curl -X POST -H "Content-Type: application/json" --data '@connect-task-sink-mongodb-client-order-request.json' $KAFKA_CONNECT_LEADER_NODE/connectors/

I have the following error:我有以下错误：

{"error_code":400,"message":"Connector configuration is invalid and contains the following 1 error(s):\nUnable to connect to the server.\nYou can also find the above list of errors at the endpoint /connector-plugins/{connectorType}/config/validate "} {"error_code":400,"message":"连接器配置无效并包含以下 1 个错误：\n无法连接到服务器。\n您还可以在端点/connector-plugins/{connectorType}/config/validate找到上述错误列表/connector-plugins/{connectorType}/config/validate "}

From the mongoDB kafka connect sink documentation I found that I needed to set up global variable of the KAFKA_OPTS so before starting the distributed connect server I do:从mongoDB kafka 连接接收器文档中，我发现我需要设置 KAFKA_OPTS 的全局变量，因此在启动分布式连接服务器之前，我要做：

export KAFKA_OPTS="\
-Djavax.net.ssl.trustStore=/opt/cluster/security/ssl/keystore.jks \
-Djavax.net.ssl.trustStorePassword=\"\" \
-Djavax.net.ssl.keyStore=/opt/cluster/security/ssl/keystore.jks \
-Djavax.net.ssl.keyStorePassword=\"\""

Notice that I put an empty password because when I list the entry of my keystore with:请注意，我输入了一个空密码，因为当我列出我的密钥库的条目时：

keytool -v -list -keystore key.jks keytool -v -list -keystore key.jks

Then I just press enter when the password is prompted.然后我在提示密码时按回车键。

Answer 1

So the issue was that the ssl connection wasn't enabled on the client side.所以问题是客户端没有启用 ssl 连接。

If you want to do so with the mongoDB kafka connect plugin you need to state it in the connection.uri config parameter such as:如果您想使用 mongoDB kafka 连接插件执行此操作，您需要在 connection.uri 配置参数中声明它，例如：

"connection.uri":"mongodb://hostname1.domain.name:27017,pre-hostname2.domain.name:27017/?ssl=true"

Kafka 使用 TLS 连接 mongoDB 接收器

问题描述

1 个解决方案

解决方案1
0 2022-06-24 13:08:34

Kafka 使用 TLS 连接 mongoDB 接收器

问题描述

1 个解决方案

解决方案1 0 2022-06-24 13:08:34

解决方案1
0 2022-06-24 13:08:34