KnowStreaming
KnowStreaming copied to clipboard
didi
KnowStreaming与Zookeeper的SASL认证异常
- [ ] 我已经在 issues 搜索过相关问题了,并没有重复的。
在这里提出你的问题
问题描述:KnowStreaming与Zookeeper的SASL认证异常
参考 接入 ZK 带认证的 Kafka 集群 中"支持 Digest-MD5 认证"配置,由于knowstreaming使用容器化方式部署,使用如下的步骤配置knowstreaming:
1、创建zk_client_jaas.conf文件:
sh-kafka {
org.apache.zookeeper.server.auth.DigestLoginModule required
username="kafka"
password="xxx";
};
2、修改Docker Compose文件,把zk_client_jaas.conf文件挂载到容器中,并配置JAVA_OPTS
version: "2"
services:
knowstreaming-manager:
environment:
JAVA_OPTS: -Xmx1g -Xms1g -Djava.security.auth.login.config=/zk_client_jaas.conf
volumes:
- ./zk_client_jaas.conf:/zk_client_jaas.conf
3、修改mysql数据库中的ks_km_physical_cluster表,添加zk_properties配置
docker exec -it mysql bash
mysql> update ks_km_physical_cluster set zk_properties='{ "openSecure": true,"otherProps": { "zookeeper.sasl.clientconfig": "sh-kafka" } }' where id=1;
环境信息如下:
Zookeeper:3.8.3
Kafka:3.6.1
Java:1.8.0_391-b13
KS:3.3.0
knowstreaming-manager容器的报错信息如下:
2024-01-30 13:51:09.052 ERROR 12 --- [kTP-6-thread-22] c.x.k.s.k.c.u.z.FourLetterWordUtil : method=executeFourLetterCmd||clusterPhyId=1||host=192.168.3.140||port=2181||cmd=srvr||secure=true||timeout=5000||errMsg=exception!
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at com.xiaojukeji.know.streaming.km.common.utils.zookeeper.FourLetterWordUtil.send4LetterWord(FourLetterWordUtil.java:94)
at com.xiaojukeji.know.streaming.km.common.utils.zookeeper.FourLetterWordUtil.executeFourLetterCmd(FourLetterWordUtil.java:48)
at com.xiaojukeji.know.streaming.km.core.service.zookeeper.impl.ZookeeperServiceImpl.getFromZookeeperCluster(ZookeeperServiceImpl.java:150)
at com.xiaojukeji.know.streaming.km.core.service.zookeeper.impl.ZookeeperServiceImpl.listFromZookeeper(ZookeeperServiceImpl.java:53)
at com.xiaojukeji.know.streaming.km.task.kafka.metadata.SyncZookeeperTask.processClusterTask(SyncZookeeperTask.java:33)
at com.xiaojukeji.know.streaming.km.task.kafka.metadata.AbstractAsyncMetadataDispatchTask.lambda$asyncProcessSubTask$0(AbstractAsyncMetadataDispatchTask.java:33)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:505)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
... 14 common frames omitted
2024-01-30 13:51:09.052 INFO 12 --- [kTP-6-thread-22] c.x.k.s.k.c.u.z.FourLetterWordUtil : connecting to 192.168.3.141 2181
2024-01-30 13:51:09.052 INFO 12 --- [kTP-6-thread-22] c.x.k.s.k.c.u.z.FourLetterWordUtil : using secure socket
2024-01-30 13:51:09.063 ERROR 12 --- [kTP-6-thread-22] c.x.k.s.k.c.u.z.FourLetterWordUtil : method=executeFourLetterCmd||clusterPhyId=1||host=192.168.3.141||port=2181||cmd=srvr||secure=true||timeout=5000||errMsg=exception!
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at com.xiaojukeji.know.streaming.km.common.utils.zookeeper.FourLetterWordUtil.send4LetterWord(FourLetterWordUtil.java:94)
at com.xiaojukeji.know.streaming.km.common.utils.zookeeper.FourLetterWordUtil.executeFourLetterCmd(FourLetterWordUtil.java:48)
at com.xiaojukeji.know.streaming.km.core.service.zookeeper.impl.ZookeeperServiceImpl.getFromZookeeperCluster(ZookeeperServiceImpl.java:150)
at com.xiaojukeji.know.streaming.km.core.service.zookeeper.impl.ZookeeperServiceImpl.listFromZookeeper(ZookeeperServiceImpl.java:53)
at com.xiaojukeji.know.streaming.km.task.kafka.metadata.SyncZookeeperTask.processClusterTask(SyncZookeeperTask.java:33)
at com.xiaojukeji.know.streaming.km.task.kafka.metadata.AbstractAsyncMetadataDispatchTask.lambda$asyncProcessSubTask$0(AbstractAsyncMetadataDispatchTask.java:33)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:505)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
... 14 common frames omitted
2024-01-30 13:51:09.063 INFO 12 --- [kTP-6-thread-22] c.x.k.s.k.c.u.z.FourLetterWordUtil : connecting to 192.168.3.142 2181
2024-01-30 13:51:09.063 INFO 12 --- [kTP-6-thread-22] c.x.k.s.k.c.u.z.FourLetterWordUtil : using secure socket
2024-01-30 13:51:09.073 INFO 12 --- [kTP-5-thread-14] c.x.k.s.k.c.sink.AbstractMetricESSender : method=send2es||indexName=ks_kafka_partition_metric||metricsSize=69||msg=send metrics to es
2024-01-30 13:51:09.080 ERROR 12 --- [kTP-6-thread-22] c.x.k.s.k.c.u.z.FourLetterWordUtil : method=executeFourLetterCmd||clusterPhyId=1||host=192.168.3.142||port=2181||cmd=srvr||secure=true||timeout=5000||errMsg=exception!
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at com.xiaojukeji.know.streaming.km.common.utils.zookeeper.FourLetterWordUtil.send4LetterWord(FourLetterWordUtil.java:94)
at com.xiaojukeji.know.streaming.km.common.utils.zookeeper.FourLetterWordUtil.executeFourLetterCmd(FourLetterWordUtil.java:48)
at com.xiaojukeji.know.streaming.km.core.service.zookeeper.impl.ZookeeperServiceImpl.getFromZookeeperCluster(ZookeeperServiceImpl.java:150)
at com.xiaojukeji.know.streaming.km.core.service.zookeeper.impl.ZookeeperServiceImpl.listFromZookeeper(ZookeeperServiceImpl.java:53)
at com.xiaojukeji.know.streaming.km.task.kafka.metadata.SyncZookeeperTask.processClusterTask(SyncZookeeperTask.java:33)
at com.xiaojukeji.know.streaming.km.task.kafka.metadata.AbstractAsyncMetadataDispatchTask.lambda$asyncProcessSubTask$0(AbstractAsyncMetadataDispatchTask.java:33)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:505)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
... 14 common frames omitted
Zookeeper中的报错信息如下:可以看到knowstreaming使用"kafka"的ID已经通过Zookeeper的SASL认证
2024-01-30 13:50:53,552 [myid:] - WARN [NIOWorkerThread-8:o.a.z.s.NIOServerCnxn@388] - Close of session 0x0
java.io.IOException: Len error. A message from /192.168.3.143:50708 with advertised length of 369296128 is either a malformed message or too large to process (length is greater than jute.maxbuffer=1048575)
at org.apache.zookeeper.server.NIOServerCnxn.readLength(NIOServerCnxn.java:557)
at org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:347)
at org.apache.zookeeper.server.NIOServerCnxnFactory$IOWorkRequest.doWork(NIOServerCnxnFactory.java:508)
at org.apache.zookeeper.server.WorkerService$ScheduledWorkRequest.run(WorkerService.java:153)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:750)
2024-01-30 13:50:53,592 [myid:] - WARN [NIOWorkerThread-1:o.a.z.s.NIOServerCnxn@388] - Close of session 0x0
java.io.IOException: Len error. A message from /192.168.3.143:50704 with advertised length of 369296128 is either a malformed message or too large to process (length is greater than jute.maxbuffer=1048575)
at org.apache.zookeeper.server.NIOServerCnxn.readLength(NIOServerCnxn.java:557)
at org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:347)
at org.apache.zookeeper.server.NIOServerCnxnFactory$IOWorkRequest.doWork(NIOServerCnxnFactory.java:508)
at org.apache.zookeeper.server.WorkerService$ScheduledWorkRequest.run(WorkerService.java:153)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:750)
2024-01-30 13:50:53,682 [myid:] - WARN [NIOWorkerThread-5:o.a.z.s.NIOServerCnxn@388] - Close of session 0x0
java.io.IOException: Len error. A message from /192.168.3.143:50718 with advertised length of 369296128 is either a malformed message or too large to process (length is greater than jute.maxbuffer=1048575)
at org.apache.zookeeper.server.NIOServerCnxn.readLength(NIOServerCnxn.java:557)
at org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:347)
at org.apache.zookeeper.server.NIOServerCnxnFactory$IOWorkRequest.doWork(NIOServerCnxnFactory.java:508)
at org.apache.zookeeper.server.WorkerService$ScheduledWorkRequest.run(WorkerService.java:153)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:750)
2024-01-30 13:50:53,879 [myid:] - INFO [CommitProcessor:1:o.a.z.s.q.LearnerSessionTracker@116] - Committing global session 0x100049bc4140002
2024-01-30 13:50:53,948 [myid:] - INFO [NIOWorkerThread-7:o.a.z.s.a.SaslServerCallbackHandler@119] - Successfully authenticated client: authenticationID=kafka; authorizationID=kafka.
2024-01-30 13:50:53,949 [myid:] - INFO [NIOWorkerThread-7:o.a.z.s.a.SaslServerCallbackHandler@135] - Setting authorizedID: kafka
2024-01-30 13:50:53,949 [myid:] - INFO [NIOWorkerThread-7:o.a.z.s.ZooKeeperServer@1738] - Session 0x100049bc4140002: adding SASL authorization for authorizationID: kafka
2024-01-30 13:51:23,309 [myid:] - WARN [NIOWorkerThread-8:o.a.z.s.NIOServerCnxn@388] - Close of session 0x0
java.io.IOException: Len error. A message from /192.168.3.143:50844 with advertised length of 369296128 is either a malformed message or too large to process (length is greater than jute.maxbuffer=1048575)
at org.apache.zookeeper.server.NIOServerCnxn.readLength(NIOServerCnxn.java:557)
at org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:347)
at org.apache.zookeeper.server.NIOServerCnxnFactory$IOWorkRequest.doWork(NIOServerCnxnFactory.java:508)
at org.apache.zookeeper.server.WorkerService$ScheduledWorkRequest.run(WorkerService.java:153)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:750)
KnowStreaming页面上Zookeeper的状态显示异常(Zookeeper实际工作状态正常):
另外对ks_km_physical_cluster表zk_properties字段的openSecure值有些疑问,这是控制是否通过SSL Socket去连接Zookeeper(因为Zookeeper启用了secureClientPort?)执行4字指令的开关,文案里面写的是"是否开启认证",这和Zookeeper的SASL认证有什么关系?
