Juniper NETWORKS Yawo API Software

Bayanin samfur

Ƙayyadaddun bayanai

• Sunan samfur: Paragon Active Assurance
• Shafin: 4.1
• Kwanan Wata: 2023-03-15

Gabatarwa:
Wannan jagorar tana ba da umarni kan yadda ake cire bayanai daga Paragon Active Assurance ta amfani da API ɗin yawo na samfur. Abokin ciniki mai gudana da API an haɗa su a cikin shigarwar Assurance Active Paragon, amma ana buƙatar wasu saiti kafin amfani da API. An rufe tsarin daidaitawa a cikin sashin "Haɓaka API ɗin Yawo".

Ana saita API mai yawo:
Matakan da ke biyowa suna zayyana tsarin don saita API mai yawo:

Ƙarsheview
Kafka wani dandali ne mai yawo na taron da aka ƙera don ɗaukar ainihin lokaci da adana bayanai daga tushe daban-daban. Yana ba da damar gudanar da rafukan taron a cikin rarrabawa, mai daidaitawa, jurewa kuskure, da amintaccen hanya. Wannan jagorar tana mai da hankali kan daidaita Kafka don amfani da fasalin API mai yawo a cikin Cibiyar Kula da Tabbacin Active Paragon.

Kalmomi
API ɗin yawo yana ba abokan ciniki na waje damar dawo da bayanan awo daga Kafka. Ma'auni da Wakilan Gwaji suka tattara yayin gwaji ko aikin sa ido ana aika zuwa sabis ɗin Rafi. Bayan sarrafawa, sabis ɗin Rafi yana buga waɗannan ma'auni akan Kafka tare da ƙarin metadata.

Ana kunna API mai yawo
Don kunna API mai gudana, bi waɗannan matakan:

1. Gudanar da umarni masu zuwa akan uwar garken Cibiyar Sarrafa ta amfani da sudo:

KAFKA_METRICS_ENABLED = Ayyukan sudo ncc na gaskiya yana ba da damar ma'auni na timescaledb sudo ncc sabis ya fara timescaledb metrics sudo ncc sabis na sake farawa

Tabbatar da Cewa API ɗin Yawo yana Aiki a Cibiyar Sarrafa:
Don tabbatar da cewa kuna karɓar ma'auni akan madaidaitan batutuwan Kafka:

1. Shigar da kayan aikin kafkacat tare da umarni masu zuwa:
   sudo apt-samun sabuntawa
   sudo apt-samun shigar kafkacat

2. Sauya "myaccount" tare da gajeren sunan asusun ku a cikin
   Cibiyar Kulawa URL:
   fitarwa METRICS_TOPIC=paa.public.accounts.myaccount.metrics
   fitarwa METADATA_TOPIC=paa.public.accounts.myaccount.metadata

3. Gudun umarni mai zuwa zuwa view awo:
   kafkacat -b ${KAFKA_FQDN}:9092 -t ${METRICS_TOPIC} -C -e
   Lura: Umurnin da ke sama zai nuna ma'auni.
4. Zuwa view metadata, gudanar da umarni mai zuwa:
   kafkacat -b ${KAFKA_FQDN}:9092 -t ${METADATA_TOPIC} -C -e

Lura: Umurnin da ke sama zai nuna metadata, amma ba zai ɗaukaka akai-akai ba.

Abokin ciniki Examples
Domin abokin ciniki examples da ƙarin bayani, koma zuwa shafi na 14 na littafin jagorar mai amfani.

FAQ (Tambayoyin da ake yawan yi)

• Tambaya: Menene Tabbacin Aiki na Paragon?
  A: Paragon Active Assurance samfur ne wanda ke ba da kulawa da damar gwaji.
• Tambaya: Menene API ɗin Yawo?
  A: API mai yawo wani fasali ne a cikin Tabbacin Active Paragon wanda ke ba abokan ciniki na waje damar dawo da bayanan awo daga Kafka.
• Tambaya: Ta yaya zan kunna API mai yawo?
  A: Don kunna API mai yawo, bi matakan da aka zayyana a cikin sashin "Enabling the Streaming API" na littafin jagorar mai amfani.
• Tambaya: Ta yaya zan iya tabbatar da cewa API ɗin yawo yana aiki?
  A: Koma zuwa sashin "Tabbatar Cewa API ɗin Yawo Yana Aiki a Cibiyar Sarrafa" don umarni kan yadda ake tabbatar da aikin API ɗin yawo.

Gabatarwa

Wannan jagorar yana bayyana yadda ake fitar da bayanai daga Paragon Active Assurance ta hanyar API ɗin samfurin.
API ɗin da abokin ciniki mai yawo an haɗa su a cikin shigarwar Tabbacin Active Paragon. Koyaya, ana buƙatar ɗan daidaitawa kafin ku iya amfani da API. An rufe wannan a cikin “Haɓaka API ɗin Yawo” a shafi na 1 babi.

Ƙarsheview
Wannan babin yana bayyana yadda ake saita API mai yawo don ba da damar yin rajista ga saƙonnin awo ta hanyar Kafka.
pr
A ƙasa za mu bi ta:

• Yadda ake kunna API Streaming
• Yadda ake saita Kafka don sauraron abokan ciniki na waje
• Yadda ake saita Kafka don amfani da ACLs da saita ɓoyayyen SSL don abokan cinikin da aka ce

Menene Kafka?
Kafka wani dandali ne mai gudana wanda ke ba da damar kama bayanan da aka aiko daga tushen aukuwa daban-daban (na'urori masu auna bayanai, na'urorin wayar hannu) a cikin nau'ikan rafukan taron, da kuma dawwamammen adana waɗannan rafukan taron don dawo da su daga baya.
Tare da Kafka yana yiwuwa a gudanar da taron yawo karshen-zuwa-ƙarshe a cikin rarrabawa, mai girman gaske, na roba, rashin haƙuri, da amintaccen hanya.

NOTE: Ana iya saita Kafka ta hanyoyi daban-daban kuma an tsara shi don scalability da tsarin aiki. Wannan takaddar tana mai da hankali ne kawai kan yadda ake saita ta don yin amfani da fasalin API mai yawo da aka samu a Cibiyar Kula da Tabbatar da Tabbacin Active Paragon. Don ƙarin saiti na ci gaba muna komawa zuwa takaddun Kafka na hukuma: kafka.apache.org/26/documentation.html.

Kalmomi

• Kafka: Dandali mai gudana.
• Taken Kafka: Tarin abubuwan da suka faru.
• Abokin biyan kuɗi/mabukaci Kafka: Bangaren da ke da alhakin dawo da abubuwan da aka adana a cikin jigon Kafka.
• Dillalin Kafka: Sabar Layer Ma'aji na gungu Kafka.
• SSL/TLS: SSL wata amintacciyar yarjejeniya ce da aka ƙera don aika bayanai amintattu akan Intanet. TLS shine magajin SSL, wanda aka gabatar a cikin 1999.
• SASL: Tsarin da ke ba da hanyoyin tantance mai amfani, bincika amincin bayanai, da ɓoyewa.
• Mai biyan kuɗin API mai yawo: Bangaren da ke da alhakin dawo da abubuwan da aka adana a cikin batutuwan da aka ayyana a cikin Tabbataccen Aiki na Paragon kuma ana nufin samun damar waje.
• Ikon Takaddun shaida: Amintaccen mahalli wanda ke ba da kuma soke takaddun takaddun maɓalli na jama'a.
• Tushen takardar shedar shaida: Takaddun maɓalli na jama'a wanda ke gano Hukumar Takaddun shaida.

Yadda API Streaming ke Aiki
Kamar yadda aka ambata a baya, API ɗin yawo yana ba abokan ciniki na waje damar dawo da bayanai game da awo daga Kafka.

Duk ma'auni da Wakilan Gwaji suka tattara yayin gwaji ko aikin sa ido ana aika su zuwa sabis ɗin Rafi. Bayan lokacin sarrafawa, sabis ɗin Rafi yana buga waɗannan ma'auni akan Kafka tare da ƙarin metadata.

Kafka Topics
Kafka yana da ma'anar batutuwan da aka buga duk bayanai. A cikin Paragon Active Assurance akwai da yawa irin waɗannan batutuwan Kafka akwai; duk da haka, kaso daga cikin waɗannan ana nufin samun damar waje.
Kowane asusun Tabbataccen Aiki na Paragon a Cibiyar Sarrafa yana da batutuwa guda biyu da aka sadaukar. A ƙasa, ACCOUNT shine gajeren suna asusu:

• paa.accounts.{ACCOUNT}.metrics
  • Ana buga duk saƙonnin awo na asusun da aka bayar ga wannan batu
  • Yawancin bayanai
  • Mitar sabuntawa mai girma
• paa.asusun jama'a.{ACCOUNT}.metadata
  • Ya ƙunshi metadata masu alaƙa da bayanan awo, misaliamphar zuwa gwajin, saka idanu ko Wakilin Gwaji masu alaƙa da awo
  • Ƙananan adadin bayanai
  • Ƙananan mitar sabuntawa

Ana kunna API mai yawo

NOTE: Waɗannan umarnin dole ne a gudanar dasu akan uwar garken Cibiyar Sarrafa ta amfani da sudo.

Tunda API mai yawo yana ƙara wasu kan sama zuwa Cibiyar Sarrafa, ba a kunna ta ta tsohuwa. Don kunna API ɗin, dole ne mu fara ba da damar buga awo zuwa Kafka a cikin babban tsari file:

• /etc/netrounds/netrounds.conf

KAFKA_METRICS_ENABLED = Gaskiya

GARGADI: Ƙaddamar da wannan fasalin zai iya tasiri aikin Cibiyar Sarrafa. Tabbatar cewa kun daidaita misalin ku daidai.

Na gaba, don ba da damar isar da waɗannan ma'auni zuwa madaidaitan batutuwan Kafka:

• /etc/netrounds/metrics.yaml

streaming-api: gaskiya

Don kunna da fara ayyukan API mai yawo, gudu:

• sudo ncc sabis yana ba da damar ma'auni na timescaledb
• sudo ncc ayyuka fara timescaledb awo

A ƙarshe, sake kunna ayyukan:

• sudo ncc ayyuka sake farawa

Tabbatar da Cewa API ɗin Yawo yana Aiki a Cibiyar Sarrafa

NOTE: Dole ne a gudanar da waɗannan umarnin akan uwar garken Cibiyar Sarrafa.

Yanzu zaku iya tabbatar da cewa kuna karɓar ma'auni akan madaidaitan batutuwan Kafka. Don yin haka, shigar da kayan aikin kafkacat:

• sudo apt-samun sabuntawa
• sudo apt-samun shigar kafkacat

Idan kuna da gwaji ko saka idanu da ke gudana a Cibiyar Kulawa, yakamata ku iya amfani da kafkacat don karɓar awo da metadata akan waɗannan batutuwa.
Sauya myaccount tare da gajeren sunan asusun ku (wannan shine abin da kuke gani a Cibiyar Sarrafa ku URL):

• fitarwa METRICS_TOPIC=paa.public.accounts.myaccount.metrics
• fitarwa METADATA_TOPIC=paa.public.accounts.myaccount.metadata

Ya kamata ku ga awoyi ta hanyar gudanar da wannan umarni:

• kafkacat -b ${KAFKA_FQDN}:9092 -t ${METRICS_TOPIC} -C -e

Zuwa view metadata, gudanar da umarni mai zuwa (lura cewa wannan ba zai ɗaukaka akai-akai):

• kafkacat -b ${KAFKA_FQDN}:9092 -t ${METADATA_TOPIC} -C -e

NOTE:
kafkacat”Client Examples ”a shafi na 14

Wannan yana tabbatar da cewa muna da API mai gudana mai aiki daga cikin Cibiyar Kulawa. Koyaya, wataƙila kuna sha'awar samun damar bayanai daga abokin ciniki na waje maimakon. Sashe na gaba yana bayanin yadda ake buɗe Kafka don samun damar waje.

Bude Kafka Don Masu Runduna Na Waje

NOTE: Dole ne a gudanar da waɗannan umarnin akan uwar garken Cibiyar Sarrafa.

Ta hanyar tsoho Kafka da ke gudana akan Cibiyar Kulawa an saita shi don sauraron localhost kawai don amfanin cikin gida. Yana yiwuwa a buɗe Kafka don abokan ciniki na waje ta hanyar gyara saitunan Kafka.

Haɗa zuwa Kafka: Caveats

HANKALI: Da fatan za a karanta wannan a hankali, tunda yana da sauƙin shiga cikin batutuwan haɗi tare da Kafka idan ba ku fahimci waɗannan ra'ayoyin ba.

A cikin saitin Cibiyar Kulawa da aka bayyana a cikin wannan takaddar, akwai dillalin Kafka ɗaya kawai.
Koyaya, lura cewa dillalin Kafka yana nufin gudu a matsayin wani ɓangare na rukunin Kafka wanda zai iya ƙunshi dillalan Kafka da yawa.
Lokacin haɗawa zuwa dillalin Kafka, abokin ciniki na Kafka yana saita haɗin farko. A kan wannan haɗin kai dillalin Kafka zai dawo da jerin "masu sauraro da aka tallata", wanda shine jerin dillalan Kafka ɗaya ko fiye.
Lokacin karɓar wannan jeri, abokin ciniki na Kafka zai cire haɗin, sannan ya sake haɗawa da ɗayan waɗannan masu sauraron tallan. Masu sauraron da aka tallata dole ne su ƙunshi sunayen baƙi ko adiresoshin IP waɗanda ke da damar abokin ciniki na Kafka, ko abokin ciniki zai kasa haɗawa.
Idan an yi amfani da ɓoyayyen SSL, wanda ya haɗa da takardar shaidar SSL wanda ke daura da wani sunan mai masauki, yana da mahimmanci cewa abokin ciniki na Kafka ya karɓi adireshin daidai don haɗawa, tunda in ba haka ba ana iya ƙi haɗin.
Kara karantawa game da masu sauraron Kafka a nan: www.confluent.io/blog/kafka-listeners-explained

SSL/TLS boye-boye
Don tabbatar da amintattun abokan ciniki kawai aka ba su damar shiga Kafka da API mai yawo, dole ne mu saita masu zuwa:

• Tabbatarwa: Abokan ciniki dole ne su samar da sunan mai amfani da kalmar wucewa ta hanyar amintacciyar hanyar SSL/TLS tsakanin abokin ciniki da Kafka.
• Izini: Ingantattun abokan ciniki na iya yin ayyukan da ACLs suka tsara.

Anan an gamaview:

*) Tabbatar da sunan mai amfani/kalmar sirri da aka yi akan tashar rufaffen SSL

Don cikakken fahimtar yadda ɓoyewar SSL/TLS ke aiki don Kafka, da fatan za a koma zuwa takaddun hukuma: docs.confluent.io/platform/current/kafka/encryption.html

Takaddar SSL/TLS ta ƙareview

NOTE: A cikin wannan karamin sashe za mu yi amfani da kalmomi masu zuwa:

Takaddun shaida: Takaddun shaida na SSL wanda Hukumar Takaddun shaida (CA) ta sanya hannu. Kowane dillali na Kafka yana da daya.
Maɓalli: Maɓalli file wanda ke adana takardar shaidar. Maɓallin maɓalli file ya ƙunshi maɓallin keɓaɓɓen takardar shaidar; don haka yana bukatar a kiyaye shi lafiya.
Amintaccen kantin sayar da kayayyaki: A file dauke da amintattun takaddun shaida na CA.

Don saita tabbatarwa tsakanin abokin ciniki na waje da Kafka da ke gudana a Cibiyar Kulawa, dole ne bangarorin biyu su sami ma'anar maɓalli tare da takardar shaidar da ke da alaƙa da Hukumar Takaddun shaida (CA) ta sanya hannu tare da tushen takardar shaidar CA.
Baya ga wannan, abokin ciniki kuma dole ne ya kasance yana da rumbun ajiya tare da takaddun tushen CA.
Tushen takardar shaidar CA gama gari ne ga dillalin Kafka da abokin ciniki na Kafka.

Ƙirƙirar Takaddun shaida da ake buƙata
An rufe wannan a cikin “Shafi” a shafi na 17.

Kafka Broker SSL/TLS Kanfigareshan a Cibiyar Sarrafa

NOTE: Dole ne a gudanar da waɗannan umarnin akan uwar garken Cibiyar Sarrafa.

NOTE: Kafin ci gaba, dole ne ka ƙirƙiri maɓallin maɓalli wanda ya ƙunshi takardar shaidar SSL ta bin umarnin a cikin “Shafi” a shafi na 17. Hanyoyin da aka ambata a ƙasa sun fito daga waɗannan umarnin.
Maɓallin maɓalli na SSL a file adana a kan faifai tare da file tsawo .jks.

Da zarar kuna da takaddun takaddun da ake buƙata da aka ƙirƙira don dillalin Kafka da abokin ciniki na Kafka akwai, zaku iya ci gaba ta hanyar daidaita dillalin Kafka da ke gudana a Cibiyar Kulawa. Kuna buƙatar sanin waɗannan abubuwa:

• : Sunan mai masaukin baki na Cibiyar Kulawa; wannan dole ne ya zama mai warwarewa kuma abokan cinikin Kafka za su iya samun su.
• : Kalmar sirrin maɓalli da aka bayar lokacin ƙirƙirar takardar shaidar SSL.
• kuma : Waɗannan su ne kalmomin shiga da kuke son saitawa ga admin da kuma abokin ciniki bi da bi. Lura cewa zaku iya ƙara ƙarin masu amfani, kamar yadda aka nuna a cikin tsohonample.

Shirya ko saka (tare da damar sudo) kaddarorin da ke ƙasa a /etc/kafka/server.properties, saka masu canji na sama kamar yadda aka nuna:

GARGADI: Kar a cire PLAINTEXT://localhost:9092; wannan zai karya ayyukan Cibiyar Kulawa tunda sabis na ciki ba zai iya sadarwa ba.

• …
• # Adireshin da dillalin Kafka ke saurare.
• masu sauraro=PLAINTEXT:/localhost:9092,SASL_SSL://0.0.0.0:9093
• # Waɗannan su ne rundunonin da aka tallata su ga kowane haɗin gwiwar abokin ciniki.
• advertised.listeners=PLAINTEXT://localhost:9092,SASL_SSL:// : 9093…
• ###### # SIRRIN CUSTOM
• # SIFFOFIN SALLAH
• ssl.endpoint.identification.algorithm=
  ssl.keystore.location=/var/ssl/private/kafka.server.keystore.jks
• ssl.keystore.password=
• ssl.key.password=
• ssl.client.auth=babu
• ssl.protocol=TLSv1.2
• # Tsarin SASL
• sasl.enabled.mechanisms=PLAIN
• username = "admin" \
• kalmar sirri =" ” \
• user_admin =" ” \
• user_client=” ”;
• # NOTE ana iya ƙara ƙarin masu amfani tare da mai amfani_ =
• # Izini, kunna ACLs
• authorizer.class.name=kafka.security.authorizer.AclAuthorizer super.users=User: admin

Ƙirƙirar Lissafin Sarrafa Hannu (ACLs)

Kunna ACLs akan localhost

GARGADI: Dole ne mu fara saita ACLs don localhost, ta yadda Cibiyar Kula da kanta ta iya samun damar shiga Kafka. Idan ba a yi haka ba, abubuwa za su karye.

• –authorizer kafka.security.authorizer.AclAuthorizer \
• –authorizer-properties zookeeper.connect=localhost:2181 \
• –add –babban mai amfani: ANONYMOUS –allow-host 127.0.0.1 – tari
• /usr/lib/kafka/bin/kafka-acls.sh
• –authorizer kafka.security.authorizer.AclAuthorizer \
• –authorizer-properties zookeeper.connect=localhost:2181 \
• – ƙara –allow-babban mai amfani: ANONYMOUS –allow-host 127.0.0.1 – topic '*'
• /usr/lib/kafka/bin/kafka-acls.sh
• –authorizer kafka.security.authorizer.AclAuthorizer \
• –authorizer-properties zookeeper.connect=localhost:2181 \
• –add –babban mai amfani: ANONYMOUS –allow-host 127.0.0.1 –rukuni'*'

Sannan muna buƙatar ba da damar ACLs don samun damar karantawa kawai na waje, domin masu amfani da waje su sami damar karanta batutuwan paa.jama'a.*.

### shigarwar ACLs don masu amfani da ba a san su ba /usr/lib/kafka/bin/kafka-acls.sh

NOTE: Don ƙarin iko mai kyau, da fatan za a koma zuwa takaddun Kafka na hukuma.

• –authorizer kafka.security.authorizer.AclAuthorizer \
• –authorizer-properties zookeeper.connect=localhost:2181 \
• –add –allow-principal User:* –aiki karanta –aiki siffanta \ –rukunin 'NCC'
• /usr/lib/kafka/bin/kafka-acls.sh
• –authorizer kafka.security.authorizer.AclAuthorizer \
• –authorizer-properties zookeeper.connect=localhost:2181 \
• –add –allow-principal User:* –aiki karanta –aiki siffanta \ – topic paa.public. -nau'in albarkatun-samfurin-nau'in riga-kafi

Da zarar an gama da wannan, kuna buƙatar sake kunna ayyukan:

### shigarwar ACLs don masu amfani na waje /usr/lib/kafka/bin/kafka-acls.sh \

• sudo ncc ayyuka sake farawa

Don tabbatar da cewa abokin ciniki zai iya kafa amintaccen haɗi, gudanar da umarni mai zuwa akan waje
kwamfuta abokin ciniki (ba akan uwar garken Cibiyar Kulawa ba). A ƙasa, PUBLIC_HOSTNAME shine sunan mai masaukin baki:

• openssl s_client -debug -connect ${PUBLIC_HOSTNAME}:9093 -tls1_2 | grep "Amintacce Sake Tattaunawa IS goyan bayan"

A cikin fitarwar umarni yakamata ku ga takardar shaidar uwar garke da kuma masu zuwa:

• Amintaccen Sake tattaunawa IS yana goyan bayan

Don tabbatar da cewa an ba da dama ga sabis na cikin gida zuwa uwar garken Kafka, da fatan za a duba log ɗin mai zuwafiles:

• /var/log/kafka/server.log
• /var/log/kafka/kafka-authorizer.log

Tabbatar da Haɗin Abokin Ciniki na Waje

kafkatu

NOTE: Waɗannan umarnin dole ne a gudanar dasu akan kwamfutar abokin ciniki (ba akan uwar garken Cibiyar Kulawa ba).
NOTE: Don nuna bayanan awo, tabbatar da cewa aƙalla saka idanu ɗaya yana gudana a Cibiyar Sarrafa.

Don tabbatarwa da tabbatar da haɗin kai azaman abokin ciniki na waje, yana yiwuwa a yi amfani da kayan aikin kafkacat wanda aka shigar a cikin sashin “Tabbatar da Cewa API ɗin Yawo yana Aiki a Cibiyar Sarrafa” a shafi na 4.
Yi matakai masu zuwa:

NOTE: A ƙasa, CLIENT_USER shine mai amfani da aka ƙayyade a baya a cikin file /etc/kafka/server.properties in Control Center: wato, user_client da kalmar sirri da aka saita a can.
Tushen takardar shaidar CA da aka yi amfani da ita don sanya hannu kan takardar shaidar SSL ta gefen uwar garken dole ne ta kasance akan abokin ciniki.

Ƙirƙiri a file client.properties tare da abun ciki mai zuwa:

• security.protocol=SASL_SSL
• ssl.ca.location={PATH_TO_CA_CERT}
• sasl.mechanisms=PLAIN
• sasl.username={CLIENT_USER}
• sasl.password={CLIENT_PASSWORD}

ina

• {PATH_TO_CA_CERT} shine wurin da tushen takardar shaidar CA da dillalin Kafka ke amfani dashi
• {CLIENT_USER} da {CLIENT_PASSWORD} sune masu amfani ga abokin ciniki.

Gudun umarni mai zuwa don ganin saƙon da kafkacat ke cinyewa:

• fitarwa KAFKA_FQDN=
• fitarwa METRICS_TOPIC=paa.public.accounts. .metrics
• kafkacat -b ${KAFKA_FQDN}:9093 -F client.properties -t ${METRICS_TOPIC} -C -e

inda {METRICS_TOPIC} shine sunan taken Kafka tare da prefix "paa.public.".

NOTE: Tsofaffi na kafkacat ba sa samar da zaɓi na -F don karanta saitunan abokin ciniki daga a file. Idan kana amfani da irin wannan sigar, dole ne ka samar da saitunan iri ɗaya daga layin umarni kamar yadda aka nuna a ƙasa.

kafkacat -b ${KAFKA_FQDN}:9093 \

• X security.protocol=SASL_SSL \
• X ssl.ca.location={PATH_TO_CA_CERT} \
• X sasl.mechanisms=PLAIN \
• X sasl.username={CLIENT_USER} \
• X sasl.password={CLIENT_PASSWORD} \
• t ${METRICS_TOPIC} -C -e

Don cire haɗin haɗin, zaku iya amfani da zaɓin -d:

Kashe hanyoyin sadarwar mabukaci
kafkacat -d mabukaci -b ${KAFKA_FQDN}:9093 -F client.properties -t ${METRICS_TOPIC} -C -e
# Gyara hanyoyin sadarwar dillali
kafkacat -d dillali -b ${KAFKA_FQDN}:9093 -F client.properties -t ${METRICS_TOPIC} -C -e

Tabbatar da komawa zuwa takaddun don ɗakin karatu na abokin ciniki na Kafka da ake amfani da shi, kamar yadda kaddarorin na iya bambanta da waɗanda ke cikin abokin ciniki.properties.

Tsarin Saƙo
Saƙonnin da aka yi amfani da su don ma'auni da batutuwan metadata an jera su a cikin sigar ma'auni (protobuf) (duba) developers.google.com/protocol-buffers). Tsare-tsare na waɗannan saƙonnin suna bin tsari mai zuwa:

Metrics Protobuf Schema

• syntax = "proto3";
• shigo da "google/protobuf/timestamp.proto”;
• kunshin paa.streamingapi;
• zaɓi go_package = ".;paa_streamingapi";
• Ma'aunin saƙo {
• google.protobuf.Timestamp lokutaamp = 1;
• taswira dabi'u = 2;
• int32 rafi_id = 3;
• }
• /**
• * Ƙimar awo na iya zama ko dai lamba ko ta iyo.
• */
• sakon MetricValue {
• daya daga nau'in {
• int64 int_val = 1;
• float float_val = 2;
• }
• }

Metadata Protobuf Schema

• syntax = "proto3";
• kunshin paa.streamingapi;
• zaɓi go_package = ".;paa_streamingapi";
• Metadata sako {
• int32 rafi_id = 1;
• string stream_name = 2;
• taswira tags = 13;
• }

Abokin ciniki Examples

NOTE: Waɗannan umarnin an yi niyya don aiki akan abokin ciniki na waje, misaliampko kwamfutar tafi-da-gidanka ko makamancin haka, kuma ba cikin Cibiyar Kulawa ba.
NOTE: Don samun bayanan ma'auni, tabbatar da cewa aƙalla saka idanu ɗaya yana gudana a Cibiyar Sarrafa.

Ƙwallon kwando na Cibiyar Sarrafa ya haɗa da rumbun adana bayanan paa-streaming-api-client-examples.tar.gz (abokin ciniki-examples), wanda ya ƙunshi exampRubutun Python yana nuna yadda ake amfani da API Streaming.

Shigarwa da Haɓaka Client Examples
Kuna samun abokin ciniki-exampa cikin babban fayil na Cibiyar Kula da Assurance Active Paragon:

• fitarwa CC_VERSION=4.1.0
• cd ./paa-control-center_${CC_VERSION}
• ls paa-streaming-api-abokin ciniki-example*

Don shigar abokin ciniki-exampa kan kwamfutar abokin ciniki na waje, ci gaba kamar haka:

• # Ƙirƙiri adireshi don fitar da abun ciki na abokin ciniki tsohonamples kwalta
• mkdir paa-streaming-api-abokin ciniki-examples
• # Cire abun ciki na abokin ciniki examples kwalta
• tar xzf paa-streaming-api-client-examples.tar.gz -C paa-streaming-api-abokin ciniki-examples
• # Jeka sabon kundin adireshi
• cd paa-streaming-api-abokin ciniki-examples

abokin ciniki-examples yana buƙatar Docker don gudu. Ana iya samun saukewa da umarnin shigarwa don Docker a https://docs.docker.com/engine/install.

Amfani da Client Examples
Abokin ciniki-examples kayan aikin na iya aiki a ko dai na asali ko na zamani don gina tsohonamples na bambance-bambancen rikitarwa. A cikin lokuta biyu, yana yiwuwa kuma a gudanar da tsohonamples tare da sanyi file dauke da ƙarin kaddarorin don ƙarin gyare-gyare na gefen abokin ciniki.

Yanayin asali
A cikin ainihin yanayin, awo da metadata suna gudana daban. Don wannan, abokin ciniki yana sauraron kowane batun Kafka da ke akwai don samun damar waje kuma kawai yana buga saƙonnin da aka karɓa zuwa na'ura wasan bidiyo.
Don fara aiwatar da ainihin exampgudu:

• build.sh run-basic -kafka-brokers localhost:9092 -account ACCOUNT_SHORTNAME

inda ACCOUNT_SHORTNAME shine gajeren sunan asusun da kake son samun ma'auni.
Don kawo karshen hukuncin kisa na tsohonample, latsa Ctrl + C. (Za a iya samun ɗan jinkiri kafin aiwatarwar ya tsaya saboda abokin ciniki yana jiran taron ƙarewar lokaci.)

Babban Yanayin

NOTE: Ana nuna ma'auni don masu sa ido na HTTP da ke gudana a Cibiyar Sarrafa.

Kisa a yanayin ci gaba yana nuna alaƙa tsakanin awo da saƙonnin metadata. Wannan shine
mai yiwuwa godiya ga kasancewar kowane saƙon awo na filin id rafi wanda ke nufin saƙon metadata daidai.
Don aiwatar da ci-gaba exampgudu:

• build.sh run-ci gaba -kafka-brokers localhost:9092 -account ACCOUNT_SHORTNAME

inda ACCOUNT_SHORTNAME shine gajeren sunan asusun da kake son samun ma'auni.
Don kawo karshen hukuncin kisa na tsohonample, latsa Ctrl + C. (Za a iya samun ɗan jinkiri kafin aiwatarwar ya tsaya saboda abokin ciniki yana jiran taron ƙarewar lokaci.)

Ƙarin Saituna
Yana yiwuwa a gudanar da exampLes tare da ƙarin daidaitawar abokin ciniki ta amfani da –config-file zabin da a file suna mai ɗauke da kaddarori a cikin maɓallin tsari = ƙima.

• build.sh run-ci gaba \
• –kafka-brokers localhost:9092 \
• -asusu ACCOUNT_SHORTNAME \
• -tsari-file client_config.properties

NOTE: Duk files da aka ambata a cikin umarnin da ke sama dole ne a kasance a cikin kundin adireshi na yanzu kuma a kira su ta amfani da hanyoyin dangi kawai. Wannan ya shafi duka biyu ga –config-file gardama da duk shigarwar a cikin tsarin file cewa siffanta file wurare.

Tabbatar da Tabbacin Abokin Ciniki na Waje
Don inganta amincin abokin ciniki daga wajen Cibiyar Kulawa ta amfani da abokin ciniki-exampdon haka, aiwatar da matakai masu zuwa:

Daga babban fayil ɗin Cibiyar Kula da Assurance Active Active, canza zuwa paa-streaming-api-client-examples folder:

cd paa-streaming-api-abokin ciniki-examples

• Kwafi ca-cert tushen tushen CA cikin kundin adireshi na yanzu.
• Ƙirƙiri abokin ciniki.Properties file tare da abun ciki mai zuwa:

security.protocol=SASL_SSL ssl.ca.location=ca-cert
sasl.mechanism=PLAIN
sasl.username={CLIENT_USER}
sasl.password={CLIENT_PASSWORD}

inda {CLIENT_USER} da {CLIENT_PASSWORD} sune masu amfani ga abokin ciniki.

Gudu na asali exampda:

• fitarwa KAFKA_FQDN=
• build.sh run-basic –kafka-brokers ${KAFKA_FQDN}:9093 \
• -asusu ACCOUNT_SHORTNAME
• -tsari-file abokin ciniki.dukiyoyi

inda ACCOUNT_SHORTNAME shine gajeren sunan asusun da kake son samun ma'auni.

Gudu na gaba exampda:

• fitarwa KAFKA_FQDN=
• build.sh run-ci gaba –kafka-brokers ${KAFKA_FQDN}:9093 \
• -asusu ACCOUNT_SHORTNAME
• -tsari-file abokin ciniki.dukiyoyi

Karin bayani

A cikin wannan ƙarin mun bayyana yadda ake ƙirƙira:

• maɓalli file don adana takardar shaidar SSL dillalin Kafka
• kantin dogara file don adana tushen takaddun shaida (CA) da aka yi amfani da shi don sanya hannu kan takardar shaidar dillali ta Kafka.

Ƙirƙirar Takaddar Dillalan Kafka
Ƙirƙirar Takaddun shaida Ta Amfani da Hukuncin Takaddun Shaida na Gaskiya (An Shawarar)
Ana ba da shawarar cewa ku sami ainihin takardar shaidar SSL daga amintaccen CA.
Da zarar ka yanke shawara a kan CA, kwafi ca-cert tushen takardar shaidar su file zuwa hanyar ku kamar yadda aka nuna a kasa:

• fitarwa CA_PATH=~/my-ca
• mkdir ${CA_PATH}
• cp ca-cert ${CA_PATH}

Ƙirƙiri Hukumar Takaddun Shaida ta Kanku

NOTE: A al'ada ya kamata ka sami sa hannun takardar shaidarka ta ainihin Hukumar Takaddun shaida; duba sashin da ya gabata. Abin da ke biyo baya shine kawai tsohonample.

Anan mun ƙirƙiri takaddun shaida na Hukumar Takaddun shaida (CA). file yana aiki na kwanaki 999 (ba a ba da shawarar samarwa ba):

• # Ƙirƙiri adireshi don adana CA
• fitarwa CA_PATH=~/my-ca
• mkdir ${CA_PATH}
• # Ƙirƙirar takardar shaidar CA
• openssl req -new -x509 -keyout ${CA_PATH}/ca-key -out ${CA_PATH}/ca-cert -days 999

Ƙirƙirar kantin Amintaccen Abokin Ciniki
Yanzu zaku iya ƙirƙirar kantin sayar da amana file wanda ya ƙunshi ca-cert da aka samar a sama. Wannan file abokin Kafka zai buƙaci wanda zai sami damar API mai yawo:

• keytool -keystore kafka.client.truststore.jks \
  • wanda aka fi sani da CARoot
  • shigo da kaya -file ${CA_PATH}/ca-cert

Yanzu da takardar shaidar CA ta kasance a cikin rumbun ajiya, abokin ciniki zai amince da kowace takardar shaidar da aka sanya hannu da ita.
Ya kamata ku kwafi file kafka.client.truststore.jks zuwa sanannen wuri a kan kwamfutarka abokin ciniki da kuma nuna shi a cikin saitunan.

Ƙirƙirar Maɓalli don Dillalin Kafka
Don samar da takardar shaidar SSL ta Kafka dillali sannan kuma maɓalli na kafka.server.keystore.jks, ci gaba kamar haka:

Samar da Takaddun shaida na SSL
A ƙasa, 999 shine adadin kwanakin ingancin maɓallin maɓalli, kuma FQDN shine cikakken sunan yanki na abokin ciniki (sunan rundunar jama'a na kumburi).

NOTE: Yana da mahimmanci cewa FQDN ya dace da ainihin sunan mai masaukin da abokin Kafka zai yi amfani da shi don haɗawa zuwa Cibiyar Kulawa.

• sudo mkdir -p /var/ssl/private
• sudo chown -R $ USER: /var/ssl/private
• cd /var/ssl/private
• fitarwa FQDN= keytool -keystore kafka.server.keystore.jks \
• – uwar garke mai lakabi
• - inganci 999 \
• - genkey -keyalg RSA -ext SAN=dns:${FQDN}

Ƙirƙiri buƙatun sa hannu na takaddun shaida kuma adana shi a cikin file mai suna cert-server-request:

• keytool -keystore kafka.server.keystore.jks \
  • – uwar garke mai lakabi
  • - cetar \
  • – file buqatar sabar-server

Ya kamata ku aika yanzu file cert-server-request to your Certificate Authority (CA) idan kana amfani da na gaske daya. Sannan za su mayar da takardar shaidar da aka sanya hannu. Za mu koma ga wannan azaman sa hannun sabbabin sabar a ƙasa.

Shiga Takaddun shaida na SSL Amfani da Takaddun shaida na CA wanda ya ƙirƙira da kansa

NOTE: Bugu da ƙari, yin amfani da CA naka ba a ba da shawarar ba a cikin tsarin samarwa.

Shiga takardar shaidar ta amfani da CA ta hanyar file buƙatun uwar garken, wanda ke samar da takardar shedar sa hannun sa hannun uwar garken. Duba ƙasa; ca-password shine kalmar sirri da aka saita lokacin ƙirƙirar takardar shaidar CA.

• cd / var / ssl / masu zaman kansu openssl x509 -req \
  • – CA ${CA_PATH}/ca-cert \
  • – Cakey ${CA_PATH}/ca-key \
  • – a cert-server-request \
  • – fitar da sa hannun sabar uwar garken \
  • - kwanaki 999 - CAcreateserial \
  • Passin pass: {ca-password}

Ana shigo da Takaddun Sa hannu a cikin Maɓalli

Shigo da tushen takardar shaidar ca-cert cikin maɓalli:

• keytool -keystore kafka.server.keystore.jks \
  • - sunan da ake kira ca-cert \
  • - shigo da \
  • – file ${CA_PATH}/ca-cert

Shigo da sa hannun takardar shedar da ake magana a kai a matsayin sa hannun sabbabin sabbabin:

• keytool -keystore kafka.server.keystore.jks \
  • – uwar garke mai lakabi
  • - shigo da \
  • – file sa hannun sabbabin sabar

The file kafka.server.keystore.jks ya kamata a kwafi zuwa sanannen wuri akan uwar garken Cibiyar Kulawa, sannan a koma cikin /etc/kafka/server.properties.

Amfani da API Streaming

A WANNAN SASHE

• Gabaɗaya | 20
• Kafka Take Names | 21
• Examples na Amfani da API mai yawo | 21

Gabaɗaya
API ɗin yawo yana ɗaukar duka gwaji da saka idanu bayanai. Ba zai yiwu a ware ɗaya daga cikin waɗannan nau'ikan ba.
API ɗin yawo ba ya debo bayanai daga gwajin tushen rubutun (waɗanda ke wakilta ta rectangle maimakon guntun jigsaw a cikin Cibiyar Kulawa GUI), kamar gwaje-gwajen kunna sabis na Ethernet da gwaje-gwajen nuna gaskiya.

Kafka Take Names
Sunayen taken Kafka na API mai yawo sune kamar haka, inda %s shine gajeren sunan asusun Cibiyar Sarrafa (an nuna lokacin ƙirƙirar asusun):

• const (
• ExporterName = "kafka"
• metadataTopicTpl = "paa.public.accounts.%s.metadata" metricsTopicTpl = "paa.public.accounts.%s.metrics" )

ExampAmfani da API Streaming
The exampAna samun abubuwan da ke biyo baya a cikin tarball paa-streaming-api-client-examples.tar.gz yana ƙunshe a cikin Cibiyar Kula da kwalta.
Na farko, akwai asali exampnuna yadda awo da metadata ke gudana daban kuma kawai buga saƙonnin da aka karɓa zuwa na'ura wasan bidiyo. Kuna iya gudanar da shi kamar haka:

• sudo ./build.sh run-basic -kafka-brokers localhost:9092 -account ACCOUNT_SHORTNAME

Akwai kuma wanda ya fi ci gabaampinda ake danganta awo da saƙonnin metadata. Yi amfani da wannan umarni don gudanar da shi:

• sudo ./build.sh run-ci gaba -kafka-brokers localhost:9092 -account ACCOUNT_SHORTNAME

Kuna buƙatar amfani da sudo don gudanar da umarnin Docker kamar waɗanda ke sama. Optionally, zaku iya bin matakan shigarwa bayan Linux don samun damar gudanar da umarnin Docker ba tare da sudo ba. Don cikakkun bayanai, je zuwa docs.docker.com/engine/install/linux-postinstall.

Juniper Networks, alamar Juniper Networks, Juniper, da Junos alamun kasuwanci ne masu rijista na Juniper Networks, Inc. a Amurka da wasu ƙasashe. Duk sauran alamun kasuwanci, alamun sabis, alamun rajista, ko alamun sabis masu rijista mallakin masu su ne. Juniper Networks ba ta da alhakin kowane kuskure a cikin wannan takaddar. Juniper Networks suna da haƙƙin canzawa, gyaggyarawa, canja wuri, ko kuma sake duba wannan ɗaba'ar ba tare da sanarwa ba. Haƙƙin mallaka © 2023 Juniper Networks, Inc. Duk haƙƙin mallaka.

Takardu / Albarkatu

Juniper NETWORKS Yawo API Software [pdf] Jagorar mai amfani API Software mai yawo, API Software, Software

Magana

• Manual mai amfani