ʻO Juniper NETWORKS Streaming API Software

ʻIke Huahana

Nā kikoʻī

• Inoa Huahana: Paragon Active Assurance
• Manaʻo: 4.1
• Ka lā i hoʻopuka ʻia: 2023-03-15

Hoʻolauna:
Hāʻawi kēia alakaʻi i nā ʻōlelo aʻo e pili ana i ka unuhi ʻana i ka ʻikepili mai ka Paragon Active Assurance me ka hoʻohana ʻana i ka API streaming o ka huahana. Hoʻokomo ʻia ka mea kūʻai streaming a me ka API i ka hoʻonohonoho ʻana o Paragon Active Assurance, akā pono kekahi hoʻonohonoho ma mua o ka hoʻohana ʻana i ka API. Ua uhi ʻia ke kaʻina hana hoʻonohonoho ma ka ʻāpana "Configuring the Streaming API".

Ke hoʻonohonoho ʻana i ka API no ke kahawai:
Hōʻike kēia mau ʻanuʻu i ke kaʻina hana no ka hoʻonohonoho ʻana i ka API streaming:

Pauview
ʻO Kafka kahi kahua hoʻoheheʻe hanana i hoʻolālā ʻia no ka hopu ʻana a me ka mālama ʻana i ka ʻikepili mai nā kumu like ʻole. Hiki iā ia ke hoʻokele i nā kahawai hanana ma ke ʻano puʻupuʻu, scalable, hoʻomanawanui hewa, a palekana. Kuhi kēia alakaʻi i ka hoʻonohonoho ʻana iā Kafka e hoʻohana i ka hiʻohiʻona Streaming API ma Paragon Active Assurance Control Center.

ʻōlelo ʻōlelo
Hāʻawi ka Streaming API i nā mea kūʻai aku o waho e kiʻi i ka ʻike metric mai Kafka. Hoʻouna ʻia nā metric i hōʻiliʻili ʻia e nā ʻĀpana Hoʻāʻo i ka wā o ka hoʻāʻo a i ʻole ka hana nānā ʻana i ka lawelawe Stream. Ma hope o ka hana ʻana, hoʻopuka ka lawelawe Stream i kēia mau ana ma Kafka me nā metadata hou.

E ho'ā ana i ka Streaming API
No ka hiki i ka Streaming API, e hahai i kēia mau ʻanuʻu:

1. E holo i kēia mau kauoha ma ka kikowaena Control Center me ka hoʻohana ʻana i sudo:

KAFKA_METRICS_ENABLED = Hiki i nā lawelawe sudo ncc ʻoiaʻiʻo ke hoʻomaka i nā metric timescaledb.

E hōʻoia ana i ka hana ʻana o ka Streaming API ma ka Center Control:
No ka hōʻoia ʻana e loaʻa ana iā ʻoe nā ana ma nā kumuhana Kafka pololei:

1. E hoʻouka i ka pono kafkacat me kēia mau kauoha:
   sudo apt-loaʻa hou
   sudo apt-e hoʻokomo i kafkacat

2. E hoʻololi i ka "myaccount" me ka inoa pōkole o kāu moʻokāki ma ka
   Kikowaena Manao URL:
   hoʻokuʻu aku i ka METRICS_TOPIC=paa.public.accounts.myaccount.metrics
   hoʻokuʻu aku iā METADATA_TOPIC=paa.public.accounts.myaccount.metadata

3. E holo i keia kauoha i view anana:
   kafkacat -b ${KAFKA_FQDN}:9092 -t ${METRICS_TOPIC} -C -e
   Nānā: E hōʻike ana ke kauoha i luna i nā ana.
4. I ka view metadata, holo i kēia kauoha:
   kafkacat -b ${KAFKA_FQDN}:9092 -t ${METADATA_TOPIC} -C -e

Nānā: E hōʻike ana ke kauoha i luna i ka metadata, akā ʻaʻole ia e hoʻonui pinepine.

Client Examples
No ka examples a me ka ʻike hou aku, e nānā i ka ʻaoʻao 14 o ka manual user.

FAQ (Nīnau pinepine)

• Nīnau: He aha ka Paragon Active Assurance?
  A: ʻO Paragon Active Assurance kahi huahana e hāʻawi i ka nānā a me ka hoʻāʻo ʻana.
• Nīnau: He aha ka Streaming API?
  A: He hiʻohiʻona ka Streaming API ma Paragon Active Assurance e hiki ai i nā mea kūʻai mai waho ke kiʻi i ka ʻike metric mai Kafka.
• Nīnau: Pehea e hiki ai iaʻu ke hoʻohana i ka Streaming API?
  A: I mea e hiki ai i ka Streaming API, e hahai i nā ʻanuʻu i hōʻike ʻia ma ka ʻāpana "Enable the Streaming API" o ka manual user.
• Nīnau: Pehea e hiki ai iaʻu ke hōʻoia e hana ana ka Streaming API?
  A: E nānā i ka ʻāpana "E hōʻoia ana i ka hana ʻana o ka Streaming API ma ka Center Control" no nā ʻōlelo aʻoaʻo e pili ana i ka hōʻoia ʻana i ka hana o ka Streaming API.

Hoʻolauna

Hōʻike kēia alakaʻi i ka unuhi ʻana i ka ʻikepili mai ka Paragon Active Assurance ma o ka API streaming o ka huahana.
Hoʻokomo ʻia ka API a me ka mea kūʻai aku streaming i ka hoʻonohonoho ʻana o Paragon Active Assurance. Eia naʻe, pono ka hoʻonohonoho ʻana ma mua o ka hiki ke hoʻohana i ka API. Ua uhi ʻia kēia ma ka "Configuring the Streaming API" ma ka ʻaoʻao 1 mokuna.

Pauview
Hōʻike kēia mokuna pehea e hoʻonohonoho ai i ka Streaming API e ʻae i ke kau inoa ʻana i nā memo metric ma o Kafka.
pr
Ma lalo nei mākou e hele ai:

• Pehea e hiki ai i ka Streaming API
• Pehea e hoʻonohonoho ai iā Kafka e hoʻolohe i nā mea kūʻai aku o waho
• Pehea e hoʻonohonoho ai iā Kafka e hoʻohana i nā ACL a hoʻonohonoho i ka hoʻopili SSL no nā mea kūʻai aku

He aha ʻo Kafka?
ʻO Kafka kahi kahua hoʻoheheʻe hanana e hiki ai ke hopu i ka ʻikepili i hoʻouna ʻia mai nā kumu hanana like ʻole (sensors, databases, mobile device) ma ke ʻano o nā kahawai hanana, a me ka mālama paʻa ʻana o kēia mau kahawai hanana no ka hoʻihoʻi hou ʻana a me ka hoʻoponopono ʻana.
Me Kafka hiki iā ia ke hoʻokele i ka hanana e kahe ana i ka hopena i ka hopena ma ke ʻano puʻupuʻu, hiki ke hoʻonui ʻia, elastic, hoʻomanawanui hewa, a palekana.

MANAʻO: Hiki ke hoʻonohonoho ʻia ʻo Kafka ma nā ʻano like ʻole a ua hoʻolālā ʻia no ka scalability a me nā ʻōnaehana redundant. Kuhi wale kēia palapala i ka hoʻonohonoho ʻana iā ia e hoʻohana i ka hiʻohiʻona Streaming API i loaʻa ma Paragon Active Assurance Control Center. No nā hoʻonohonoho holomua ʻē aʻe mākou e nānā i ka palapala Kafka mana: kafka.apache.org/26/documentation.html.

ʻōlelo ʻōlelo

• Kafka: kahua hoʻoheheʻe hanana hanana.
• Kaupapa Kafka: ʻOhi o nā hanana.
• Kafka mea kākau/mea kūʻai: He mea kuleana no ka hoʻihoʻi ʻana i nā hanana i mālama ʻia ma kahi kumuhana Kafka.
• Kafka broker: Ke kikowaena papa waihona o kahi pūʻulu Kafka.
• SSL/TLS: ʻO SSL kahi protocol palekana i kūkulu ʻia no ka hoʻouna paʻa ʻana i ka ʻike ma luna o ka Pūnaewele. ʻO TLS ka mea pani o SSL, i hoʻokomo ʻia ma 1999.
• SASL: Ka hana e hāʻawi ana i nā mīkini no ka hōʻoia ʻana o ka mea hoʻohana, ka nānā pono ʻana i ka ʻikepili, a me ka hoʻopili ʻana.
• Ka mea kākau inoa ʻo Streaming API: ʻO ka mea kuleana no ka hoʻihoʻi ʻana i nā hanana i mālama ʻia i nā kumuhana i wehewehe ʻia ma Paragon Active Assurance a i manaʻo ʻia no ke komo ʻana i waho.
• Mana Palapala: He hui hilinaʻi e hoʻopuka a hoʻopau i nā palapala kī kī lehulehu.
• Palapala Aʻa Mana Mana: Palapala kī lehulehu e hōʻike ana i kahi Mana Palapala.

Pehea e holo ai ka API Streaming
E like me ka mea i haʻi mua ʻia, ʻae ka Streaming API i nā mea kūʻai aku o waho e kiʻi i ka ʻike e pili ana i nā metric mai Kafka.

Hoʻouna ʻia nā ana a pau i hōʻiliʻili ʻia e nā ʻĀpana Hoʻāʻo i ka wā o ka hoʻāʻo a i ʻole ka hana nānā ʻana i ka lawelawe Stream. Ma hope o ke kaʻina hana, hoʻopuka ka lawelawe Stream i kēlā mau ana ma Kafka me nā metadata hou.

Kumuhana Kafka
Loaʻa iā Kafka ka manaʻo o nā kumuhana i paʻi ʻia nā ʻikepili āpau. Ma Paragon Active Assurance he nui nā kumuhana Kafka i loaʻa; akā naʻe, ʻo kahi hapa o kēia mau mea i manaʻo ʻia no ke komo ʻana i waho.
ʻO kēlā me kēia moʻokāki Paragon Active Assurance ma Control Center he ʻelua kumuhana i hoʻolaʻa ʻia. Ma lalo iho nei, ʻo ACCOUNT ka inoa pōkole moʻokāki:

• paa.public.accounts.{ACCOUNT}.metrics
  • Hoʻopuka ʻia nā memo metric a pau no ka moʻokāki i hāʻawi ʻia i kēia kumuhana
  • Ka nui o ka ʻikepili
  • Kiʻekiʻe hoʻonui pinepine
• paa.public.accounts.{ACCOUNT}.metadata
  • Loaʻa ka metadata pili i ka ʻikepili metrics, no ka exampe ka ho'āʻo, ka nānā 'ana a i 'ole ka 'Agent Test e pili ana me nā ana
  • Nā helu liʻiliʻi o ka ʻikepili
  • Haʻahaʻa hōʻano pinepine

E ho'ā ana i ka Streaming API

HOOLAHA: E holo ana kēia mau ʻōlelo kuhikuhi ma ka kikowaena Control Center me sudo.

Ma muli o ka hoʻohui ʻana o ka Streaming API i kahi ma luna o ka Center Control, ʻaʻole hiki ke hoʻohana ʻia e ka paʻamau. No ka hoʻohana ʻana i ka API, pono mākou e ʻae mua i ka hoʻopuka ʻana i nā metric iā Kafka ma ka hoʻonohonoho nui file:

• /etc/netrounds/netrounds.conf

KAFKA_METRICS_ENABLED = ʻOiaʻiʻo

'Ōlelo Aʻo: ʻO ka hoʻā ʻana i kēia hiʻohiʻona e pili ana i ka hana o ka Center Center. E hōʻoia ua ana ʻoe i kāu mea hoʻohālike e like me ia.

A laila, e hiki ai ke hoʻouna i kēia mau ana i nā kumuhana Kafka pololei:

• /etc/netrounds/metrics.yaml

streaming-api: ʻoiaʻiʻo

No ka hiki a hoʻomaka i nā lawelawe Streaming API, holo:

• Hiki i nā lawelawe sudo ncc ke hoʻohana i nā metric timescaledb
• Hoʻomaka nā lawelawe sudo ncc i nā metric timescaledb

ʻO ka hope, hoʻomaka hou i nā lawelawe:

• hoʻomaka hou nā lawelawe sudo ncc

E hōʻoia ana i ka hana ʻana o ka Streaming API ma ka Center Control

MANAʻO: Pono e holo kēia mau ʻōlelo aʻoaʻo ma ka kikowaena Control Center.

Hiki iā ʻoe ke hōʻoia i ka loaʻa ʻana o nā metric ma nā kumuhana Kafka pololei. No ka hana ʻana pēlā, e hoʻokomo i ka pono kafkacat:

• sudo apt-loaʻa hou
• sudo apt-e hoʻokomo i kafkacat

Inā loaʻa iā ʻoe kahi hoʻāʻo a nānā paha e holo ana ma Control Center, pono ʻoe e hoʻohana i kafkacat e loaʻa i nā metric a me nā metadata ma kēia mau kumuhana.
E hoʻololi i kaʻu moʻokāki me ka inoa pōkole o kāu moʻokāki (ʻo ia ka mea āu e ʻike ai ma kāu Center Center URL):

• hoʻokuʻu aku i ka METRICS_TOPIC=paa.public.accounts.myaccount.metrics
• hoʻokuʻu aku iā METADATA_TOPIC=paa.public.accounts.myaccount.metadata

Pono ʻoe e ʻike i nā metric ma ka holo ʻana i kēia kauoha:

• kafkacat -b ${KAFKA_FQDN}:9092 -t ${METRICS_TOPIC} -C -e

I ka view metadata, e holo i kēia kauoha (e hoʻomaopopo ʻaʻole e hoʻonui pinepine kēia):

• kafkacat -b ${KAFKA_FQDN}:9092 -t ${METADATA_TOPIC} -C -e

MANAʻO:
kafkacat” Client Examples” ma ka ʻaoʻao 14

Hōʻoia kēia i loaʻa iā mākou kahi API Streaming e hana nei mai loko o Control Center. Eia nō naʻe, makemake paha ʻoe e komo i ka ʻikepili mai kahi mea kūʻai aku ma waho. Hōʻike ka ʻāpana aʻe i ka wehe ʻana iā Kafka no ke komo ʻana i waho.

E wehe ana i ka Kafka no nā mea hoʻokipa o waho

MANAʻO: Pono e holo kēia mau ʻōlelo aʻoaʻo ma ka kikowaena Control Center.

Ma ka maʻamau, ua hoʻonohonoho ʻia ʻo Kafka e holo ana ma ka Center Control e hoʻolohe wale ma localhost no ka hoʻohana kūloko. Hiki ke wehe iā Kafka no nā mea kūʻai aku o waho ma ka hoʻololi ʻana i nā hoʻonohonoho Kafka.

Hoʻopili iā Kafka: Caveats

ALOHA: E ʻoluʻolu e heluhelu pono i kēia, no ka mea he maʻalahi ke holo i nā pilikia pili me Kafka inā ʻaʻole ʻoe maopopo i kēia mau manaʻo.

Ma ka hoʻonohonoho Control Center i wehewehe ʻia ma kēia palapala, aia hoʻokahi wale nō Kafka broker.
Eia naʻe, e hoʻomanaʻo i ka holo ʻana o kahi mea kūʻai aku Kafka ma ke ʻano he ʻāpana o kahi pūʻulu Kafka i loaʻa paha i nā mea kālepa Kafka he nui.
I ka hoʻohui ʻana i kahi mea kūʻai aku Kafka, hoʻonohonoho ʻia kahi pilina mua e ka mea kūʻai aku Kafka. Ma luna o kēia pili, e hoʻihoʻi ka mea hoʻolimalima Kafka i kahi papa inoa o nā "hoʻolohe hoʻolaha", ʻo ia ka papa inoa o hoʻokahi a ʻoi aku paha nā mea hoʻolaha Kafka.
I ka loaʻa ʻana o kēia papa inoa, e kāpae ka mea kūʻai aku Kafka, a laila e hoʻopili hou i kekahi o kēia mau mea hoʻolohe hoʻolaha. Pono nā mea hoʻolohe i hoʻolaha ʻia i nā inoa hoʻokipa a i ʻole nā ​​helu IP i hiki ke loaʻa i ka mea kūʻai aku Kafka, a i ʻole e hoʻopili ʻia ka mea kūʻai aku.
Inā hoʻohana ʻia ka hoʻopunipuni SSL, e pili ana i kahi palapala SSL i hoʻopaʻa ʻia i kahi inoa hoʻokipa, ʻoi aku ka nui o ka loaʻa ʻana o ka mea kūʻai aku Kafka i ka helu kūpono e hoʻopili ai, no ka mea inā ʻaʻole e hōʻole ʻia ka pilina.
E heluhelu hou e pili ana i nā mea hoʻolohe Kafka ma aneʻi: www.confluent.io/blog/kafka-listeners-explained

Hoʻopili SSL/TLS
I mea e ʻae ʻia nā mea kūʻai hilinaʻi wale nō e komo iā Kafka a me ka Streaming API, pono mākou e hoʻonohonoho i kēia:

• Hōʻoiaʻiʻo: Pono nā mea kūʻai aku e hāʻawi i ka inoa inoa a me ka ʻōlelo huna ma o kahi pilina paʻa SSL/TLS ma waena o ka mea kūʻai aku a me Kafka.
• ʻAe ʻia: Hiki i nā mea kūʻai i hōʻoia ʻia ke hana i nā hana i hoʻoponopono ʻia e nā ACL.

Eia kahi pauview:

*) Hoʻohana ʻia ka inoa mea hoʻohana/ʻōlelo huna ma kahi kahawai SSL-encrypted

No ka hoʻomaopopo piha ʻana i ka hana ʻana o ka hoʻopunipuni SSL/TLS no Kafka, e ʻoluʻolu e nānā i ka palapala mana: docs.confluent.io/platform/current/kafka/encryption.html

Hoʻopau ka palapala SSL/TLSview

MANAʻO: Ma kēia ʻāpana e hoʻohana mākou i nā huaʻōlelo penei:

Palapala: He palapala SSL i kakau inoa ia e ka Mana Mana (CA). Loaʻa i kēlā me kēia mea kālepa Kafka.
hale kūʻai kī: Ka hale kūʻai kī file e mālama ana i ka palapala hōʻoia. ʻO ka hale kūʻai kī file aia ke kī pilikino o ka palapala hōʻoia; no laila, pono e mālama pono.
hale kūʻai hilinaʻi: A file loaʻa nā palapala CA hilinaʻi.

No ka hoʻonohonoho ʻana i ka hōʻoia ma waena o kahi mea kūʻai aku waho a me Kafka e holo ana ma Control Center, pono e loaʻa i nā ʻaoʻao ʻelua kahi hale kūʻai kī i wehewehe ʻia me kahi palapala pili i pūlima ʻia e kahi Certificate Authority (CA) me ka palapala kumu CA.
Ma waho aʻe o kēia, pono e loaʻa i ka mea kūʻai kahi hale kūʻai hilinaʻi me ka palapala aʻa CA.
He mea maʻamau ka palapala aʻa CA i ka mea kūʻai kālā Kafka a me ka mea kūʻai aku ʻo Kafka.

Ke hana ʻana i nā palapala i koi ʻia
Ua uhi ʻia kēia ma ka “Appendix” ma ka ʻaoʻao 17.

Kafka Broker SSL/TLS hoʻonohonoho i loko o ka Center Center

MANAʻO: Pono e holo kēia mau ʻōlelo aʻoaʻo ma ka kikowaena Control Center.

MANAʻO: Ma mua o ka hoʻomauʻana, ponoʻoe e hana i ka hale kūʻai kī i loaʻa ka palapala SSL ma ka hahaiʻana i nā kuhikuhi ma ka "Appendix" ma kaʻaoʻao 17. ʻO nā ala i haʻiʻia ma lalo nei mai kēia mau kuhikuhi.
ʻO ka hale kūʻai kī SSL he file mālama ʻia ma ka disk me ka file hoʻonui .jks.

Ke loaʻa iā ʻoe nā palapala hōʻoia i hana ʻia no ka mea kūʻai aku ʻo Kafka a me ka mea kūʻai aku ʻo Kafka, hiki iā ʻoe ke hoʻomau ma ka hoʻonohonoho ʻana i ka broker Kafka e holo ana ma Control Center. Pono ʻoe e ʻike i kēia mau mea:

• : Ka inoa hoʻokipa lehulehu o Control Center; Pono kēia e hoʻonā a hiki i nā mea kūʻai aku o Kafka.
• : ʻO ka ʻōlelo huna keystore i hāʻawi ʻia i ka wā e hana ana i ka palapala SSL.
• a : ʻO kēia nā ʻōlelo huna āu e makemake ai e hoʻonohonoho no ka mea hoʻohana a me ka mea hoʻohana. E hoʻomaopopo hiki iā ʻoe ke hoʻohui i nā mea hoʻohana hou aʻe, e like me ka mea i hōʻike ʻia ma ka example.

Hoʻoponopono a hoʻopili paha (me ke komo sudo) i nā waiwai ma lalo i /etc/kafka/server.properties, e hoʻokomo i nā ʻano like ʻole i hōʻike ʻia:

'Ōlelo Aʻo: Mai wehe iā PLAINTEXT: // localhost: 9092; e wāwahi kēia i ka hana o ka Center Center no ka mea ʻaʻole hiki i nā lawelawe kūloko ke kamaʻilio.

• …
• # ʻO nā ʻōlelo a ka mea hoʻolaha Kafka e hoʻolohe ai.
• listeners=PLAINTEXT://localhost:9092,SASL_SSL://0.0.0.0:9093
• # ʻO kēia nā mea hoʻokipa i hoʻolaha ʻia i nā mea kūʻai aku e pili ana.
• advertised.listeners=PLAINTEXT://localhost:9092,SASL_SSL:// :9093 …
• ####### KOKUA MAU
• # SSL CONFIGURATION
• ssl.endpoint.identification.algorithm=
  ssl.keystore.location=/var/ssl/private/kafka.server.keystore.jks
• ssl.keystore.password=
• ssl.key.password=
• ssl.client.auth=ʻaʻohe
• ssl.protocol=TLSv1.2
• # SASL hoʻonohonoho
• sasl.enabled.mechanisms=PLAIN
• username=”admin” \
• password=” ” \
• user_admin=" ” \
• user_client=" ”;
• # NOTE hiki ke hoʻohui ʻia nā mea hoʻohana me ka mea hoʻohana_ =
• # Manaʻo, hoʻohuli i nā ACL
• authorizer.class.name=kafka.security.authorizer.AclAuthorizer super.users=Mea hoohana:admin

Hoʻonohonoho ʻana i nā Papa Mana Mana Manaʻo (ACL)

Ke hoʻohuli nei i nā ACL ma ka localhost

KAHIKI: Pono mākou e hoʻonohonoho mua i nā ACL no localhost, i hiki i ka Center Control ke komo iā Kafka. Inā ʻaʻole e hana ʻia kēia, e haki nā mea.

• –authorizer kafka.security.authorizer.AclAuthorizer \
• –authorizer-properties zookeeper.connect=localhost:2181 \
• –add –allow-principal User:ANONYMOUS –allow-host 127.0.0.1 –cluster
• /usr/lib/kafka/bin/kafka-acls.sh \
• –authorizer kafka.security.authorizer.AclAuthorizer \
• –authorizer-properties zookeeper.connect=localhost:2181 \
• –add –allow-principal Mea hoʻohana:ANONYMOUS –allow-host 127.0.0.1 –topic '*'
• /usr/lib/kafka/bin/kafka-acls.sh \
• –authorizer kafka.security.authorizer.AclAuthorizer \
• –authorizer-properties zookeeper.connect=localhost:2181 \
• –add –allow-principal Mea hoʻohana:ANONYMOUS –allow-host 127.0.0.1 –group '*'

A laila, pono mākou e ho'ā i nā ACL no ka loaʻa ʻana o ka heluhelu wale nō i waho, i ʻae ʻia nā mea hoʻohana waho e heluhelu i nā kumuhana paa.public.*.

### Nā helu ACL no nā mea hoʻohana inoa ʻole /usr/lib/kafka/bin/kafka-acls.sh \

HOOLAHA: No ka hoʻomalu maikaʻi ʻana, e ʻoluʻolu e nānā i ka palapala Kafka mana.

• –authorizer kafka.security.authorizer.AclAuthorizer \
• –authorizer-properties zookeeper.connect=localhost:2181 \
• –add –allow-principal Mea hoʻohana:* –operation read –operation describe \ –group 'NCC'
• /usr/lib/kafka/bin/kafka-acls.sh \
• –authorizer kafka.security.authorizer.AclAuthorizer \
• –authorizer-properties zookeeper.connect=localhost:2181 \
• –add –allow-principal Mea hoohana:* –operation read –operation describe \ –topic paa.public. –kumu-kumu-type prefixed

Ke hana ʻia kēia, pono ʻoe e hoʻomaka hou i nā lawelawe:

### Nā helu ACL no nā mea hoʻohana o waho /usr/lib/kafka/bin/kafka-acls.sh \

• hoʻomaka hou nā lawelawe sudo ncc

No ka hōʻoia i hiki i ka mea kūʻai ke hoʻokumu i kahi pilina paʻa, e holo i kēia kauoha ma waho
kamepiula mea kūʻai aku (ʻaʻole ma ka kikowaena Control Center). Ma lalo iho, ʻo PUBLIC_HOSTNAME ka inoa hoʻokipa Center Center:

• openssl s_client -debug -hoʻohui ${PUBLIC_HOSTNAME}:9093 -tls1_2 | grep "Kākoʻo ʻia ʻo Secure Renegotiation IS"

Ma ka puka kauoha pono ʻoe e ʻike i ka palapala kikowaena a me kēia:

• Kākoʻo ʻia ʻo Secure Renegotiation

No ka hōʻoia ʻana ua hāʻawi ʻia nā lawelawe kūloko i ke kikowaena Kafka, e ʻoluʻolu e nānā i kēia logfiles:

• /var/log/kafka/server.log
• /var/log/kafka/kafka-authorizer.log

Ke hōʻoia nei i ka pilina o nā mea kūʻai aku waho

kafkacat

HOOLAHA: Pono e holo kēia mau ʻōlelo aʻoaʻo ma kahi kamepiula mea kūʻai aku (ʻaʻole ma ka kikowaena kikowaena Control Center).
HOOLAHA: No ka hōʻike ʻana i ka ʻike metric, e hōʻoia i ka holo ʻana o hoʻokahi mea nānā ma ka Center Center.

No ka hōʻoia a hōʻoia i ka pilina ma ke ʻano he mea kūʻai aku waho, hiki ke hoʻohana i ka pono kafkacat i hoʻokomo ʻia ma ka ʻāpana "Verifying that the Streaming API Works in Control Center" ma ka ʻaoʻao 4.
Hana i kēia mau ʻanuʻu:

HOOLAHA: Ma lalo iho, ʻo CLIENT_USER ka mea hoʻohana i ʻōlelo mua ʻia ma ka file /etc/kafka/server.properties ma Control Center: ʻo ia hoʻi, user_client a me ka ʻōlelo huna i hoʻonoho ʻia ma laila.
Pono ka palapala aʻa CA i hoʻohana ʻia e kau inoa i ka palapala SSL ʻaoʻao kikowaena ma ka mea kūʻai.

Hana i kahi file client.properties me kēia maʻiʻo:

• security.protocol=SASL_SSL
• ssl.ca.location={PATH_TO_CA_CERT}
• sasl.mechanisms=PLAIN
• sasl.username={CLIENT_USER}
• sasl.password={CLIENT_PASSWORD}

i hea

• ʻO {PATH_TO_CA_CERT} kahi o ka palapala aʻa CA i hoʻohana ʻia e ka mea kūʻai kālā Kafka
• ʻO {CLIENT_USER} a me {CLIENT_PASSWORD} ka hōʻoia o ka mea hoʻohana no ka mea kūʻai.

E holo i kēia kauoha e ʻike i ka memo i hoʻopau ʻia e kafkacat:

• export KAFKA_FQDN=
• hoʻokuʻu aku i ka METRICS_TOPIC=paa.public.accounts. .meka
• kafkacat -b ${KAFKA_FQDN}:9093 -F client.properties -t ${METRICS_TOPIC} -C -e

kahi {METRICS_TOPIC} ka inoa o ke kumuhana Kafka me ka prefix “paa.public.”.

MANAʻO: ʻAʻole hāʻawi nā mana kahiko o kafkacat i ke koho -F no ka heluhelu ʻana i nā hoʻonohonoho mea kūʻai mai a file. Inā ʻoe e hoʻohana ana i kēlā ʻano, pono ʻoe e hāʻawi i nā hoʻonohonoho like mai ka laina kauoha e like me ka mea i hōʻike ʻia ma lalo nei.

kafkacat -b ${KAFKA_FQDN}:9093 \

• X security.protocol=SASL_SSL \
• X ssl.ca.location={PATH_TO_CA_CERT} \
• X sasl.mechanisms=PLAIN \
• X sasl.username={CLIENT_USER} \
• X sasl.password={CLIENT_PASSWORD} \
• t ${METRICS_TOPIC} -C -e

No ka debug i ka pilina, hiki iā ʻoe ke hoʻohana i ke koho -d:

Debug i nā kamaʻilio mea kūʻai aku
kafkacat -d mea kūʻai -b ${KAFKA_FQDN}:9093 -F mea kūʻai.properties -t ${METRICS_TOPIC} -C -e
# Hoʻopili i nā kamaʻilio broker
kafkacat -d mea kūʻai aku -b ${KAFKA_FQDN}:9093 -F mea kūʻai.properties -t ${METRICS_TOPIC} -C -e

E ʻoluʻolu e nānā i ka palapala no ka waihona mea kūʻai aku ʻo Kafka i hoʻohana ʻia, no ka mea, ʻokoʻa paha nā waiwai mai nā mea i loko o client.properties.

Hōʻano leka
Hoʻopili ʻia nā memo i hoʻohana ʻia no nā anana a me nā kumuhana metadata ma ke ʻano hoʻohālikelike Protocol buffers (protobuf). developers.google.com/protocol-buffers). Hoʻopili nā ʻōkuhi no kēia mau memo i kēia ʻano:

Hoʻolālā Protobuf Metrics

• syntax = "proto3";
• hoʻokomo i "google/protobuf/timestamp.proto”;
• package paa.streamingapi;
• koho go_package = “.;paa_streamingapi”;
• Nā ana memo {
• google.protobuf.Timestamp manawaamp = 1;
• palapala ʻāina waiwai = 2;
• int32 stream_id = 3;
• }
• /**
• * Hiki ke helu ʻia ka waiwai metric a i ʻole he lana.
• */
• MetricValue memo {
• oneof type {
• int64 int_val = 1;
• float float_val = 2;
• }
• }

Metadata Protobuf Schema

• syntax = "proto3";
• package paa.streamingapi;
• koho go_package = “.;paa_streamingapi”;
• memo Metadata {
• int32 stream_id = 1;
• kaula kahawai_inoa = 2;
• palapala ʻāina tags = 13;
• }

Client Examples

MANAʻO: Kuhi ʻia kēia mau kauoha e holo ma luna o kahi mea kūʻai aku waho, no ka exampe kau i kāu pona a i ʻole like, ʻaʻole ma Control Center.
MANAʻO: No ka hōʻike ʻana i ka ʻike metric, e hōʻoia i ka holo ʻana o hoʻokahi mea nānā ma ka Center Center.

Aia i loko o ka tarball Control Center ka waihona paa-streaming-api-client-examples.tar.gz (client-examples), aia kahi example Python script e hōʻike ana pehea e hoʻohana ai i ka Streaming API.

Hoʻokomo a hoʻonohonoho ʻana i ka mea kūʻai aku Examples
Loaʻa iā ʻoe ka client-exampi loko o ka waihona ʻo Paragon Active Assurance Control Center:

• hoʻokuʻu aku iā CC_VERSION=4.1.0
• cd ./paa-control-center_${CC_VERSION}
• ls paa-streaming-api-client-examples*

E hoʻouka i ka client-examples ma kāu kamepiula mea kūʻai aku waho, e hana penei:

• # E hana i ka papa kuhikuhi no ka unuhi ʻana i ka ʻike o ka mea kūʻai aku examples tarball
• mkdir paa-streaming-api-client-examples
• # Wehe i ka ʻike o ka mea kūʻai aku examples tarball
• tar xzf paa-streaming-api-client-examples.tar.gz -C paa-streaming-api-client-examples
• # E hele i ka papa kuhikuhi i hana hou ʻia
• cd paa-streaming-api-client-examples

client-exampPono nā les e holo iā Docker. Hiki ke loaʻa nā hoʻoiho a me nā ʻōlelo hoʻonohonoho no Docker ma https://docs.docker.com/engine/install.

Ke hoʻohana nei i ka Client Examples
ʻO ka mea kūʻai-exampHiki i nā mea hana ke holo ma ke ʻano kumu a i ʻole ke ʻano holomua e kūkulu i examples o ka paʻakikī like ʻole. I nā hihia ʻelua, hiki nō ke holo i ka examples me kahi hoʻonohonoho file loaʻa nā waiwai hou aʻe no ka hana maʻamau o ka ʻaoʻao o ka mea kūʻai aku.

Ke ano kumu
Ma ke ʻano kumu, hoʻokahe kaʻawale ʻia nā metric a me kā lākou metadata. No kēia hopena, hoʻolohe ka mea kūʻai aku i kēlā me kēia kumuhana Kafka i loaʻa no ke komo ʻana i waho a paʻi wale i nā leka i loaʻa i ka console.
E hoʻomaka e hoʻokō i ka ex kumuamples, holo:

• build.sh run-basic –kafka-brokers localhost:9092 –account_SHORTNAME

kahi ʻo ACCOUNT_SHORTNAME ka inoa pōkole o ka moʻokāki āu e makemake ai e kiʻi i nā ana.
No ka hoopau ana i ka exampe, kaomi Ctrl + C. (He lohi iki paha ma mua o ka pau ʻana o ka hoʻokō ʻana no ka mea e kali ana ka mea kūʻai aku i kahi hanana manawa.)

ʻAno kiʻekiʻe

HOOLAHA: Hōʻike ʻia nā metric no nā mākaʻikaʻi HTTP wale nō e holo ana ma Control Center.

Hōʻike ka hoʻokō ma ke ʻano holomua i ka pilina ma waena o nā metric a me nā memo metadata. ʻo kēia
Mahalo paha i ka hiki ʻana mai i kēlā me kēia memo metric o kahi kahua kahawai id e pili ana i ka memo metadata pili.
E hoʻokō i ka ex advancedamples, holo:

• build.sh run-advanced –kafka-brokers localhost:9092 –account_SHORTNAME

kahi ʻo ACCOUNT_SHORTNAME ka inoa pōkole o ka moʻokāki āu e makemake ai e kiʻi i nā ana.
No ka hoopau ana i ka exampe, kaomi Ctrl + C. (He lohi iki paha ma mua o ka pau ʻana o ka hoʻokō ʻana no ka mea e kali ana ka mea kūʻai aku i kahi hanana manawa.)

Nā hoʻonohonoho hou
Hiki ke holo i ka examples me ka hoʻonohonoho hou o ka mea kūʻai aku me ka hoʻohana ʻana i ka –config-file koho i ukali ia e a file inoa i loaʻa nā waiwai ma ke ʻano kī = waiwai.

• build.sh run-advanced \
• –kafka-brokers localhost:9092 \
• – moʻokāki ACCOUNT_SHORTNAME \
• –config-file client_config.properties

HOOLAHA: Pau fileʻO nā mea i kuhikuhi ʻia ma ke kauoha i luna pono e loaʻa i ka papa kuhikuhi o kēia manawa a kuhikuhi ʻia me ka hoʻohana ʻana i nā ala pili wale nō. Pili kēia i ka –config-file hoʻopaʻapaʻa a me nā mea komo a pau i ka hoʻonohonoho file e wehewehe ana file nā wahi.

Ke hōʻoia nei i ka hōʻoia ʻana o nā mea kūʻai aku waho
E hōʻoia i ka hōʻoia o ka mea kūʻai mai ma waho o ka Center Control me ka hoʻohana ʻana i ka client-examples, e hana i kēia mau ʻanuʻu:

Mai ka waihona ʻo Paragon Active Assurance Control Center, e hoʻololi i ka paa-streaming-api-client-examples waihona:

cd paa-streaming-api-client-examples

• E kope i ka palapala kumu kumu CA-cert i ka papa kuhikuhi o kēia manawa.
• E hana i kahi mea kūʻai.properties file me keia mau mea:

security.protocol=SASL_SSL ssl.ca.location=ca-cert
sasl.mechanism=PLAIN
sasl.username={CLIENT_USER}
sasl.password={CLIENT_PASSWORD}

kahi o {CLIENT_USER} a me {CLIENT_PASSWORD} ka hōʻoia o ka mea hoʻohana.

Holo mua examples:

• export KAFKA_FQDN=
• build.sh run-basic –kafka-brokers ${KAFKA_FQDN}:9093 \
• – moʻokāki ACCOUNT_SHORTNAME
• –config-file mea kūʻai.pono

kahi ʻo ACCOUNT_SHORTNAME ka inoa pōkole o ka moʻokāki āu e makemake ai e kiʻi i nā ana.

Holo mua examples:

• export KAFKA_FQDN=
• build.sh run-advanced –kafka-brokers ${KAFKA_FQDN}:9093 \
• – moʻokāki ACCOUNT_SHORTNAME
• –config-file mea kūʻai.pono

Pākuʻi

Ma kēia hoʻohui, wehewehe mākou pehea e hana ai:

• he hale kūʻai kī file no ka mālama ʻana i ka palapala hōʻoia SSL broker Kafka
• he hale kuai hilinai file no ka mālama ʻana i ka palapala aʻa Certificate Authority (CA) i hoʻohana ʻia no ka hoʻopaʻa inoa ʻana i ka palapala hōʻoia ʻo Kafka broker.

Ke hana ʻana i kahi palapala Kafka Broker
Ke hana ʻana i kahi palapala me ka hoʻohana ʻana i kahi mana palapala hōʻoia maoli (Manaʻo ʻia)
Manaʻo ʻia e loaʻa iā ʻoe kahi palapala SSL maoli mai kahi CA hilinaʻi.
Ke hoʻoholo ʻoe i kahi CA, e kope i kā lākou palapala kumu CA-cert file i kou ala ponoʻī e like me ka mea i hōʻike ʻia ma lalo nei:

• hoʻokuʻu aku iā CA_PATH=~/my-ca
• mkdir ${CA_PATH}
• cp ca-cert ${CA_PATH}

E hana i kāu mana palapala ponoʻī

MANAʻO: ʻO ka maʻamau, pono ʻoe e kau inoa i kāu palapala hōʻoia e kahi Mana Mana Manaʻo maoli; e nana i ka pauku mua. ʻO ka mea ma hope he ex wale nōample.

Ma ʻaneʻi mākou e hana i kā mākou palapala kumu palapala Mana Mana Mana (CA). file kūpono no nā lā 999 (ʻaʻole ʻōlelo ʻia i ka hana ʻana):

• # E hana i kahi papa kuhikuhi no ka mālama ʻana i ka CA
• hoʻokuʻu aku iā CA_PATH=~/my-ca
• mkdir ${CA_PATH}
• # Hana i ka palapala CA
• openssl req -new -x509 -keyout ${CA_PATH}/ca-key -out ${CA_PATH}/ca-cert -lā 999

Ke hana nei i ka hale kūʻai hilinaʻi o nā mea kūʻai aku
I kēia manawa hiki iā ʻoe ke hana i kahi hale kūʻai hilinaʻi file aia i loko o ka ca-cert i hana ʻia ma luna. ʻO kēia file e makemake ʻia e ka mea kūʻai aku Kafka e komo i ka Streaming API:

• keytool -keystore kafka.client.truststore.jks \
  • alias CARoot \
  • palapala lawe mai -file ${CA_PATH}/ca-cert

I kēia manawa aia ka palapala CA i loko o ka hale kūʻai hilinaʻi, e hilinaʻi ka mea kūʻai aku i kekahi palapala i pūlima ʻia me ia.
Pono ʻoe e kope i ka file kafka.client.truststore.jks i kahi i ʻike ʻia ma kāu kamepiula mea kūʻai aku a kuhikuhi iā ia ma nā hoʻonohonoho.

Ke hana nei i ka Keystore no ka Kafka Broker
No ka hana ʻana i ka palapala hōʻoia SSL broker Kafka a laila ka hale kūʻai kī kafka.server.keystore.jks, e hoʻomau penei:

Ke hana nei i ka palapala SSL
Ma lalo iho nei, ʻo 999 ka helu o nā lā kūpono o ka hale kūʻai kī, a ʻo FQDN ka inoa kikowaena kūpono piha o ka mea kūʻai aku (inoa hoʻokipa lehulehu o ka node).

MANAʻO: He mea nui ka FQDN e like me ka inoa hoʻokipa pololei a ka mea kūʻai aku Kafka e hoʻohana ai no ka hoʻopili ʻana i ka Center Center.

• sudo mkdir -p /var/ssl/private
• sudo chown -R $USER: /var/ssl/private
• cd /var/ssl/kūʻokoʻa
• export FQDN= keytool -keystore kafka.server.keystore.jks \
• – ke kikowaena inoa \
• – mana 999 \
• – genkey -keyalg RSA -ext SAN=dns:${FQDN}

E hana i kahi palapala noi hoʻopaʻa inoa a mālama i loko o ka file i kapa ʻia ʻo cert-server-request:

• keytool -keystore kafka.server.keystore.jks \
  • – ke kikowaena inoa \
  • – certreq \
  • – file palapala-server-noi

Pono ʻoe e hoʻouna i kēia manawa i ka file palapala-server-noi i kāu Certificate Authority (CA) inā ʻoe e hoʻohana nei i kahi mea maoli. A laila e hoʻihoʻi lākou i ka palapala hōʻoia i pūlima ʻia. E kuhikuhi mākou i kēia e like me ka cert-server-signed ma lalo.

Hoʻopaʻa inoa i ka palapala SSL me ka hoʻohana ʻana i kahi palapala CA i hana ponoʻī

HOOLAHA: Eia hou, ʻaʻole ʻōlelo ʻia ka hoʻohana ʻana i kāu CA ponoʻī i kahi ʻōnaehana hana.

E kau inoa i ka palapala hōʻoia e hoʻohana ana i ka CA ma o ka file cert-server-request, ka mea e hoʻopuka i ka palapala hōʻoia i hoʻopaʻa inoa ʻia. E nana i lalo; ʻO ca-password ka ʻōlelo huna i hoʻonohonoho ʻia i ka wā e hana ai i ka palapala CA.

• cd /var/ssl/private openssl x509 -req \
  • – CA ${CA_PATH}/ca-cert \
  • – CAkey ${CA_PATH}/ca-key \
  • – ma ka palapala-server-noi \
  • – puka i ka palapala hōʻoia-kaulima \
  • - nā lā 999 -CAcreateserial \
  • – passin pass:{ca-password}

Ka lawe ʻana i ka palapala hōʻoia i loko o ka Keystore

Hoʻokomo i ka palapala kumu ca-cert i loko o ka hale kūʻai kī:

• keytool -keystore kafka.server.keystore.jks \
  • – inoa inoa ca-cert \
  • – lawe mai \
  • – file ${CA_PATH}/ca-cert

E lawe mai i ka palapala hōʻailona i kapa ʻia ʻo cert-server-signed:

• keytool -keystore kafka.server.keystore.jks \
  • – ke kikowaena inoa \
  • – lawe mai \
  • – file hōʻoia-server-signed

ʻO ka file Pono e kope ʻia kafka.server.keystore.jks i kahi i ʻike ʻia ma ka kikowaena Control Center, a laila e kuhikuhi ʻia ma /etc/kafka/server.properties.

Ke hoʻohana nei i ka Streaming API

MA KEIA PAUKU

• Nui | 20
• Kafka Inoa Kumuhana | 21
• Examples o ka hoʻohana ʻana i ka API Streaming | 21

Generala
ʻO ka API streaming e kiʻi i ka ʻikepili a me ka nānā ʻana. ʻAʻole hiki ke hoʻokaʻawale i kekahi o kēia mau ʻāpana.
ʻAʻole kiʻi ka API streaming i ka ʻikepili mai nā hoʻāʻo e pili ana i ka palapala (nā mea i hōʻike ʻia e ka rectangle ma kahi o kahi ʻāpana jigsaw i ka Control Center GUI), e like me nā hoʻāʻo hoʻā ʻana o ka lawelawe ʻo Ethernet a me nā hoʻāʻo ʻike.

Nā inoa kumuhana Kafka
Penei nā inoa kumuhana Kafka no ka API streaming, kahi %s ka inoa pōkole o ka mooolelo Control Center (i hōʻike ʻia i ka wā e hana ana i ka moʻokāki):

• const (
• exporterName = “kafka”
• metadataTopicTpl = “paa.public.accounts.%s.metadata” metricsTopicTpl = “paa.public.accounts.%s.metrics” )

Examples o ka hoʻohana ʻana i ka Streaming API
ʻO ka exampLoaʻa nā mea e pili ana i ka tarball paa-streaming-api-client-examples.tar.gz i loko o ka tarball Center Center.
ʻO ka mua, aia kahi ex kumuampe hōʻike ana i ke kahe ʻana o nā metric a me kā lākou metadata a paʻi wale i nā memo i loaʻa i ka console. Hiki iā ʻoe ke holo e like me kēia:

• sudo ./build.sh run-basic –kafka-brokers localhost:9092 –account ACCOUNT_SHORTNAME

Aia kekahi ex ʻoi aʻeampkahi i hoʻopili ʻia ai nā memo a me nā metadata. E hoʻohana i kēia kauoha e holo ai:

• sudo ./build.sh run-advanced –kafka-brokers localhost:9092 –account ACCOUNT_SHORTNAME

Pono ʻoe e hoʻohana sudo e holo i nā kauoha Docker e like me nā mea i luna. ʻO ke koho, hiki iā ʻoe ke hahai i nā ʻōkuhi post-install Linux e hiki ai ke holo i nā kauoha Docker me ka ʻole sudo. No nā kikoʻī, e hele i docs.docker.com/engine/install/linux-postinstall.

ʻO Juniper Networks, ka logo Juniper Networks, Juniper, a me Junos he mau hōʻailona inoa inoa o Juniper Networks, Inc. ma ʻAmelika Hui Pū ʻIa a me nā ʻāina ʻē aʻe. ʻO nā hōʻailona ʻē aʻe a pau, nā hōʻailona lawelawe, nā hōʻailona i hoʻopaʻa ʻia, a i ʻole nā ​​​​hōʻailona lawelawe i hoʻopaʻa inoa ʻia ka waiwai o ko lākou mau mea nona. ʻAʻole kuleana ʻo Juniper Networks no nā hemahema o kēia palapala. Hiki iā Juniper Networks ke hoʻololi, hoʻololi, hoʻololi, a i ʻole e hoʻoponopono hou i kēia puke me ka ʻole o ka hoʻolaha. Kuleana kope © 2023 Juniper Networks, Inc. Ua mālama ʻia nā kuleana āpau.

Palapala / Punawai

ʻO Juniper NETWORKS Streaming API Software [pdf] Ke alakaʻi hoʻohana Hoʻoheheʻe polokalamu API, polokalamu API, lako polokalamu

Nā kuhikuhi

• Palapala Hoʻohana