Cov ntsiab lus zais
1 Juniper NETWORKS Streaming API Software
2 Cov ntaub ntawv khoom
3 Taw qhia
4 Qhib Kafka rau Sab Nraud Tus Tswv
5 Teeb tsa Access Control Lists (ACLs)
5.1 ### ACLs nkag rau cov neeg siv tsis qhia npe /usr/lib/kafka/bin/kafka-acls.sh \
5.2 ### ACLs nkag rau cov neeg siv sab nraud /usr/lib/kafka/bin/kafka-acls.sh \
6 Validating External Client Connectivity
7 Cov ntawv ntxiv
8 Siv lub Streaming API
9 Cov ntaub ntawv / Cov ntaub ntawv
9.1 Cov ntaub ntawv

Juniper-logo

Juniper NETWORKS Streaming API SoftwareJuniper-NETWORKS-Streaming-API-Software-product

Cov ntaub ntawv khoom

Specifications

  • Khoom npe: Paragon Active Assurance
  • Version: 4.1
  • Luam tawm Hnub: 2023-03-15

Taw qhia:
Phau ntawv qhia no muab cov lus qhia txog kev rho tawm cov ntaub ntawv los ntawm Paragon Active Assurance siv cov khoom lag luam streaming API. Cov neeg siv streaming thiab API tau suav nrog Paragon Active Assurance installation, tab sis qee qhov kev teeb tsa yuav tsum tau ua ua ntej siv API. Cov txheej txheem kev teeb tsa tau suav nrog hauv ntu "Configuring the Streaming API".

Configuring tus Streaming API:
Cov kauj ruam hauv qab no qhia txog cov txheej txheem los teeb tsa streaming API:

Tshajview
Kafka yog qhov kev tshwm sim-streaming platform tsim los rau kev ntes thiab khaws cov ntaub ntawv los ntawm ntau qhov chaw. Nws tso cai rau kev tswj hwm ntawm cov dej ntws hauv kev faib tawm, ua kom muaj peev xwm, ua txhaum cai, thiab muaj kev nyab xeeb. Cov lus qhia no tsom rau kev teeb tsa Kafka los siv Streaming API feature hauv Paragon Active Assurance Control Center.

Terminology
Lub Streaming API tso cai rau cov neeg siv sab nraud los khaws cov ntaub ntawv ntsuas los ntawm Kafka. Metrics sau los ntawm Test Agents thaum lub sij hawm xeem los yog saib xyuas txoj hauj lwm raug xa mus rau qhov kev pab cuam kwj. Tom qab ua tiav, Cov Kev Pab Cuam Tshaj tawm cov kev ntsuas no ntawm Kafka nrog rau cov metadata ntxiv.

Kafka Topics
Lub Streaming API siv Kafka cov ncauj lus los npaj thiab khaws cov ntsuas thiab cov metadata. Kafka cov ncauj lus tuaj yeem tsim thiab tswj tau raws li cov cai tshwj xeeb.

Ua kom lub Streaming API
Txhawm rau pab kom Streaming API, ua raws li cov kauj ruam no:

  1. Khiav cov lus txib hauv qab no ntawm Control Center server siv sudo:
KAFKA_METRICS_ENABLED = Muaj tseeb sudo ncc cov kev pabcuam pab kom timescaledb metrics sudo ncc cov kev pabcuam pib timescaledb metrics sudo ncc cov kev pabcuam rov pib dua

Txheeb xyuas tias Streaming API ua haujlwm hauv Control Center:
Txhawm rau kom paub tseeb tias koj tau txais kev ntsuas ntawm cov ntsiab lus Kafka raug:

  1. Nruab qhov hluav taws xob kafkacat nrog cov lus txib hauv qab no:
    sudo apt-tau hloov tshiab
    sudo apt-mus nruab kafkacat
  1. Hloov "myaccount" nrog lub npe luv ntawm koj tus account hauv lub
    Control Center URL:
    export METRICS_TOPIC=paa.public.accounts.myaccount.metrics
    export METADATA_TOPIC=paa.public.accounts.myaccount.metadata
  1. Khiav cov lus txib nram qab no rau view metrics:
    kafkacat -b ${KAFKA_FQDN}:9092 -t ${METRICS_TOPIC} -C -e
    Nco tseg: Cov lus txib saum toj no yuav tso saib cov metrics.
  2. Rau view metadata, khiav cov lus txib hauv qab no:
    kafkacat -b ${KAFKA_FQDN}:9092 -t ${METADATA_TOPIC} -C -e

Nco tseg: Cov lus txib saum toj no yuav tso tawm cov metadata, tab sis nws yuav tsis hloov kho ntau zaus.

Client Examples
Rau cov neeg siv khoom examples thiab cov ntaub ntawv ntxiv, xa mus rau nplooj 14 ntawm phau ntawv siv.

FAQ (Cov lus nug nquag nug)

  • Q: Paragon Active Assurance yog dab tsi?
    A: Paragon Active Assurance yog cov khoom lag luam uas muab kev saib xyuas thiab ntsuas kev muaj peev xwm.
  • Q: Dab tsi yog Streaming API?
    A: Lub Streaming API yog qhov tshwj xeeb hauv Paragon Active Assurance uas tso cai rau cov neeg siv sab nraud tuaj yeem khaws cov ntaub ntawv ntsuas los ntawm Kafka.
  • Q: Kuv yuav ua li cas thiaj li pab tau Streaming API?
    A: Txhawm rau pab kom Streaming API, ua raws cov kauj ruam tau teev tseg hauv ntu "Enabling the Streaming API" ntawm cov neeg siv phau ntawv.
  • Q: Kuv tuaj yeem txheeb xyuas tau li cas tias Streaming API ua haujlwm?
    A: Xa mus rau "Tshwj xeeb tias Streaming API Ua Haujlwm hauv Chaw Tswj Xyuas" rau cov lus qhia yuav ua li cas txheeb xyuas qhov ua haujlwm ntawm Streaming API.

Taw qhia

Phau ntawv qhia no piav qhia yuav ua li cas rho tawm cov ntaub ntawv los ntawm Paragon Active Assurance ntawm cov khoom lag luam streaming API.
API thiab cov neeg siv streaming tau suav nrog hauv Paragon Active Assurance installation. Txawm li cas los xij, yuav tsum muaj kev teeb tsa me ntsis ua ntej koj tuaj yeem siv API. Qhov no muaj nyob rau hauv "Configuring the Streaming API" ntawm nplooj 1 tshooj.

Tshajview
Tshooj lus no piav qhia yuav ua li cas teeb tsa Streaming API kom tso cai rau npe rau cov lus ntsuas ntawm Kafka.
pr
Hauv qab no peb yuav mus txog:

  • Yuav ua li cas qhib Streaming API
  • Yuav ua li cas kho Kafka mloog cov neeg siv khoom sab nraud
  • Yuav ua li cas rau configure Kafka siv ACLs thiab teeb tsa SSL encryption rau cov neeg siv

Kafka yog dab tsi?
Kafka yog ib qho kev tshwm sim-streaming platform uas tso cai rau lub sijhawm tiag tiag ntawm cov ntaub ntawv xa los ntawm ntau qhov xwm txheej (sensors, databases, mobile devices) nyob rau hauv daim ntawv ntawm cov xwm txheej ntws, nrog rau kev khaws cia ntev ntawm cov xwm txheej ntws rau tom qab rov qab thiab tswj xyuas.
Nrog Kafka nws muaj peev xwm tswj hwm qhov kev tshwm sim streaming kawg-rau-kawg nyob rau hauv ib qho kev faib tawm, ua kom muaj zog, elastic, ua txhaum, thiab ruaj ntseg.

CEEB TOOM: Kafka tuaj yeem teeb tsa hauv ntau txoj hauv kev thiab tau tsim los rau kev ua kom muaj zog thiab rov ua dua tshiab. Cov ntaub ntawv no tsuas yog tsom rau kev teeb tsa nws kom siv cov Streaming API feature pom hauv Paragon Active Assurance Control Center. Rau kev teeb tsa siab dua peb xa mus rau cov ntaub ntawv Kafka official: kafka.apache.org/26/documentation.html.

Terminology

  • Kafka: Event-streaming platform.
  • Kafka topic: Sau cov xwm txheej.
  • Kafka cov neeg siv khoom / cov neeg siv khoom: Cov khoom siv lub luag haujlwm rau kev rov qab cov xwm txheej khaws cia hauv Kafka lub ncauj lus.
  • Kafka broker: Cia txheej server ntawm Kafka pawg.
  • SSL/TLS: SSL yog tus txheej txheem ruaj ntseg tsim los xa cov ntaub ntawv ruaj ntseg hauv Is Taws Nem. TLS yog tus ua tiav ntawm SSL, qhia hauv xyoo 1999.
  • SASL: Lub moj khaum uas muab cov txheej txheem rau kev lees paub tus neeg siv, tshawb xyuas cov ntaub ntawv ncaj ncees, thiab kev nkag mus.
  • Streaming API tus neeg siv khoom: Cov khoom siv lub luag haujlwm rau kev rov qab los ntawm cov xwm txheej khaws cia hauv cov ncauj lus tau hais tseg hauv Paragon Active Assurance thiab txhais tau tias rau kev nkag mus rau sab nraud.
  • Certificate Authority: Ib qhov chaw ntseeg siab uas teeb meem thiab tshem tawm cov ntawv pov thawj tseem ceeb rau pej xeem.
  • Certificate Authority root certificate: Public key certificate uas txheeb xyuas ib daim ntawv pov thawj Authority.

Yuav ua li cas Streaming API ua haujlwm
Raws li tau hais dhau los, Streaming API tso cai rau cov neeg siv khoom sab nraud los khaws cov ntaub ntawv hais txog kev ntsuas los ntawm Kafka.

Txhua qhov kev ntsuas uas tau sau los ntawm Test Agents thaum lub sijhawm kuaj lossis saib xyuas haujlwm raug xa mus rau qhov kev pabcuam kwj. Tom qab lub sijhawm ua tiav, Cov Kev Pab Cuam Tshaj tawm cov kev ntsuas ntawm Kafka ua ke nrog cov metadata ntxiv.

Juniper-NETWORKS-Streaming-API-Software- (1)

Kafka Topics
Kafka muaj lub tswv yim ntawm cov ncauj lus uas txhua cov ntaub ntawv raug luam tawm. Hauv Paragon Active Assurance muaj ntau yam xws li Kafka cov ncauj lus muaj; Txawm li cas los xij, tsuas yog ib feem ntawm cov no yog tsim rau kev nkag mus rau sab nraud.
Txhua Paragon Active Assurance account hauv Control Center muaj ob lub ntsiab lus. Hauv qab no, ACCOUNT yog tus account luv lub npe:

  • paa.public.accounts.{ACCOUNT}.metrics
    • Tag nrho cov lus metrics rau tus account tau muab luam tawm rau lub ncauj lus no
    • Cov ntaub ntawv loj
    • Siab hloov tshiab zaus
  • paa.public.accounts.{ACCOUNT}.metadata
    • Muaj cov metadata ntsig txog cov ntaub ntawv ntsuas, piv txwv liample qhov kev xeem, saib lossis Test Agent txuam nrog cov ntsuas
    • Cov ntaub ntawv me me
    • Tsawg hloov tshiab zaus

Ua kom lub Streaming API

Nco tseg: Cov lus qhia no yuav tsum tau khiav ntawm Control Center server siv sudo.

Txij li thaum Streaming API ntxiv qee qhov nyiaj siv ua haujlwm rau Lub Chaw Tswj Xyuas, nws tsis tau qhib los ntawm lub neej ntawd. Txhawm rau pab kom API, peb yuav tsum xub qhib kev tshaj tawm ntawm cov ntsuas rau Kafka hauv kev teeb tsa tseem ceeb file:

KAFKA_METRICS_ENABLED = Tseeb

CEEB TOOM: Ua kom qhov no tuaj yeem cuam tshuam rau Control Center kev ua haujlwm. Xyuas kom tseeb tias koj tau dimensioned koj qhov piv txwv raws li.

Tom ntej no, txhawm rau txhawm rau xa cov kev ntsuas no mus rau Kafka cov ncauj lus kom raug:

streaming-api: tseeb

Txhawm rau qhib thiab pib Streaming API cov kev pabcuam, khiav:

  • sudo ncc cov kev pab cuam pab kom timescaledb metrics
  • sudo ncc cov kev pabcuam pib timescaledb metrics

Thaum kawg, rov pib cov kev pabcuam:

  • sudo ncc services restart

Xyuas kom tseeb tias Streaming API ua haujlwm hauv Control Center

CEEB TOOM: Cov lus qhia no yuav tsum tau khiav ntawm Control Center server.

Tam sim no koj tuaj yeem txheeb xyuas tau tias koj tau txais kev ntsuas ntawm cov ntsiab lus Kafka raug. Txhawm rau ua li ntawd, nruab cov khoom siv kafkacat:

  • sudo apt-tau hloov tshiab
  • sudo apt-mus nruab kafkacat

Yog tias koj muaj kev sim lossis saib xyuas hauv Control Center, koj yuav tsum tau siv kafkacat kom tau txais kev ntsuas thiab metadata ntawm cov ncauj lus no.
Hloov myaccount nrog lub npe luv ntawm koj tus account (qhov no yog qhov koj pom hauv koj lub Chaw Tswj Xyuas URL):

  • export METRICS_TOPIC=paa.public.accounts.myaccount.metrics
  • export METADATA_TOPIC=paa.public.accounts.myaccount.metadata

Tam sim no koj yuav tsum pom metrics los ntawm kev khiav cov lus txib no:

  • kafkacat -b ${KAFKA_FQDN}:9092 -t ${METRICS_TOPIC} -C -e

Rau view metadata, khiav cov lus txib hauv qab no (nco ntsoov tias qhov no yuav tsis hloov kho ntau zaus):

  • kafkacat -b ${KAFKA_FQDN}:9092 -t ${METADATA_TOPIC} -C -e

CEEB TOOM:
kafkacat"Client Examples ”ntawm nplooj 14

Qhov no ua pov thawj tias peb muaj kev ua haujlwm Streaming API los ntawm hauv Chaw Tswj Xyuas. Txawm li cas los xij, feem ntau koj yuav xav nkag mus rau cov ntaub ntawv los ntawm tus neeg siv khoom sab nraud xwb. Tshooj tom ntej piav qhia yuav ua li cas qhib Kafka rau kev siv sab nraud.

Qhib Kafka rau Sab Nraud Tus Tswv

CEEB TOOM: Cov lus qhia no yuav tsum tau khiav ntawm Control Center server.

Los ntawm lub neej ntawd Kafka khiav ntawm Lub Chaw Tswj Xyuas yog teeb tsa kom tsuas yog mloog ntawm localhost rau kev siv sab hauv. Nws muaj peev xwm qhib Kafka rau cov neeg siv sab nraud los ntawm kev hloov kho Kafka chaw.

Txuas rau Kafka: Caveats

CEEB TOOM: Thov nyeem qhov no ua tib zoo, vim nws yooj yim rau kev sib txuas nrog Kafka yog tias koj tsis nkag siab cov ntsiab lus no.

Nyob rau hauv Lub Chaw Tswj Kev teeb tsa tau piav qhia hauv daim ntawv no, tsuas muaj ib tus neeg ua haujlwm Kafka nkaus xwb.
Txawm li cas los xij, nco ntsoov tias Kafka broker yog txhais tau tias yuav khiav ua ib feem ntawm Kafka pawg uas yuav muaj ntau tus neeg Kafka.
Thaum txuas mus rau Kafka broker, kev sib txuas pib yog tsim los ntawm Kafka tus neeg siv khoom. Tshaj qhov kev sib txuas no, Kafka broker nyob rau hauv lem yuav xa rov qab cov npe ntawm "cov neeg mloog tshaj tawm", uas yog cov npe ntawm ib lossis ntau dua Kafka brokers.
Thaum tau txais daim ntawv teev npe no, tus neeg siv khoom Kafka yuav txiav tawm, tom qab ntawd rov txuas rau ib qho ntawm cov neeg mloog tau tshaj tawm. Cov neeg mloog tau tshaj tawm yuav tsum muaj cov npe hostname lossis IP chaw nyob uas nkag tau rau Kafka tus neeg siv khoom, lossis tus neeg siv yuav tsis txuas.
Yog tias siv SSL encryption, suav nrog SSL daim ntawv pov thawj uas tau khi rau ib lub npe hostname, nws tseem ceeb dua uas tus neeg siv khoom Kafka tau txais qhov chaw nyob kom raug, vim tias kev sib txuas yuav raug tsis lees paub.
Nyeem ntxiv txog Kafka mloog ntawm no: www.confluent.io/blog/kafka-listeners-explained

SSL / TLS encryption
Txhawm rau kom ntseeg tau tias tsuas yog cov neeg siv khoom ntseeg tau tso cai nkag mus rau Kafka thiab Streaming API, peb yuav tsum teeb tsa cov hauv qab no:

  • Kev lees paub tseeb: Cov neeg siv khoom yuav tsum muab tus neeg siv lub npe thiab tus password los ntawm SSL / TLS kev sib txuas ruaj ntseg ntawm tus neeg siv khoom thiab Kafka.
  • Kev tso cai: Cov neeg tau txais kev lees paub tuaj yeem ua cov haujlwm tswj hwm los ntawm ACLs.

Ntawm no yog ib qho dhau lawmview:

Juniper-NETWORKS-Streaming-API-Software- (2)

*) Username/password authentication ua rau ntawm SSL-encrypted channel

Yuav kom nkag siab meej tias SSL/TLS encryption ua haujlwm li cas rau Kafka, thov mus saib cov ntaub ntawv raug cai: docs.confluent.io/platform/current/kafka/encryption.html

SSL / TLS Daim Ntawv Pov Thawj Tshajview

CEEB TOOM: Hauv seem no peb yuav siv cov lus hauv qab no:

Daim ntawv pov thawj: Daim ntawv pov thawj SSL kos npe los ntawm Daim Ntawv Pov Thawj Tso Cai (CA). Txhua Kafka broker muaj ib qho.
Keystore: Tus yuam sij file uas khaws daim ntawv pov thawj. Lub khw file muaj tus yuam sij ntiag tug ntawm daim ntawv pov thawj; yog li ntawd, nws yuav tsum tau khaws cia kom zoo.
Truststore: A file muaj cov ntawv pov thawj CA ntseeg tau.

Txhawm rau teeb tsa qhov kev lees paub ntawm tus neeg siv sab nraud thiab Kafka khiav hauv Chaw Tswj Xyuas, ob tog yuav tsum muaj lub khw muag khoom tseem ceeb uas tau txiav txim siab nrog daim ntawv pov thawj muaj feem cuam tshuam los ntawm Daim Ntawv Pov Thawj (CA) ua ke nrog CA daim ntawv pov thawj hauv paus.
Ntxiv rau qhov no, tus neeg siv khoom kuj yuav tsum muaj kev ntseeg siab nrog CA daim ntawv pov thawj hauv paus.
Daim ntawv pov thawj CA hauv paus yog ib qho rau Kafka broker thiab Kafka tus neeg siv khoom.

Tsim cov ntawv pov thawj xav tau
Qhov no muaj nyob rau hauv "Cov Ntawv Ntxiv" ntawm nplooj 17.

Kafka Broker SSL/TLS Configuration hauv Control Center

CEEB TOOM: Cov lus qhia no yuav tsum tau khiav ntawm Control Center server.

CEEB TOOM: Ua ntej txuas ntxiv mus, koj yuav tsum tsim cov keystore uas muaj daim ntawv pov thawj SSL los ntawm kev ua raws li cov lus qhia hauv "Appendix" ntawm nplooj 17. Cov kab lus hais hauv qab no yog los ntawm cov lus qhia no.
SSL keystore yog ib file khaws cia rau hauv disk nrog cov file extension .jks.

Thaum koj muaj daim ntawv pov thawj tsim nyog tsim rau Kafka broker thiab Kafka tus neeg siv khoom muaj, koj tuaj yeem txuas ntxiv los ntawm kev teeb tsa Kafka broker khiav hauv Control Center. Koj yuav tsum paub cov hauv qab no:

  • : Cov pej xeem hostname ntawm Control Center; Qhov no yuav tsum daws tau thiab siv tau los ntawm Kafka cov neeg siv khoom.
  • : Tus keystore password muab thaum tsim daim ntawv pov thawj SSL.
  • thiab : Cov no yog cov passwords uas koj xav teem rau tus thawj tswj hwm thiab cov neeg siv khoom raws. Nco ntsoov tias koj tuaj yeem ntxiv cov neeg siv ntau dua, raws li qhia hauv example.

Kho kom raug lossis ntxiv ntxiv (nrog sudo nkag) cov khoom hauv qab no hauv /etc/kafka/server.properties, ntxig rau cov kev hloov pauv saum toj no raws li qhia:

CEEB TOOM: Tsis txhob tshem PLAINTEXT://localhost:9092; qhov no yuav ua txhaum Control Center functionality vim cov kev pabcuam sab hauv yuav tsis tuaj yeem sib txuas lus.

  • # Cov chaw nyob uas Kafka broker mloog.
  • listeners=PLAINTEXT://localhost:9092,SASL_SSL://0.0.0.0:9093
  • # Cov no yog cov tswv lag luam tshaj tawm rov qab rau txhua tus neeg siv khoom sib txuas.
  • advertised.listeners=PLAINTEXT://localhost:9092,SASL_SSL:// ib: 9093..
  • ####### CUSTOM CONFIG
  • # SSL CONFIGURATION
  • ssl.endpoint.identification.algorithm =
    ssl.keystore.location=/var/ssl/private/kafka.server.keystore.jks
  • ssl.keystore.password =
  • ssl.key.password =
  • ssl.client.auth=none
  • ssl.protocol = TLSv1.2
  • # SASL kev teeb tsa
  • sasl.enabled.mechanisms=PLAIN
  • username = "admin" \
  • password =” ” \
  • user_admin =” ” \
  • user_client =” ”;
  • # CEEB TOOM ntau tus neeg siv tuaj yeem ntxiv nrog tus neeg siv_ =
  • # Kev tso cai, qhib ACLs
  • authorizer.class.name=kafka.security.authorizer.AclAuthorizer super.users=User:admin

Teeb tsa Access Control Lists (ACLs)

Qhib ACLs ntawm localhost

CEEB TOOM: Peb yuav tsum xub teeb tsa ACLs rau localhost, kom Control Center nws tus kheej tseem tuaj yeem nkag mus rau Kafka. Yog tias qhov no tsis ua tiav, tej yam yuav tawg.

  • -authorizer kafka.security.authorizer.AclAuthorizer \
  • -authorizer-properties zookeeper.connect=localhost:2181 \
  • –ntxiv –allow-principal User: ANONYMOUS –allow-host 127.0.0.1 –cluster
  • /usr/lib/kafka/bin/kafka-acls.sh \
  • -authorizer kafka.security.authorizer.AclAuthorizer \
  • -authorizer-properties zookeeper.connect=localhost:2181 \
  • –ntxiv –allow-principal User: ANONYMOUS –allow-host 127.0.0.1 –topic '*'
  • /usr/lib/kafka/bin/kafka-acls.sh \
  • -authorizer kafka.security.authorizer.AclAuthorizer \
  • -authorizer-properties zookeeper.connect=localhost:2181 \
  • –ntxiv –allow-principal User: ANONYMOUS –allow-host 127.0.0.1 –group '*'

Tom qab ntawd peb yuav tsum tau qhib ACLs rau sab nraud nyeem nkaus xwb, kom cov neeg siv sab nraud tau tso cai nyeem cov ntsiab lus paa.public.*.

### ACLs nkag rau cov neeg siv tsis qhia npe /usr/lib/kafka/bin/kafka-acls.sh \

Nco tseg: Rau kev tswj kom zoo ntxiv, thov xa mus rau cov ntaub ntawv Kafka official.

  • -authorizer kafka.security.authorizer.AclAuthorizer \
  • -authorizer-properties zookeeper.connect=localhost:2181 \
  • -ntxiv -allow-principal User:* -operation read -operation piav \ -group 'NCC'
  • /usr/lib/kafka/bin/kafka-acls.sh \
  • -authorizer kafka.security.authorizer.AclAuthorizer \
  • -authorizer-properties zookeeper.connect=localhost:2181 \
  • –add –allow-principal User:* –operation read –operation piav txog \ –topic paa.public. -resource-pattern-type prefixed

Thaum ua tiav nrog qhov no, koj yuav tsum rov pib cov kev pabcuam:

### ACLs nkag rau cov neeg siv sab nraud /usr/lib/kafka/bin/kafka-acls.sh \
  • sudo ncc services restart

Txhawm rau txheeb xyuas tias tus neeg siv khoom tuaj yeem tsim kom muaj kev sib txuas ruaj ntseg, khiav cov lus txib hauv qab no rau sab nraud
tus neeg siv lub computer (tsis yog ntawm Control Center server). Hauv qab no, PUBLIC_HOSTNAME yog Lub Chaw Tswj Xyuas hostname:

  • openssl s_client -debug -connect ${PUBLIC_HOSTNAME}:9093 -tls1_2 | grep "Kev Ruaj Ntseg Kev Sib Koom Tes yog txhawb nqa"

Hauv cov lus txib tso zis koj yuav tsum pom daim ntawv pov thawj server nrog rau cov hauv qab no:

  • Kev ruaj ntseg Renegotiation IS txaus siab

Txhawm rau kom ntseeg tau tias cov kev pabcuam sab hauv tau tso cai nkag mus rau Kafka server, thov xyuas cov ntawv teev lus hauv qab nofiles:

  • /var/log/kafka/server.log
  • /var/log/kafka/kafka-authorizer.log

Validating External Client Connectivity

kafkacat

Nco tseg: Cov lus qhia no yuav tsum tau khiav ntawm tus neeg siv lub computer (tsis yog ntawm Control Center server).
Nco tseg: Txhawm rau tso saib cov ntaub ntawv ntsuas, xyuas kom meej tias tsawg kawg ib tus saib tau khiav hauv Control Center.

Txhawm rau txheeb xyuas thiab lees paub kev sib txuas ua tus neeg siv khoom sab nraud, nws muaj peev xwm siv cov khoom siv kafkacat uas tau teeb tsa hauv ntu "Tshawb xyuas tias Streaming API Ua Haujlwm hauv Chaw Tswj Xyuas" ntawm nplooj 4.
Ua cov kauj ruam hauv qab no:

Nco tseg: Hauv qab no, CLIENT_USER yog tus neeg siv yav dhau los teev nyob rau hauv file /etc/kafka/server.properties hauv Control Center: uas yog, user_client thiab tus password teem rau ntawd.
Daim ntawv pov thawj CA hauv paus siv los kos npe rau sab server SSL daim ntawv pov thawj yuav tsum muaj nyob rau ntawm tus neeg siv khoom.

Tsim ib file client.properties nrog cov ntsiab lus hauv qab no:

  • security.protocol=SASL_SSL
  • ssl.ca.location = {PATH_TO_CA_CERT}
  • sasl.mechanisms=PLAIN
  • sasl.username = {CLIENT_USER}
  • sasl.password = {CLIENT_PASSWORD}

qhov twg

  • {PATH_TO_CA_CERT} yog qhov chaw ntawm CA daim ntawv pov thawj hauv paus siv los ntawm Kafka broker
  • {CLIENT_USER} thiab {CLIENT_PASSWORD} yog tus neeg siv daim ntawv pov thawj rau tus neeg siv khoom.

Khiav cov lus txib hauv qab no kom pom cov lus noj los ntawm kafkacat:

  • export KAFKA_FQDN =
  • export METRICS_TOPIC=paa.public.accounts. .metrics
  • kafkacat -b ${KAFKA_FQDN}:9093 -F client.properties -t ${METRICS_TOPIC} -C -e

qhov twg {METRICS_TOPIC} yog lub npe ntawm Kafka lub ntsiab lus nrog prefix "paa.public.".

CEEB TOOM: Cov qub versions ntawm kafkacat tsis muab qhov kev xaiv -F rau kev nyeem cov neeg siv kev teeb tsa los ntawm a file. Yog hais tias koj siv xws li ib tug version, koj yuav tsum muab tib qhov chaw los ntawm cov kab hais kom ua raws li qhia hauv qab no.

kafkacat -b ${KAFKA_FQDN}:9093 \

  • X security.protocol=SASL_SSL \
  • X ssl.ca.location = {PATH_TO_CA_CERT} \
  • X sasl.mechanisms = PLAIN \
  • X sasl.username = {CLIENT_USER} \
  • X sasl.password = {CLIENT_PASSWORD} \
  • t ${METRICS_TOPIC} -C -e

Txhawm rau debug qhov kev sib txuas, koj tuaj yeem siv qhov kev xaiv -d:

Debug kev sib txuas lus ntawm cov neeg siv khoom
kafkacat -d neeg siv khoom -b ${KAFKA_FQDN}:9093 -F client.properties -t ${METRICS_TOPIC} -C -e
# Debug broker kev sib txuas lus
kafkacat -d broker -b ${KAFKA_FQDN}:9093 -F client.properties -t ${METRICS_TOPIC} -C -e

Nco ntsoov xa mus rau cov ntaub ntawv rau lub tsev qiv ntawv Kafka tus neeg siv khoom, vim tias cov khoom yuav txawv ntawm cov hauv client.properties.

Lus Format
Cov lus siv rau cov metrics thiab cov ntsiab lus metadata yog serialized hauv Protocol buffers (protobuf) hom ntawv (saib developers.google.com/protocol-buffers). Cov schemas rau cov lus no ua raws li cov qauv hauv qab no:

Metrics Protobuf Schema

  • syntax = "proto3";
  • import “google/protobuf/timestamp.proto";
  • pob paa.streamingapi;
  • option go_package = “.;paa_streamingapi”;
  • lus Metrics {
  • google.protobuf.Tam sim noamp sij hawmamp = 1;
  • daim ntawv qhia tus nqi = 2;
  • int32 stream_id = 3;
  • }
  • /**
  • * Tus nqi metric tuaj yeem yog tus lej lossis ntab.
  • */
  • lus MetricValue {
  • ib hom {
  • int64 int_val = 1;
  • float_val = 2;
  • }
  • }

Metadata Protobuf Schema

  • syntax = "proto3";
  • pob paa.streamingapi;
  • option go_package = “.;paa_streamingapi”;
  • lus Metadata {
  • int32 stream_id = 1;
  • string stream_name = 2;
  • daim ntawv qhia tags = 13;
  • }

Client Examples

CEEB TOOM: Cov lus txib no yog npaj los khiav ntawm tus neeg siv khoom sab nraud, rau example koj lub laptop lossis zoo sib xws, thiab tsis nyob hauv Control Center.
CEEB TOOM: Txhawm rau kom muaj cov ntaub ntawv ntsuas ntsuas, xyuas kom meej tias tsawg kawg ib tus saib tau khiav hauv Control Center.

Lub Chaw Tswj Xyuas tarball suav nrog archive paa-streaming-api-client-examples.tar.gz (cov neeg siv khoom-examples), uas muaj ib qho example Python tsab ntawv qhia yuav ua li cas siv Streaming API.

Txhim kho thiab Configuring Client Examples
Koj pom cov neeg siv khoom-examples hauv Paragon Active Assurance Control Center folder:

  • export CC_VERSION=4.1.0
  • cd ./paa-control-center_${CC_VERSION}
  • ls paa-streaming-api-client-examples*

Txhawm rau nruab tus neeg siv khoom-examples ntawm koj lub computer neeg siv sab nraud, ua raws li hauv qab no:

  • # Tsim cov npe rau rho tawm cov ntsiab lus ntawm tus neeg siv khoom examples tarball
  • mkdir paa-streaming-api-client-examples
  • # Extract cov ntsiab lus ntawm tus neeg siv khoom examples tarball
  • tar xzf paa-streaming-api-client-examples.tar.gz -C paa-streaming-api-client-examples
  • # Mus rau cov ntawv teev npe tshiab tsim
  • cd paa-streaming-api-client-examples

neeg-examples xav kom Docker khiav. Downloads thiab installation cov lus qhia rau Docker tuaj yeem pom ntawm https://docs.docker.com/engine/install.

Siv Client Examples
Cov neeg siv khoom-examples cov cuab yeej tuaj yeem khiav hauv hom pib lossis qib siab los tsim examples ntawm txawv complexity. Nyob rau hauv ob qho tib si, nws tseem ua tau los khiav tus examples nrog configuration file muaj cov khoom ntxiv rau kev hloov kho ntxiv ntawm cov neeg siv khoom sab.

Hom kev yooj yim
Nyob rau hauv hom yooj yim, cov metrics thiab lawv cov metadata yog streamed nyias. Txog rau qhov kawg no, tus neeg siv tau mloog txhua lub ntsiab lus Kafka muaj rau kev nkag mus rau sab nraud thiab tsuas yog luam tawm cov lus tau txais mus rau lub console.
Txhawm rau pib ua tiav ntawm qhov pib examples, run:

  • build.sh run-basic –kafka-brokers localhost:9092 –account ACCOUNT_SHORTNAME

qhov twg ACCOUNT_SHORTNAME yog lub npe luv ntawm tus account koj xav kom tau txais cov ntsuas los ntawm.
Txhawm rau txiav txim siab ua tus example, nias Ctrl + C. (Tej zaum yuav muaj kev ncua me ntsis ua ntej qhov kev txiav txim nres vim tus neeg siv khoom tos rau lub sijhawm sijhawm.)

Advanced hom

Nco tseg: Metrics tsuas yog tso tawm rau HTTP saib uas khiav hauv Control Center.

Kev ua tiav hauv hom qib siab qhia tau hais tias kev sib raug zoo ntawm kev ntsuas thiab cov lus metadata. Qhov no yog
ua tau ua tsaug rau qhov muaj nyob rau hauv txhua qhov metrics lus ntawm kwj id teb uas yog hais txog cov lus metadata sib raug.
Txhawm rau ua qhov kev tshaj lij examples, run:

  • build.sh run-advanced –kafka-brokers localhost:9092 – account ACCOUNT_SHORTNAME

qhov twg ACCOUNT_SHORTNAME yog lub npe luv ntawm tus account koj xav kom tau txais cov ntsuas los ntawm.
Txhawm rau txiav txim siab ua tus example, nias Ctrl + C. (Tej zaum yuav muaj kev ncua me ntsis ua ntej qhov kev txiav txim nres vim tus neeg siv khoom tos rau lub sijhawm sijhawm.)

Ntxiv Chaw
Nws muaj peev xwm khiav tus examples nrog ntxiv kev teeb tsa ntawm tus neeg siv khoom siv -config-file kev xaiv ua raws li a file lub npe muaj cov khoom hauv daim ntawv tseem ceeb = tus nqi.

  • build.sh run-advanced \
  • -kafka-brokers localhost:9092 \
  • -tus account ACCOUNT_SHORTNAME \
  • -config-file client_config.properties

Nco tseg: Txhua tus files hais nyob rau hauv cov lus txib saum toj no yuav tsum nyob rau hauv cov npe tam sim no thiab raug xa mus siv cov kev txheeb ze nkaus xwb. Qhov no siv ob qho tib si rau -config-file sib cav thiab rau tag nrho cov nkag hauv kev teeb tsa file uas piav file qhov chaw.

Validating External Client Authentication
Txhawm rau txheeb xyuas tus neeg siv khoom pov thawj los ntawm sab nraud Lub Chaw Tswj Xyuas siv tus neeg siv khoom-examples, ua cov kauj ruam hauv qab no:

Los ntawm Paragon Active Assurance Control Center folder, hloov mus rau paa-streaming-api-client-examples folder:

cd paa-streaming-api-client-examples

  • Luam daim ntawv pov thawj CA hauv paus ca-cert rau hauv cov npe tam sim no.
  • Tsim ib tug client.properties file nrog cov ntsiab lus hauv qab no:

security.protocol=SASL_SSL ssl.ca.location=ca-cert
sasl.mechanism=PLAIN
sasl.username = {CLIENT_USER}
sasl.password = {CLIENT_PASSWORD}

qhov twg {CLIENT_USER} thiab {CLIENT_PASSWORD} yog tus neeg siv daim ntawv pov thawj rau tus neeg siv khoom.

Khiav Basic examples:

  • export KAFKA_FQDN =
  • build.sh run-basic –kafka-brokers ${KAFKA_FQDN}:9093 \
  • -tus account ACCOUNT_SHORTNAME
  • -config-file client.properties

qhov twg ACCOUNT_SHORTNAME yog lub npe luv ntawm tus account koj xav kom tau txais cov ntsuas los ntawm.

Khiav advanced examples:

  • export KAFKA_FQDN =
  • build.sh run-advanced –kafka-brokers ${KAFKA_FQDN}:9093 \
  • -tus account ACCOUNT_SHORTNAME
  • -config-file client.properties

Cov ntawv ntxiv

Hauv daim ntawv ntxiv no peb piav qhia yuav ua li cas tsim:

  • ib tug keystore file rau khaws cia Kafka broker SSL daim ntawv pov thawj
  • ib tug truststore file rau khaws daim ntawv pov thawj Authority (CA) hauv paus daim ntawv pov thawj siv los kos npe rau Kafka broker daim ntawv pov thawj.

Tsim ib daim ntawv pov thawj Kafka Broker
Tsim ib daim ntawv pov thawj siv daim ntawv pov thawj tiag tiag (pom zoo)
Nws raug nquahu kom koj tau txais daim ntawv pov thawj SSL tiag tiag los ntawm CA ntseeg siab.
Thaum koj tau txiav txim siab ntawm CA, luam lawv daim ntawv pov thawj CA hauv paus ca-cert file mus rau koj tus kheej txoj kev raws li qhia hauv qab no:

  • export CA_PATH=~/my-ca
  • mkdir ${CA_PATH}
  • cp ca-cert ${CA_PATH}

Tsim Koj Tus Kheej Daim Ntawv Pov Thawj

CEEB TOOM: Feem ntau koj yuav tsum muaj koj daim ntawv pov thawj kos npe los ntawm Lub Tuam Txhab Ntawv Pov Thawj tiag; saib lub subsection ua ntej. Dab tsi hauv qab no tsuas yog example.

Ntawm no peb tsim peb tus kheej Certificate Authority (CA) daim ntawv pov thawj hauv paus file siv tau rau 999 hnub (tsis pom zoo hauv kev tsim khoom):

  • # Tsim ib phau ntawv khaws cia CA
  • export CA_PATH=~/my-ca
  • mkdir ${CA_PATH}
  • # Tsim daim ntawv pov thawj CA
  • openssl req -new -x509 -keyout ${CA_PATH}/ca-key -out ${CA_PATH}/ca-cert -days 999

Tsim cov Client Truststore
Tam sim no koj muaj peev xwm tsim ib tug truststore file uas muaj cov ca-cert generated saum toj no. Qhov no file yuav xav tau los ntawm Kafka tus neeg siv uas yuav nkag mus rau Streaming API:

  • keytool -keystore kafka.client.truststore.jks \
    • npe CARoot \
    • importcert -file ${CA_PATH}/ca-cert

Tam sim no hais tias daim ntawv pov thawj CA yog nyob rau hauv truststore, tus neeg siv yuav tso siab rau ib daim ntawv pov thawj kos npe nrog nws.
Koj yuav tsum tau luam theej duab file kafka.client.truststore.jks mus rau qhov chaw paub ntawm koj lub computer cov neeg siv khoom thiab taw tes rau nws hauv qhov chaw.

Tsim lub Keystore rau Kafka Broker
Txhawm rau tsim Kafka tus broker SSL daim ntawv pov thawj thiab tom qab ntawd tus keystore kafka.server.keystore.jks, ua raws li hauv qab no:

Tsim daim ntawv pov thawj SSL
Hauv qab no, 999 yog tus naj npawb ntawm hnub siv tau ntawm lub khw muag khoom tseem ceeb, thiab FQDN yog tus tsim nyog sau npe ntawm tus neeg siv khoom (public hostname ntawm node).

CEEB TOOM: Nws yog ib qho tseem ceeb uas FQDN phim lub npe tiag tiag uas tus neeg siv Kafka yuav siv los txuas rau Chaw Tswj Xyuas.

  • sudo mkdir -p /var/ssl/private
  • sudo chown -R $USER: /var/ssl/private
  • cd /var/ssl/private
  • export FQDN = keytool -keystore kafka.server.keystore.jks \
  • - alias server \
  • - siv tau 999 \
  • - genkey -keyalg RSA -ext SAN = dns:${FQDN}

Tsim ib daim ntawv pov thawj kos npe thov thiab khaws cia rau hauv lub file npe cert-server-request:

  • keytool -keystore kafka.server.keystore.jks \
    • - alias server \
    • – certreq \
    • – file cert-server-thov

Koj yuav tsum tam sim no xa cov file cert-server-thov rau koj daim ntawv pov thawj Authority (CA) yog tias koj siv ib qho tiag. Tom qab ntawd lawv yuav rov qab daim ntawv pov thawj kos npe. Peb yuav xa mus rau qhov no raws li daim ntawv pov thawj-server-kos npe hauv qab no.

Kos npe rau daim ntawv pov thawj SSL Siv daim ntawv pov thawj CA tus kheej

Nco tseg: Ib zaug ntxiv, siv koj tus kheej CA tsis pom zoo hauv cov txheej txheem ntau lawm.

Kos npe rau daim ntawv pov thawj siv CA los ntawm txoj kev file cert-server-request, uas tsim daim ntawv pov thawj kos npe cert-server-signed. Saib hauv qab no; ca-password yog tus password teem thaum tsim daim ntawv pov thawj CA.

  • cd /var/ssl/private openssl x509 -req \
    • – CA ${CA_PATH}/ca-cert \
    • – CAkey ${CA_PATH}/ca-key \
    • - hauv cert-server-request \
    • - tawm cert-server-signed \
    • - hnub 999 -CAcreateserial \
    • - passin pass: {ca-password}

Importing daim ntawv pov thawj kos npe rau hauv Keystore

Ntshuam daim ntawv pov thawj ca-cert hauv paus rau hauv keystore:

  • keytool -keystore kafka.server.keystore.jks \
    • - alias ca-cert \
    • - import \
    • – file ${CA_PATH}/ca-cert

Ntshuam daim ntawv pov thawj kos npe hu ua cert-server-signed:

  • keytool -keystore kafka.server.keystore.jks \
    • - alias server \
    • - import \
    • – file cert-server-signed

Cov file kafka.server.keystore.jks yuav tsum tau theej rau qhov chaw paub ntawm Control Center server, thiab xa mus rau hauv /etc/kafka/server.properties.

Siv lub Streaming API

QHOV NO

  • General | 20
  • Kafka Lub Npe Lub Npe | 21
  • Examples ntawm Siv Streaming API | 21

General
streaming API coj ob qho tib si kuaj thiab saib xyuas cov ntaub ntawv. Nws tsis tuaj yeem cais tawm ib qho ntawm cov pawg no.
streaming API tsis nqa cov ntaub ntawv los ntawm cov ntawv xeem (cov uas sawv cev los ntawm lub duab plaub tsis yog ib qho jigsaw hauv Control Center GUI), xws li Ethernet kev pabcuam ua kom muaj kev sim thiab kev kuaj pom tseeb.

Kafka Topic Names
Cov npe Kafka cov npe rau streaming API yog raws li hauv qab no, qhov twg %s yog lub npe luv ntawm Control Center account (qhia thaum tsim tus account):

  • const (
  • exporterName = "kafka"
  • metadataTopicTpl = “paa.public.accounts.%s.metadata” metricsTopicTpl = “paa.public.accounts.%s.metrics” )

Examples ntawm Kev Siv Streaming API
Cov examples uas ua raws yog pom nyob rau hauv tarball paa-streaming-api-client-examples.tar.gz muaj nyob rau hauv Control Center tarball.
Ua ntej, muaj ib qho yooj yim example ua qauv qhia yuav ua li cas cov metrics thiab lawv cov metadata yog streamed nyias thiab yooj yim luam cov lus tau txais mus rau lub console. Koj tuaj yeem khiav nws raws li hauv qab no:

  • sudo ./build.sh run-basic –kafka-brokers localhost:9092 –account ACCOUNT_SHORTNAME

Tseem muaj ib tug tshaj example qhov twg metrics thiab metadata lus muaj correlated. Siv cov lus txib no los khiav nws:

  • sudo ./build.sh run-advanced –kafka-brokers localhost:9092 –account ACCOUNT_SHORTNAME

Koj yuav tsum siv sudo los khiav Docker cov lus txib xws li cov saum toj no. Optionally, koj tuaj yeem ua raws li Linux cov kauj ruam tom qab kev teeb tsa kom muaj peev xwm khiav Docker cov lus txib yam tsis muaj sudo. Yog xav paub ntxiv, mus rau docs.docker.com/engine/install/linux-postinstall.

Juniper Networks, Juniper Networks logo, Juniper, thiab Junos yog cov npe lag luam ntawm Juniper Networks, Inc. hauv Tebchaws Meskas thiab lwm lub tebchaws. Tag nrho lwm cov cim kev lag luam, cov cim kev pabcuam, cov cim sau npe, lossis cov cim npe kev pabcuam yog cov cuab yeej ntawm lawv cov tswv. Juniper Networks xav tias tsis muaj lub luag haujlwm rau qhov tsis raug hauv daim ntawv no. Juniper Networks muaj cai hloov pauv, hloov kho, hloov pauv, lossis hloov kho cov ntawv tshaj tawm no yam tsis muaj ntawv ceeb toom. Copyright © 2023 Juniper Networks, Inc. All rights reserved.

Cov ntaub ntawv / Cov ntaub ntawv

Juniper NETWORKS Streaming API Software [ua pdf] Cov neeg siv phau ntawv qhia
Streaming API Software, API Software, Software

Cov ntaub ntawv

Cia ib saib

Koj email chaw nyob yuav tsis raug luam tawm. Cov teb uas yuav tsum tau muaj yog cim *