ọdịnaya zoo
1 Juniper NETWORKS gụgharia API Software
2 Ozi ngwaahịa
3 Okwu mmalite
4 Mepee Kafka maka ndị ọbịa mpụga
5 Ịtọlite ​​ndepụta njikwa nnweta (ACLs)
5.1 ### Ndenye ACL maka ndị ọrụ amaghị aha /usr/lib/kafka/bin/kafka-acls.sh
5.2 ### Ndenye ACL maka ndị ọrụ mpụga /usr/lib/kafka/bin/kafka-acls.sh
6 Na-akwado Njikọ Ndị ahịa Mpụga
7 Ihe odide ntụkwasị
8 Iji API gụgharia
9 Akwụkwọ / akụrụngwa
9.1 Ntụaka

Juniper-akara ngosi

Juniper NETWORKS gụgharia API SoftwareJuniper-NETWORKS-ngwaahịa-API-Software-ngwaahịa

Ozi ngwaahịa

Nkọwapụta

  • Aha ngwaahịa: Paragon Active Assurance
  • Ụdị: 4.1
  • Ụbọchị ebipụtara: 2023-03-15

Okwu mmalite:
Ntuziaka a na-enye ntụziaka maka otu esi ewepụ data na Paragon Active Assurance site na iji API nkwanye ngwaahịa. Agụnyere onye ahịa iyi na API n'ime nrụnye nkwa na Paragon Active, mana achọrọ nhazi ụfọdụ tupu iji API. Ekpuchiri usoro nhazi ahụ na ngalaba "Configuring the Streaming API".

Na-ahazi API gụgharia:
Usoro ndị a na-akọwapụta usoro iji hazie API nkwanye ugwu:

gafereview
Kafka bụ usoro mgbasa ozi mmemme emebere maka ijide oge na nchekwa data sitere na isi mmalite dị iche iche. Ọ na-enyere aka njikwa nke iyi ihe omume na nkesa, scalable, anabataghị mmejọ, na n'ụzọ echekwara. Ntuziaka a na-elekwasị anya na ịhazi Kafka iji jiri njirimara API Streaming na Paragon Active Assurance Control Center.

Okwu okwu
API gụgharia na-enye ndị ahịa mpụga ohere iweghachite ozi metrik na Kafka. A na-eziga metrics nke ndị nnọchi anya ule anakọtara n'oge ule ma ọ bụ ọrụ nlekota na ọrụ Stream. Mgbe nhazichara, ọrụ Stream na-ebipụta metrik ndị a na Kafka yana metadata ndị ọzọ.

Isiokwu Kafka
API gụgharia na-eji isiokwu Kafka hazie na chekwaa metrik na metadata. Enwere ike ịmepụta ma jikwaa isiokwu Kafka dịka ihe a chọrọ.

Na-eme API gụgharia
Iji mee API gụgharia, soro usoro ndị a:

  1. Gbaa iwu ndị a na sava Control Center site na iji sudo:
KAFKA_METRICS_ENABLED = Ezi sudo ncc ọrụ na-enyere timescaledb metrics sudo ncc ọrụ malite timescaledb metrics sudo ncc ọrụ malitegharịa

Ịkwado na API gụgharia na-arụ ọrụ na ebe njikwa:
Iji chọpụta na ị na-enweta metrik na isiokwu Kafka ziri ezi:

  1. Wụnye akụrụngwa kafkacat na iwu ndị a:
    sudo apt-nweta mmelite
    sudo apt-nweta wụnye kafkacat
  1. Dochie "myaccount" na obere aha akaụntụ gị na
    Ebe njikwa URL:
    mbupụ METRICS_TOPIC=paa.public.accounts.myaccount.metrics
    mbupụ METADATA_TOPIC=paa.public.accounts.myaccount.metadata
  1. Run the following command to view metrics:
    kafkacat -b ${KAFKA_FQDN}:9092 -t ${METRICS_TOPIC} -C -e
    Rịba ama: Iwu dị n'elu ga-egosipụta metrik.
  2. Iji view metadata, mee iwu a:
    kafkacat -b ${KAFKA_FQDN}:9092 -t ${METADATA_TOPIC} -C -e

Rịba ama: Iwu dị n'elu ga-egosipụta metadata, mana ọ gaghị emelite ugboro ugboro.

Onye ahịa Examples
Maka onye ahịa examples na ozi ndị ọzọ, rụtụ aka na ibe 14 nke akwụkwọ ntuziaka onye ọrụ.

Ajụjụ (Ajụjụ a na-ajụkarị)

  • Ajụjụ: Gịnị bụ mmesi obi ike nke Paragon?
    A: Paragon Active Assurance bụ ngwaahịa na-enye ike nlekota na ule.
  • Ajụjụ: Gịnị bụ API gụgharia?
    A: API gụgharia bụ njiri dị na Paragon Active Assurance nke na-enye ndị ahịa mpụga ohere iweghachite ozi metrik na Kafka.
  • Ajụjụ: Kedu ka m ga-esi mee API gụgharia?
    A: Iji mee API gụgharia, soro usoro ndị akọwapụtara na ngalaba “Enabling the Streaming API” nke akwụkwọ ntuziaka onye ọrụ.
  • Ajụjụ: Kedu ka m ga-esi chọpụta na API Streaming na-arụ ọrụ?
    A: Rụtụ aka na ngalaba "Ịkwado na API gụgharia na-arụ ọrụ na ebe njikwa" maka ntuziaka maka otu esi enyocha arụmọrụ API Streaming.

Okwu mmalite

Ntuziaka a na-akọwa otu esi ewepụ data na Paragon Active Assurance site na API nkwanye ngwaahịa.
API yana onye ahịa na-enuba na-esonye na nrụnye nkwa ike nke Paragon. Agbanyeghị, a chọrọ ntakịrị nhazi tupu ị nwee ike iji API. Ekpuchiri nke a na “Configuring the Streaming API” na ibe 1 isi.

gafereview
Isiakwụkwọ a na-akọwa otu esi ahazi API Streaming iji nye ohere ịdenye aha na ozi metrics site na Kafka.
pr
N'okpuru anyị ga-agafe:

  • Otu esi eme API gụgharia
  • Otu esi ahazi Kafka ka ọ gee ndị ahịa mpụga ntị
  • Otu esi ahazi Kafka iji ACL wee guzobe nzuzo SSL maka ndị ahịa kwuru

Kedu ihe bụ Kafka?
Kafka bụ usoro mgbasa ozi mmemme nke na-enye ohere ijide data ezitere site na isi mmalite mmemme dị iche iche (ihe mmetụta, ọdụ data, ngwaọrụ mkpanaka) n'ụdị iyi mmemme, yana ịchekwa oge na-adịgide adịgide nke iyi ihe omume ndị a maka iweghachite na ntughari.
Site na Kafka ọ ga-ekwe omume ijikwa mmemme gụgharia ngwụcha-ọgwụgwụ na nkesa nkesa, nke nwere ike ịgbatị, na-agbanwe, na-anabata mmejọ, yana n'ụzọ echekwara.

IHE: Enwere ike ịhazi Kafka n'ọtụtụ ụzọ dị iche iche ma emebere ya maka scalability na sistemụ anaghị arụ ọrụ. Akwụkwọ a na-elekwasị anya naanị otu esi ahazi ya ka ọ jiri njirimara API Streaming dị na Paragon Active Assurance Control Center. Maka ntọala ndị ọzọ dị elu anyị na-ezo aka na akwụkwọ Kafka gọọmentị: kafka.apache.org/26/documentation.html.

Okwu okwu

  • Kafka: ikpo okwu na-enuba mmemme.
  • Isiokwu Kafka: Nchịkọta ihe omume.
  • Ndị debanyere aha/onye ahịa Kafka: Akụkụ na-ahụ maka iweghachi ihe omume echekwara na isiokwu Kafka.
  • Onye na-ere ahịa Kafka: Ihe nkesa oyi akwa nke ụyọkọ Kafka.
  • SSL/TLS: SSL bụ ụkpụrụ echekwara maka izipu ozi na nzuzo na ịntanetị. TLS bụ onye nọchiri SSL, ewepụtara na 1999.
  • SASL: Framework nke na-enye usoro maka njirimara onye ọrụ, ịlele iguzosi ike n'ezi ihe data, na izo ya ezo.
  • Ndị debanyere aha API na-agagharị agagharị: Akụkụ na-ahụ maka iweghachi mmemme echekwara na isiokwu akọwapụtara na Paragon Active Assurance na pụtara maka ịnweta mpụga.
  • Ikike Asambodo: Ụlọ ọrụ tụkwasịrị obi na-ewepụta ma kagbuo asambodo igodo ọha.
  • Akwụkwọ mgbọrọgwụ ikike ikike: Asambodo igodo ọha na-achọpụta ikike asambodo.

Kedu ka API gụgharia si arụ ọrụ
Dịka ekwuru na mbụ, API Streaming na-enye ohere ka ndị ahịa dịpụrụ adịpụ weghachi ozi gbasara metrik na Kafka.

A na-eziga metrik niile nke ndị nnọchi anya ule anakọtara n'oge ule ma ọ bụ ọrụ nlekota na ọrụ Stream. Mgbe usoro nhazi gasịrị, ọrụ Stream na-ebipụta metrik ndị ahụ na Kafka yana metadata ndị ọzọ.

Juniper-NETWORKS-Ntụgharị-API-Software- (1)

Isiokwu Kafka
Kafka nwere echiche nke isiokwu a na-ebipụta data niile. Na Paragon Active Assurance enwere ọtụtụ isiokwu Kafka dị; Otú ọ dị, ọ bụ naanị akụkụ nke ndị a ka e mere maka ịnweta mpụga.
Akaụntụ mmesi obi ike nke Paragon ọ bụla dị na Control Center nwere isiokwu abụọ raara onwe ya nye. N'okpuru, ACCOUNT bụ aha mkpirisi akaụntụ:

  • paa.ọha.akaụntụ.{ACCOUNT}.metrics
    • Ebiputere ozi metrik niile maka akaụntụ enyere na isiokwu a
    • Ọnụ ọgụgụ buru ibu nke data
    • Ugboro mmelite dị elu
  • paa.ọha.akaụntụ.{ACCOUNT}.metadata
    • Nwere metadata metụtara data metrik, maka example ule, nyochaa ma ọ bụ onye nnọchi anya ule jikọtara na metrik
    • Obere data
    • Ugboro mmelite dị ala

Na-eme API gụgharia

IHE: A ga-agba ọsọ ntuziaka ndị a na sava Control Center site na iji sudo.

Ebe API gụgharia na-agbakwunye ụfọdụ isi na ebe njikwa, anaghị enyere ya aka na ndabara. Iji mee API, anyị ga-ebu ụzọ mee ka ibipụta metrics na Kafka na nhazi bụ isi file:

KAFKA_METRICS_ENABLED = Eziokwu

Ịdọ aka ná ntị: Ịkwado njirimara a nwere ike imetụta arụmọrụ Center Control. Jide n'aka na i meela ihe atụ gị n'otu aka ahụ.

Na-esote, iji mee ka iziga metrik ndị a gaa na isiokwu Kafka ziri ezi:

streaming-api: eziokwu

Iji mee ma malite ọrụ API Streaming, gbaa ọsọ:

  • sudo ncc ọrụ na-enyere timescaledb metrics
  • sudo ncc ọrụ na-amalite timescaledb metrics

N'ikpeazụ, malitegharịa ọrụ ndị a:

  • sudo ncc malitegharịa

Na-enyocha na API gụgharia na-arụ ọrụ na ebe njikwa

IHE: A ga-eme ntuziaka ndị a na sava ebe njikwa.

Ị nwere ike ịchọpụta ugbu a na ị na-enweta metrik na isiokwu Kafka ziri ezi. Iji mee nke a, wụnye ngwa kafkacat:

  • sudo apt-nweta mmelite
  • sudo apt-nweta wụnye kafkacat

Ọ bụrụ na ị nwere ule ma ọ bụ nyochaa na-agba ọsọ na Control Center, ị ga-enwe ike iji kafkacat nweta metrics na metadata na isiokwu ndị a.
Dochie akaụntụ m na obere aha akaụntụ gị (nke a bụ ihe ị na-ahụ na ebe njikwa gị URL):

  • mbupụ METRICS_TOPIC=paa.public.accounts.myaccount.metrics
  • mbupụ METADATA_TOPIC=paa.public.accounts.myaccount.metadata

Ị ga-ahụ metrics ugbu a site na iji iwu a:

  • kafkacat -b ${KAFKA_FQDN}:9092 -t ${METRICS_TOPIC} -C -e

Iji view metadata, mee iwu a (rịba ama na nke a agaghị emelite ugboro ugboro):

  • kafkacat -b ${KAFKA_FQDN}:9092 -t ${METADATA_TOPIC} -C -e

IHE:
kafkacat” Client Examples” na ibe 14

Nke a na-achọpụta na anyị nwere API gụgharia na-arụ ọrụ site na ebe njikwa. Agbanyeghị, o yikarịrị ka ị nwere mmasị ịnweta data sitere n'aka onye ahịa mpụga kama. Akụkụ na-esote na-akọwa otu esi emepe Kafka maka ịnweta mpụga.

Mepee Kafka maka ndị ọbịa mpụga

IHE: A ga-eme ntuziaka ndị a na sava ebe njikwa.

Site na ndabara, a haziri Kafka na-agba ọsọ na Control Center ka ọ gee ntị na localhost maka ojiji ime. Ọ ga-ekwe omume imeghe Kafka maka ndị ahịa mpụga site n'ịgbanwe ntọala Kafka.

Ijikọ na Kafka: Caveats

kpachara anya: Biko gụọ nke ọma nke ọma, ebe ọ bụ na ọ dị mfe ịbanye na okwu njikọ na Kafka ma ọ bụrụ na ị ghọtaghị echiche ndị a.

N'ime ntọala njikwa njikwa akọwapụtara na akwụkwọ a, enwere naanị otu onye na-ere ahịa Kafka.
Otú ọ dị, rịba ama na onye na-ere ahịa Kafka pụtara ịgba ọsọ dị ka akụkụ nke ụyọkọ Kafka nke nwere ike ịgụnye ọtụtụ ndị na-ere ahịa Kafka.
Mgbe ị na-ejikọta na onye na-ere ahịa Kafka, onye ahịa Kafka na-ahazi njikọ mbụ. N'ime njikọ a, onye na-ere ahịa Kafka ga-eweghachite ndepụta nke "ndị na-ege ntị mgbasa ozi", nke bụ ndepụta nke otu ma ọ bụ karịa ndị na-ere ahịa Kafka.
Na ịnweta ndepụta a, onye ahịa Kafka ga-akwụsị njikọ, wee jikọọ na otu n'ime ndị na-ege ntị mgbasa ozi. Ndị na-ege ntị kpọsara ga-enwerịrị aha nnabata ma ọ bụ adreesị IP nke ndị ahịa Kafka nwere ike ịnweta, ma ọ bụ onye ahịa agaghị ejikọta ya.
Ọ bụrụ na ejiri SSL ezoro ezo, gụnyere asambodo SSL nke ejikọtara na aha nnabata, ọ dị mkpa karịa na onye ahịa Kafka nata adreesị ziri ezi iji jikọọ na, ebe ọ bụ na enwere ike ịjụ njikọ ahụ.
Gụkwuo maka ndị na-ege Kafka ebe a: www.confluent.io/blog/kafka-listeners-explained

SSL/TLS ezoro ezo
Iji hụ na ọ bụ naanị ndị ahịa tụkwasịrị obi ka anabatara Kafka na API Streaming, anyị ga-ahazi ihe ndị a:

  • Nyocha: Ndị ahịa ga-enye aha njirimara na paswọọdụ site na njikọ SSL/TLS dị n'etiti onye ahịa na Kafka.
  • Ikike: Ndị ahịa nwere nkwenye nwere ike ịrụ ọrụ ndị ACL na-ahazi.

Nke a bụ njedebeview:

Juniper-NETWORKS-Ntụgharị-API-Software- (2)

*) Nyocha aha njirimara/paswọọdụ emere na ọwa ezoro ezo SSL

Iji ghọta nke ọma ka nzuzo SSL/TLS si arụ ọrụ maka Kafka, biko rụtụ aka na akwụkwọ gọọmentị: docs.confluent.io/platform/current/kafka/encryption.html

Asambodo SSL/TLS gafereview

IHE: Na nkeji nke a anyị ga-eji okwu ndị a:

Asambodo: Asambodo SSL binyere aka na Asambodo ikike (CA). Onye na-ere ahịa Kafka ọ bụla nwere otu.
Ihe nchekwa: Ụlọ ahịa igodo file nke na-echekwa akwụkwọ. Ụlọ ahịa igodo file nwere igodo nzuzo nke asambodo; ya mere, ekwesịrị idobe ya na nchekwa.
Ụlọ nkwakọba ihe: A file nwere asambodo CA ntụkwasị obi.

Iji guzobe nkwenye n'etiti onye ahịa mpụga na Kafka na-agba ọsọ na Control Center, akụkụ abụọ ahụ ga-enwerịrị akwụkwọ ikike nke akọwapụtara ya na akwụkwọ metụtara ya nke Asambodo Asambodo (CA) bịanyere aka na ya na akwụkwọ mgbọrọgwụ CA.
Na mgbakwunye na nke a, onye ahịa ga-enwekwa ụlọ ahịa ntụkwasị obi na akwụkwọ mgbọrọgwụ CA.
Asambodo mgbọrọgwụ CA na-ahụkarị maka onye na-ere ahịa Kafka na onye ahịa Kafka.

Ịmepụta Asambodo achọrọ
Ekpuchiri nke a na “Ihe Okike” dị na peeji nke 17.

Nhazi Kafka Broker SSL/TLS na ebe njikwa

IHE: A ga-eme ntuziaka ndị a na sava ebe njikwa.

IHE: Tupu ịga n'ihu, ị ga-emerịrị ụlọ ahịa ahụ nke nwere asambodo SSL site na isoro ntuziaka dị na “Ihe mgbakwunye” na ibe 17. Ụzọ ndị a kpọtụrụ aha n'okpuru si na ntuziaka ndị a.
Ebe nchekwa SSL bụ a file echekwara na diski na file ndọtị .jks.

Ozugbo ị nwetara asambodo achọrọ maka ma onye na-ere ahịa Kafka na onye ahịa Kafka dị, ị nwere ike ịga n'ihu site na ịhazi onye na-ere ahịa Kafka na-agba ọsọ na Control Center. Ịkwesịrị ịma ihe ndị a:

  • : Aha nnabata ọha nke Control Center; nke a ga-edozirịrị ma nweta ndị ahịa Kafka.
  • : Okwuntughe ụlọ ahịa enyere mgbe ị na-eke asambodo SSL.
  • na : Ndị a bụ okwuntughe nke ịchọrọ ịtọ maka onye nchịkwa na onye ọrụ ahịa n'otu n'otu. Rịba ama na ị nwere ike itinyekwu ndị ọrụ, dịka egosiri na example.

Dezie ma ọ bụ tinye (yana sudo access) ihe onwunwe dị n'okpuru /etc/kafka/server.properties, na-etinye mgbanwe ndị dị n'elu dị ka egosiri:

Ịdọ aka ná ntị: Ewepụla PLAINTEXT://localhost:9092; nke a ga-emebi ọrụ Control Center ebe ọ bụ na ọrụ ime agaghị enwe ike ịkparịta ụka.

  • # Adreesị ndị na-ere ahịa Kafka na-ege ntị.
  • ndị na-ege ntị=PLAINTEXT://localhost:9092,SASL_SSL://0.0.0.0:9093
  • # Ndị a bụ ndị nnabata akpọsara azụ na njikọ ndị ahịa ọ bụla.
  • advertised.listeners=PLAINTEXT://localhost:9092,SASL_SSL:// : 9093…
  • ####### CONFIG
  • # Nhazi SSL
  • ssl.endpoint.identification.algorithm=
    ssl.keystore.location=/var/ssl/private/kafka.server.keystore.jks
  • ssl.keystore.password=
  • ssl.key.password=
  • ssl.client.auth=ọ dịghị
  • ssl.protocol=TLSv1.2
  • # Nhazi SASL
  • sasl.enabled.mechanisms=PLAIN
  • aha njirimara = "admin" \
  • paswọọdụ =" " \
  • user_admin=” " \
  • user_client=” ”;
  • # IHE: enwere ike ịgbakwunye ndị ọrụ na onye ọrụ_ =
  • # Ikike, gbanye ACL
  • authorizer.class.name=kafka.security.authorizer.AclAuthorizer super.users=Onye ọrụ: admin

Ịtọlite ​​ndepụta njikwa nnweta (ACLs)

Na-agbanye ACL na localhost

ỊDỌ AKA NA NTỊ: Anyị ga-ebu ụzọ guzobe ACL maka localhost, ka Control Center n'onwe ya ka nwere ike nweta Kafka. Ọ bụrụ na emeghị nke a, ihe ga-agbaji.

  • -onye edemede kafka.security.authorizer.AclAuthorizer \
  • –authorizer-properties zookeeper.connect=localhost:2181 \
  • –gbakwunye –ollow-onye isi ọrụ:ANONYMOUS –allow-host 127.0.0.1 –ụyọkọ
  • /usr/lib/kafka/bin/kafka-acls.sh
  • -onye edemede kafka.security.authorizer.AclAuthorizer \
  • –authorizer-properties zookeeper.connect=localhost:2181 \
  • –gbakwunye –ekwe-isi onye ọrụ:ANONYMOUS –allow-host 127.0.0.1 –isiokwu '*'
  • /usr/lib/kafka/bin/kafka-acls.sh
  • -onye edemede kafka.security.authorizer.AclAuthorizer \
  • –authorizer-properties zookeeper.connect=localhost:2181 \
  • –gbakwunye –ekwe-isi onye ọrụ:ANONYMOUS –allow-host 127.0.0.1 –otu '*'

Anyị kwesịrị ime ka ACL nwee ohere ịgụ naanị mpụga, ka ndị ọrụ mpụga gụta isiokwu paa.ọha.*.

### Ndenye ACL maka ndị ọrụ amaghị aha /usr/lib/kafka/bin/kafka-acls.sh

IHE: Maka njikwa ndị ọzọ dị mma, biko rụtụ aka na akwụkwọ Kafka gọọmentị.

  • -onye edemede kafka.security.authorizer.AclAuthorizer \
  • –authorizer-properties zookeeper.connect=localhost:2181 \
  • –add –allow-isi onye ọrụ:* –ọrụ na-agụ –operation kọwara \ –group 'NCC'
  • /usr/lib/kafka/bin/kafka-acls.sh
  • -onye edemede kafka.security.authorizer.AclAuthorizer \
  • –authorizer-properties zookeeper.connect=localhost:2181 \
  • –add –allow-onye isi ọrụ:* –ọrụ agụ –ọrụ kọwara \ –isiokwu paa.ọha. -Akụkọ-ụkpụrụ-ụdị prefixed

Ozugbo ịmechara nke a, ịkwesịrị ịmalitegharị ọrụ ndị a:

### Ndenye ACL maka ndị ọrụ mpụga /usr/lib/kafka/bin/kafka-acls.sh
  • sudo ncc malitegharịa

Iji nyochaa na onye ahịa nwere ike guzobe njikọ echekwara, mee iwu a na mpụga
Kọmputa ndị ahịa (ọ bụghị na sava Control Center). N'okpuru, PUBLIC_HOSTNAME bụ aha nnabata ebe njikwa:

  • openssl s_client -debug -jikọọ ${PUBLIC_HOSTNAME}:9093 -tls1_2 | grep "A akwadoro mkparita ụka echekwara"

Na mmepụta iwu ị ga-ahụ asambodo nkesa yana ndị a:

  • akwadoro mkparita uka siri ike

Iji hụ na enyerela ọrụ dị n'ime ohere ịnweta sava Kafka, biko lelee ndekọ na-esonụfiles:

  • /var/log/kafka/server.log
  • /var/log/kafka/kafka-authorizer.log

Na-akwado Njikọ Ndị ahịa Mpụga

kafkacat

IHE: Ntuziaka ndị a ka a ga-agba ọsọ na kọmputa ndị ahịa (ọ bụghị na sava Control Center).
IHE: Iji gosipụta ozi metrik, hụ na opekata mpe otu nleba anya na-arụ na ebe njikwa.

Iji nyochaa na kwado njikọ dị ka onye ahịa si mpụga, ọ ga-ekwe omume iji kafkacat nke arụnyere na ngalaba "Ịchọpụta na API Streaming na-arụ ọrụ na Control Center" na ibe 4.
Mee usoro ndị a:

IHE: N'okpuru, CLIENT_USER bụ onye ọrụ akọwapụtara na mbụ file /etc/kafka/server.properties na Control Center: ya bụ, user_client na paswọọdụ setịpụrụ n'ebe ahụ.
Asambodo mgbọrọgwụ CA na-eji abanye n'akụkụ SSL akwụkwọ ga-adịrịrị na onye ahịa.

Mepụta a file client.properties nwere ọdịnaya ndị a:

  • security.protocol=SASL_SSL
  • ssl.ca.location={PATH_TO_CA_CERT}
  • sasl.mechanisms=PLAIN
  • sasl.username={CLIENT_USER}
  • sasl.password={CLIENT_PASSWORD}

ebee

  • {PATH_TO_CA_CERT} bụ ebe asambodo mgbọrọgwụ CA nke onye na-ere ahịa Kafka ji
  • {CLIENT_USER} na {CLIENT_PASSWORD} bụ nzere onye ọrụ maka onye ahịa.

Gbaa iwu a ka ịhụ ozi kafkacat na-eri:

  • mbupu KAFKA_FQDN =
  • mbupụ METRICS_TOPIC=paa.public.accounts. .metrics
  • kafkacat -b ${KAFKA_FQDN}:9093 -F client.properties -t ${METRICS_TOPIC} -C -e

ebe {METRICS_TOPIC} bụ aha isiokwu Kafka nwere prefix "paa.public.".

IHE: Ụdị kafkacat ochie anaghị enye nhọrọ -F maka ịgụ ntọala ndị ahịa site na a file. Ọ bụrụ na ị na-eji ụdị ụdị a, ị ga-enwerịrị otu ntọala site na ahịrị iwu dịka egosiri n'okpuru.

kafkacat -b ${KAFKA_FQDN}:9093 \

  • X security.protocol=SASL_SSL \
  • X ssl.ca.location={PATH_TO_CA_CERT} \
  • X sasl.mechanisms=PLAIN \
  • X sasl.username={CLIENT_USER} \
  • X sasl.password={CLIENT_PASSWORD} \
  • t ${METRICS_TOPIC} -C -e

Iji mebie njikọ ahụ, ịnwere ike iji nhọrọ -d:

Mebie nkwukọrịta ndị ahịa
kafkacat -d ahịa -b ${KAFKA_FQDN}:9093 -F client.properties -t ${METRICS_TOPIC} -C -e
# Mebie nkwukọrịta onye na-ere ahịa
kafkacat -d broker -b ${KAFKA_FQDN}:9093 -F client.properties -t ${METRICS_TOPIC} -C -e

Jide n'aka na ị na-ezo aka na akwụkwọ maka ụlọ akwụkwọ ndị ahịa Kafka na-eji, dịka ihe onwunwe nwere ike ịdị iche na nke ndị ahịa.properties.

Usoro ozi
A na-edobe ozi ndị ejiri maka metrik na isiokwu metadata n'usoro ihe nchekwa Protocol (protobuf) (lee. developers.google.com/protocol-buffers). Atụmatụ maka ozi ndị a na-agbaso usoro a:

Metrics Protobuf Schema

  • syntax = "proto3";
  • mbubata "google/protobuf/timestamp.proto";
  • ngwugwu paa.streamingapi;
  • nhọrọ go_package = ".;paa_streamingapi";
  • Metrics ozi {
  • google.protobuf.Timestamp ogeamp = 1;
  • map ụkpụrụ = 2;
  • int32 iyi_id = 3;
  • }
  • /**
  • * Uru metrik nwere ike ịbụ integer ma ọ bụ see n'elu mmiri.
  • */
  • ozi MetricValue {
  • otu n'ime ụdị {
  • int64 int_val = 1;
  • sere n'elu float_val = 2;
  • }
  • }

Metadata Protobuf Schema

  • syntax = "proto3";
  • ngwugwu paa.streamingapi;
  • nhọrọ go_package = ".;paa_streamingapi";
  • ozi metadata {
  • int32 iyi_id = 1;
  • eriri stream_name = 2;
  • map tags = 13;
  • }

Onye ahịa Examples

IHE: Ezubere iwu ndị a ka ọ rụọ ọrụ na onye ahịa mpụga, maka exampLaptọọpụ gị ma ọ bụ ihe yiri ya, ọ bụghị na Control Center.
IHE: Ka egosipụtara ozi metrik, hụ na opekata mpe otu nyocha na-agba na Ogige njikwa.

Egwuregwu bọọlụ Control Center gụnyere ebe nchekwa paa-streaming-api-client-examples.tar.gz (onye ahịa-examples), nke nwere exampEderede Python na-egosi otu esi eji API Streaming.

Ịwụnye na ịhazi Client Examples
Ị na-ahụ ahịa-examples na Paragon Active Assurance Control Center nchekwa:

  • mbupụ CC_VERSION=4.1.0
  • cd ./paa-control-center_${CC_VERSION}
  • ls paa-streaming-api-client-examples*

Iji wụnye client-exampna kọmputa onye ahịa gị dịpụrụ adịpụ, gaba n'ihu dị ka ndị a:

  • # Mepụta ndekọ maka iwepụta ọdịnaya nke onye ahịa bụbuampka bọọlụ
  • mkdir paa-streaming-api-client-examples
  • # Wepụ ọdịnaya nke onye ahịa exampka bọọlụ
  • tar xzf paa-streaming-api-client-examples.tar.gz -C paa-streaming-api-client-examples
  • # Gaa na ndekọ aha emepụtara ọhụrụ
  • cd paa-streaming-api-client-examples

onye ahịa-examples chọrọ Docker ka ọ gbaa ọsọ. Enwere ike ịchọta nbudata na ntuziaka nwụnye maka Docker na https://docs.docker.com/engine/install.

Iji Client Examples
Onye ahịa-examples ngwaọrụ nwere ike na-agba ọsọ na ma isi ma ọ bụ elu mode na-ewu examples nke iche iche mgbagwoju. N'okwu abụọ ahụ, ọ ga-ekwe omume ịgba ọsọ examples na nhazi file nwere ihe ndị ọzọ maka nhazi ọzọ nke akụkụ ndị ahịa.

Ụkpụrụ ntọala
N'ụdị isi, metrics na metadata ha na-agbasa iche. Iji mezuo nke a, onye ahịa na-ege ntị na isiokwu Kafka ọ bụla dị maka ịnweta mpụga wee bipụta ozi enwetara na njikwa.
Iji malite ogbugbu nke isi examples, gbaa:

  • build.sh run-basic -kafka-brokers localhost:9092 - akaụntụ ACCOUNT_SHORTNAME

ebe ACCOUNT_SHORTNAME bụ aha mkpirisi akaụntụ ịchọrọ inweta metrik ahụ.
Iji kwụsị ogbugbu nke example, pịa Ctrl + C. (Enwere ike ịnwe ntakịrị igbu oge tupu ogbugbu ahụ akwụsị n'ihi na onye ahịa na-echere ihe omume oge.)

Ụdị dị elu

IHE: A na-egosipụta metrics naanị maka ndị nleba anya HTTP na-agba ọsọ na ebe njikwa.

Mmezu na ọnọdụ dị elu na-egosi njikọ dị n'etiti ozi metadata. Nke a bụ
enwere ike ekele maka ọnụnọ na ozi metric ọ bụla nke ubi id iyi nke na-ezo aka na ozi metadata kwekọrọ.
Iji mezuo examples, gbaa:

  • build.sh na-agba ọsọ-kafka-brokers localhost:9092 - akaụntụ ACCOUNT_SHORTNAME

ebe ACCOUNT_SHORTNAME bụ aha mkpirisi akaụntụ ịchọrọ inweta metrik ahụ.
Iji kwụsị ogbugbu nke example, pịa Ctrl + C. (Enwere ike ịnwe ntakịrị igbu oge tupu ogbugbu ahụ akwụsị n'ihi na onye ahịa na-echere ihe omume oge.)

Ntọala mgbakwunye
Ọ ga-ekwe omume ịgba ọsọ examples nwere nhazi ọzọ nke onye ahịa site na iji –config-file nhọrọ sochiri a file aha nwere akụrụngwa n'ụdị igodo = uru.

  • build.sh ọsọ-aga n'ihu \
  • -kafka-brokers localhost:9092
  • - akaụntụ ACCOUNT_SHORTNAME \
  • - nhazi-file client_config.properties

IHE: niile files zoro aka na iwu dị n'elu ga-adịrịrị na ndekọ aha ugbu a wee zoo ya site na iji naanị ụzọ ikwu. Nke a na-emetụta ma -config-file arụmụka na ndenye niile na nhazi file na-akọwa file ebe.

Na-akwado nkwenye ndị ahịa mpụga
Iji kwado nkwenye ndị ahịa site na mpụga ebe njikwa site na iji ahịa-examples, mee usoro ndị a:

Site na folda Paragon Active Assurance Control Center, gbanwee gaa na paa-streaming-api-client-examples folda:

cd paa-streaming-api-client-examples

  • Detuo ca-cert mgbọrọgwụ CA n'ime ndekọ aha ugbu a.
  • Mepụta onye ahịa.properties file ya na ọdịnaya ndị a:

security.protocol=SASL_SSL ssl.ca.location=ca-cert
sasl.mechanism=PLAIN
sasl.username={CLIENT_USER}
sasl.password={CLIENT_PASSWORD}

ebe {CLIENT_USER} na {CLIENT_PASSWORD} bụ nzere onye ọrụ maka onye ahịa.

Gbaa isi examples:

  • mbupu KAFKA_FQDN =
  • build.sh run-basic –kafka-brokers ${KAFKA_FQDN}:9093 \
  • - akaụntụ ACCOUNT_SHORTNAME
  • - nhazi-file client.property

ebe ACCOUNT_SHORTNAME bụ aha mkpirisi akaụntụ ịchọrọ inweta metrik ahụ.

Gbaa Advanced examples:

  • mbupu KAFKA_FQDN =
  • build.sh na-agba ọsọ -kafka-brokers ${KAFKA_FQDN}:9093 \
  • - akaụntụ ACCOUNT_SHORTNAME
  • - nhazi-file client.property

Ihe odide ntụkwasị

Na mgbakwunye a anyị na-akọwa otu esi emepụta:

  • ebe nchekwa file maka ịchekwa akwụkwọ SSL onye na-ere ahịa Kafka
  • ụlọ ahịa ntụkwasị obi file maka ịchekwa Asambodo Asambodo (CA) akwụkwọ mgbọrọgwụ eji abanye na asambodo onye na-ere ahịa Kafka.

Ịmepụta Asambodo Broker Kafka
Ịmepụta Asambodo Iji ezigbo Asambodo ikike (A kwadoro)
A na-atụ aro ka ị nweta ezigbo asambodo SSL site na CA ntụkwasị obi.
Ozugbo ị kpebiri na a CA, detuo ha CA mgbọrọgwụ akwụkwọ ca-cert file gaa n'ụzọ nke gị dị ka egosiri n'okpuru:

  • mbupu CA_PATH=~/my-ca
  • mkdir ${CA_PATH}
  • cp ca-cert ${CA_PATH}

Mepụta ikike asambodo nke gị

IHE: Dị ka ọ na-adịkarị, ị ga-enwerịrị ndị nwe asambodo gị binye aka na ya; lee nkeji nke bu ụzọ. Ihe na-esote bụ naanị example.

N'ebe a, anyị na-emepụta akwụkwọ mgbọrọgwụ ikike ikike (CA) nke anyị file dị irè maka ụbọchị 999 (anaghị akwado ya na mmepụta):

  • # Mepụta ndekọ maka ịchekwa CA
  • mbupu CA_PATH=~/my-ca
  • mkdir ${CA_PATH}
  • # Mepụta asambodo CA
  • openssl req -new -x509 -keyout ${CA_PATH}/ca-key -out ${CA_PATH}/ca-cert -days 999

Ịmepụta ụlọ ahịa ntụkwasị obi ndị ahịa
Ugbu a ị nwere ike ịmepụta ntụkwasị obi file nke nwere ca-cert ewepụtara n'elu. Nke a file onye ahịa Kafka ga-achọ nke ga-enweta API Streaming:

  • keytool -keystore kafka.client.truststore.jks \
    • utu aha CARoot \
    • importcert -file ${CA_PATH}/ca-cert

Ugbu a akwụkwọ CA dị na Truststore, onye ahịa ga-atụkwasị akwụkwọ ọ bụla aka na ya.
I kwesịrị iṅomi ya file kafka.client.truststore.jks gaa na ebe amaara na kọmputa onye ahịa gị wee rụtụ aka na ya na ntọala.

Ịmepụta igodo maka onye na-ere ahịa Kafka
Iji mepụta akwụkwọ SSL onye na-ere ahịa Kafka wee wee keystore kafka.server.keystore.jks, gaba n'ihu dị ka ndị a:

Na-amụba Asambodo SSL
N'okpuru, 999 bụ ọnụọgụ ụbọchị nke nkwado nke igodo ahụ, yana FQDN bụ ngalaba aha onye ahịa tozuru oke (aha nnabata ọha nke ọnụ).

IHE: Ọ dị mkpa na FQDN dabara kpọmkwem aha nnabata nke onye ahịa Kafka ga-eji jikọọ na ebe njikwa.

  • sudo mkdir -p /var/ssl/private
  • sudo chown -R $USER: /var/ssl/private
  • cd /var/ssl/nkeonwe
  • mbupụ FQDN = keytool -keystore kafka.server.keystore.jks \
  • - ihe nkesa utu aha \
  • - nkwado 999 \
  • - genkey -keyalg RSA -ext SAN=dns:${FQDN}

Mepụta arịrịọ mbinye aka akwụkwọ ma chekwaa ya na file Arịrịọ-arịrịọ nke nkesa:

  • keytool -keystore kafka.server.keystore.jks \
    • - ihe nkesa utu aha \
    • -ụkwụ \
    • – file arịrịọ nke ihe nkesa

I kwesịrị iziga ya ugbu a file arịrịọ cert-server-request na Asambodo Asambodo gị (CA) ma ọ bụrụ na ị na-eji nke dị adị. Ha ga-eweghachite asambodo a bịanyere aka n'akwụkwọ. Anyị ga-ezo aka na nke a dị ka ihe nkesa-binyere aka n'okpuru.

Ịbanye na SSL Asambodo Iji a onwe-kere ca Certificate

IHE: Ọzọ, iji CA nke gị adịghị atụ aro na usoro mmepụta.

Binye aka na asambodo site na iji CA site na nke file arịrịọ cert-server, nke na-ewepụta asambodo mbinye aka-ihe nkesa-binyere aka. Hụ okpuru; ca-paswọọdụ bụ paswọọdụ atọrọ mgbe ị na-eke asambodo CA.

  • cd / var / ssl / nkeonwe openssl x509 -req \
    • – CA ${CA_PATH}/ca-cert \
    • - Cakey ${CA_PATH}/ca-key \
    • - n'arịrịọ cert-server-request \
    • - mbinye aka n'akwụkwọ ikikere-ihe nkesa \
    • - ụbọchị 999 - CAcreateserial \
    • - passin pass: {ca-password}

Na-ebubata Asambodo mbinye aka n'ime igodo

Bubata akwụkwọ mgbọrọgwụ ca-cert n'ime ụlọ ahịa ahụ:

  • keytool -keystore kafka.server.keystore.jks \
    • - aha ca-cert \
    • - mbubata \
    • – file ${CA_PATH}/ca-cert

Bubata asambodo mbinye aka nke akpọrọ ka ihe nkesa-binyere aka n'akwụkwọ:

  • keytool -keystore kafka.server.keystore.jks \
    • - ihe nkesa utu aha \
    • - mbubata \
    • – file mbinye aka na asambodo-ihe nkesa

Nke file Ekwesịrị iṅomi kafka.server.keystore.jks na ebe amaara na sava Control Center, wee zoo aka na /etc/kafka/server.properties.

Iji API gụgharia

N'akụkụ a

  • Izugbe | 20
  • Aha isiokwu Kafka | 21
  • Examples nke Iji API gụgharia | 21

Izugbe
API nkwanye ugwu na-enweta ma nwalee ma nyochaa data. Ọ gaghị ekwe omume ịwepụta otu n'ime edemede ndị a.
API gụgharia anaghị ewepụta data sitere na ule dabere na edemede (ndị nke rectangle nọchiri anya ya kama ibe jigsaw na Control Center GUI), dị ka ule ịgbalite ọrụ Ethernet na ule nghọta.

Aha isiokwu Kafka
Aha isiokwu Kafka maka API gụgharia bụ ndị a, ebe %s bụ aha dị mkpirikpi nke akaụntụ Ogwe njikwa (gosiri mgbe ị na-eke akaụntụ):

  • const (
  • ExporterAha = "kafka"
  • metadataTopicTpl = "paa.public.accounts.%s.metadata" metricsTopicTpl = "paa.public.accounts.%s.metrics" )

Examples nke Iji API gụgharia
The exampA na-ahụ les ndị na-esonụ na tarball paa-streaming-api-client-examples.tar.gz dị n'ime bọọlụ ebe njikwa.
Mbụ, e nwere isi exampna-egosipụta ka esi agbasa metrik na metadata ha iche iche wee bipụta ozi enwetara na njikwa. Ị nwere ike ịgba ya dị ka ndị a:

  • sudo ./build.sh run-basic -kafka-brokers localhost:9092 - akaụntụ ACCOUNT_SHORTNAME

Enwekwara onye exampebe ejikọtara ozi metrik na metadata. Jiri iwu a iji mee ya:

  • sudo ./build.sh na-agba ọsọ-kafka-brokers localhost:9092 - akaụntụ ACCOUNT_SHORTNAME

Ịkwesịrị iji sudo iji mee iwu Docker dịka nke dị n'elu. Nhọrọ, ị nwere ike ịgbaso usoro ntinye ntinye Linux ka ị nwee ike ịme iwu Docker na-enweghị sudo. Maka nkọwa, gaa na docs.docker.com/engine/install/linux-postinstall.

Juniper Networks, akara Juniper Networks, Juniper na Junos bụ ụghalaahịa edenyere n'akwụkwọ ikikere nke Juniper Networks, Inc. na United States na obodo ndị ọzọ. ụghalaahịa ndị ọzọ niile, akara ọrụ, akara edenyere n'akwụkwọ, ma ọ bụ akara ọrụ edebanyere aha bụ ihe onwunwe nke ndị nwe ha. Juniper Networks anaghị ewere ọrụ maka ezighi ezi ọ bụla na akwụkwọ a. Juniper Networks nwere ikike ịgbanwe, gbanwee, nyefee, ma ọ bụ megharịa akwụkwọ a na-enweghị ọkwa. Nwebiisinka © 2023 Juniper Networks, Inc. Ikike niile echekwabara.

Akwụkwọ / akụrụngwa

Juniper NETWORKS gụgharia API Software [pdf] Ntuziaka onye ọrụ
Ngwa API gụgharia, ngwa ngwa API, ngwanrọ

Ntụaka

Hapụ ikwu

Agaghị ebipụta adreesị ozi-e gị. Akara mpaghara achọrọ akara *