Juniper NETWORKS Streaming API Software

Zambiri Zamalonda

Zofotokozera

• Dzina lazogulitsa: Paragon Active Assurance
• Mtundu: 4.1
• Tsiku losindikiza: 2023-03-15

Chiyambi:
Bukuli limapereka malangizo amomwe mungatulutsire deta kuchokera ku Paragon Active Assurance pogwiritsa ntchito API yotsatsira. Makasitomala otsatsira ndi API akuphatikizidwa mu kukhazikitsa kwa Paragon Active Assurance, koma kusintha kwina kumafunika musanagwiritse ntchito API. Kukonzekera kumayikidwa mu gawo la "Configuring the Streaming API".

Kukonza API Yokhamukira:
Zotsatirazi zikuwonetsa ndondomeko yokonzekera API yotsatsira:

Zathaview
Kafka ndi nsanja yotsatsira zochitika yomwe idapangidwa kuti igwire zenizeni zenizeni ndikusunga deta kuchokera kumagwero osiyanasiyana. Imathandizira kasamalidwe ka mitsinje ya zochitika m'njira yogawidwa, yowopsa, yololera zolakwika, komanso yotetezeka. Bukuli likuyang'ana kwambiri kukonza Kafka kuti agwiritse ntchito mawonekedwe a Streaming API mu Paragon Active Assurance Control Center.

Terminology
API Yotsatsira imalola makasitomala akunja kuti atengenso zambiri zama metrics kuchokera ku Kafka. Ma metric omwe amasonkhanitsidwa ndi Ma Test Agents poyesa kapena kuyang'anira ntchito amatumizidwa ku sevisi ya Stream. Pambuyo pokonza, ntchito ya Stream imasindikiza ma metrics awa pa Kafka pamodzi ndi metadata yowonjezera.

Kuyatsa API Yokhamukira
Kuti mutsegule API ya Streaming, tsatirani izi:

1. Pangani malamulo otsatirawa pa seva ya Control Center pogwiritsa ntchito sudo:

KAFKA_METRICS_ENABLED = Ntchito zowona za sudo ncc zimathandizira ma metrics a timescaledb sudo ncc ntchito zoyambira timescaledb metrics sudo ncc ntchito ziyambiranso

Kutsimikizira Kuti Streaming API Imagwira Ntchito Mu Control Center:
Kutsimikizira kuti mukulandira ma metric pamitu yolondola ya Kafka:

1. Ikani chida cha kafkacat ndi malamulo awa:
   sudo apt-get update
   sudo apt-get kukhazikitsa kafkacat

2. Sinthani "akaunti yanga" ndi dzina lalifupi la akaunti yanu mu
   Control Center URL:
   export METRICS_TOPIC=paa.public.accounts.myaccount.metrics
   export METADATA_TOPIC=paa.public.accounts.myaccount.metadata

3. Thamangani lamulo ili kuti view miyeso:
   kafkacat -b ${KAFKA_FQDN}:9092 -t ${METRICS_TOPIC} -C -e
   Zindikirani: Lamulo lomwe lili pamwambapa liwonetsa ma metrics.
4. Ku view metadata, yendetsani lamulo ili:
   kafkacat -b ${KAFKA_FQDN}:9092 -t ${METADATA_TOPIC} -C -e

Zindikirani: Lamulo lomwe lili pamwambapa liwonetsa metadata, koma silisintha pafupipafupi.

Makasitomala Examples
Kwa kasitomala exampzambiri ndi zina, onani patsamba 14 la bukhu la ogwiritsa ntchito.

FAQ (Mafunso Ofunsidwa Kawirikawiri)

• Q: Kodi Paragon Active Assurance ndi chiyani?
  A: Paragon Active Assurance ndi chinthu chomwe chimapereka mphamvu zowunikira ndi kuyesa.
• Q: Kodi Streaming API ndi chiyani?
  A: The Streaming API ndi mbali mu Paragon Active Assurance yomwe imalola makasitomala akunja kuti atenge zambiri za metrics kuchokera ku Kafka.
• Q: Kodi ndimatsegula bwanji API yotsatsira?
  Yankho: Kuti muyambitse API Yokhamukira, tsatirani njira zomwe zafotokozedwa mu gawo la "Kuthandizira API" ya bukhuli.
• Q: Ndingatsimikizire bwanji kuti Streaming API ikugwira ntchito?
  A: Onani gawo la "Kutsimikizira Kuti API Yotsatsira Imagwira Ntchito Mu Control Center" kuti mupeze malangizo amomwe mungatsimikizire momwe API yosinthira ikuyendera.

Mawu Oyamba

Bukuli likufotokoza momwe mungatulutsire deta kuchokera ku Paragon Active Assurance kudzera pa API yotsatsira malonda.
API komanso kasitomala akukhamukira akuphatikizidwa mu unsembe wa Paragon Active Assurance. Komabe, kusintha pang'ono kumafunika musanagwiritse ntchito API. Izi zikufotokozedwa mu "Kukonza API Yokhamukira" patsamba 1 mutu.

Zathaview
Mutuwu ukufotokoza momwe mungakhazikitsire Streaming API kuti mulole kulembetsa mauthenga a metrics kudzera ku Kafka.
pr
Apa tidutsamo:

• Momwe mungayambitsire Streaming API
• Momwe mungasinthire Kafka kuti azimvera makasitomala akunja
• Momwe mungasinthire Kafka kuti agwiritse ntchito ma ACL ndikukhazikitsa encryption ya SSL kwa makasitomala omwe anenedwa

Kodi Kafka N'chiyani?
Kafka ndi nsanja yowonetsera zochitika zomwe zimalola kujambula zenizeni zenizeni zomwe zimatumizidwa kuchokera kumagwero osiyanasiyana a zochitika (zoseweretsa, zosungirako, zida zam'manja) monga momwe zimakhalira zochitika, komanso kusunga kwanthawi yaitali kwa mitsinje ya zochitikazi kuti ibwerenso ndikusintha.
Ndi Kafka ndizotheka kuyang'anira zochitikazo kumapeto kwa-kumapeto m'njira yogawidwa, yowonjezereka, yotanuka, yolekerera zolakwika, komanso yotetezeka.

ZINDIKIRANI: Kafka ikhoza kukhazikitsidwa m'njira zosiyanasiyana ndipo idapangidwa kuti ikhale yocheperako komanso yocheperako. Chikalatachi chikungoyang'ana momwe mungasinthire kuti mugwiritse ntchito mawonekedwe a Streaming API omwe amapezeka mu Paragon Active Assurance Control Center. Pamakhazikitsidwe apamwamba kwambiri timayang'ana zolemba za Kafka: kafka.apache.org/26/documentation.html.

Terminology

• Kafka: nsanja yotsatsira zochitika.
• Kafka mutu: Kusonkhanitsa zochitika.
• Olembetsa / ogula ku Kafka: Gawo lomwe limayang'anira kubwezeretsanso zochitika zomwe zasungidwa pamutu wa Kafka.
• Kafka broker: Seva yosanjikiza yosungiramo gulu la Kafka.
• SSL/TLS: SSL ndi njira yotetezedwa yopangidwa kuti itumize uthenga mosatekeseka pa intaneti. TLS ndiye wolowa m'malo wa SSL, yomwe idakhazikitsidwa mu 1999.
• SASL: Ndondomeko yomwe imapereka njira zotsimikizira ogwiritsa ntchito, kuyang'ana kukhulupirika kwa deta, ndi kubisa.
• Olembetsa a API yotsatsira: Gawo lomwe limayang'anira kubweza zochitika zomwe zasungidwa mumitu yofotokozedwa mu Paragon Active Assurance ndipo zimapangidwira kunja.
• Ulamuliro wa Satifiketi: Bungwe lodalirika lomwe limapereka ndikuchotsa ziphaso zazikulu zagulu.
• Satifiketi Yoyang'anira Satifiketi: Satifiketi yachinsinsi yapagulu yomwe imazindikiritsa Wolamulira Satifiketi.

Momwe Streaming API Imagwirira Ntchito
Monga tanena kale, API yotsatsira imalola makasitomala akunja kuti atengenso zambiri zama metric kuchokera ku Kafka.

Ma metrics onse omwe amasonkhanitsidwa ndi Ma Test Agents panthawi ya mayeso kapena ntchito yowunikira amatumizidwa ku sevisi ya Stream. Pambuyo pa gawo lokonzekera, ntchito ya Stream imasindikiza ma metrics pa Kafka pamodzi ndi metadata yowonjezera.

Kafka Topics
Kafka ili ndi lingaliro la mitu yomwe deta yonse imasindikizidwa. Mu Paragon Active Assurance pali mitu yambiri ya Kafka yomwe ilipo; komabe, kagawo kakang'ono kokha mwa izi ndi kamene kamapangidwira kunja.
Akaunti iliyonse ya Paragon Active Assurance ku Control Center ili ndi mitu iwiri yodzipereka. Pansipa, ACCOUNT ndi dzina lalifupi la akaunti:

• paa.public.accounts.{ACCOUNT}.metrics
  • Mauthenga onse a metrics a akaunti yoperekedwa amasindikizidwa pamutuwu
  • Zambiri za data
  • Mkulu wosintha pafupipafupi
• paa.public.accounts.{ACCOUNT}.metadata
  • Lili ndi metadata yokhudzana ndi ma metrics data, mwachitsanzoampndi mayeso, kuwunika kapena Wothandizira Mayeso okhudzana ndi ma metric
  • Zambiri zazing'ono
  • Ochepa zosintha pafupipafupi

Kuyatsa API Yokhamukira

ZINDIKIRANI: Malangizo awa ayenera kuyendetsedwa pa seva ya Control Center pogwiritsa ntchito sudo.

Popeza Kukhamukira API akuwonjezera zina pamwamba pa Control Center, si chinayambitsidwa ndi kusakhulupirika. Kuti titsegule API, choyamba tiyenera kuloleza kusindikiza kwa ma metrics ku Kafka pamasinthidwe akulu. file:

• /etc/netrounds/netrounds.conf

KAFKA_METRICS_ENABLED = Zoona

CHENJEZO: Kuyatsa izi kungakhudze magwiridwe antchito a Control Center. Onetsetsani kuti mwakulitsa chitsanzo chanu moyenerera.

Chotsatira, kuti muthe kutumiza ma metric ku mitu yolondola ya Kafka:

• /etc/netrounds/metrics.yaml

streaming-api: zoona

Kuti mutsegule ndi kuyambitsa ntchito za Streaming API, thamangani:

• ntchito za sudo ncc zimathandizira ma metrics a timescaledb
• ntchito za sudo ncc zimayamba ma metric a timescaledb

Pomaliza, yambitsaninso ntchito:

• ntchito za sudo ncc zimayambiranso

Kutsimikizira Kuti Streaming API Imagwira Ntchito Mu Control Center

ZINDIKIRANI: Malangizo awa ayenera kuyendetsedwa pa seva ya Control Center.

Tsopano mutha kutsimikizira kuti mukulandira ma metric pamitu yolondola ya Kafka. Kuti muchite izi, ikani chida cha kafkacat:

• sudo apt-get update
• sudo apt-get kukhazikitsa kafkacat

Ngati muli ndi mayeso kapena polojekiti yomwe ikuyenda mu Control Center, muyenera kugwiritsa ntchito kafkacat kuti mulandire ma metric ndi metadata pamitu iyi.
Sinthani myaccount ndi dzina lalifupi la akaunti yanu (izi ndizomwe mukuwona mu Control Center yanu URL):

• export METRICS_TOPIC=paa.public.accounts.myaccount.metrics
• export METADATA_TOPIC=paa.public.accounts.myaccount.metadata

Tsopano muyenera kuwona ma metrics poyendetsa lamulo ili:

• kafkacat -b ${KAFKA_FQDN}:9092 -t ${METRICS_TOPIC} -C -e

Ku view metadata, yendetsani lamulo ili (zindikirani kuti izi sizisintha pafupipafupi):

• kafkacat -b ${KAFKA_FQDN}:9092 -t ${METADATA_TOPIC} -C -e

ZINDIKIRANI:
kafkacat”Client Examples” patsamba 14

Izi zikutsimikizira kuti tili ndi API yogwira ntchito yochokera mkati mwa Control Center. Komabe, mwina mukufuna kupeza deta kuchokera kunja kasitomala m'malo. Gawo lotsatira likufotokoza momwe mungatsegulire Kafka kuti mupeze mwayi wakunja.

Kutsegula Kafka kwa Olandira Akunja

ZINDIKIRANI: Malangizo awa ayenera kuyendetsedwa pa seva ya Control Center.

Mwachikhazikitso Kafka yomwe ikuyenda pa Control Center imakonzedwa kuti imangomvetsera pa localhost kuti igwiritsidwe ntchito mkati. Ndizotheka kutsegulira Kafka kwa makasitomala akunja posintha makonda a Kafka.

Kulumikizana ndi Kafka: Caveats

CHENJEZO: Chonde werengani izi mosamala, popeza ndikosavuta kuthana ndi zovuta zokhudzana ndi Kafka ngati simunamvetsetse mfundo izi.

Pakukhazikitsa kwa Control Center komwe kufotokozedwa mu chikalatachi, pali broker m'modzi yekha wa Kafka.
Komabe, dziwani kuti broker wa Kafka akuyenera kuthamanga ngati gawo la gulu la Kafka lomwe lingakhale ndi ma broker ambiri a Kafka.
Mukalumikizana ndi broker wa Kafka, kulumikizana koyamba kumakhazikitsidwa ndi kasitomala wa Kafka. Pakulumikizana uku, broker wa Kafka nayenso adzabweza mndandanda wa "omvera otsatsa", womwe ndi mndandanda wa otsatsa m'modzi kapena angapo a Kafka.
Akalandira mndandandawu, kasitomala wa Kafka adzalumitsa, kenako ndikulumikizananso ndi m'modzi mwa omvera omwe atsatsawa. Omvera otsatsa ayenera kukhala ndi mayina a alendo kapena ma adilesi a IP omwe akupezeka kwa kasitomala wa Kafka, kapena kasitomala adzalephera kulumikiza.
Ngati SSL encryption ikugwiritsidwa ntchito, kuphatikizapo satifiketi ya SSL yomwe imamangiriridwa ku dzina linalake la alendo, ndikofunikira kwambiri kuti kasitomala wa Kafka alandire adilesi yoyenera kuti alumikizane nayo, popeza apo ayi kulumikizana kungakanidwe.
Werengani zambiri za omvera a Kafka apa: www.confluent.io/blog/kafka-listeners-explained

SSL/TLS Encryption
Kuonetsetsa kuti makasitomala odalirika okha ndi omwe amaloledwa kupeza Kafka ndi Streaming API, tiyenera kukonza zotsatirazi:

• Kutsimikizira: Makasitomala ayenera kupereka dzina lolowera ndi mawu achinsinsi kudzera pa kulumikizana kotetezeka kwa SSL/TLS pakati pa kasitomala ndi Kafka.
• Chilolezo: Makasitomala ovomerezeka amatha kugwira ntchito zoyendetsedwa ndi ma ACL.

Apa pali kupitiriraview:

*) Kutsimikizika kwa dzina lolowera / mawu achinsinsi kumachitidwa panjira yobisidwa ndi SSL

Kuti mumvetse bwino momwe kubisa kwa SSL/TLS kumagwirira ntchito ku Kafka, chonde onani zolembedwa: docs.confluent.io/platform/current/kafka/encryption.html

Satifiketi ya SSL/TLS Yathaview

ZINDIKIRANI: M'ndime iyi tigwiritsa ntchito mawu akuti:

Satifiketi: Satifiketi ya SSL yosainidwa ndi Certificate Authority (CA). Kafka broker aliyense ali ndi imodzi.
Keystore: Malo osungira makiyi file amene amasunga satifiketi. Malo osungira file ili ndi kiyi yachinsinsi ya satifiketi; motero, iyenera kusungidwa bwino.
Truststore: A file okhala ndi ziphaso zodalirika za CA.

Kuti mukhazikitse kutsimikizika pakati pa kasitomala wakunja ndi Kafka yemwe akuyendetsa mu Control Center, mbali zonse ziwiri ziyenera kukhala ndi sitolo yachinsinsi yofotokozedwa ndi satifiketi yogwirizana yosainidwa ndi Certificate Authority (CA) pamodzi ndi satifiketi ya CA root.
Kuphatikiza pa izi, kasitomala ayeneranso kukhala ndi truststore yokhala ndi satifiketi ya mizu ya CA.
Satifiketi ya mizu ya CA ndiyofala kwa broker wa Kafka ndi kasitomala wa Kafka.

Kupanga Zikalata Zofunika
Izi zafotokozedwa mu “Zakumapeto” patsamba 17.

Kafka Broker SSL/TLS Configuration in Control Center

ZINDIKIRANI: Malangizo awa ayenera kuyendetsedwa pa seva ya Control Center.

ZINDIKIRANI: Musanayambe, muyenera kupanga keystore yomwe ili ndi chiphaso cha SSL potsatira malangizo omwe ali mu "Zowonjezera" patsamba 17. Njira zomwe zatchulidwa pansipa zimachokera ku malangizowa.
SSL keystore ndi file kusungidwa pa disk ndi file extension .jks.

Mukakhala ndi ziphaso zofunikira zomwe zidapangidwira onse a Kafka broker ndi kasitomala wa Kafka, mutha kupitiliza kukonza broker ya Kafka yomwe ikuyenda mu Control Center. Muyenera kudziwa zotsatirazi:

• : Dzina la anthu onse la Control Center; izi ziyenera kuthetsedwa komanso kupezeka ndi makasitomala a Kafka.
• : Mawu achinsinsi osungira operekedwa popanga satifiketi ya SSL.
• ndi : Awa ndi mawu achinsinsi omwe mukufuna kuyika kwa admin ndi kasitomala motsatana. Dziwani kuti mutha kuwonjezera ogwiritsa ntchito ambiri, monga momwe tawonetsera kaleample.

Sinthani kapena yonjezerani (ndi mwayi wa sudo) zomwe zili pansipa /etc/kafka/server.properties, ndikuyika zosinthika pamwambapa monga momwe zasonyezedwera:

CHENJEZO: Osachotsa PLAINTEXT://localhost:9092; izi zidzaphwanya Control Center magwiridwe antchito popeza ntchito zamkati sizitha kulumikizana.

• …
• # Ma adilesi omwe broker wa Kafka amamvera.
• omvera=PLAINTEXT://localhost:9092,SASL_SSL://0.0.0.0:9093
• # Awa ndi omwe amatsatsa omwe amalengezedwa kwa kasitomala aliyense wolumikizana.
• advertised.listeners=PLAINTEXT://localhost:9092,SASL_SSL:// :9093 ...
• ####### CUSTOM CONFIG
• # KUSINTHA KWA SSL
• ssl.endpoint.identification.algorithm=
  ssl.keystore.location=/var/ssl/private/kafka.server.keystore.jks
• ssl.keystore.password=
• ssl.key.password=
• ssl.client.auth=none
• ssl.protocol=TLSv1.2
• # Kusintha kwa SASL
• sasl.enabled.mechanisms=PLAIN
• dzina lolowera = "admin" \
• password = " ” \
• user_admin=” ” \
• user_client=” ”;
• # DZIWANI kuti ogwiritsa ntchito ena akhoza kuwonjezeredwa ndi user_ =
• # Chilolezo, yatsani ma ACL
• authorizer.class.name=kafka.security.authorizer.AclAuthorizer super.users=User:admin

Kukhazikitsa Lists Control List (ACLs)

Kuyatsa ACLs pa localhost

CHENJEZO: Choyamba tiyenera kukhazikitsa ma ACL a localhost, kotero kuti Control Center yokha ikhoza kupezabe ku Kafka. Ngati izi sizichitika, zinthu zidzasweka.

• -authorizer kafka.security.authorizer.AclAuthorizer \
• -authorizer-properties zookeeper.connect=localhost:2181 \
• -onjezani -loleza-wogwiritsa ntchito wamkulu: ANONYMOUS -loleza-host 127.0.0.1 -cluster
• /usr/lib/kafka/bin/kafka-acls.sh \
• -authorizer kafka.security.authorizer.AclAuthorizer \
• -authorizer-properties zookeeper.connect=localhost:2181 \
• -onjezani -loleza-wogwiritsa ntchito: ANONYMOUS -loleza-host 127.0.0.1 -mutu '*'
• /usr/lib/kafka/bin/kafka-acls.sh \
• -authorizer kafka.security.authorizer.AclAuthorizer \
• -authorizer-properties zookeeper.connect=localhost:2181 \
• -onjezani -loleza-wogwiritsa ntchito: ANONYMOUS -loleni-host 127.0.0.1 -gulu '*'

Kenako tiyenera kuloleza ma ACL kuti azitha kuwerenga zakunja kokha, kuti ogwiritsa ntchito akunja aziloledwa kuwerenga paa.public.* mitu.

### Ma ACLs kwa ogwiritsa ntchito osadziwika /usr/lib/kafka/bin/kafka-acls.sh \

ZINDIKIRANI: Kuti mudziwe zambiri, chonde onani zolemba za Kafka.

• -authorizer kafka.security.authorizer.AclAuthorizer \
• -authorizer-properties zookeeper.connect=localhost:2181 \
• -onjezani -loleza-wogwiritsa ntchito: * -ntchito kuwerenga -ntchito kufotokoza \ -gulu 'NCC'
• /usr/lib/kafka/bin/kafka-acls.sh \
• -authorizer kafka.security.authorizer.AclAuthorizer \
• -authorizer-properties zookeeper.connect=localhost:2181 \
• -onjezani -loleza-wogwiritsa ntchito:* -ntchito werengani -ntchito fotokozani \ -mutu paa.public. -chitsanzo-mtundu-mtundu prefixed

Mukamaliza ndi izi, muyenera kuyambiranso ntchito:

### ACLs zolembera za ogwiritsa ntchito akunja /usr/lib/kafka/bin/kafka-acls.sh \

• ntchito za sudo ncc zimayambiranso

Kuti muwonetsetse kuti kasitomala akhoza kukhazikitsa kulumikizana kotetezeka, yendetsani lamulo lotsatirali kunja
kompyuta kasitomala (osati pa seva Control Center). Pansipa, PUBLIC_HOSTNAME ndi dzina la homuweki la Control Center:

• openssl s_client -debug -kulumikiza ${PUBLIC_HOSTNAME}:9093 -tls1_2 | grep "Kukambirananso Motetezedwa NDI ZOTHANDIZA"

Pazotsatira za lamulo muyenera kuwona satifiketi ya seva komanso izi:

• Kukambirananso kotetezedwa IS kumathandizidwa

Kuti muwonetsetse kuti ntchito zamkati zapatsidwa mwayi wopeza seva ya Kafka, chonde onani chipika chotsatirachifiles:

• /var/log/kafka/server.log
• /var/log/kafka/kafka-authorizer.log

Kutsimikizira Kulumikizana Kwamakasitomala Akunja

pansi

ZINDIKIRANI: Malangizo awa ayenera kuyendetsedwa pakompyuta ya kasitomala (osati pa seva ya Control Center).
ZINDIKIRANI: Kuti muwonetse zambiri zama metrics, onetsetsani kuti chowunikira chimodzi chikuyenda mu Control Center.

Kuti mutsimikizire ndikutsimikizira kulumikizidwa ngati kasitomala wakunja, ndizotheka kugwiritsa ntchito chida cha kafkacat chomwe chidayikidwa mu gawo la "Kutsimikizira Kuti API Yotsatsira Imagwira Ntchito Mu Control Center" patsamba 4.
Chitani izi:

ZINDIKIRANI: Pansipa, CLIENT_USER ndi wogwiritsa ntchito yemwe adatchulidwa kale mu file /etc/kafka/server.properties in Control Center: ndiye, user_client ndi mawu achinsinsi omwe ali pamenepo.
Setifiketi ya mizu ya CA yomwe imagwiritsidwa ntchito kusaina satifiketi ya SSL ya mbali ya seva iyenera kupezeka pa kasitomala.

Pangani a file client.properties ndi izi:

• security.protocol=SASL_SSL
• ssl.ca.location={PATH_TO_CA_CERT}
• sasl.mechanisms=PLAIN
• sasl.username={CLIENT_USER}
• sasl.password={CLIENT_PASSWORD}

ku

• {PATH_TO_CA_CERT} ndi pomwe pali satifiketi ya mizu ya CA yogwiritsidwa ntchito ndi broker wa Kafka
• {CLIENT_USER} ndi {CLIENT_PASSWORD} ndi mbiri ya kasitomala.

Thamangani lamulo ili kuti muwone uthengawo wadyedwa ndi kafkacat:

• kutumiza kunja KAFKA_FQDN=
• export METRICS_TOPIC=paa.public.accounts. .metrics
• kafkacat -b ${KAFKA_FQDN}:9093 -F kasitomala.properties -t ${METRICS_TOPIC} -C -e

pomwe {METRICS_TOPIC} ndi dzina la mutu wa Kafka wokhala ndi mawu oyamba "paa.public".

ZINDIKIRANI: Mabaibulo akale a kafkacat samapereka -F njira yowerengera zokonda za kasitomala kuchokera ku a file. Ngati mukugwiritsa ntchito mtundu wotere, muyenera kupereka zosintha zomwezo kuchokera pamzere wolamula monga momwe zilili pansipa.

kafkacat -b ${KAFKA_FQDN}:9093 \

• X security.protocol=SASL_SSL \
• X ssl.ca.location={PATH_TO_CA_CERT} \
• X sasl.mechanisms=PLAIN \
• X sasl.username={CLIENT_USER} \
• X sasl.password={CLIENT_PASSWORD} \
• t ${METRICS_TOPIC} -C -e

Kuti muthetse kulumikizidwa, mutha kugwiritsa ntchito -d njira:

Chotsani mauthenga ogula
kafkacat -d wogula -b ${KAFKA_FQDN}:9093 -F kasitomala.properties -t ${METRICS_TOPIC} -C -e
# Yambitsani kulumikizana kwa broker
kafkacat -d broker -b ${KAFKA_FQDN}:9093 -F kasitomala.properties -t ${METRICS_TOPIC} -C -e

Onetsetsani kuti mwatchula zolembedwa za laibulale yamakasitomala a Kafka yomwe ikugwiritsidwa ntchito, popeza katunduyo angasiyane ndi zomwe zili mu kasitomala.

Mtundu wa Mauthenga
Mauthenga omwe amagwiritsidwa ntchito pamitu yoyezera ndi metadata amasanjidwa mumtundu wa Protocol buffers (protobuf) (onani developers.google.com/protocol-buffers). Mapangidwe a mauthengawa amatsatira mawonekedwe awa:

Metrics Protobuf Schema

• syntax = "proto3";
• lowetsani "google/protobuf/timestamp.proto”;
• phukusi paa.streamingapi;
• kusankha go_package = “.;paa_streamingapi”;
• Metrics uthenga {
• google.protobuf.Timestamp nthawiamp = 1;
• mapa mtengo = 2;
• int32 stream_id = 3;
• }
• /**
• * Mtengo wa metric ukhoza kukhala nambala yonse kapena yoyandama.
• */
• uthenga MetricValue {
• mtundu umodzi {
• int64 int_val = 1;
• zoyandama zoyandama = 2;
• }
• }

Metadata Protobuf Schema

• syntax = "proto3";
• phukusi paa.streamingapi;
• kusankha go_package = “.;paa_streamingapi”;
• metadata ya uthenga {
• int32 stream_id = 1;
• chingwe stream_name = 2;
• mapa tags = 13;
• }

Makasitomala Examples

ZINDIKIRANI: Malamulowa amapangidwa kuti azigwira ntchito pa kasitomala wakunja, mwachitsanzoamplembani laputopu yanu kapena zofanana, osati mu Control Center.
ZINDIKIRANI: Kuti mudziwe zambiri zamametrics, onetsetsani kuti chowunikira chimodzi chikuyenda mu Control Center.

Control Center tarball imaphatikizapo zolemba zakale paa-streaming-api-client-examples.tar.gz (client-examples), yomwe ili ndi example Python script yowonetsa momwe mungagwiritsire ntchito Streaming API.

Kukhazikitsa ndi Kukonza Client Examples
Mupeza kasitomala-examples mu Paragon Active Assurance Control Center chikwatu:

• kutumiza kunja CC_VERSION=4.1.0
• cd ./paa-control-center_${CC_VERSION}
• ls paa-streaming-api-client-examppang'ono*

Kukhazikitsa kasitomala-examppa kompyuta yanu yakunja, chitani izi:

• # Pangani chikwatu chochotsa zomwe kasitomala wakaleampku tarball
• mkdir paa-streaming-api-client-examples
• # Chotsani zomwe kasitomala wakaleampku tarball
• tar xzf paa-streaming-api-client-examples.tar.gz -C paa-streaming-api-client-examples
• # Pitani ku chikwatu chomwe changopangidwa kumene
• cd paa-streaming-api-client-examples

kasitomala-exampLes imafuna kuti Docker ayendetse. Malangizo otsitsa ndi kukhazikitsa kwa Docker angapezeke pa https://docs.docker.com/engine/install.

Kugwiritsa ntchito Client Examples
The kasitomala-exampLes zida zitha kuyenda mumayendedwe oyambira kapena apamwamba kuti amange exampmitundu yosiyanasiyana ya zovuta. Muzochitika zonsezi, ndizothekanso kuyendetsa examples ndi kasinthidwe file okhala ndi zina katundu kwa zina mwamakonda a kasitomala mbali.

Basic Mode
Mumayendedwe oyambira, ma metrics ndi metadata yawo amaseweredwa padera. Kuti izi zitheke, kasitomala amamvetsera mutu uliwonse wa Kafka womwe ukupezeka kuti upezeke kunja ndikungosindikiza mauthenga omwe alandilidwa ku console.
Kuyamba kuphedwa kwa Basic examples, run:

• build.sh run-basic -kafka-brokers localhost:9092 -account ACCOUNT_SHORTNAME

komwe ACCOUNT_SHORTNAME kuli dzina lalifupi la akaunti yomwe mukufuna kupeza ma metric.
Kuthetsa kuphedwa kwa example, dinani Ctrl + C. (Pakhoza kukhala kuchedwa pang'ono ntchito isanayime chifukwa kasitomala amadikirira kuti nthawi yatha.)

MwaukadauloZida

ZINDIKIRANI: Ma metric amawonetsedwa pazowunikira za HTTP zokha zomwe zikuyenda mu Control Center.

Kugwiritsa ntchito motsogola kumawonetsa kulumikizana pakati pa ma metrics ndi metadata meseji. Izi ndi
zotheka chifukwa cha kupezeka kwa metrics iliyonse meseji ya mtsinje wa id womwe umatengera uthenga wofananira wa metadata.
Kuti mugwiritse ntchito examples, run:

• build.sh run-advanced -kafka-brokers localhost:9092 -account ACCOUNT_SHORTNAME

komwe ACCOUNT_SHORTNAME kuli dzina lalifupi la akaunti yomwe mukufuna kupeza ma metric.
Kuthetsa kuphedwa kwa example, dinani Ctrl + C. (Pakhoza kukhala kuchedwa pang'ono ntchito isanayime chifukwa kasitomala amadikirira kuti nthawi yatha.)

Zowonjezera Zokonda
Ndi zotheka kuthamanga exampndikusintha kowonjezera kwa kasitomala pogwiritsa ntchito -config-file njira yotsatiridwa ndi a file dzina lomwe lili ndi katundu mu fomu key=value.

• build.sh run-advand \
• -kafka-brokers localhost:9092 \
• -akaunti ACCOUNT_SHORTNAME \
• -config-file client_config.properties

ZINDIKIRANI: Zonse files zomwe zatchulidwa mu lamulo pamwambapa ziyenera kupezeka m'ndandanda wamakono ndi kutchulidwa pogwiritsa ntchito njira zokhazokha. Izi zikugwira ntchito ku -config-file kukangana ndi zolembedwa zonse mu kasinthidwe file kufotokoza file malo.

Kutsimikizira Kutsimikizika Kwamakasitomala Akunja
Kutsimikizira kutsimikizika kwa kasitomala kuchokera kunja kwa Control Center pogwiritsa ntchito kasitomala-examples, chitani zotsatirazi:

Kuchokera pafoda ya Paragon Active Assurance Control Center, sinthani ku paa-streaming-api-client-ex.amples chikwatu:

cd paa-streaming-api-client-examples

• Lembani ca-cert ya satifiketi ya CA m'ndandanda wamakono.
• Pangani kasitomala.katundu file ndi izi:

security.protocol=SASL_SSL ssl.ca.location=ca-cert
sasl.mechanism=PLAIN
sasl.username={CLIENT_USER}
sasl.password={CLIENT_PASSWORD}

pomwe {CLIENT_USER} ndi {CLIENT_PASSWORD} ndizomwe zimatsimikizira kasitomala.

Thamangani zoyambira zakaleampzochepa:

• kutumiza kunja KAFKA_FQDN=
• build.sh run-basic -kafka-brokers ${KAFKA_FQDN}:9093 \
• -akaunti ACCOUNT_SHORTNAME
• -config-file kasitomala.katundu

komwe ACCOUNT_SHORTNAME kuli dzina lalifupi la akaunti yomwe mukufuna kupeza ma metric.

Thamangani exampzochepa:

• kutumiza kunja KAFKA_FQDN=
• build.sh run-advanced -kafka-brokers ${KAFKA_FQDN}:9093 \
• -akaunti ACCOUNT_SHORTNAME
• -config-file kasitomala.katundu

Zowonjezera

Mu appendix iyi tikufotokoza momwe tingapangire:

• sitolo yamakiyi file posungira satifiketi ya SSL ya Kafka broker
• truststore file posunga satifiketi ya mizu ya Certificate Authority (CA) yomwe imagwiritsidwa ntchito kusaina satifiketi ya broker ya Kafka.

Kupanga Satifiketi ya Kafka Broker
Kupanga Satifiketi Pogwiritsa Ntchito Setifiketi Yeniyeni (Yovomerezeka)
Ndikofunikira kuti mupeze satifiketi yeniyeni ya SSL kuchokera ku CA yodalirika.
Mukangoganiza za CA, tengerani satifiketi yawo ya CA root ca-cert file kunjira yanu monga momwe zilili pansipa:

• kutumiza kunja CA_PATH=~/my-ca
• mkdir ${CA_PATH}
• cp ca-cert ${CA_PATH}

Pangani Ulamuliro Wanu Wa Satifiketi

ZINDIKIRANI: Nthawi zambiri muyenera kukhala ndi satifiketi yanu yosainidwa ndi Woyang'anira Satifiketi weniweni; onani ndime yapitayi. Chotsatira ndi ex chabeample.

Apa tikupanga satifiketi yathu ya Certificate Authority (CA). file zovomerezeka kwa masiku 999 (osavomerezeka pakupanga):

• # Pangani chikwatu kuti musunge CA
• kutumiza kunja CA_PATH=~/my-ca
• mkdir ${CA_PATH}
• # Pangani satifiketi ya CA
• openssl req -new -x509 -keyout ${CA_PATH}/ca-key -out ${CA_PATH}/ca-cert -days 999

Kupanga Client Truststore
Tsopano mutha kupanga truststore file yomwe ili ndi ca-cert yopangidwa pamwambapa. Izi file idzafunika ndi kasitomala wa Kafka yemwe azitha kupeza API yotsatsira:

• keytool -keystore kafka.client.truststore.jks \
  • alias CARoot \
  • importcert -file ${CA_PATH}/ca-cert

Tsopano popeza satifiketi ya CA ili mu truststore, kasitomala akhulupirira satifiketi iliyonse yomwe yasainidwa nayo.
Muyenera kukopera file kafka.client.truststore.jks kumalo odziwika pa kompyuta yanu yamakasitomala ndikulozera pazikhazikiko.

Kupanga Keystore ya Kafka Broker
Kuti mupange satifiketi ya SSL ya Kafka broker kenako keystore kafka.server.keystore.jks, chitani motere:

Kupanga Satifiketi ya SSL
Pansipa, 999 ndi chiwerengero cha masiku ovomerezeka a sitolo, ndipo FQDN ndiye dzina lachidziwitso loyenerera la kasitomala (dzina la anthu onse la node).

ZINDIKIRANI: Ndikofunikira kuti FQDN ifanane ndi dzina lenileni lomwe kasitomala wa Kafka adzagwiritsa ntchito kuti alumikizane ndi Control Center.

• sudo mkdir -p /var/ssl/private
• sudo chown -R $USER: /var/ssl/private
• cd /var/ssl/private
• kutumiza kunja FQDN= keytool -keystore kafka.server.keystore.jks \
• - seva yodziwika bwino \
• - zovomerezeka 999 \
• - genkey -keyalg RSA -ext SAN=dns:${FQDN}

Pangani pempho losaina satifiketi ndikusunga mu file dzina la cert-server-pempho:

• keytool -keystore kafka.server.keystore.jks \
  • - seva yodziwika bwino \
  • - certreq \
  • – file cert-server-pempho

Muyenera kutumiza tsopano file cert-server-pempho kwa Certificate Authority (CA) ngati mukugwiritsa ntchito yeniyeni. Kenako adzabweza satifiketi yosainidwa. Tidzatchula izi ngati cert-server-signed pansipa.

Kusaina Satifiketi ya SSL Pogwiritsa Ntchito Satifiketi Yodzipangira Yokha ya CA

ZINDIKIRANI: Apanso, kugwiritsa ntchito CA yanu sikulimbikitsidwa pakupanga.

Saina satifiketi pogwiritsa ntchito CA pogwiritsa ntchito ma file cert-server-request, yomwe imapanga satifiketi yosainidwa yosainidwa ndi seva. Onani pansipa; ca-password ndi mawu achinsinsi omwe amakhazikitsidwa popanga satifiketi ya CA.

• cd /var/ssl/private openssl x509 -req \
  • - CA ${CA_PATH}/ca-cert \
  • – CAkey ${CA_PATH}/ca-kiyi \
  • - mu cert-server-pempho \
  • - cert-server-signed \
  • - masiku 999 -CAcreateserial \
  • - passin pass:{ca-password}

Kulowetsa Satifiketi Yosaina mu Keystore

Lowetsani satifiketi ya ca-cert root mu keystore:

• keytool -keystore kafka.server.keystore.jks \
  • - alias ca-cert \
  • - lowetsani \
  • – file ${CA_PATH}/ca-cert

Lowetsani satifiketi yosainidwa yomwe imatchedwa cert-server-signed:

• keytool -keystore kafka.server.keystore.jks \
  • - seva yodziwika bwino \
  • - lowetsani \
  • – file cert-server-signed

The file kafka.server.keystore.jks iyenera kukopera kumalo odziwika pa seva ya Control Center, ndiyeno imatchulidwa mu /etc/kafka/server.properties.

Kugwiritsa ntchito Streaming API

M'GAWO INO

• General | 20
• Mayina amutu wa Kafka | 21
• ExampZokhudza Kugwiritsa Ntchito Kukhamukira API | 21

General
API yotsatsira imatenga zonse zoyesa ndikuwunika. Sizingatheke kutchula limodzi mwa magulu amenewa.
API yotsatsira sitenga deta kuchokera ku mayesero otengera malemba (omwe amaimiridwa ndi rectangle m'malo mwa chidutswa cha jigsaw mu Control Center GUI), monga mayesero a Ethernet service activation ndi mayesero owonekera.

Mayina a Mutu wa Kafka
Mayina a mutu wa Kafka wa API yotsatsira ali motere, pomwe %s ndi dzina lalifupi la akaunti ya Control Center (yomwe ikuwonetsedwa popanga akaunti):

• const (
• exporterName = "kafka"
• metadataTopicTpl = “paa.public.accounts.%s.metadata” metricsTopicTpl = “paa.public.accounts.%s.metrics” )

Exampza Kugwiritsa Ntchito Streaming API
Exampzotsatilazi zikupezeka mu tarball paa-streaming-api-client-examples.tar.gz ili mkati mwa Control Center tarball.
Choyamba, pali choyambirira example kuwonetsa momwe ma metric ndi ma metadata awo amatsatiridwa padera ndikungosindikiza mauthenga omwe alandilidwa ku console. Mutha kuyendetsa motere:

• sudo ./build.sh run-basic -kafka-brokers localhost:9092 -account ACCOUNT_SHORTNAME

Palinso ex patsogolo kwambiriample pomwe ma metric ndi metadata mauthenga amalumikizana. Gwiritsani ntchito lamulo ili kuti muyendetse:

• sudo ./build.sh run-advanced -kafka-brokers localhost:9092 -account ACCOUNT_SHORTNAME

Muyenera kugwiritsa ntchito sudo kuyendetsa malamulo a Docker monga omwe ali pamwambapa. Mwachidziwitso, mutha kutsata masitepe a Linux pokhazikitsa kuti muzitha kuyendetsa malamulo a Docker popanda sudo. Kuti mudziwe zambiri, pitani ku docs.docker.com/engine/install/linux-postinstall.

Juniper Networks, logo ya Juniper Networks, Juniper, ndi Junos ndi zilembo zolembetsedwa za Juniper Networks, Inc. ku United States ndi mayiko ena. Zizindikiro zina zonse, zizindikiritso zautumiki, zilembo zolembetsedwa, kapena zizindikilo zantchito zolembetsedwa ndi katundu wa eni ake. Juniper Networks sakhala ndi udindo pazolakwika zilizonse m'chikalatachi. Juniper Networks ili ndi ufulu wosintha, kusintha, kusamutsa, kapena kuwunikiranso bukuli popanda chidziwitso. Copyright © 2023 Juniper Networks, Inc. Ufulu wonse ndi wotetezedwa.

Zolemba / Zothandizira

Juniper NETWORKS Streaming API Software [pdf] Buku Logwiritsa Ntchito Mapulogalamu a API akukhamukira, Mapulogalamu a API, Mapulogalamu

Maumboni

• Buku Logwiritsa Ntchito