Fa'asalalau API Taiala
Lolomiina
2023-07-07
FA'ASA'oloto
4.2

Folasaga

O lenei ta'iala o lo'o fa'amatalaina ai le auala e maua mai ai fa'amaumauga mai le Paragon Active Assurance e ala i le API fa'asalalau a le oloa.
O le API faʻapea foʻi ma le tagata faʻasalalau o loʻo aofia i totonu o le Paragon Active Assurance faʻapipiʻi.
Ae ui i lea, e manaʻomia sina faʻatulagaina ae e te leʻi faʻaogaina le API. O lo'o ufiufi lea i le "Configuring the Streaming API" i le itulau 1 mataupu.

Fa'atonu le Streaming API

Ua umaview
O lenei mataupu o loʻo faʻamatalaina pe faʻafefea ona faʻapipiʻi le Streaming API e faʻatagaina ai le lesitala i feʻau faʻataʻitaʻiga e ala i Kafka.
pr
I lalo o le a tatou faʻaogaina:

• Auala e mafai ai le Streaming API
• E faʻafefea ona faʻapipiʻi Kafka e faʻalogo i tagata mai fafo
• E faʻafefea ona faʻapipiʻi Kafka e faʻaoga ACL ma faʻapipiʻi faʻailoga SSL mo tagata faʻatau

O le Kafka o se faʻasalalauga faʻasalalauga e mafai ai ona puʻeina taimi moni o faʻamatalaga na lafoina mai punaoa eseese o mea na tutupu (sensors, databases, mobile device) i foliga o faʻalavelave faʻafuaseʻi, faʻapea foʻi ma le teuina umi o nei faʻasalalauga mo le toe maua ma le faʻaogaina mulimuli ane.
Faatasi ai ma Kafka e mafai ona faʻatautaia le mea na tupu e tafe mai i le pito i le pito i se tufatufa, maualuga le faʻaogaina, faʻamalosi, faʻapalepale sese, ma le saogalemu.
FAAMANATU: Kafka e mafai ona faʻatulagaina i le tele o auala eseese ma sa fuafuaina mo scalability ma redundant faiga. O lenei pepa e taulaʻi naʻo le faʻaogaina o le faʻaogaina o le Streaming API o loʻo maua i le Paragon Active Assurance Control Center. Mo nisi faʻatulagaga sili atu matou te vaʻai i le pepa aloaia a Kafka: kafka.apache.org/26/documentation.html.

Fa'aupuga

• Kafka: Faʻasalalauga faʻasalalauga.
• Kafka autu: Aoina o mea na tutupu.
• Kafka subscriber/consumer: Vaega e nafa ma le toe maua mai o mea na tutupu o loʻo teuina i totonu o se autu Kafka.
• Kafka Broker: 'au'aunaga fa'apipi'i fa'apipi'i o se fuifui Kafka.
• SSL/TLS: O le SSL ose fa'amautu fa'apolokalame ua fa'atūina mo le tu'uina atu o fa'amatalaga ma le saogalemu i luga ole Initaneti. TLS o le sui o SSL, na faʻalauiloaina i le 1999.
• SASL: Ta'iala e maua ai auala mo le fa'amaoniaina o tagata fa'aoga, siaki le sa'o o fa'amaumauga, ma fa'ailoga.
• Fa'asalalauina o le aufaipisinisi API: Vaega e nafa ma le toe maua mai o mea na tutupu o lo'o teuina i autu o lo'o fa'amatalaina ile Paragon Active Assurance ma fa'atatau mo avanoa i fafo.
• Pulega Tusi Faamaonia: O se faalapotopotoga faatuatuaina e tuuina atu ma faaleaogaina tusi faamaonia autu lautele.
• Certificate Authority root certificate: Tusipasi autu lautele e iloagofie ai se Pulega Tusi Pasi.

Fa'afefea ona galue le Streaming API
E pei ona taʻua muamua, o le Streaming API e faʻatagaina ai tagata mai fafo e toe aumai faʻamatalaga e uiga i metric mai Kafka.
O fua fa'atatau uma e aoina e Su'ega Su'ega i le taimi o se su'ega po'o le mata'ituina o galuega e lafo i le 'au'aunaga Stream.
A mae'a se vaega fa'agaioiga, e fa'asalalau e le 'au'aunaga a le Vaitafe na fua fa'atatau ile Kafka fa'atasi ai ma metadata fa'aopoopo.Kafka Autu
Kafka o loʻo i ai le manatu o autu e faʻasalalau uma ai faʻamatalaga. I totonu o le Paragon Active Assurance e tele naua mataupu Kafka e maua; peita'i, e na'o se vaega itiiti o nei mea e fa'atatau mo avanoa i fafo.
O fa'amaumauga ta'itasi a Paragon Active Assurance i le Nofoaga Fa'atonu e lua mataupu fa'apitoa. I lalo, ACCOUNT o le igoa fa'apu'upu'u:

• paa.public.accounts.{ACCOUNT}.metrics
• O fe'au uma o fua fa'atatau mo le fa'amatalaga ua tu'uina atu o lo'o fa'asalalau i lenei autu
• Tele fa'amaumauga
• Fa'afou fa'afou maualuga
• paa.public.accounts.{ACCOUNT}.metadata
• O lo'o iai metadata e feso'ota'i ma fa'amaumauga metrics, mo fa'ata'ita'igaample su'ega, mata'itu po'o le Su'ega Su'ega e feso'ota'i ma fua fa'atatau
• Laiti fa'amaumauga
• Fa'afou fa'afou maualalo

Fa'aagaoi le Streaming API
FAAMANATU: O nei faʻatonuga e tatau ona faʻataʻitaʻiina i luga ole server Center Control e faʻaaoga ai sudo.
Talu ai ona o le Streaming API e faʻaopoopoina nisi o luga i le Nofoaga Faʻatonu, e le mafai ona faʻaogaina. Ina ia mafai ai le API, e tatau ona tatou faʻatagaina muamua le faʻasalalauina o metrics i Kafka i le faʻatulagaga autu file:

• /etc/netrounds/netrounds.conf

KAFKA_METRICS_ENABLED = Moni
LAPATAIGA: O le fa'aagaaga o lenei vaega e ono a'afia ai le fa'atinoga o le Nofoaga Pulea. Ia mautinoa ua e fuaina lau instance e tusa ai.
Soso'o, ina ia mafai ai ona tu'uina atu nei fua fa'atatau i autu Kafka sa'o:

• /etc/netrounds/metrics.yaml

streaming-api: moni
Ina ia mafai ma amata le Streaming API auaunaga, tamomoe:
sudo ncc auaunaga e mafai ai timescaledb metrics
sudo ncc auaunaga amata timescaledb metrics
Mulimuli ane, toe amata auaunaga:
sudo ncc auaunaga toe amata
Fa'amautinoa o lo'o galue le Streaming API i le Nofoaga Fa'atonu
FAAMANATU: O nei fa'atonuga e tatau ona fa'atino i luga ole server Center Control.
E mafai nei ona e fa'amaonia o lo'o e mauaina fua fa'atatau ile autu Kafka sa'o. Ina ia faia, faʻapipiʻi le aoga kafkacat:
sudo apt-get update
sudo apt-maua faʻapipiʻi le kafkacat
Afai e iai sau su'ega po'o se mata'itū o lo'o tamo'e ile Control Center, e tatau ona e fa'aogaina le kafkacat e maua ai fua fa'atatau ma metadata i nei autu.
Sui myaccount i le igoa puupuu o lau teugatupe (o le mea lea e te vaʻaia i lau Nofoaga Faʻatonu URL):
auina atu i fafo METRICS_TOPIC=paa.public.accounts.myaccount.metrics
auina atu i fafo METADATA_TOPIC=paa.public.accounts.myaccount.metadata
E tatau ona e vaʻai i metrics e ala i le faʻatinoina o lenei poloaiga:
kafkacat -b ${KAFKA_FQDN}:9092 -t ${METRICS_TOPIC} -C -e
I view metadata, faʻataʻitaʻi le faʻatonuga o loʻo i lalo (ia maitauina o le a le faʻafouina soo):
kafkacat -b ${KAFKA_FQDN}:9092 -t ${METADATA_TOPIC} -C -e
FAAMANATU:
kafkacat” Client Examples” i le itulau e 14
Ole mea lea e fa'amaonia ai o lo'o i ai sau API Fa'aola galue mai totonu ole Nofoaga Fa'atonu. Ae ui i lea, e foliga mai e te fiafia i le mauaina o faʻamatalaga mai se tagata ese mai fafo nai lo. O le isi vaega o loʻo faʻamatalaina pe faʻafefea ona tatala Kafka mo avanoa i fafo.
Tatala le Kafka mo 'au i fafo
FAAMANATU: O nei fa'atonuga e tatau ona fa'atino i luga ole server Center Control.
O le fa'aletonu Kafka o lo'o tamo'e i luga o le Nofoaga Fa'atonu ua fa'atulagaina e na'o le fa'alogo ile localhost mo le fa'aoga i totonu.
E mafai ona tatala Kafka mo tagata mai fafo e ala i le suia o tulaga Kafka.
Feso'ota'i i Kafka: Fa'aaliga
FAATUATUA: Fa'amolemole faitau ma le toto'a lenei mea, talu ai e faigofie ona fa'afeso'ota'i mataupu ma Kafka pe afai e te le'i malamalama i nei manatu.
I le fa'atonuga o le Nofoaga Fa'atonu o lo'o fa'amatalaina i lenei pepa, e na'o le tasi le Kafka broker.
Ae ui i lea, ia maitauina o le Kafka broker e tatau ona tamoe o se vaega o le Kafka cluster lea e ono aofia ai le tele o Kafka brokers.
Pe a faʻafesoʻotaʻi i le Kafka broker, o se fesoʻotaʻiga muamua e faʻatutuina e le Kafka client. I luga o lenei fesoʻotaʻiga, o le a toe faʻafoʻi atu e le Kafka broker se lisi o "faʻasalalauga faʻalogo", o se lisi o se tasi pe sili atu Kafka brokers.
I le mauaina o lenei lisi, o le Kafka client o le a motusia, ona toe faʻafesoʻotaʻi i se tasi o nei faʻasalalauga faʻasalalau. O tagata fa'asalalau fa'asalalau e tatau ona i ai igoa talimalo po'o tuatusi IP e mafai ona maua e le Kafka client, ne'i le mafai e le kalani ona fa'afeso'ota'i.
Afai e faʻaogaina le faʻailoga SSL, e aofia ai se tusi faamaonia SSL o loʻo nonoa i se igoa faʻapitoa, e sili atu ona taua le mauaina e le Kafka client le tuatusi saʻo e faʻafesoʻotaʻi i ai, aua a leai e ono teena le fesoʻotaʻiga.
Faitau atili e uiga i Kafka faʻalogologo iinei: www.confluent.io/blog/kafka-listeners-explained
SSL/TLSEfa'ailoga
Ina ia mautinoa e naʻo tagata faʻatuatuaina e faʻatagaina e ulufale i Kafka ma le Streaming API, e tatau ona matou faʻatulagaina mea nei:

• Faʻamaoni: E tatau i tagata faʻatau ona tuʻuina atu le igoa ole igoa ma le upega tafaʻilagi e ala ile SSL/TLS fesoʻotaʻiga saogalemu i le va o le kalani ma Kafka.
• Fa'atagaga: E mafai e tagata fa'amaonia fa'amaonia ona faia galuega fa'atulafonoina e ACL.

Ua mae'a neiview:
*) Fa'amautu le igoa fa'aoga/fa'aupuga e fa'atino i luga ole alalaupapa fa'ailoga SSL

Ina ia malamalama atoatoa pe faʻafefea ona galue le SSL/TLS encryption mo Kafka, faʻamolemole vaʻai ile faʻamaumauga aloaia: docs.confluent.io/platform/current/kafka/encryption.html
SSL/TLS Tusi Faamaonia Ua Umaview
FAAMANATU: I totonu o lenei vaega o le a matou faʻaogaina upu nei:
Tusi Faamaonia: O se tusi faamaonia SSL saini e se Pulega Tusi Faamaonia (CA). E tofu le tagata fai pisinisi a Kafka ma le tasi.
Keystore: Le keystore file lea e teu ai le tusi faamaonia. Le faleoloa ki file o loo i ai le ki patino o le tusi faamaonia; o lea, e tatau ona teuina ma le saogalemu.
Faleoloa tausi: A file o lo'o iai tusi faamaonia CA.
Ina ia faʻatulagaina le faʻamaoniga i le va o le tagata faʻatau fafo ma Kafka o loʻo tamoʻe i le Control Center, e tatau i itu uma e lua ona i ai se faleoloa autu e faʻamatalaina ma se tusi faamaonia e sainia e le Pulega Tusi Faamaonia (CA) faʻatasi ma le CA root certificate.
E le gata i lea, e tatau foi i le kalani ona i ai se faleoloa tausi ma le CA root certificate.
O le tusi a'a o le CA e taatele i le Kafka broker ma le Kafka client.
Fausia o Tusi Faamaonia Manaomia
O loo aofia i le “Faaopoopoga” i le itulau e 17.
Kafka Broker SSL/TLS Configuration i le Nofoaga Autu
FAAMANATU: O faʻatonuga nei e tatau ona faʻatautaia i luga ole server Center Control.
FAAMANATU: Aʻo leʻi faʻaauau, e tatau ona e fatuina le keystore o loʻo i ai le tusi faamaonia SSL e ala i le mulimuli i faʻatonuga i le "Faʻaopoopoga" i le itulau 17. O auala o loʻo taʻua i lalo e sau mai nei faatonuga.
O le SSL keystore o le a file teuina i luga o le tisiki ma le file extension .jks.
O le taimi lava e maua ai lau tusipasi mana'omia mo le Kafka broker ma le Kafka client e avanoa, e mafai ona e fa'aauau i le fa'atulagaina o le Kafka broker o lo'o fa'agaoioi i le Control Center. E tatau ona e iloa mea nei:

• : Le igoa talimalo lautele o le Nofoaga Autu; e tatau ona fo'ia ma mafai ona maua e tagata fa'atau a Kafka.
• : O le upegatafaʻilagi keystore na tuʻuina atu pe a fatuina le tusi faamaonia SSL.
• ma : O upu nei e te mana'o e fa'atulaga mo le admin ma le tagata fa'aoga tagata. Manatua e mafai ona e faʻaopoopo nisi tagata faʻaoga, e pei ona faʻaalia i le example.

Faʻasaʻo pe faʻapipiʻi (faʻatasi ai ma le sudo avanoa) meatotino o loʻo i lalo i /etc/kafka/server.properties, faʻaofi i luga fesuiaiga e pei ona faʻaalia:
LAPATAIGA: Aua nei aveese PLAINTEXT: // localhost: 9092; o le a motusia ai galuega o le Center Center talu ai o le a le mafai ona fesootai auaunaga i totonu.

…
# O tuatusi o loʻo faʻalogo i ai le Kafka broker.
listeners=PLAINTEXT://localhost:9092,SASL_SSL://0.0.0.0:9093
# O 'au nei e toe fa'asalalau atu i so'o se tagata o lo'o feso'ota'i.
advertised.listeners=PLAINTEXT://localhost:9092,SASL_SSL:// :9093
…
####### FA'AAGAGA FA'AVAE
# SSL CONFIGURATION
ssl.endpoint.identification.algorithm=
ssl.keystore.location=/var/ssl/private/kafka.server.keystore.jks
ssl.keystore.password=
ssl.key.password=
ssl.client.auth=leai
ssl.protocol=TLSv1.2
# SASL fa'atulagaina
sasl.enabled.mechanisms=PLAIN
listener.name.sasl_ssl.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginMo
mana'omia tele \
username=”admin” \
password=” ” \
user_admin=" ” \
user_client=" ”;
# FAAMATALAGA sili atu tagata faʻaoga e mafai ona faʻaopoopo i le user_ =
# Fa'ataga, fa'aola ACL
authorizer.class.name=kafka.security.authorizer.AclAuthorizer
super.users=User:admin

Fa'atulaga Lisi Pulea Avanoa (ACLs)
Liliu ACLs ile localhost
LAPATAIGA: E tatau ona tatou seti muamua ACLs mo localhost, ina ia mafai lava e le Pulea Pule ona maua le Kafka. Afai e le faia lenei mea, o le a malepe mea.

######## Fa'auiga ACLs mo tagata fa'aoga le iloa
/usr/lib/kafka/bin/kafka-acls.sh \
–authorizer kafka.security.authorizer.AclAuthorizer \
–authorizer-properties zookeeper.connect=localhost:2181 \
–faaopoopo –allow-principal User:ANONYMOUS –allow-host 127.0.0.1 –cluster
/usr/lib/kafka/bin/kafka-acls.sh \
–authorizer kafka.security.authorizer.AclAuthorizer \
–authorizer-properties zookeeper.connect=localhost:2181 \
–add –allow-principal User:ANONYMOUS –allow-host 127.0.0.1 –autu '*'
/usr/lib/kafka/bin/kafka-acls.sh \
–authorizer kafka.security.authorizer.AclAuthorizer \
–authorizer-properties zookeeper.connect=localhost:2181 \
–add –allow-principal User:ANONYMOUS –allow-host 127.0.0.1 –group '*'

E mana'omia la ona fa'ataga ACL mo na'o le faitau i fafo, ina ia fa'atagaina tagata mai fafo e faitau mataupu paa.public.*.
FAAMANATU: Mo nisi fa'atonuga lelei, fa'amolemole va'ai ile fa'amaumauga aloaia a Kafka.

######## Fa'auiga ACLs mo tagata fa'aoga fafo
/usr/lib/kafka/bin/kafka-acls.sh \
–authorizer kafka.security.authorizer.AclAuthorizer \
–authorizer-properties zookeeper.connect=localhost:2181 \
–fa'aopoopo –fa'ataga-matua Tagata fa'aoga:* –fa'agaioiga faitau-fa'agaioiga fa'amatala \
-vaega 'NCC'
/usr/lib/kafka/bin/kafka-acls.sh \
–authorizer kafka.security.authorizer.AclAuthorizer \
–authorizer-properties zookeeper.connect=localhost:2181 \
–fa'aopoopo –fa'ataga-matua Tagata fa'aoga:* –fa'agaioiga faitau-fa'agaioiga fa'amatala \
–autu paa.lautele. –resource-model-type prefixed

A maeʻa loa lenei mea, e te manaʻomia le toe amataina o auaunaga:
sudo ncc auaunaga toe amata
Ina ia faʻamaonia e mafai e le tagata o tausia ona faʻatuina se fesoʻotaʻiga malupuipuia, faʻataʻitaʻi le faʻatonuga o loʻo i lalo i luga o se komepiuta a le tagata o tausia fafo (e le o luga ole server Center Center). I lalo ifo, PUBLIC_HOSTNAME ole igoa ole nofoaga autu e pulea:
openssl s_client -debug -fesootai ${PUBLIC_HOSTNAME}:9093 -tls1_2 | grep "E lagolagoina le Toe Fa'atalanoaga Saogalemu"
I le faʻatonuga faʻatonuga e tatau ona e vaʻai i le tusi faamaonia a le server faʻapea foʻi ma mea nei:
E lagolagoina le Secure Renegotiation
Ina ia mautinoa o loʻo faʻatagaina auaunaga i totonu o le Kafka server, faʻamolemole siaki le ogalaau o loʻo i lalofiles:

• /var/log/kafka/server.log
• /var/log/kafka/kafka-authorizer.log

Fa'amaonia le Feso'ota'iga Fa'atau i fafo
kafkacat
FAAMANATU: O nei faʻatonuga e tatau ona faʻatautaia i luga o le komepiuta a le tagata o tausia (e le o luga ole server Center Center).
FAAMANATU: Ina ia fa'aalia fa'amatalaga metrics, ia mautinoa o lo'o fa'agaoioia a itiiti ifo ma le tasi le mata'itū i le Nofoaga Fa'atonu.
Ina ia faʻamaonia ma faʻamaonia fesoʻotaʻiga o se tagata faʻatau fafo, e mafai ona faʻaogaina le faʻaogaina o le kafkacat lea na faʻapipiʻiina i le vaega "Faʻamaonia o le Streaming API e galue i le Nofoaga Faʻatonu" i le itulau 4.
Fai laasaga nei:
FAAMANATU: I lalo ifo, CLIENT_USER o le tagata faʻaoga na faʻamaonia muamua i le file /etc/kafka/server.properties i le Nofoaga Pulea: e taʻua, user_client ma le upu faʻaulu o loʻo seti iina.
O le CA root certificate na fa'aoga e saini ai le server side SSL certificate e tatau ona iai ile kalani.

• Fausia a file client.properties ma mea nei:

security.protocol=SASL_SSL
ssl.ca.location={PATH_TO_CA_CERT}
sasl.mechanisms=PELE
sasl.username={CLIENT_USER}
sasl.password={CLIENT_PASSWORD}
o fea

• {PATH_TO_CA_CERT} o le nofoaga o le CA root certificate na fa'aogaina e le Kafka broker
• {CLIENT_USER} ma {CLIENT_PASSWORD} o fa'amatalaga fa'aoga mo le kalani.
• Faʻatonu le poloaiga lenei e vaʻai ai i le feʻau na faʻaaogaina e kafkacat:

auina atu i fafo KAFKA_FQDN=
auina atu i fafo METRICS_TOPIC=paa.public.accounts. .metrics
kafkacat -b ${KAFKA_FQDN}:9093 -F client.properties -t ${METRICS_TOPIC} -C -e
lea {METRICS_TOPIC} o le igoa o le autu Kafka ma le prefix “paa.public.”.

FAAMANATU: O lomiga tuai o le kafkacat e le maua ai le filifiliga -F mo le faitauina o tulaga o tagata o tausia mai le a file. Afai o loʻo e faʻaaogaina sea ituaiga, e tatau ona e tuʻuina atu tulaga tutusa mai le laina faʻatonu e pei ona faʻaalia i lalo.

kafkacat -b ${KAFKA_FQDN}:9093 \
-X security.protocol=SASL_SSL \
-X ssl.ca.location={PATH_TO_CA_CERT} \
-X sasl.mechanisms=PALAPALA \
-X sasl.username={CLIENT_USER} \
-X sasl.password={CLIENT_PASSWORD} \
-t ${METRICS_TOPIC} -C -e
Ina ia debug le fesoʻotaʻiga, e mafai ona e faʻaogaina le -d filifiliga:

Debug feso'ota'iga tagata fa'atau
kafkacat -d tagata faatau -b ${KAFKA_FQDN}:9093 -F client.properties -t ${METRICS_TOPIC} -C -e
# Debug feso'ota'iga fai pisinisi
kafkacat -d faioloa -b ${KAFKA_FQDN}:9093 -F client.properties -t ${METRICS_TOPIC} -C -e

Ia mautinoa e te va'ai i fa'amaumauga mo le faletusi a le tagata fa'atau a Kafka o lo'o fa'aogaina, ona e ono ese meatotino mai mea o lo'o i totonu client.properties.
Fa'asologa o Savali
O fe'au o lo'o fa'aogaina mo metrics ma metadata autu o lo'o fa'avasegaina i le fa'asologa o le Protocol buffers (protobuf) (va'ai developers.google.com/protocol-buffers). O fa'asologa mo nei fe'au o lo'o mulimulita'i i le fa'atulagaga nei:

Fuafuaga Protobuf Schema

syntax = “proto3”;
faaulufale mai “google/protobuf/timestamp.proto”;
afifi paa.streamingapi;
filifiliga go_package = “.;paa_streamingapi”;
fe'au metrics {
google.protobuf.Timestamp taimiamp = 1;
faafanua tau = 2;
int32 stream_id = 3;
}
/**
* O se tau metric e mafai ona avea ma se numera atoa poʻo se faʻafefe.
*/
fe'au MetricValue {
tasi o ituaiga {
int64 int_val = 1;
float float_val = 2;
}
}

Metadata Protobuf Schema

syntax = “proto3”;
afifi paa.streamingapi;
filifiliga go_package = “.;paa_streamingapi”;
fe'au Metadata {
int32 stream_id = 1;
manoa stream_name = 2;
faafanua tags = 13;
}

Client Examples

FAAMANATU: O nei fa'atonuga e fa'amoemoe e fa'atino i luga o se tagata fa'atau fafo, mo se fa'ata'ita'igaamptu'u lau komepiuta feavea'i po'o se mea faapena, ae le o totonu o le Nofoaga Fa'atonu.
FAAMANATU: Ina ia fa'aalia fa'amatalaga metrics, ia mautinoa o lo'o fa'agaoioi se mata'itū e tasi i le Nofoaga Fa'atonu.
O le tarball Center Control e aofia ai le archive paa-streaming-api-client-examples.tar.gz (client-examples), o loʻo i ai se example Python script o loʻo faʻaalia ai le faʻaogaina o le Streaming API.
Fa'apipi'i ma Fa'atonu le Client Examples
E te maua le client-example i totonu o le pusa o le Paragon Active Assurance Control Center:

auina atu i fafo CC_VERSION=4.2.0
cd ./paa-control-center_${CC_VERSION}
ls paa-streaming-api-client-examples*
E fa'apipi'i client-examples i lau komepiuta tagata fa'atau fafo, fa'agasolo fa'apea:
# Fausia se lisi mo le suʻeina o mea o loʻo i totonu o le tagata o tausiaamples tarball
mkdir paa-streaming-api-client-examples
# Aveese mea o loʻo i totonu ole kalani examples tarball
tar xzf paa-streaming-api-client-examples.tar.gz -C paa-streaming-api-client-examples
# Alu i le lisi fou na faia
cd paa-streaming-api-client-examples
client-examples manaʻomia Docker e tamoe. O faʻamaumauga ma faʻatonuga faʻapipiʻi mo Docker e mafai ona maua ile https://docs.docker.com/engine/install.

Fa'aaogā Client Examples
Le kalani-examples meafaigaluega e mafai ona tamoʻe i soʻo se tulaga faʻavae poʻo le maualuga e fausia ai example lavelave eseese. I tulaga uma e lua, e mafai foi ona tamoe i le examples ma se faatulagaga file o lo'o i ai meatotino fa'aopoopo mo le fa'avasegaina atili o le itu a le kalani.
Faiga Fa'avae
I le faiga fa'avae, o fua fa'atatau ma a latou metadata o lo'o fa'asalalau ese'ese. I lea tulaga, e fa'alogo le kalani i autu Kafka ta'itasi o lo'o avanoa mo avanoa i fafo ma na'o le lolomi o fe'au na maua i le fa'amafanafanaga.
E amata ai le faʻatinoina o le faʻavae muamuaamples, tamoe:
./build.sh run-basic –kafka-brokers localhost:9092 –account ACCOUNT_SHORTNAME
lea ACCOUNT_SHORTNAME ole igoa pu'upu'u ole tala e te mana'o e maua mai ai fua.
Ina ia faamutaina le faatinoga o le example, fetaomi Ctrl + C. (Atonu e iai sina tuai a'o le'i taofia le fa'asalaga ona o lo'o fa'atali le kalani mo se taimi e fa'agata ai.)
Auala maualuga
FAAMANATU: O fua fa'atatau o lo'o fa'aalia mo na'o mata'itū HTTP o lo'o fa'agaoioi ile Nofoaga Fa'atonu.
O le faʻatinoina i le tulaga maualuga e faʻaalia ai le fesoʻotaʻiga i le va o metric ma metadata feʻau. E mafai lenei mea ona o le i ai i totonu o feʻau faʻataʻitaʻiga taʻitasi o se vaitafe id fanua e faʻatatau i le feʻau metadata fetaui.
E fa'atino ai le fa'amata'u maualugaamples, tamoe:
./build.sh run-advanced –kafka-brokers localhost:9092 –account ACCOUNT_SHORTNAME
lea ACCOUNT_SHORTNAME ole igoa pu'upu'u ole tala e te mana'o e maua mai ai fua.
Ina ia faamutaina le faatinoga o le example, fetaomi Ctrl + C. (Atonu e iai sina tuai a'o le'i taofia le fa'asalaga ona o lo'o fa'atali le kalani mo se taimi e fa'agata ai.)
Fa'aopoopo Fa'aopoopo
E mafai ona tamomoe le exampfa'atasi ai ma fa'aopoopo fa'aopoopo a le kalani fa'aaoga le –config-file filifiliga sosoo ai ma le a file igoa o lo'o iai meatotino i le fomu ki=taua.
./build.sh run-advanced \
–kafka-brokers localhost:9092 \
–account ACCOUNT_SHORTNAME \
–faiga-file client_config.properties

FAAMANATU: O mea uma files fa'asino i le fa'atonuga o lo'o i luga e tatau ona tu'u i totonu o le lisi o lo'o iai nei ma fa'asino i le fa'aaogaina o ala fa'atatau. E faʻatatau uma i le -config-file finauga ma i mea uma i totonu o le faatulagaga file lea e faamatalaina file nofoaga.
Fa'amaonia le Fa'amaoniga a Tagata Fa'atau i fafo
E fa'amaonia le fa'amaoni o tagata mai fafo o le Nofoaga Fa'atonu e fa'aaoga ai le client-examples, fai laasaga nei:

• Mai le pusa Paragon Active Assurance Control Center, sui i le paa-streaming-api-clientexample faila:
  cd paa-streaming-api-client-examples
• Kopi le CA root certificate ca-cert i le lisi o lo'o iai nei.
• Fausia se client.properties file fa'atasi ai ma mea nei:
  security.protocol=SASL_SSL
  ssl.ca.location=ca-cert
  sasl.mechanism=PLAIN
  sasl.username={CLIENT_USER}
  sasl.password={CLIENT_PASSWORD}
  lea o {CLIENT_USER} ma {CLIENT_PASSWORD} o lo'o iai fa'amatalaga mo tagata fa'aoga.
• Tamomoe muamua examples:
  auina atu i fafo KAFKA_FQDN=
  ./build.sh run-basic –kafka-brokers ${KAFKA_FQDN}:9093 \
  –account ACCOUNT_SHORTNAME
  –faiga-file client.properties
  lea ACCOUNT_SHORTNAME ole igoa pu'upu'u ole tala e te mana'o e maua mai ai fua.
• Tamomoe muamua muamuaamples:
  auina atu i fafo KAFKA_FQDN=
  ./build.sh run-advanced –kafka-brokers ${KAFKA_FQDN}:9093 \
  –account ACCOUNT_SHORTNAME
  –faiga-file client.properties

Fa'aopoopo
I lenei faʻaopoopoga matou te faʻamatalaina pe faʻapefea ona fai:

• o se faleoloa autu file mo le teuina o le Kafka broker SSL tusi faamaonia
• se faleoloa tausi file mo le teuina o le Certificate Authority (CA) root certificate na faʻaaogaina e sainia ai le Kafka broker certificate.

Fausiaina o se Kafka Broker Certificate
Fausiaina o se Tusi Fa'amaonia e Fa'aaoga ai se Pule Fa'amaonia Moni (Fautuaina)
E fautuaina e te maua se tusi faamaonia SSL moni mai se CA faatuatuaina.
A uma loa ona e filifili i se CA, kopi la latou CA root certificate ca-cert file i lau lava ala e pei ona faʻaalia i lalo:
auina atu i fafo CA_PATH=~/my-ca
mkdir ${CA_PATH}
cp ca-cert ${CA_PATH}
Fausia Lau Lava Pule Faamaonia
FAAMANATU: E masani lava e tatau ona saini lau tusi pasi e se Pulega Tusi Faamaonia moni; tagai i le faafuaiupu muamua. O le mea o lo'o mulimuli mai ua na'o se example.
O iinei tatou te fatuina ai la tatou lava Tusi Faamaonia Pulega (CA) aʻa tusi faamaonia file aoga mo 999 aso (e le fautuaina i le gaosiga):
# Fausia se lisi mo le teuina o le CA
auina atu i fafo CA_PATH=~/my-ca
mkdir ${CA_PATH}
# Fausia le tusi faamaonia CA
openssl req -new -x509 -keyout ${CA_PATH}/ca-key -out ${CA_PATH}/ca-cert -aso 999

Fausia le Client Truststore
Ole taimi nei e mafai ona e faia se faleoloa fa'alagolago file o lo'o i ai le ca-cert na gaosia i luga. Lenei file o le a mana'omia e le Kafka client o le a maua le Streaming API:

keytool -keystore kafka.client.truststore.jks \
-alias CARoot \
-tusitala mai fafo -file ${CA_PATH}/ca-cert

O lea la ua iai le tusi faamaonia CA i le fale tausi mavaega, o le a fa'atuatuaina e le kalani so'o se tusi pasi e sainia ai.
E tatau ona e kopiina le file kafka.client.truststore.jks i se nofoaga e iloa i luga o lau komepiuta tagata o tausia ma faasino i ai i le faatulagaga.
Fausia le Keystore mo le Kafka Broker
Ina ia gaosia le Kafka broker SSL tusi faamaonia ona sosoo ai lea ma le keystore kafka.server.keystore.jks, fa'agasolo e pei ona taua i lalo:
Fausia le Tusi Faamaonia SSL
I lalo ifo, 999 o le numera o aso o le faʻamaonia o le keystore, ma o le FQDN o le igoa faʻamaonia atoatoa o le kalani (igoa talimalo lautele o le node).
FAAMANATU: E taua tele le fetaui o le FQDN i le igoa talimalo tonu o le a faʻaogaina e le Kafka client e faʻafesoʻotaʻi i le Nofoaga Faʻatonu.
sudo mkdir -p /var/ssl/private
sudo chown -R $USER: /var/ssl/private
cd /var/ssl/private
auina atu i fafo FQDN=
keytool -keystore kafka.server.keystore.jks \
-alias server \
-malo 999 \
-genkey -keyalg RSA -ext SAN=dns:${FQDN}
Fausia se talosaga saini tusi faamaonia ma teu i totonu o le file igoa cert-server-request:
keytool -keystore kafka.server.keystore.jks \
-alias server \
-certreq \
-file tusi-server-talosaga

Ua tatau nei ona e auina atu le file cert-server-request i lau Certificate Authority (CA) pe afai o loʻo e faʻaaogaina se mea moni. Ona latou toe faafoi atu lea o le tusipasi ua sainia. O le a matou taʻua lenei mea e pei o le cert-server-signed below.
Saini le Tusi Faamaonia SSL Faʻaaogaina se Tusi Faamaonia CA na faia e le tagata lava ia
FAAMANATU: E le gata i lea, o le faʻaaogaina o lau lava CA e le fautuaina i se faiga gaosiga.
Saini le tusi faamaonia e faaaoga ai le CA e ala i le file cert-server-request, lea e maua ai le tusi faamaonia saini saini-server-signed. Va'ai i lalo; ca-password o le upu faʻapipiʻi seti pe a fatuina le tusi faamaonia CA.

cd /var/ssl/private
openssl x509 -req \
-CA ${CA_PATH}/ca-cert \
-CAkey ${CA_PATH}/ca-key \
-i le tusipasi-server-talosaga \
-fa'ailoga-server-saini \
-aso 999 -CAcreateserial \
-passin pass:{ca-password}

Fa'aulufaleina mai o le Tusi Pasi Saini i totonu o le Keystore
Fa'aulufale mai le ca-cert root certificate i le keystore:
keytool -keystore kafka.server.keystore.jks \
-alias ca-cert \
-faaulufale mai \
-file ${CA_PATH}/ca-cert
Fa'aulufale mai le tusi pasi saini ua ta'ua o le cert-server-signed:
keytool -keystore kafka.server.keystore.jks \
-alias server \
-faaulufale mai \
-file tusi-server-saini
O le file Kafka.server.keystore.jks e tatau ona kopi i se nofoaga e iloa i luga o le server Center Control, ona faasino lea i totonu /etc/kafka/server.properties.

Fa'aaogā le Streaming API

lautele
Ole streaming API e maua uma faʻamatalaga suʻega ma mataʻituina. E le mafai ona fa'avasegaina se tasi o nei vaega.
O le streaming API e le maua mai faʻamatalaga mai suʻega faʻavae faʻamaumauga (o loʻo faʻatusalia e se faʻataʻitaʻi nai lo se fasi jigsaw i le Control Center GUI), e pei o suʻega faʻagaoioia auaunaga a Ethernet ma suʻega manino.

Kafka Autu Igoa
O igoa autu o le Kafka mo le API fa'afefe e fa'apea, o le %s o le igoa pu'upu'u o le Control Center account (fa'ailoa pe a fatuina le tala):

const (
exporterName = “kafka”
metadataTopicTpl = “paa.public.accounts.%s.metadata”
metricsTopicTpl = “paa.public.accounts.%s.metrics”
)

Exampo le Fa'aaogaina o le Streaming API
O le exampo lo'o mulimuli mai o lo'o maua i le tarball paa-streaming-api-client-examples.tar.gz o lo'o iai i totonu o le tarball Center Center.
Muamua, o loʻo i ai se faʻavae masaniample fa'aalia pe fa'afefea ona fa'asalalau fa'atasi ia metric ma a latou metadata ma na o le lolomi o fe'au na maua i le fa'amafanafanaga. E mafai ona e fa'atinoina e fa'apea:
sudo ./build.sh run-basic –kafka-brokers localhost:9092 –account ACCOUNT_SHORTNAME
O loʻo i ai foʻi se faʻauluuluga sili atuample mea e fa'amaopoopoina ai fe'au ma metadata. Fa'aaoga le poloaiga lenei e fa'atino ai:
sudo ./build.sh run-advanced –kafka-brokers localhost:9092 –account ACCOUNT_SHORTNAME
E te manaʻomia le faʻaogaina o le sudo e faʻatautaia ai tulafono a Docker e pei o luga. I le filifiliga, e mafai ona e mulimuli i laasaga o le faʻapipiʻiina o Linux ina ia mafai ai ona faʻatautaia tulafono a Docker e aunoa ma le sudo. Mo fa'amatalaga, alu ile docs.docker.com/engine/install/linux-postinstall.

Juniper Networks, le logo Juniper Networks, Juniper, ma Junos o fa'ailoga fa'amaufa'ailoga a Juniper Networks, Inc. i le Iunaite Setete ma isi atunu'u. O isi fa'ailoga tau fefa'ataua'iga uma, fa'ailoga tautua, fa'ailoga resitalaina, po'o fa'ailoga tautua ua resitalaina o meatotino a latou tagata. E leai se matafaioi a Juniper Networks mo soʻo se mea le saʻo i lenei pepa. Juniper Networks fa'asaoina le aia tatau e sui ai, suia, fesiita'i, po'o se isi itu e toe teuteu lenei lomiga e aunoa ma se fa'aaliga. Puletaofia © 2023 Juniper Networks, Inc. Ua taofia aia tatau uma.

Pepa / Punaoa

Juniper NETWORKS Streaming API Active Assurance [pdf] Taiala mo Tagata Fa'aoga Streaming API Active Assurance, API Active Assurance, Active Assurance, Assurance

Fa'asinomaga

• Tusi Taiala