Juniper NETWORKS Streaming API Software

Fa'amatalaga o oloa

Fa'amatalaga

• Igoa Oloa: Paragon Active Assurance
• Fa'aliliuga: 4.1
• Aso Fa'asalalau: 2023-03-15

Folasaga:
O lenei ta'iala o lo'o tu'uina atu ai fa'atonuga ile auala e su'e mai ai fa'amaumauga mai le Paragon Active Assurance e fa'aaoga ai le API fa'aola ole oloa. O lo'o fa'aulufaleina le tagata fa'asalalau ma le API i le fa'apipi'iina o le Paragon Active Assurance, ae mana'omia nisi fa'atulagaga a'o le'i fa'aogaina le API. O le faʻasologa o faʻasologa o loʻo ufiufi i le vaega "Configuring the Streaming API".

Fa'atulagaina o le Streaming API:
O laasaga nei o loʻo faʻamatalaina ai le faʻagasologa o le faʻaogaina o le API faʻafefe:

Ua umaview
O le Kafka o se faʻasalalauga faʻasalalauga faʻapitoa mo le puʻeina ma le teuina o faʻamaumauga mai faʻamatalaga eseese. E mafai ai ona fa'afoeina fa'asologa o mea e tutupu i se tufatufaina, fa'alautele, fa'apalepale sese, ma le saogalemu. O lenei taʻiala o loʻo taulaʻi i le faʻatulagaina o Kafka e faʻaogaina le faʻaogaina o le Streaming API i le Paragon Active Assurance Control Center.

Fa'aupuga
O le Streaming API e mafai ai e tagata faʻatau fafo ona toe aumai faʻamatalaga metric mai Kafka. O fua fa'atatau e aoina e Su'ega Su'ega i le taimi o se su'ega po'o le mata'ituina o galuega e lafo i le 'au'aunaga a le Vaitafe. A maeʻa le faʻagaioiga, e faʻasalalau e le auʻaunaga Stream nei metotia i Kafka faʻatasi ai ma metadata faaopoopo.

Fa'aagaoi le Streaming API
Ina ia mafai ai le Streaming API, mulimuli i laasaga nei:

1. Faʻataʻitaʻi tulafono nei i luga ole server Center Control e faʻaaoga ai le sudo:

KAFKA_METRICS_ENABLED = Au'aunaga sudo ncc moni e mafai ai e fuataimi taimi sudo ncc tautua amata timescaledb metrics sudo ncc tautua toe amata

Fa'amaonia o lo'o galue le Streaming API i le Nofoaga Fa'atonu:
Ina ia faʻamaonia o loʻo e mauaina fua faʻatatau i mataupu Kafka saʻo:

1. Faʻapipiʻi le faʻaogaina o le kafkacat faʻatasi ai ma tulafono nei:
   sudo apt-get update
   sudo apt-maua faʻapipiʻi le kafkacat

2. Sui le “myaccount” i le igoa puupuu o lau teugatupe i le
   Nofoaga Pulea URL:
   auina atu i fafo METRICS_TOPIC=paa.public.accounts.myaccount.metrics
   auina atu i fafo METADATA_TOPIC=paa.public.accounts.myaccount.metadata

3. Fa'agasolo le fa'atonuga lea e view fua fa'atatau:
   kafkacat -b ${KAFKA_FQDN}:9092 -t ${METRICS_TOPIC} -C -e
   Manatua: O le poloaiga o loʻo i luga o le a faʻaalia ai metrics.
4. I view metadata, faʻatautaia le poloaiga lenei:
   kafkacat -b ${KAFKA_FQDN}:9092 -t ${METADATA_TOPIC} -C -e

Manatua: O le poloaiga o loʻo i luga o le a faʻaalia metadata, ae o le a le faʻafouina i taimi uma.

Client Examples
Mo tagata o tausia examptusi ma nisi faamatalaga, tagai i le itulau 14 o le tusi lesona.

FAQ (Frequently Asked Questions)

• Q: O le a le Paragon Active Assurance?
  A: Paragon Active Assurance o se oloa e maua ai le mataʻituina ma faʻataʻitaʻiga gafatia.
• Q: O le a le Streaming API?
  A: O le Streaming API o se vaega i le Paragon Active Assurance e mafai ai e tagata faʻatau fafo ona toe aumai faʻamatalaga metric mai Kafka.
• Q: E fa'afefea ona ou fa'aogaina le Streaming API?
  A: Ina ia mafai ai le Streaming API, mulimuli i laasaga o loʻo faʻamatala atu i le "Enabling the Streaming API" vaega o le tusi faʻaoga.
• F: E fa'apefea ona ou fa'amaonia o lo'o galue le Streaming API?
  A: Va'ai i le vaega "Verifying that the Streaming API Works in Control Center" mo fa'atonuga i le auala e fa'amaonia ai galuega a le Streaming API.

Folasaga

O lenei ta'iala o lo'o fa'amatalaina ai le auala e maua mai ai fa'amaumauga mai le Paragon Active Assurance e ala i le API fa'asalalau a le oloa.
O le API faʻapea foʻi ma le tagata faʻasalalau o loʻo aofia i totonu o le Paragon Active Assurance faʻapipiʻi. Ae ui i lea, e manaʻomia sina faʻatulagaina ae e te leʻi faʻaogaina le API. O lo'o ufiufi lea i le "Configuring the Streaming API" i le itulau 1 mataupu.

Ua umaview
O lenei mataupu o loʻo faʻamatalaina pe faʻafefea ona faʻapipiʻi le Streaming API e faʻatagaina ai le lesitala i feʻau faʻataʻitaʻiga e ala i Kafka.
pr
I lalo o le a tatou faʻaogaina:

• Auala e mafai ai le Streaming API
• E faʻafefea ona faʻapipiʻi Kafka e faʻalogo i tagata mai fafo
• E faʻafefea ona faʻapipiʻi Kafka e faʻaoga ACL ma faʻapipiʻi faʻailoga SSL mo tagata faʻatau

O le a le Kafka?
O le Kafka o se faʻasalalauga faʻasalalauga e mafai ai ona puʻeina taimi moni o faʻamatalaga na lafoina mai punaoa eseese o mea na tutupu (sensors, databases, mobile device) i foliga o faʻalavelave faʻafuaseʻi, faʻapea foʻi ma le teuina umi o nei faʻasalalauga mo le toe maua ma le faʻaogaina mulimuli ane.
Faatasi ai ma Kafka e mafai ona faʻatautaia le mea na tupu e tafe mai i le pito i le pito i se tufatufa, maualuga le faʻaogaina, faʻamalosi, faʻapalepale sese, ma le saogalemu.

FAAMANATU: Kafka e mafai ona faʻatulagaina i le tele o auala eseese ma sa fuafuaina mo scalability ma redundant faiga. O lenei pepa e taulaʻi naʻo le faʻaogaina o le faʻaogaina o le Streaming API o loʻo maua i le Paragon Active Assurance Control Center. Mo nisi faʻatulagaga sili atu matou te vaʻai i le Kafka pepa aloaia: kafka.apache.org/26/documentation.html.

Fa'aupuga

• Kafka: Faʻasalalauga faʻasalalauga.
• Kafka autu: Aoina o mea na tutupu.
• Kafka subscriber/consumer: Vaega e nafa ma le toe maua mai o mea na tutupu o loʻo teuina i totonu o se autu Kafka.
• Kafka Broker: 'au'aunaga fa'apipi'i fa'apipi'i o se fuifui Kafka.
• SSL/TLS: O le SSL ose fa'amautu fa'apolokalame ua fa'atūina mo le tu'uina atu o fa'amatalaga ma le saogalemu i luga ole Initaneti. TLS o le sui o SSL, na faʻalauiloaina i le 1999.
• SASL: Ta'iala e maua ai auala mo le fa'amaoniaina o tagata fa'aoga, siaki le sa'o o fa'amaumauga, ma fa'ailoga.
• Fa'asalalauina o le aufaipisinisi API: Vaega e nafa ma le toe maua mai o mea na tutupu o lo'o teuina i autu o lo'o fa'amatalaina ile Paragon Active Assurance ma fa'atatau mo avanoa i fafo.
• Pulega Tusi Faamaonia: O se faalapotopotoga faatuatuaina e tuuina atu ma faaleaogaina tusi faamaonia autu lautele.
• Certificate Authority root certificate: Tusipasi autu lautele e iloagofie ai se Pulega Tusi Pasi.

Fa'afefea ona galue le Streaming API
E pei ona taʻua muamua, o le Streaming API e faʻatagaina ai tagata mai fafo e toe aumai faʻamatalaga e uiga i metric mai Kafka.

O fua fa'atatau uma e aoina e Su'ega Su'ega i le taimi o se su'ega po'o le mata'ituina o galuega e lafo i le 'au'aunaga Stream. A mae'a se vaega fa'agaioiga, e fa'asalalau e le 'au'aunaga a le Vaitafe na fua fa'atatau ile Kafka fa'atasi ai ma metadata fa'aopoopo.

Kafka Autu
Kafka o loʻo i ai le manatu o autu e faʻasalalau uma ai faʻamatalaga. I totonu o le Paragon Active Assurance e tele naua mataupu Kafka e maua; peita'i, e na'o se vaega itiiti o nei mea e fa'atatau mo avanoa i fafo.
O fa'amaumauga ta'itasi a Paragon Active Assurance i le Nofoaga Fa'atonu e lua mataupu fa'apitoa. I lalo, ACCOUNT o le igoa fa'apu'upu'u:

• paa.public.accounts.{ACCOUNT}.metrics
  • O fe'au uma o fua fa'atatau mo le fa'amatalaga ua tu'uina atu o lo'o fa'asalalau i lenei autu
  • Tele fa'amaumauga
  • Fa'afou fa'afou maualuga
• paa.public.accounts.{ACCOUNT}.metadata
  • O lo'o iai metadata e feso'ota'i ma fa'amaumauga metrics, mo fa'ata'ita'igaample su'ega, mata'itu po'o le Su'ega Su'ega e feso'ota'i ma fua fa'atatau
  • Laiti fa'amaumauga
  • Fa'afou fa'afou maualalo

Fa'aagaoi le Streaming API

FAAMANATU: O nei faʻatonuga e tatau ona faʻatautaia i luga ole server Center Control e faʻaaoga ai le sudo.

Talu ai ona o le Streaming API e faʻaopoopoina nisi o luga i le Nofoaga Faʻatonu, e le mafai ona faʻaogaina. Ina ia mafai ai le API, e tatau ona tatou faʻatagaina muamua le faʻasalalauina o metrics i Kafka i le faʻatulagaga autu file:

• /etc/netrounds/netrounds.conf

KAFKA_METRICS_ENABLED = Moni

LAPATAIGA: O le fa'aagaaga o lenei vaega e ono a'afia ai le fa'atinoga o le Nofoaga Pulea. Ia mautinoa ua e fuaina lau instance e tusa ai.

Soso'o, ina ia mafai ai ona tu'uina atu nei fua fa'atatau i autu Kafka sa'o:

• /etc/netrounds/metrics.yaml

streaming-api: moni

Ina ia mafai ma amata le Streaming API auaunaga, tamomoe:

• sudo ncc auaunaga e mafai ai timescaledb metrics
• sudo ncc auaunaga amata timescaledb metrics

Mulimuli ane, toe amata auaunaga:

• sudo ncc auaunaga toe amata

Fa'amautinoa o lo'o galue le Streaming API i le Nofoaga Fa'atonu

FAAMANATU: O nei fa'atonuga e tatau ona fa'atino i luga ole server Center Control.

E mafai nei ona e fa'amaonia o lo'o e mauaina fua fa'atatau ile autu Kafka sa'o. Ina ia faia, faʻapipiʻi le aoga kafkacat:

• sudo apt-get update
• sudo apt-maua faʻapipiʻi le kafkacat

Afai e iai sau su'ega po'o se mata'itū o lo'o tamo'e ile Control Center, e tatau ona e fa'aogaina le kafkacat e maua ai fua fa'atatau ma metadata i nei autu.
Sui myaccount i le igoa puupuu o lau teugatupe (o le mea lea e te vaʻaia i lau Nofoaga Faʻatonu URL):

• auina atu i fafo METRICS_TOPIC=paa.public.accounts.myaccount.metrics
• auina atu i fafo METADATA_TOPIC=paa.public.accounts.myaccount.metadata

E tatau ona e vaʻai i metrics e ala i le faʻatinoina o lenei poloaiga:

• kafkacat -b ${KAFKA_FQDN}:9092 -t ${METRICS_TOPIC} -C -e

I view metadata, faʻataʻitaʻi le faʻatonuga o loʻo i lalo (ia maitauina o le a le faʻafouina soo):

• kafkacat -b ${KAFKA_FQDN}:9092 -t ${METADATA_TOPIC} -C -e

FAAMANATU:
kafkacat” Client Examples” i le itulau e 14

Ole mea lea e fa'amaonia ai o lo'o i ai sau API Fa'aola galue mai totonu ole Nofoaga Fa'atonu. Ae ui i lea, e foliga mai e te fiafia i le mauaina o faʻamatalaga mai se tagata ese mai fafo nai lo. O le isi vaega o loʻo faʻamatalaina pe faʻafefea ona tatala Kafka mo avanoa i fafo.

Tatala le Kafka mo 'au i fafo

FAAMANATU: O nei fa'atonuga e tatau ona fa'atino i luga ole server Center Control.

O le fa'aletonu Kafka o lo'o tamo'e i luga o le Nofoaga Fa'atonu ua fa'atulagaina e na'o le fa'alogo ile localhost mo le fa'aoga i totonu. E mafai ona tatala Kafka mo tagata mai fafo e ala i le suia o tulaga Kafka.

Feso'ota'i i Kafka: Fa'aaliga

FAATUATUA: Fa'amolemole faitau ma le toto'a lenei mea, talu ai e faigofie ona fa'afeso'ota'i mataupu ma Kafka pe afai e te le'i malamalama i nei manatu.

I le fa'atonuga o le Nofoaga Fa'atonu o lo'o fa'amatalaina i lenei pepa, e na'o le tasi le Kafka broker.
Ae ui i lea, ia maitauina o le Kafka broker e tatau ona tamoe o se vaega o le Kafka cluster lea e ono aofia ai le tele o Kafka brokers.
Pe a faʻafesoʻotaʻi i le Kafka broker, o se fesoʻotaʻiga muamua e faʻatutuina e le Kafka client. I luga o lenei fesoʻotaʻiga, o le a toe faʻafoʻi atu e le Kafka broker se lisi o "faʻasalalauga faʻalogo", o se lisi o se tasi pe sili atu Kafka brokers.
I le mauaina o lenei lisi, o le Kafka client o le a motusia, ona toe faʻafesoʻotaʻi i se tasi o nei faʻasalalauga faʻasalalau. O tagata fa'asalalau fa'asalalau e tatau ona i ai igoa talimalo po'o tuatusi IP e mafai ona maua e le Kafka client, ne'i le mafai e le kalani ona fa'afeso'ota'i.
Afai e faʻaogaina le faʻailoga SSL, e aofia ai se tusi faamaonia SSL o loʻo nonoa i se igoa faʻapitoa, e sili atu ona taua le mauaina e le Kafka client le tuatusi saʻo e faʻafesoʻotaʻi i ai, aua a leai e ono teena le fesoʻotaʻiga.
Faitau atili e uiga i Kafka faʻalogologo iinei: www.confluent.io/blog/kafka-listeners-explained

SSL/TLS Encryption
Ina ia mautinoa e naʻo tagata faʻatuatuaina e faʻatagaina e ulufale i Kafka ma le Streaming API, e tatau ona matou faʻatulagaina mea nei:

• Fa'amaoni: E tatau i tagata faʻatau ona tuʻuina atu le igoa ole igoa ma le faʻaupuga e ala i se fesoʻotaʻiga saogalemu SSL/TLS i le va o le kalani ma Kafka.
• Fa'atagaga: E mafai e tagata faʻamaonia faʻamaonia ona faia galuega faʻatonutonu e ACLs.

Ua mae'a neiview:

*) Fa'amautu le igoa fa'aoga/fa'aupuga e fa'atino i luga ole alalaupapa fa'ailoga SSL

Ina ia malamalama atoatoa pe faʻapefea ona galue le SSL/TLS encryption mo Kafka, faʻamolemole faʻafesoʻotaʻi le pepa aloaia: docs.confluent.io/platform/current/kafka/encryption.html

SSL/TLS Tusi Faamaonia Ua Umaview

FAAMANATU: I lenei vaega o le a matou faʻaogaina upu nei:

Tusi Faamaonia: Se tusi faamaonia SSL sainia e le Pulega Tusi Faamaonia (CA). E tofu le tagata fai pisinisi a Kafka ma le tasi.
Keystore: Le faleoloa autu file lea e teu ai le tusi faamaonia. Le faleoloa ki file o loo i ai le ki patino o le tusi faamaonia; o lea, e tatau ona teuina ma le saogalemu.
Truststore: A file o lo'o iai tusi faamaonia CA.

Ina ia faʻatulagaina le faʻamaoniga i le va o le tagata faʻatau fafo ma Kafka o loʻo tamoʻe i le Control Center, e tatau i itu uma e lua ona i ai se faleoloa autu e faʻamatalaina ma se tusi faamaonia e sainia e le Pulega Tusi Faamaonia (CA) faʻatasi ma le CA root certificate.
E le gata i lea, e tatau foi i le kalani ona i ai se faleoloa tausi ma le CA root certificate.
O le tusi a'a o le CA e taatele i le Kafka broker ma le Kafka client.

Fausia o Tusi Faamaonia Manaomia
O loo aofia i le “Faaopoopoga” i le itulau e 17.

Kafka Broker SSL/TLS Configuration i le Nofoaga Autu

FAAMANATU: O nei fa'atonuga e tatau ona fa'atino i luga ole server Center Control.

FAAMANATU: Aʻo leʻi faʻaauau, e tatau ona e fatuina le keystore o loʻo i ai le tusi faamaonia SSL e ala i le mulimuli i faʻatonuga i le "Faʻaopoopoga" i le itulau 17. O auala o loʻo taʻua i lalo e sau mai nei faatonuga.
O le SSL keystore o le a file teuina i luga o le tisiki ma le file extension .jks.

O le taimi lava e maua ai lau tusipasi mana'omia mo le Kafka broker ma le Kafka client e avanoa, e mafai ona e fa'aauau i le fa'atulagaina o le Kafka broker o lo'o fa'agaoioi i le Control Center. E tatau ona e iloa mea nei:

• : Le igoa talimalo lautele o le Nofoaga Autu; e tatau ona fo'ia ma mafai ona maua e tagata fa'atau a Kafka.
• : O le upegatafaʻilagi keystore na tuʻuina atu pe a fatuina le tusi faamaonia SSL.
• ma : O upu nei e te mana'o e fa'atulaga mo le admin ma le tagata fa'aoga tagata. Manatua e mafai ona e faʻaopoopo nisi tagata faʻaoga, e pei ona faʻaalia i le example.

Faʻasaʻo pe faʻapipiʻi (faʻatasi ai ma le sudo avanoa) meatotino o loʻo i lalo i /etc/kafka/server.properties, faʻaofi i luga fesuiaiga e pei ona faʻaalia:

LAPATAIGA: Aua le aveesea PLAINTEXT: // localhost: 9092; o le a motusia ai galuega o le Center Center talu ai o le a le mafai ona fesootai auaunaga i totonu.

• …
• # O tuatusi o loʻo faʻalogo i ai le Kafka broker.
• listeners=PLAINTEXT://localhost:9092,SASL_SSL://0.0.0.0:9093
• # O 'au nei e toe fa'asalalau atu i so'o se tagata o lo'o feso'ota'i.
• advertised.listeners=PLAINTEXT://localhost:9092,SASL_SSL:// :9093 …
• ####### FA'AAGAGA FA'AVAE
• # SSL CONFIGURATION
• ssl.endpoint.identification.algorithm=
  ssl.keystore.location=/var/ssl/private/kafka.server.keystore.jks
• ssl.keystore.password=
• ssl.key.password=
• ssl.client.auth=leai
• ssl.protocol=TLSv1.2
• # SASL fa'atulagaina
• sasl.enabled.mechanisms=PLAIN
• username=”admin” \
• password=” ” \
• user_admin=" ” \
• user_client=" ”;
• # FAAMATALAGA sili atu tagata faʻaoga e mafai ona faʻaopoopo i le user_ =
• # Fa'ataga, fa'aola ACL
• authorizer.class.name=kafka.security.authorizer.AclAuthorizer super.users=User:admin

Fa'atulaga Lisi Pulea Avanoa (ACLs)

Liliu ACLs ile localhost

LAPATAIGA: E tatau ona tatou seti muamua ACLs mo localhost, ina ia mafai lava e le Pulea Pule ona maua le Kafka. Afai e le faia lenei mea, o le a malepe mea.

• –authorizer kafka.security.authorizer.AclAuthorizer \
• –authorizer-properties zookeeper.connect=localhost:2181 \
• –faaopoopo –allow-principal User:ANONYMOUS –allow-host 127.0.0.1 –cluster
• /usr/lib/kafka/bin/kafka-acls.sh \
• –authorizer kafka.security.authorizer.AclAuthorizer \
• –authorizer-properties zookeeper.connect=localhost:2181 \
• –add –allow-principal User:ANONYMOUS –allow-host 127.0.0.1 –autu '*'
• /usr/lib/kafka/bin/kafka-acls.sh \
• –authorizer kafka.security.authorizer.AclAuthorizer \
• –authorizer-properties zookeeper.connect=localhost:2181 \
• –add –allow-principal User:ANONYMOUS –allow-host 127.0.0.1 –group '*'

E mana'omia la ona fa'ataga ACL mo na'o le faitau i fafo, ina ia fa'atagaina tagata mai fafo e faitau mataupu paa.public.*.

### ACLs fa'amaumauga mo tagata e le ta'ua igoa /usr/lib/kafka/bin/kafka-acls.sh \

FAAMANATU: Mo nisi fa'atonuga lelei, fa'amolemole va'ai ile fa'amaumauga aloaia a Kafka.

• –authorizer kafka.security.authorizer.AclAuthorizer \
• –authorizer-properties zookeeper.connect=localhost:2181 \
• –fa'aopoopo –fa'ataga-matua Tagata fa'aoga:* –fa'agaioiga faitau-fa'agaioiga fa'amatala \ –vaega 'NCC'
• /usr/lib/kafka/bin/kafka-acls.sh \
• –authorizer kafka.security.authorizer.AclAuthorizer \
• –authorizer-properties zookeeper.connect=localhost:2181 \
• –fa'aopoopo –fa'ataga-matua Tagata fa'aoga:* –fa'agaioiga faitau –gaio'iga fa'amatala \ –autu paa.public. –resource-model-type prefixed

A maeʻa loa lenei mea, e te manaʻomia le toe amataina o auaunaga:

### ACLs faʻamaumauga mo tagata faʻaoga fafo /usr/lib/kafka/bin/kafka-acls.sh \

• sudo ncc auaunaga toe amata

Ina ia faʻamaonia e mafai e le tagata o tausia ona faʻatuina se fesoʻotaʻiga saogalemu, faʻataʻitaʻi le faʻatonuga lea i fafo
komepiuta tagata o tausia (e le o luga ole server Center Control). I lalo ifo, PUBLIC_HOSTNAME ole igoa ole nofoaga autu e pulea:

• openssl s_client -debug -fesootai ${PUBLIC_HOSTNAME}:9093 -tls1_2 | grep "E lagolagoina le Toe Fa'atalanoaga Saogalemu"

I le faʻatonuga faʻatonuga e tatau ona e vaʻai i le tusi faamaonia a le server faʻapea foʻi ma mea nei:

• E lagolagoina le Secure Renegotiation

Ina ia mautinoa o loʻo faʻatagaina auaunaga i totonu o le Kafka server, faʻamolemole siaki le ogalaau o loʻo i lalofiles:

• /var/log/kafka/server.log
• /var/log/kafka/kafka-authorizer.log

Fa'amaonia le Feso'ota'iga Fa'atau i fafo

kafkacat

FAAMANATU: O nei fa'atonuga e tatau ona fa'atautaia i luga o le komepiuta a le tagata o tausia (ae le o luga ole server Center Control).
FAAMANATU: Ina ia fa'aalia fa'amatalaga metrics, fa'amautinoa o lo'o fa'agaoioi se mata'itū e tasi i le Nofoaga Fa'atonu.

Ina ia faʻamaonia ma faʻamaonia fesoʻotaʻiga o se tagata faʻatau fafo, e mafai ona faʻaogaina le faʻaogaina o le kafkacat lea na faʻapipiʻiina i le vaega "Faʻamaonia o le Streaming API e galue i le Nofoaga Faʻatonu" i le itulau 4.
Fai laasaga nei:

FAAMANATU: I lalo ifo, CLIENT_USER o le tagata faʻaoga na faʻamaonia muamua i le file /etc/kafka/server.properties i le Nofoaga Pulea: e taʻua, user_client ma le upu faʻaulu o loʻo seti iina.
O le CA root certificate na fa'aoga e saini ai le server side SSL certificate e tatau ona iai ile kalani.

Fausia a file client.properties ma mea nei:

• security.protocol=SASL_SSL
• ssl.ca.location={PATH_TO_CA_CERT}
• sasl.mechanisms=PELE
• sasl.username={CLIENT_USER}
• sasl.password={CLIENT_PASSWORD}

o fea

• {PATH_TO_CA_CERT} o le nofoaga o le CA root certificate na fa'aogaina e le Kafka broker
• {CLIENT_USER} ma {CLIENT_PASSWORD} o fa'amatalaga fa'aoga mo le kalani.

Faʻatonu le poloaiga lenei e vaʻai ai i le feʻau na faʻaaogaina e kafkacat:

• auina atu i fafo KAFKA_FQDN=
• auina atu i fafo METRICS_TOPIC=paa.public.accounts. .metrics
• kafkacat -b ${KAFKA_FQDN}:9093 -F client.properties -t ${METRICS_TOPIC} -C -e

lea {METRICS_TOPIC} o le igoa o le autu Kafka ma le prefix “paa.public.”.

FAAMANATU: O lomiga tuai o le kafkacat e le maua ai le filifiliga -F mo le faitauina o tulaga o tagata o tausia mai le a file. Afai o loʻo e faʻaaogaina sea ituaiga, e tatau ona e tuʻuina atu tulaga tutusa mai le laina faʻatonu e pei ona faʻaalia i lalo.

kafkacat -b ${KAFKA_FQDN}:9093 \

• X security.protocol=SASL_SSL \
• X ssl.ca.location={PATH_TO_CA_CERT} \
• X sasl.mechanisms=PLAIN \
• X sasl.username={CLIENT_USER} \
• X sasl.password={CLIENT_PASSWORD} \
• t ${METRICS_TOPIC} -C -e

Ina ia debug le fesoʻotaʻiga, e mafai ona e faʻaogaina le -d filifiliga:

Debug feso'ota'iga tagata fa'atau
kafkacat -d tagata faatau -b ${KAFKA_FQDN}:9093 -F client.properties -t ${METRICS_TOPIC} -C -e
# Debug feso'ota'iga fai pisinisi
kafkacat -d faioloa -b ${KAFKA_FQDN}:9093 -F client.properties -t ${METRICS_TOPIC} -C -e

Ia mautinoa e te va'ai i fa'amaumauga mo le faletusi a le tagata fa'atau a Kafka o lo'o fa'aogaina, ona e ono ese meatotino mai mea o lo'o i totonu client.properties.

Fa'asologa o Savali
O fe'au o lo'o fa'aogaina mo metrics ma metadata autu o lo'o fa'avasegaina i le fa'asologa o le Protocol buffers (protobuf) (va'ai developers.google.com/protocol-buffers). O fa'asologa mo nei fe'au o lo'o mulimulita'i i le fa'atulagaga nei:

Fuafuaga Protobuf Schema

• syntax = “proto3”;
• faaulufale mai “google/protobuf/timestamp.proto”;
• afifi paa.streamingapi;
• filifiliga go_package = “.;paa_streamingapi”;
• fe'au metrics {
• google.protobuf.Timestamp taimiamp = 1;
• faafanua tau = 2;
• int32 stream_id = 3;
• }
• /**
• * O se tau metric e mafai ona avea ma se numera atoa poʻo se faʻafefe.
• */
• fe'au MetricValue {
• tasi o ituaiga {
• int64 int_val = 1;
• float float_val = 2;
• }
• }

Metadata Protobuf Schema

• syntax = “proto3”;
• afifi paa.streamingapi;
• filifiliga go_package = “.;paa_streamingapi”;
• fe'au Metadata {
• int32 stream_id = 1;
• manoa stream_name = 2;
• faafanua tags = 13;
• }

Client Examples

FAAMANATU: O nei fa'atonuga e fa'amoemoe e fa'atino i luga o se tagata fa'atau fafo, mo se fa'ata'ita'igaamptu'u lau komepiuta feavea'i po'o se mea faapena, ae le o totonu o le Nofoaga Fa'atonu.
FAAMANATU: Ina ia fa'aalia fa'amatalaga metrics, ia mautinoa o lo'o fa'agaoioi se mata'itū e tasi i le Nofoaga Fa'atonu.

O le tarball Center Control e aofia ai le archive paa-streaming-api-client-examples.tar.gz (client-examples), o loʻo i ai se example Python script o loʻo faʻaalia ai le faʻaogaina o le Streaming API.

Fa'apipi'i ma Fa'atonu le Client Examples
E te maua le client-example i totonu o le pusa o le Paragon Active Assurance Control Center:

• auina atu i fafo CC_VERSION=4.1.0
• cd ./paa-control-center_${CC_VERSION}
• ls paa-streaming-api-client-examples*

E fa'apipi'i client-examples i lau komepiuta tagata fa'atau fafo, fa'agasolo fa'apea:

• # Fausia se lisi mo le suʻeina o mea o loʻo i totonu o le tagata o tausiaamples tarball
• mkdir paa-streaming-api-client-examples
• # Aveese mea o loʻo i totonu ole kalani examples tarball
• tar xzf paa-streaming-api-client-examples.tar.gz -C paa-streaming-api-client-examples
• # Alu i le lisi fou na faia
• cd paa-streaming-api-client-examples

client-examples manaʻomia Docker e tamoe. O faʻamaumauga ma faʻatonuga faʻapipiʻi mo Docker e mafai ona maua ile https://docs.docker.com/engine/install.

Fa'aaogā Client Examples
Le kalani-examples meafaigaluega e mafai ona tamoʻe i soʻo se tulaga faʻavae poʻo le maualuga e fausia ai example lavelave eseese. I tulaga uma e lua, e mafai foi ona tamoe i le examples ma se faatulagaga file o lo'o i ai meatotino fa'aopoopo mo le fa'avasegaina atili o le itu a le kalani.

Faiga Fa'avae
I le faiga fa'avae, o fua fa'atatau ma a latou metadata o lo'o fa'asalalau ese'ese. I lea tulaga, e fa'alogo le kalani i autu Kafka ta'itasi o lo'o avanoa mo avanoa i fafo ma na'o le lolomi o fe'au na maua i le fa'amafanafanaga.
E amata ai le faʻatinoina o le faʻavae muamuaamples, tamoe:

• build.sh run-basic –kafka-brokers localhost:9092 –account ACCOUNT_SHORTNAME

lea ACCOUNT_SHORTNAME ole igoa pu'upu'u ole tala e te mana'o e maua mai ai fua.
Ina ia faamutaina le faatinoga o le example, fetaomi Ctrl + C. (Atonu e iai sina tuai a'o le'i taofia le fa'asalaga ona o lo'o fa'atali le kalani mo se taimi e fa'agata ai.)

Auala maualuga

FAAMANATU: O fua fa'atatau e fa'aalia mo na'o mata'itū HTTP o lo'o tamo'e ile Nofoaga Fa'atonu.

O le faʻatinoina i le tulaga maualuga e faʻaalia ai le fesoʻotaʻiga i le va o metric ma metadata feʻau. O lea lava
e mafai ona faafetai i le i ai i metric feʻau taʻitasi o se vaitafe id fanua lea e faasino i le metadata feʻau fetaui.
E fa'atino ai le fa'amata'u maualugaamples, tamoe:

• build.sh run-advanced –kafka-brokers localhost:9092 –account ACCOUNT_SHORTNAME

lea ACCOUNT_SHORTNAME ole igoa pu'upu'u ole tala e te mana'o e maua mai ai fua.
Ina ia faamutaina le faatinoga o le example, fetaomi Ctrl + C. (Atonu e iai sina tuai a'o le'i taofia le fa'asalaga ona o lo'o fa'atali le kalani mo se taimi e fa'agata ai.)

Fa'aopoopo Fa'aopoopo
E mafai ona tamomoe le exampfa'atasi ai ma fa'aopoopo fa'aopoopo a le kalani fa'aaoga le –config-file filifiliga sosoo ai ma le a file igoa o lo'o iai meatotino i le fomu ki=taua.

• build.sh run-advanced \
• –kafka-brokers localhost:9092 \
• –account ACCOUNT_SHORTNAME \
• –faiga-file client_config.properties

FAAMANATU: Uma files fa'asino i le fa'atonuga o lo'o i luga e tatau ona tu'u i totonu o le lisi o lo'o iai nei ma fa'asino i le fa'aaogaina o ala fa'atatau. E faʻatatau uma i le -config-file finauga ma i mea uma i totonu o le faatulagaga file lea e faamatalaina file nofoaga.

Fa'amaonia le Fa'amaoniga a Tagata Fa'atau i fafo
E fa'amaonia le fa'amaoni o tagata mai fafo o le Nofoaga Fa'atonu e fa'aaoga ai le client-examples, fai laasaga nei:

Mai le pusa Paragon Active Assurance Control Center, sui i le paa-streaming-api-client-example faila:

cd paa-streaming-api-client-examples

• Kopi le CA root certificate ca-cert i le lisi o lo'o iai nei.
• Fausia se client.properties file fa'atasi ai ma mea nei:

security.protocol=SASL_SSL ssl.ca.location=ca-cert
sasl.mechanism=PLAIN
sasl.username={CLIENT_USER}
sasl.password={CLIENT_PASSWORD}

lea o {CLIENT_USER} ma {CLIENT_PASSWORD} o lo'o iai fa'amatalaga mo tagata fa'aoga.

Tamomoe muamua examples:

• auina atu i fafo KAFKA_FQDN=
• build.sh run-basic –kafka-brokers ${KAFKA_FQDN}:9093 \
• –account ACCOUNT_SHORTNAME
• –faiga-file client.properties

lea ACCOUNT_SHORTNAME ole igoa pu'upu'u ole tala e te mana'o e maua mai ai fua.

Tamomoe muamua muamuaamples:

• auina atu i fafo KAFKA_FQDN=
• build.sh run-advanced –kafka-brokers ${KAFKA_FQDN}:9093 \
• –account ACCOUNT_SHORTNAME
• –faiga-file client.properties

Fa'aopoopo

I lenei faʻaopoopoga matou te faʻamatalaina pe faʻapefea ona fai:

• o se faleoloa autu file mo le teuina o le Kafka broker SSL tusi faamaonia
• se faleoloa tausi file mo le teuina o le Certificate Authority (CA) root certificate na faʻaaogaina e sainia ai le Kafka broker certificate.

Fausiaina o se Kafka Broker Certificate
Fausiaina o se Tusi Fa'amaonia e Fa'aaoga ai se Pule Fa'amaonia Moni (Fautuaina)
E fautuaina e te maua se tusi faamaonia SSL moni mai se CA faatuatuaina.
A uma loa ona e filifili i se CA, kopi la latou CA root certificate ca-cert file i lau lava ala e pei ona faʻaalia i lalo:

• auina atu i fafo CA_PATH=~/my-ca
• mkdir ${CA_PATH}
• cp ca-cert ${CA_PATH}

Fausia Lau Lava Pule Faamaonia

FAAMANATU: E masani lava e tatau ona saini lau tusi pasi e se Pulega Tusi Faamaonia moni; tagai i le faafuaiupu muamua. O le mea o lo'o mulimuli mai ua na'o se example.

O iinei tatou te fatuina ai la tatou lava Tusi Faamaonia Pulega (CA) aʻa tusi faamaonia file aoga mo 999 aso (e le fautuaina i le gaosiga):

• # Fausia se lisi mo le teuina o le CA
• auina atu i fafo CA_PATH=~/my-ca
• mkdir ${CA_PATH}
• # Fausia le tusi faamaonia CA
• openssl req -new -x509 -keyout ${CA_PATH}/ca-key -out ${CA_PATH}/ca-cert -aso 999

Fausia le Client Truststore
Ole taimi nei e mafai ona e faia se faleoloa fa'alagolago file o lo'o i ai le ca-cert na gaosia i luga. Lenei file o le a mana'omia e le Kafka client o le a maua le Streaming API:

• keytool -keystore kafka.client.truststore.jks \
  • alias CARoot \
  • tusi fa'aulufale mai -file ${CA_PATH}/ca-cert

O lea la ua iai le tusi faamaonia CA i le fale tausi mavaega, o le a fa'atuatuaina e le kalani so'o se tusi pasi e sainia ai.
E tatau ona e kopiina le file kafka.client.truststore.jks i se nofoaga e iloa i luga o lau komepiuta tagata o tausia ma faasino i ai i le faatulagaga.

Fausia le Keystore mo le Kafka Broker
Ina ia gaosia le Kafka broker SSL tusi faamaonia ona sosoo ai lea ma le keystore kafka.server.keystore.jks, fa'agasolo e pei ona taua i lalo:

Fausia le Tusi Faamaonia SSL
I lalo ifo, 999 o le numera o aso o le faʻamaonia o le keystore, ma o le FQDN o le igoa faʻamaonia atoatoa o le kalani (igoa talimalo lautele o le node).

FAAMANATU: E taua tele le fetaui o le FQDN i le igoa talimalo tonu o le a faʻaogaina e le Kafka client e faʻafesoʻotaʻi i le Nofoaga Faʻatonu.

• sudo mkdir -p /var/ssl/private
• sudo chown -R $USER: /var/ssl/private
• cd /var/ssl/private
• auina atu i fafo FQDN= keytool -keystore kafka.server.keystore.jks \
• – alias server \
• – aoga 999 \
• – genkey -keyalg RSA -ext SAN=dns:${FQDN}

Fausia se talosaga saini tusi faamaonia ma teu i totonu o le file igoa cert-server-request:

• keytool -keystore kafka.server.keystore.jks \
  • – alias server \
  • – certreq \
  • – file tusi-server-talosaga

Ua tatau nei ona e auina atu le file cert-server-request i lau Certificate Authority (CA) pe afai o loʻo e faʻaaogaina se mea moni. Ona latou toe faafoi atu lea o le tusipasi ua sainia. O le a matou taʻua lenei mea e pei o le cert-server-signed below.

Saini le Tusi Faamaonia SSL Faʻaaogaina se Tusi Faamaonia CA na faia e le tagata lava ia

FAAMANATU: Toe fa'apea, o le fa'aaogaina o lau lava CA e le fautuaina i totonu o se faiga o gaosiga.

Saini le tusi faamaonia e faaaoga ai le CA e ala i le file cert-server-request, lea e maua ai le tusi faamaonia saini saini-server-signed. Va'ai i lalo; ca-password o le upu faʻapipiʻi seti pe a fatuina le tusi faamaonia CA.

• cd /var/ssl/private openssl x509 -req \
  • – CA ${CA_PATH}/ca-cert \
  • – CAkey ${CA_PATH}/ca-key \
  • – i le tusipasi-server-talosaga \
  • – fa'ailoga-server-saini \
  • – aso 999 -CAcreateserial \
  • – pasi pasi:{ca-password}

Fa'aulufaleina mai o le Tusi Pasi Saini i totonu o le Keystore

Fa'aulufale mai le ca-cert root certificate i le keystore:

• keytool -keystore kafka.server.keystore.jks \
  • – alias ca-cert \
  • – faaulufale mai \
  • – file ${CA_PATH}/ca-cert

Fa'aulufale mai le tusi pasi saini ua ta'ua o le cert-server-signed:

• keytool -keystore kafka.server.keystore.jks \
  • – alias server \
  • – faaulufale mai \
  • – file tusi-server-saini

O le file Kafka.server.keystore.jks e tatau ona kopi i se nofoaga e iloa i luga o le server Center Control, ona faasino lea i totonu /etc/kafka/server.properties.

Fa'aaogā le Streaming API

I LE VAEGA LENEI

• Aoao | 20
• Kafka Autu Igoa | 21
• Examples o le Fa'aaogaina o le Streaming API | 21

lautele
Ole streaming API e maua uma faʻamatalaga suʻega ma mataʻituina. E le mafai ona fa'avasegaina se tasi o nei vaega.
O le streaming API e le maua mai faʻamatalaga mai suʻega faʻavae faʻamaumauga (o loʻo faʻatusalia e se faʻataʻitaʻi nai lo se fasi jigsaw i le Control Center GUI), e pei o suʻega faʻagaoioia auaunaga a Ethernet ma suʻega manino.

Kafka Autu Igoa
O igoa autu o le Kafka mo le API fa'afefe e fa'apea, o le %s o le igoa pu'upu'u o le Control Center account (fa'ailoa pe a fatuina le tala):

• const (
• exporterName = “kafka”
• metadataTopicTpl = “paa.public.accounts.%s.metadata” metricsTopicTpl = “paa.public.accounts.%s.metrics” )

Exampo le Fa'aaogaina o le Streaming API
O le exampo lo'o mulimuli mai o lo'o maua i le tarball paa-streaming-api-client-examples.tar.gz o lo'o iai i totonu o le tarball Center Center.
Muamua, o loʻo i ai se faʻavae masaniample fa'aalia pe fa'afefea ona fa'asalalau fa'atasi ia metric ma a latou metadata ma na o le lolomi o fe'au na maua i le fa'amafanafanaga. E mafai ona e fa'atinoina e fa'apea:

• sudo ./build.sh run-basic –kafka-brokers localhost:9092 –account ACCOUNT_SHORTNAME

O loʻo i ai foʻi se faʻauluuluga sili atuample mea e fa'amaopoopoina ai fe'au ma metadata. Fa'aaoga le poloaiga lenei e fa'atino ai:

• sudo ./build.sh run-advanced –kafka-brokers localhost:9092 –account ACCOUNT_SHORTNAME

E te manaʻomia le faʻaogaina o le sudo e faʻatautaia ai tulafono a Docker e pei o luga. I le filifiliga, e mafai ona e mulimuli i laasaga o le faʻapipiʻiina o Linux ina ia mafai ai ona faʻatautaia tulafono a Docker e aunoa ma le sudo. Mo fa'amatalaga, alu ile docs.docker.com/engine/install/linux-postinstall.

Juniper Networks, le logo Juniper Networks, Juniper, ma Junos o fa'ailoga fa'amaufa'ailoga a Juniper Networks, Inc. i le Iunaite Setete ma isi atunu'u. O isi fa'ailoga tau fefa'ataua'iga uma, fa'ailoga tautua, fa'ailoga resitalaina, po'o fa'ailoga tautua ua resitalaina o meatotino a latou tagata. E leai se matafaioi a Juniper Networks mo soʻo se mea le saʻo i lenei pepa. Juniper Networks fa'asaoina le aia tatau e sui ai, suia, fesiita'i, po'o se isi itu e toe teuteu lenei lomiga e aunoa ma se fa'aaliga. Puletaofia © 2023 Juniper Networks, Inc. Ua taofia aia tatau uma.

Pepa / Punaoa

Juniper NETWORKS Streaming API Software [pdf] Taiala mo Tagata Fa'aoga Fa'asalalauina API Polokalama, API Software, Software

Fa'asinomaga

• Tusi Taiala