Zviri mukati hide
1 Juniper NETWORKS Kutenderera API Software
2 Product Information
3 Nhanganyaya
4 Kuvhura Kafka kune Vekunze Hosts
5 Kumisikidza Access Control Lists (ACLs)
5.1 ### ACLs mapindiro evashandisi vasingazivikanwe /usr/lib/kafka/bin/kafka-acls.sh \
5.2 ### ACLs mapindiro evashandisi vekunze /usr/lib/kafka/bin/kafka-acls.sh \
6 Kusimbisa External Client Connectivity
7 Appendikisi
8 Uchishandisa iyo Streaming API
9 Zvinyorwa / Zvishandiso
9.1 References

Juniper-logo

Juniper NETWORKS Kutenderera API SoftwareJuniper-NETWORKS-Streaming-API-Software-product

Product Information

Zvinotsanangurwa

  • Zita reChigadzirwa: Paragon Active Assurance
  • Shanduro: 4.1
  • Zuva Rekubudiswa: 2023-03-15

Nhanganyaya:
Gwaro iri rinopa mirairo yekuti ungabvisa sei data kubva kuParagon Active Assurance uchishandisa chigadzirwa chekushambadzira API. Iyo yekutepfenyura mutengi uye API inosanganisirwa muParagon Active Assurance yekumisikidza, asi kumwe kugadziridzwa kunodiwa usati washandisa API. Maitiro ekugadzirisa akafukidzwa muchikamu che "Kugadzirisa iyo Yekutenderera API".

Kugadzirisa iyo Yekufambisa API:
Matanho anotevera anotsanangura maitiro ekugadzirisa iyo yekushambadzira API:

Overview
Kafka chiitiko-yekutepfenyura chikuva chakagadzirirwa chaiyo-nguva yekutora uye kuchengetedza data kubva kwakasiyana masosi. Inogonesa manejimendi enzizi dzechiitiko nenzira yakagoverwa, inoparadza, inoshivirira, uye yakachengeteka. Gwaro iri rinotarisa pakugadzirisa Kafka kuti ishandise iyo Yekutenderera API chimiro muParagon Active Assurance Control Center.

Terminology
Iyo Yekutenderera API inobvumira vatengi vekunze kuti vatore metrics ruzivo kubva kuKafka. Metrics inounganidzwa neVaedzi Agents panguva yebvunzo kana yekutarisa basa inotumirwa kuStream service. Mushure mekugadzirisa, iyo Stream sevhisi inoburitsa aya metrics paKafka pamwe nekuwedzera metadata.

Kafka Topics
Iyo Yekutenderera API inoshandisa Kafka misoro kuronga uye kuchengeta metrics uye metadata. Misoro yeKafka inogona kugadzirwa uye kutungamirirwa zvinoenderana nezvinodiwa chaizvo.

Kugonesa iyo Streaming API
Kugonesa iyo Streaming API, tevera matanho aya:

  1. Mhanya iyo inotevera mirairo pane Control Center server uchishandisa sudo:
KAFKA_METRICS_ENABLED = Chokwadi sudo ncc masevhisi anogonesa timescaledb metrics sudo ncc masevhisi anotanga timescaledb metrics sudo ncc masevhisi anotangazve

Kuona Kuti Iyo Yekufambisa API Inoshanda muKudzora Center:
Kuona kuti urikugamuchira metrics pane chaiyo Kafka misoro:

  1. Isa iyo kafkacat utility nemirairo inotevera:
    sudo apt-tora update
    sudo apt-tora kuisa kafkacat
  1. Tsiva "myaccount" nezita pfupi reakaundi yako mu
    Control Center URL:
    export METRICS_TOPIC=paa.public.accounts.myaccount.metrics
    export METADATA_TOPIC=paa.public.accounts.myaccount.metadata
  1. Mhanya unotevera kuraira kuti view metrics:
    kafkacat -b ${KAFKA_FQDN}:9092 -t ${METRICS_TOPIC} -C -e
    Cherechedza: Murairo uri pamusoro ucharatidza ma metrics.
  2. To view metadata, mhanya unotevera kuraira:
    kafkacat -b ${KAFKA_FQDN}:9092 -t ${METADATA_TOPIC} -C -e

Cherechedza: Murairo wepamusoro ucharatidza metadata, asi haizogadzirise kakawanda.

Mutengi Examples
Zvemutengi exampruzivo uye rumwe ruzivo, tarisa kupeji 14 yebhuku rekushandisa.

FAQ (Mibvunzo Inowanzo bvunzwa)

  • Mubvunzo: Chii chinonzi Paragon Active Assurance?
    A: Paragon Active Assurance chigadzirwa chinopa kutarisa uye kuyedza kugona.
  • Mubvunzo: Chii chinonzi Streaming API?
    A: Iyo Yekutenderera API chinhu muParagon Active Assurance inobvumira vatengi vekunze kuti vatore metrics ruzivo kubva kuKafka.
  • Mubvunzo: Ndinogonesa sei iyo Streaming API?
    A: Kugonesa iyo Yekutenderera API, tevera matanho akatsanangurwa muchikamu che "Kugonesa iyo Kutenderera API" chikamu chebhuku remushandisi.
  • Mubvunzo: Ndingaona sei kuti Kutenderera API iri kushanda?
    A: Tarisa kune "Kuona Kuti Iyo Yekutenderera API Inoshanda muKudzora Center" chikamu chemirayiridzo yekuona mashandiro eiyo Streaming API.

Nhanganyaya

Gwaro iri rinotsanangura nzira yekubvisa data kubva kuParagon Active Assurance kuburikidza nechigadzirwa chekushambadzira API.
Iyo API pamwe nemutengi wekutepfenyura anosanganisirwa muParagon Active Assurance yekumisikidza. Nekudaro, zvishoma zvekugadzirisa zvinodikanwa usati washandisa iyo API. Izvi zvakafukidzwa mu "Kugadzirisa iyo Yekutenderera API" pane peji 1 chitsauko.

Overview
Ichi chitsauko chinotsanangura maitiro ekugadzirisa iyo Yekutenderera API kubvumira kunyoresa kune metric meseji kuburikidza neKafka.
pr
Pazasi isu tichaenda kuburikidza:

  • Maitiro ekugonesa iyo Streaming API
  • Maitiro ekugadzirisa Kafka kuti ateerere kune vekunze vatengi
  • Maitiro ekugadzirisa Kafka kushandisa ACLs uye kuseta SSL encryption kune vakati vatengi

Chii chinonzi Kafka?
Kafka inzvimbo yekutepfenyura chiitiko inobvumira chaiyo-nguva yekutora data inotumirwa kubva kwakasiyana zviitiko masosi (sensors, dhatabhesi, nharembozha) muchimiro chenzizi dzezviitiko, pamwe nekuchengetedzeka kwakasimba kweaya maitirwo ezviitiko kuti adzose zvakare uye anyengedze.
NeKafka zvinokwanisika kubata chiitiko chinotenderera-kusvika-kumagumo nenzira yakagoverwa, yakanyanya scalable, elastic, inoshivirira, uye yakachengeteka.

CHERECHEDZA: Kafka inogona kugadzirwa nenzira dzakawanda dzakasiyana uye yakagadzirirwa scalability uye redundant masisitimu. Gwaro iri rinotarisa chete pamagadzirirwo aro kuti rishandise iyo Yekutenderera API chimiro chinowanikwa muParagon Active Assurance Control Center. Kuti uwane mamwe maseti epamberi tinotaura kune zviri pamutemo Kafka zvinyorwa: kafka.apache.org/26/documentation.html.

Terminology

  • Kafka: Chiitiko-kutepfenyura chikuva.
  • Kafka musoro: Kuunganidzwa kwezviitiko.
  • Kafka munyoreri/mutengi: Chikamu chine chekuita nekudzoreredza kwezviitiko zvakachengetwa mumusoro weKafka.
  • Kafka broker: Chengetedza layer server yeKafka cluster.
  • SSL/TLS: SSL iprotocol yakachengeteka yakagadzirirwa kutumira ruzivo zvakachengeteka paInternet. TLS ndiye anotsiva SSL, yakaunzwa muna 1999.
  • SASL: Framework inopa nzira dzechokwadi dzemushandisi, kuongorora kutendeseka kwedata, uye encryption.
  • Kutepfenyura API munyoreri: Chikamu chine chekuita nekudzoreredza kwezviitiko zvakachengetwa mumisoro inotsanangurwa muParagon Active Assurance uye inoitirwa kuwanikwa kwekunze.
  • Chiremera cheSitifiketi: Sangano rinovimbwa rinoburitsa nekukanzura zvitupa zvakakosha zveveruzhinji.
  • Certificate Authority root certificate: Public kiyi setifiketi inoratidza Chiremera Chiremera.

Mashandiro eiyo Streaming API
Sezvambotaurwa, iyo Kutenderera API inobvumira vatengi vekunze kuti vatore ruzivo nezve metrics kubva kuKafka.

Ese metrics akaunganidzwa neVashandi Vekuyedza panguva yebvunzo kana yekutarisa basa anotumirwa kuStream service. Mushure mechikamu chekugadzirisa, iyo Stream sevhisi inoburitsa iwo metrics paKafka pamwe nekuwedzera metadata.

Juniper-NETWORKS-Streaming-API-Software- (1)

Kafka Topics
Kafka ine pfungwa yemisoro iyo data yese inoburitswa. MuParagon Active Assurance kune akawanda akadai eKafka misoro iripo; zvisinei, chikamu chidiki chete cheizvi chinoitirwa kuwanikwa kwekunze.
Imwe neimwe Paragon Active Assurance account muKudzora Center ine miviri yakatsaurirwa misoro. Pazasi, ACCOUNT ndiro zita pfupi reakaundi:

  • paa.public.accounts.{ACCOUNT}.metrics
    • Yese metric meseji yeakaunti yakapihwa inoburitswa kune ino dingindira
    • Nhamba huru dze data
    • High update frequency
  • paa.public.accounts.{ACCOUNT}.metadata
    • Rine metadata ine chekuita nemetrics data, yeexample iyo bvunzo, yekutarisa kana Test Agent yakabatana nemametrics
    • Zvishoma zve data
    • Low update frequency

Kugonesa iyo Streaming API

CHERECHEDZA: Iyi mirairo inofanirwa kuitiswa pane Control Center server uchishandisa sudo.

Sezvo iyo Yekutenderera API ichiwedzera imwe pamusoro kune Kudzora Center, haigoneswe nekusarudzika. Kugonesa iyo API, isu tinofanira kutanga tagonesa kuburitswa kwema metrics kuKafka mukugadzirisa kukuru. file:

KAFKA_METRICS_ENABLED = Chokwadi

YAMBIRO: Kugonesa chimiro ichi kunogona kukanganisa Kudzora Center kuita. Ita shuwa kuti wakayera muenzaniso wako zvinoenderana.

Tevere, kugonesa kuendesa mberi kwema metrics kune chaiyo Kafka misoro:

streaming-api: chokwadi

Kugonesa uye kutanga iyo Yekutenderera API masevhisi, mhanya:

  • sudo ncc masevhisi anogonesa timescaledb metrics
  • sudo ncc masevhisi anotanga timescaledb metrics

Pakupedzisira, tangazve masevhisi:

  • sudo ncc masevhisi anotangazve

Kuona Kuti iyo Yekufambisa API Inoshanda muKudzora Center

CHERECHEDZA: Iyi mirairo inofanirwa kuitiswa pane Control Center server.

Iwe unogona ikozvino kuona kuti uri kugamuchira metrics pane chaiyo Kafka misoro. Kuti uite kudaro, isa iyo kafkacat utility:

  • sudo apt-tora update
  • sudo apt-tora kuisa kafkacat

Kana iwe uine bvunzo kana yekutarisa inomhanya muKudzora Center, unofanirwa kukwanisa kushandisa kafkacat kugamuchira metric uye metadata pane izvi misoro.
Tsiva myaccount nezita pfupi reakaundi yako (izvi ndizvo zvaunoona muChiremba chako chekudzora URL):

  • export METRICS_TOPIC=paa.public.accounts.myaccount.metrics
  • export METADATA_TOPIC=paa.public.accounts.myaccount.metadata

Iwe unofanirwa kuona zvino metrics nekumhanyisa uyu murairo:

  • kafkacat -b ${KAFKA_FQDN}:9092 -t ${METRICS_TOPIC} -C -e

To view metadata, mhanya unotevera kuraira (ona kuti izvi hazvizogadzirise kakawanda):

  • kafkacat -b ${KAFKA_FQDN}:9092 -t ${METADATA_TOPIC} -C -e

CHERECHEDZA:
kafkacat”Mutengi Exampzvishoma” papeji 14

Izvi zvinoratidza kuti isu tine inoshanda Yekufambisa API kubva mukati meKudzora Center. Nekudaro, kazhinji iwe unofarira kuwana iyo data kubva kune wekunze mutengi panzvimbo. Chikamu chinotevera chinotsanangura nzira yekuvhura Kafka yekuwana kunze.

Kuvhura Kafka kune Vekunze Hosts

CHERECHEDZA: Iyi mirairo inofanirwa kuitiswa pane Control Center server.

By default Kafka inomhanya paChiremba Center inogadziriswa kuti iteerere chete pane localhost yekushandisa mukati. Zvinogoneka kuvhura Kafka kune vatengi vekunze nekugadzirisa Kafka marongero.

Kubatanidza kuKafka: Caveats

CHENJERERO: Ndokumbira uverenge izvi nekungwarira, nekuti zviri nyore kumhanyisa mukubatanidza nyaya neKafka kana usina kunzwisisa aya pfungwa.

MuControl Center setup inotsanangurwa mugwaro iri, pane chete Kafka broker imwe chete.
Nekudaro, cherechedza kuti Kafka broker inoitirwa kumhanya sechikamu cheKafka cluster inogona kunge ine vazhinji veKafka broker.
Kana uchibatanidza kune Kafka bhuroka, yekutanga yekubatanidza inomiswa nemutengi weKafka. Pamusoro peichi chinongedzo, Kafka broker anozodzosera runyoro rwe "vateereri vakashambadzirwa", inova runyorwa rwemumwe kana anopfuura Kafka vatengesi.
Pakugamuchira runyoro urwu, mutengi weKafka anodzima, obva abatanidza kune mumwe wevateereri vakashambadzirwa. Vateereri vakashambadzirwa vanofanira kunge vaine mazita evatambi kana IP kero dzinowanikwa nemutengi weKafka, kana mutengi anotadza kubatana.
Kana SSL encryption ikashandiswa, inosanganisira chitupa cheSSL chakasungirirwa kune rimwe zita remugamuchiri, zvinotonyanya kukosha kuti mutengi weKafka agamuchire kero chaiyo yekubatanidza nayo, sezvo zvisina kudaro kubatana kunogona kurambwa.
Verenga zvakawanda pamusoro pevateereri veKafka pano: www.confluent.io/blog/kafka-listeners-explained

SSL/TLS Encryption
Kuve nechokwadi chekuti vatengi vanovimbwa chete vanobvumidzwa kuwana Kafka uye Yekutenderera API, isu tinofanirwa kugadzirisa zvinotevera:

  • Authentication: Vatengi vanofanirwa kupa zita rekushandisa uye password kuburikidza neSSL/TLS yakachengeteka kubatana pakati pemutengi neKafka.
  • Mvumo: Vatengi vakatenderwa vanogona kuita mabasa anodzorwa ne ACLs.

Heino mhedzisoview:

Juniper-NETWORKS-Streaming-API-Software- (2)

*) Kusimbisa zita rekushandisa/password kunoitwa pane SSL-yakavanzika chiteshi

Kuti unzwisise zvizere kuti SSL/TLS encryption inoshanda sei kuKafka, ndapota tarisa kune zviri pamutemo zvinyorwa: docs.confluent.io/platform/current/kafka/encryption.html

SSL/TLS Chitupa Pamusoroview

CHERECHEDZA: Muchikamu chino tichashandisa mazwi anotevera:

Chitupa: Chitupa cheSSL chakasainwa neSitifiketi Chiremera (CA). Imwe neimwe Kafka broker ine imwe.
Keystore: Chitoro chekiyi file iyo inochengeta chitupa. The keystore file ine kiyi yakavanzika yechitupa; nokudaro, inoda kuchengetedzwa zvakachengeteka.
Truststore:A file ine zvitupa zveCA zvakavimbika.

Kumisikidza huchokwadi pakati pemutengi wekunze neKafka inomhanya muKudzora Center, mativi ese ari maviri anofanirwa kunge aine kiyi chitoro chakatsanangurwa chine chitupa chakabatana chakasainwa neSitifiketi Chiremera (CA) pamwe chete neCA root certificate.
Pamusoro peizvi, mutengi anofanirawo kunge aine truststore ine CA root certificate.
Iyo CA root certificate yakajairika kune Kafka broker uye Kafka mutengi.

Kugadzira Zvitupa Zvinodiwa
Izvi zvinokurukurwa mu“Wedzero” iri papeji 17.

Kafka Broker SSL/TLS Configuration muKudzora Center

CHERECHEDZA: Iyi mirairo inofanirwa kuitiswa pane Control Center server.

CHERECHEDZA: Usati waenderera mberi, unofanira kugadzira keystore iyo ine SSL certificate nekutevera mirairo mu "Appendix" iri papeji 17. Nzira dzakataurwa pasi apa dzinobva mumirairo iyi.
Iyo SSL keystore ndeye file yakachengetwa pa diski ne file extension .jks.

Paunenge uchinge uine zvitupa zvinodikanwa zvakagadzirirwa zvese zviri zviviri Kafka bhuroka uye Kafka mutengi aripo, unogona kuenderera nekugadzirisa iyo Kafka bhuroka inomhanya muKudzora Center. Iwe unofanirwa kuziva zvinotevera:

  • : The public hostname of Control Center; izvi zvinofanirwa kugadziriswa uye kuwanikwa nevatengi veKafka.
  • : Iyo keystore password yakapihwa paunenge uchigadzira SSL chitupa.
  • uye : Aya ndiwo mapassword aunoda kuseta kune admin uye mutengi mushandisi zvakateerana. Ziva kuti iwe unogona kuwedzera vamwe vashandisi, sezvakaratidzwa mune example.

Rongedza kana wedzera (ne sudo yekuwana) zvivakwa zviri pazasi mu /etc/kafka/server.properties, uchiisa mutsauko uri pamusoro sezvakaratidzwa:

YAMBIRO: Usabvisa PLAINTEXT://localhost:9092; izvi zvinotyora Control Center mashandiro sezvo masevhisi emukati asingazokwanise kutaura.

  • # Kero dzinoteererwa nemutengesi weKafka.
  • vateereri=PLAINTEXT://localhost:9092,SASL_SSL://0.0.0.0:9093
  • # Aya ndiwo mauto anoshambadzirwa kumashure kune chero mutengi anobatana.
  • advertised.listeners=PLAINTEXT://localhost:9092,SASL_SSL:// :9093…
  • ####### CUSTOM CONFIG
  • # SSL CONFIGURATION
  • ssl.endpoint.identification.algorithm=
    ssl.keystore.location=/var/ssl/private/kafka.server.keystore.jks
  • ssl.keystore.password=
  • ssl.key.password=
  • ssl.client.auth=none
  • ssl.protocol=TLSv1.2
  • # SASL kumisikidzwa
  • sasl.enabled.mechanisms=PLAIN
  • username = "admin" \
  • password = " ” \
  • mushandisi_admin=” ” \
  • user_client=” ”;
  • # ONA vamwe vashandisi vanogona kuwedzerwa nemushandisi_ =
  • # Mvumo, vhura ma ACL
  • authorizer.class.name=kafka.security.authorizer.AclAuthorizer super.users=User:admin

Kumisikidza Access Control Lists (ACLs)

Kubatidza ACLs pane localhost

YAMBIRO: Tinofanira kutanga tamisa ACLs for localhost, kuitira kuti Control Center pachayo ikwanise kuwana Kafka. Kana izvi zvikasaitwa, zvinhu zvinoputsika.

  • -munyori kafka.security.authorizer.AclAuthorizer \
  • -authorizer-properties zookeeper.connect=localhost:2181 \
  • -wedzera -bvumira-mukuru Mushandisi: ANONYMOUS -bvumira-mugamuchiri 127.0.0.1 -cluster
  • /usr/lib/kafka/bin/kafka-acls.sh \
  • -munyori kafka.security.authorizer.AclAuthorizer \
  • -authorizer-properties zookeeper.connect=localhost:2181 \
  • -wedzera -bvumira-mukuru Mushandisi:ANONYMOUS -bvumira-mugamuchiri 127.0.0.1 -musoro '*'
  • /usr/lib/kafka/bin/kafka-acls.sh \
  • -munyori kafka.security.authorizer.AclAuthorizer \
  • -authorizer-properties zookeeper.connect=localhost:2181 \
  • -wedzera -bvumira-mukuru Mushandisi: ANONYMOUS -bvumira-mugamuchiri 127.0.0.1 -group '*'

Isu tinobva taita kuti ACLs yekunze yekuverenga-chete kuwana, kuitira kuti vashandisi vekunze vabvumidzwe kuverenga paa.public.* misoro.

### ACLs mapindiro evashandisi vasingazivikanwe /usr/lib/kafka/bin/kafka-acls.sh \

CHERECHEDZA: Kuti uwane humwe hutongi hwakanaka, ndapota tarisa kune zviri pamutemo Kafka zvinyorwa.

  • -munyori kafka.security.authorizer.AclAuthorizer \
  • -authorizer-properties zookeeper.connect=localhost:2181 \
  • -wedzera -bvumira-mukuru Mushandisi: * -kushanda kuverenga -kushanda kunotsanangura \ -boka 'NCC'
  • /usr/lib/kafka/bin/kafka-acls.sh \
  • -munyori kafka.security.authorizer.AclAuthorizer \
  • -authorizer-properties zookeeper.connect=localhost:2181 \
  • -wedzera -bvumira-mukuru Mushandisi:* -kushanda verenga -kushanda tsanangura \ -nyaya paa.public. -resource-pattern-type prefixed

Kana wapedza neizvi, unofanirwa kutangazve masevhisi:

### ACLs mapindiro evashandisi vekunze /usr/lib/kafka/bin/kafka-acls.sh \
  • sudo ncc masevhisi anotangazve

Kuti uone kuti mutengi anogona kumisikidza kubatana kwakachengeteka, mhanyisa unotevera kuraira kune wekunze
mutengi komputa (kwete pane Control Center server). Pazasi, PUBLIC_HOSTNAME ndiro zita reControl Center:

  • openssl s_client -debug -connect ${PUBLIC_HOSTNAME}:9093 -tls1_2 | grep "Chengetedza Renegotiation IS inotsigirwa"

Mune yekuraira inobuda iwe unofanirwa kuona server setifiketi pamwe neinotevera:

  • Yakachengeteka Renegotiation IS inotsigirwa

Kuti uve nechokwadi chekuti masevhisi emukati apihwa mukana kune server yeKafka, ndapota tarisa iro rinoteverafiles:

  • /var/log/kafka/server.log
  • /var/log/kafka/kafka-authorizer.log

Kusimbisa External Client Connectivity

kafkacat

CHERECHEDZA: Iyi mirairo inofanirwa kuitiswa pakombuta yemutengi (kwete pane Control Center server).
CHERECHEDZA: Kuti uratidze ruzivo rwemetrics, ita shuwa kuti ingangoita imwe yekutarisa iri kushanda muKudzora Center.

Kuona uye kusimbisa kubatana semutengi wekunze, zvinokwanisika kushandisa kafkacat utility iyo yakaiswa muchikamu "Kuona Kuti Iyo Yekutenderera API Inoshanda Mukudzora Center" papeji 4.
Ita nhanho dzinotevera:

CHERECHEDZA: Pazasi, CLIENT_USER ndiye mushandisi akambotaurwa mu file /etc/kafka/server.properties in Control Center: kureva, user_client uye password yakaiswa ipapo.
Iyo CA mudzi chitupa chinoshandiswa kusaina sevha parutivi SSL chitupa chinofanira kunge chiripo pamutengi.

Gadzira a file client.properties ine zvinotevera zvirimo:

  • security.protocol=SASL_SSL
  • ssl.ca.location={PATH_TO_CA_CERT}
  • sasl.mechanisms=PLAIN
  • sasl.username={CLIENT_USER}
  • sasl.password={CLIENT_PASSWORD}

kupi

  • {PATH_TO_CA_CERT} ndiyo nzvimbo yeCA root certificate inoshandiswa neKafka broker
  • {CLIENT_USER} ne {CLIENT_PASSWORD} ndidzo magwaro anoratidza mutengi.

Mhanya unotevera kuraira kuti uone meseji inopedzwa nekafkacat:

  • kunze KAFKA_FQDN=
  • export METRICS_TOPIC=paa.public.accounts. .metrics
  • kafkacat -b ${KAFKA_FQDN}:9093 -F client.properties -t ${METRICS_TOPIC} -C -e

apo {METRICS_TOPIC} ndiro zita remusoro wenyaya weKafka une chivakashure "paa.public.".

CHERECHEDZA: Shanduro dzekare dzekafkacat hadzipe iyo -F sarudzo yekuverenga iyo mutengi marongero kubva kune a file. Kana uri kushandisa vhezheni yakadaro, unofanirwa kupa zvigadziriso zvakafanana kubva kumutsara wekuraira sezvakaratidzwa pazasi.

kafkacat -b ${KAFKA_FQDN}:9093 \

  • X security.protocol=SASL_SSL \
  • X ssl.ca.location={PATH_TO_CA_CERT} \
  • X sasl.mechanisms=PLAIN \
  • X sasl.username={CLIENT_USER} \
  • X sasl.password={CLIENT_PASSWORD} \
  • t ${METRICS_TOPIC} -C -e

Kuti ugadzirise kubatana, unogona kushandisa iyo -d sarudzo:

Debug kutaurirana kwevatengi
kafkacat -d mutengi -b ${KAFKA_FQDN}:9093 -F client.properties -t ${METRICS_TOPIC} -C -e
# Debug broker kutaurirana
kafkacat -d broker -b ${KAFKA_FQDN}:9093 -F client.properties -t ${METRICS_TOPIC} -C -e

Iva nechokwadi chekutarisa kune zvinyorwa zveKafka client library iri kushandiswa, sezvo zvivakwa zvingasiyana nezviri muclient.properties.

Mharidzo Format
Iwo mameseji anoshandiswa pamametrics uye metadata misoro akateedzerwa muProtocol buffers (protobuf) fomati (ona developers.google.com/protocol-buffers) Zvirongwa zvemameseji aya zvinoteera kune inotevera fomati:

Metrics Protobuf Schema

  • syntax = "proto3";
  • pinza "google/protobuf/timestamp.proto”;
  • package paa.streamingapi;
  • sarudzo go_package = “.;paa_streamingapi”;
  • metrics meseji {
  • google.protobuf.Timestamp timestamp = 1;
  • map kukosha = 2;
  • int32 stream_id = 3;
  • }
  • /**
  • * Huwandu hwemetric hunogona kuve huwandu kana kutenderera.
  • */
  • metricValue meseji {
  • imwe yemhando {
  • int64 int_val = 1;
  • kuyangarara kuyerera_val = 2;
  • }
  • }

Metadata Protobuf Schema

  • syntax = "proto3";
  • package paa.streamingapi;
  • sarudzo go_package = “.;paa_streamingapi”;
  • metadata meseji {
  • int32 stream_id = 1;
  • string stream_name = 2;
  • map tags = 13;
  • }

Mutengi Examples

CHERECHEDZA: Mirairo iyi inoitirwa kuti ishande pane mutengi wekunze, semuenzanisoample laptop yako kana yakafanana, uye kwete muKudzora Center.
CHERECHEDZA: Kuti uve neruzivo rwemetrics inoratidzwa, ita shuwa kuti kana imwe yekutarisa iri kushanda muKudzora Center.

Iyo Control Center tarball inosanganisira iyo archive paa-streaming-api-client-examples.tar.gz (client-examples), iyo ine example Python script inoratidza mashandisiro eiyo Streaming API.

Kuisa uye Kugadzirisa Mutengi Examples
Iwe unowana mutengi-exampzviri muParagon Active Assurance Control Center folda:

  • kunze CC_VERSION=4.1.0
  • cd ./paa-control-center_${CC_VERSION}
  • ls paa-streaming-api-client-exampzvishoma*

Kuisa client-exampkana pane komputa yako yekunze, enda nenzira inotevera:

  • # Gadzira dhairekitori rekutora zvirimo zvemutengi examples tarball
  • mkdir paa-streaming-api-client-examples
  • # Bvisa zviri mukati memutengi examples tarball
  • tar xzf paa-streaming-api-client-examples.tar.gz -C paa-streaming-api-client-examples
  • # Enda kune ichangobva kugadzirwa dhairekitori
  • cd paa-streaming-api-client-examples

client-exampLes inoda Docker kuti imhanye. Dhawunirodha uye yekumisikidza mirairo yeDocker inogona kuwanikwa pa https://docs.docker.com/engine/install.

Kushandisa Client Examples
Mutengi-exampLes maturusi anogona kumhanya mune yekutanga kana yepamusoro modhi yekuvaka exampzvishoma zvekusiyana kwakaoma. Muzviitiko zvese izvi, zvinokwanisika zvakare kumhanya iyo yekareampzvishoma nekugadzirisa file ine zvimwe zvivakwa zvekuwedzera kugadzirisa kwedivi revatengi.

Basic Mode
Mune yekutanga modhi, iyo metrics uye metadata yavo inofambiswa zvakasiyana. Kuti izvi zviitike, mutengi anoteerera kune yega yega Kafka musoro unowanikwa kune yekunze kuwana uye anongodhinda mameseji akagamuchirwa kune console.
Kutanga kuurayiwa kweiyo yekutanga examples, run:

  • build.sh run-basic -kafka-brokers localhost:9092 -account ACCOUNT_SHORTNAME

apo ACCOUNT_SHORTNAME ndiro zita pfupi reakaundi yaunoda kutora mametrics kubva.
Kugumisa kuurayiwa kwe example, dzvanya Ctrl + C. (Panogona kunge paine kunonoka kushoma kusati kwamira nekuti mutengi anomirira chiitiko chenguva.)

Advanced Mode

CHERECHEDZA: Metrics inoratidzwa chete yeHTTP monitors inomhanya muKudzora Center.

Kuitwa mune yepamusoro modhi kunoratidza kuwirirana pakati pemetrics uye metadata meseji. Ichi chi
zvinogoneka nekuda kwekuvapo mune yega metric meseji yerukova id ndima iyo inoreva inoenderana metadata meseji.
Kuita advanced examples, run:

  • build.sh run-advanced -kafka-brokers localhost:9092 -account ACCOUNT_SHORTNAME

apo ACCOUNT_SHORTNAME ndiro zita pfupi reakaundi yaunoda kutora mametrics kubva.
Kugumisa kuurayiwa kwe example, dzvanya Ctrl + C. (Panogona kunge paine kunonoka kushoma kusati kwamira nekuti mutengi anomirira chiitiko chenguva.)

Zvimwe Zvirongwa
Zvinokwanisika kumhanya exampzvishoma nekuwedzera kurongeka kwemutengi uchishandisa iyo -config-file sarudzo inoteverwa nea file zita rine zvivakwa mufomu kiyi = kukosha.

  • build.sh run-advanced \
  • -kafka-brokers localhost:9092 \
  • -akaundi ACCOUNT_SHORTNAME \
  • -config-file client_config.properties

CHERECHEDZA: Zvose files inoratidzwa mumurairo uri pamusoro inofanira kunge iri mudhairekitori razvino uye inotumirwa uchishandisa nzira dzehukama chete. Izvi zvinoshanda zvese kune -config-file nharo uye kune zvese zvinyorwa mukugadzirisa file izvo zvinotsanangura file nzvimbo.

Kusimbisa External Client Authentication
Kusimbisa chokwadi chemutengi kubva kunze kweKudzora Center uchishandisa mutengi-examps, ita nhanho dzinotevera:

Kubva kuParagon Active Assurance Control Center folda, chinja kune paa-streaming-api-client-ex.ampLes folder:

cd paa-streaming-api-client-examples

  • Kopa iyo CA midzi chitupa ca-cert mune yazvino dhairekitori.
  • Gadzirai client.properties file nezvinotevera:

security.protocol=SASL_SSL ssl.ca.location=ca-cert
sasl.mechanism=PLAIN
sasl.username={CLIENT_USER}
sasl.password={CLIENT_PASSWORD}

apo {CLIENT_USER} ne {CLIENT_PASSWORD} ndidzo magwaro anoratidza mutengi.

Mhanyai exampzvishoma:

  • kunze KAFKA_FQDN=
  • build.sh run-basic –kafka-brokers ${KAFKA_FQDN}:9093 \
  • –akaundi ACCOUNT_SHORTNAME
  • -config-file client.properties

apo ACCOUNT_SHORTNAME ndiro zita pfupi reakaundi yaunoda kutora mametrics kubva.

Mhanyai exampzvishoma:

  • kunze KAFKA_FQDN=
  • build.sh run-advanced –kafka-brokers ${KAFKA_FQDN}:9093 \
  • –akaundi ACCOUNT_SHORTNAME
  • -config-file client.properties

Appendikisi

Muchikamu chino tinotsanangura nzira yekugadzira:

  • chitoro chekiyi file yekuchengetedza Kafka broker SSL chitupa
  • truststore file yekuchengetedza Chitupa Chiremera (CA) midzi chitupa chinoshandiswa kusaina Kafka broker chitupa.

Kugadzira Kafka Broker Chitupa
Kugadzira Chitupa Uchishandisa Yechokwadi Setifiketi Chiremera (Yakakurudzirwa)
Zvinokurudzirwa kuti iwe utore chaiyo SSL chitupa kubva yakavimbika CA.
Kana uchinge wafunga nezve CA, tevedzera yavo CA mudzi chitupa ca-cert file kune nzira yako pachako sezvakaratidzwa pasi apa:

  • kunze CA_PATH=~/my-ca
  • mkdir ${CA_PATH}
  • cp ca-cert ${CA_PATH}

Gadzira Yako Pachako Chiremera Chiremera

CHERECHEDZA: Kazhinji iwe unofanirwa kuve nechitupa chako chakasainwa neChaiwo Chiremera Setifiketi; ona chikamu chiduku chapfuura. Chinotevera chingori example.

Pano isu tinogadzira yedu Chetifiketi Chiremera (CA) midzi chitupa file inoshanda kwemazuva 999 (isina kukurudzirwa mukugadzirwa):

  • # Gadzira dhairekitori yekuchengetedza iyo CA
  • kunze CA_PATH=~/my-ca
  • mkdir ${CA_PATH}
  • # Gadzira chitupa cheCA
  • openssl req -new -x509 -keyout ${CA_PATH}/ca-kiyi -kunze ${CA_PATH}/ca-cert -days 999

Kugadzira iyo Mutengi Truststore
Iye zvino unogona kugadzira truststore file iyo ine ca-cert yakagadzirwa pamusoro. Izvi file inozodiwa nemutengi weKafka uyo anowana iyo Streaming API:

  • keytool -keystore kafka.client.truststore.jks \
    • alias CARoot \
    • importcert -file ${CA_PATH}/ca-cert

Iye zvino sezvo chitupa cheCA chiri mutruststore, mutengi achavimba chero chitupa chakasainwa nacho.
Iwe unofanirwa kukopa iyo file kafka.client.truststore.jks kunzvimbo inozivikanwa pakombuta yako yemutengi wonongedzera kwairi muzvirongwa.

Kugadzira iyo Keystore yeKafka Broker
Kugadzira Kafka broker SSL chitupa uyezve keystore kafka.server.keystore.jks, enda sezvinotevera:

Kugadzira SSL Chitupa
Pazasi, 999 ndiyo nhamba yemazuva echokwadi chechitoro chekiyi, uye FQDN ndiro zita rakazara rezita remutengi (zita reruzhinji renzvimbo).

CHERECHEDZA: Izvo zvakakosha kuti FQDN ienderane iro chairo zita remugamuchiri richashandiswa nemutengi weKafka kubatanidza kuControl Center.

  • sudo mkdir -p /var/ssl/private
  • sudo chown -R $USER: /var/ssl/private
  • cd /var/ssl/private
  • kunze FQDN= keytool -keystore kafka.server.keystore.jks \
  • - alias server \
  • - chokwadi 999 \
  • – genkey -keyalg RSA -ext SAN=dns:${FQDN}

Gadzira chikumbiro chekusaina chitupa uye chengetedza mu file yakanzi cert-server-chikumbiro:

  • keytool -keystore kafka.server.keystore.jks \
    • - alias server \
    • - certreq \
    • – file cert-server-chikumbiro

Unofanira kutumira ikozvino file cert-server-chikumbiro kune chako Chiremera Chiremera (CA) kana uri kushandisa chaiyo. Vanobva vadzorera chitupa chakasaina. Isu tichareva izvi se cert-server-yakasainwa pazasi.

Kusaina Chitupa cheSSL Uchishandisa Yega Yakazvigadzira CA Sitifiketi

CHERECHEDZA: Zvekare, kushandisa yako CA haina kukurudzirwa mune yekugadzira system.

Saina chitupa uchishandisa CA nenzira ye file cert-server-chikumbiro, iyo inogadzira chitupa chakasainwa cert-server-yakasainwa. Ona pazasi; ca-password ndiyo password yakaiswa paunenge uchigadzira CA certificate.

  • cd /var/ssl/yakavanzika openssl x509 -req \
    • - CA ${CA_PATH}/ca-cert \
    • – CAkey ${CA_PATH}/ca-kiyi \
    • - mune cert-server-chikumbiro \
    • - kunze cert-server-yakasainwa \
    • - mazuva 999 -CAcreateserial \
    • – passin pass:{ca-password}

Kupinza Chitupa Chakasainwa muKeystore

Ngenisa iyo ca-cert midzi chitupa mukeystore:

  • keytool -keystore kafka.server.keystore.jks \
    • - alias ca-cert \
    • - kunze \
    • – file ${CA_PATH}/ca-cert

Ngenisa chitupa chakasainwa chinonzi cert-server-chakasainwa:

  • keytool -keystore kafka.server.keystore.jks \
    • - alias server \
    • - kunze \
    • – file cert-server-yakasaina

The file kafka.server.keystore.jks inofanira kukopwa kunzvimbo inozivikanwa pane Control Center server, uye yozotaurwa mukati /etc/kafka/server.properties.

Uchishandisa iyo Streaming API

MUCHIKAMU INO

  • General | 20
  • Kafka Topic Names | 21
  • Exampzvishoma zveKushandisa iyo Streaming API | 21

General
Iyo yekutepfenyura API inotora zvese bvunzo uye yekutarisa data. Hazvibviri kudoma chimwe chezvikamu izvi.
Iyo yekutepfenyura API haitore data kubva kune script-based bvunzo (iyo inomiririrwa nerectangle pachinzvimbo chejigsaw chidimbu muKudzora Center GUI), senge Ethernet sevhisi activation bvunzo uye pachena bvunzo.

Kafka Topic Names
Mazita emusoro weKafka ekutepfenyura API ndeaya anotevera, apo %s ndiro zita pfupi reControl Center account (inoratidzwa pakugadzira account):

  • const (
  • exporterName = "kafka"
  • metadataTopicTpl = “paa.public.accounts.%s.metadata” metricsTopicTpl = “paa.public.accounts.%s.metrics” )

Exampzvimwe zveKushandisa iyo Streaming API
The exampzvishoma zvinotevera zvinowanikwa mutarball paa-streaming-api-client-examples.tar.gz iri mukati meKudzora Center tarball.
Chekutanga, pane basic example kuratidza kuti metrics uye metadata yavo inofambiswa sei zvakasiyana uye inongodhinda mameseji akagamuchirwa kune koni. Unogona kuimhanyisa sezvinotevera:

  • sudo ./build.sh run-basic -kafka-brokers localhost:9092 -account ACCOUNT_SHORTNAME

Kune zvekare ex advancedample uko metrics uye metadata meseji inobatanidzwa. Shandisa murairo uyu kuti uite:

  • sudo ./build.sh run-advanced -kafka-brokers localhost:9092 -account ACCOUNT_SHORTNAME

Iwe unofanirwa kushandisa sudo kumhanyisa Docker mirairo senge iri pamusoro. Sarudzo, iwe unogona kutevera iyo Linux post-yekumisikidza matanho kuti ukwanise kumhanya Docker mirairo pasina sudo. Kuti uwane ruzivo, enda ku docs.docker.com/engine/install/linux-postinstall.

Juniper Networks, iyo Juniper Networks logo, Juniper, uye Junos zviratidzo zvakanyoreswa zveJuniper Networks, Inc. muUnited States nedzimwe nyika. Zvimwe zviratidzo zvese, mamakisi ebasa, mamakisi akanyoreswa, kana mamakisi ebasa akanyoreswa zvinhu zvevaridzi vazvo. Juniper Networks haitore mutoro kune chero zvisiri izvo mugwaro iri. Juniper Networks inochengetera kodzero yekuchinja, kugadzirisa, kuendesa, kana kudzokorora chinyorwa ichi pasina chiziviso. Copyright © 2023 Juniper Networks, Inc. Kodzero dzese dzakachengetwa.

Zvinyorwa / Zvishandiso

Juniper NETWORKS Kutenderera API Software [pdf] Bhuku reMushandisi
Kutenderera API Software, API Software, Software

References

Siya mhinduro

Yako email kero haizoburitswa. Nzvimbo dzinodiwa dzakamakwa *