weiboad
SSL connect 怎么使用
我本地有几个ssl的文件 ca-cert ca-cert.srl ca-key kafka.keystore kafka.truststore
$config->setSslLocalCert('/XXX/ca-cert'); $config->setSslLocalPk('/XXX/ca-key'); $config->setSslEnable(true); $config->setSslPassphrase('passwd');
是这样写么?不起作用
目前就是下载的example里面的
本地使用 kafka-console-producer.sh 访问 配置
bootstrap.servers=ip:9093 security.protocol=SSL ssl.truststore.location=/xxxx/kafka.truststore ssl.truststore.password=passwd ssl.keystore.password=passwd ssl.keystore.location=/xxxx/kafka.keystore
是可以连上的;
现在本地的ssl包括 ca-cert ca-cert.srl ca-key kafka.keystore kafka.truststore
通过php 的代码 这块的参数不是很了解; 看了配置说明还是 迷糊,望指导
$config = ProducerConfig::getInstance();
$config->setMetadataRefreshIntervalMs(10000);
$config->setMetadataBrokerList('ip地址:9093');
$config->setBrokerVersion('1.0.0');
$config->setRequiredAck(-1);
$config->setIsAsyn(false);
$config->setProduceInterval(500);
//$config->setSecurityProtocol(Config::SECURITY_PROTOCOL_SASL_SSL); //$config->setSaslMechanism(\Kafka\Config::SASL_MECHANISMS_SCRAM_SHA_256); // $config->setSaslUsername('nmred'); // $config->setSaslPassword('123456'); // $config->setSaslUsername('alice'); // $config->setSaslPassword('alice-secret'); // $config->setSaslKeytab('/etc/security/keytabs/kafkaclient.keytab'); // $config->setSaslPrincipal('kafka/[email protected]');
// if use ssl connect $config->setSslEnable(true); $config->setSslLocalCert('/xxxx/ca-cert'); $config->setSslLocalPk('/xxxx/kafka.keystore'); $config->setSslPassphrase('passwd'); // $config->setSslVerifyPeer(true); // $config->setSslPeerName('nmred');
按照kafka官网得步骤,生成密钥, pass 是密钥自己设置一个,我下面设置得是 ds1994
#!/bin/bash
#Step 1
keytool -keystore server.keystore.jks -alias localhost -validity 3650 -keyalg RSA -genkey
#Step 2
openssl req -new -x509 -keyout ca-key -out ca-cert -days 3650
keytool -keystore server.truststore.jks -alias CARoot -import -file ca-cert
keytool -keystore client.truststore.jks -alias CARoot -import -file ca-cert
#Step 3
keytool -keystore server.keystore.jks -alias localhost -certreq -file cert-file
openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days 3650 -CAcreateserial -passin pass:ds1994
keytool -keystore server.keystore.jks -alias CARoot -import -file ca-cert
keytool -keystore server.keystore.jks -alias localhost -import -file cert-signed
$config->setSslEnable(true);
$config->setSecurityProtocol(Config::SECURITY_PROTOCOL_SSL);
$config->setSslEnableAuthentication(true);
$config->setSslLocalCert('/var/www/xxx/keys/kafka/ca-cert');
$config->setSslLocalPk('/var/www/xxx/keys/kafka/ca-key');
$config->setSslPassphrase('ds1994');
$config->setSslPeerName('Unknown'); // 这个地区要跟密钥的地区一直,如果没设置的话,就是Unknown
https://github.com/weiboad/kafka-php/issues/202#issuecomment-721623323 @BingXiong1995 @YumeMichi