Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KnowStreaming与Zookeeper的SASL认证异常 #1219

Open
1 task
kaolaaz163 opened this issue Jan 30, 2024 · 0 comments
Open
1 task

KnowStreaming与Zookeeper的SASL认证异常 #1219

kaolaaz163 opened this issue Jan 30, 2024 · 0 comments
Labels
status: pending 待处理

Comments

@kaolaaz163
Copy link

kaolaaz163 commented Jan 30, 2024
edited
Loading

  • 我已经在 issues 搜索过相关问题了,并没有重复的。

在这里提出你的问题

问题描述:KnowStreaming与Zookeeper的SASL认证异常

参考 接入 ZK 带认证的 Kafka 集群 中"支持 Digest-MD5 认证"配置,由于knowstreaming使用容器化方式部署,使用如下的步骤配置knowstreaming:

1、创建zk_client_jaas.conf文件:

sh-kafka {
       org.apache.zookeeper.server.auth.DigestLoginModule required
       username="kafka"
       password="xxx";
};

2、修改Docker Compose文件,把zk_client_jaas.conf文件挂载到容器中,并配置JAVA_OPTS

version: "2"
services:
  knowstreaming-manager:
    environment:
      JAVA_OPTS: -Xmx1g -Xms1g -Djava.security.auth.login.config=/zk_client_jaas.conf
    volumes:
       - ./zk_client_jaas.conf:/zk_client_jaas.conf 

3、修改mysql数据库中的ks_km_physical_cluster表,添加zk_properties配置

docker exec -it mysql bash
mysql> update ks_km_physical_cluster set zk_properties='{ "openSecure": true,"otherProps": { "zookeeper.sasl.clientconfig": "sh-kafka" } }' where id=1;

环境信息如下:

Zookeeper:3.8.3
Kafka:3.6.1
Java:1.8.0_391-b13
KS:3.3.0

knowstreaming-manager容器的报错信息如下:

2024-01-30 13:51:09.052 ERROR 12 --- [kTP-6-thread-22] c.x.k.s.k.c.u.z.FourLetterWordUtil       : method=executeFourLetterCmd||clusterPhyId=1||host=192.168.3.140||port=2181||cmd=srvr||secure=true||timeout=5000||errMsg=exception!

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
	at com.xiaojukeji.know.streaming.km.common.utils.zookeeper.FourLetterWordUtil.send4LetterWord(FourLetterWordUtil.java:94)
	at com.xiaojukeji.know.streaming.km.common.utils.zookeeper.FourLetterWordUtil.executeFourLetterCmd(FourLetterWordUtil.java:48)
	at com.xiaojukeji.know.streaming.km.core.service.zookeeper.impl.ZookeeperServiceImpl.getFromZookeeperCluster(ZookeeperServiceImpl.java:150)
	at com.xiaojukeji.know.streaming.km.core.service.zookeeper.impl.ZookeeperServiceImpl.listFromZookeeper(ZookeeperServiceImpl.java:53)
	at com.xiaojukeji.know.streaming.km.task.kafka.metadata.SyncZookeeperTask.processClusterTask(SyncZookeeperTask.java:33)
	at com.xiaojukeji.know.streaming.km.task.kafka.metadata.AbstractAsyncMetadataDispatchTask.lambda$asyncProcessSubTask$0(AbstractAsyncMetadataDispatchTask.java:33)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
	at sun.security.ssl.InputRecord.read(InputRecord.java:505)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
	... 14 common frames omitted

2024-01-30 13:51:09.052  INFO 12 --- [kTP-6-thread-22] c.x.k.s.k.c.u.z.FourLetterWordUtil       : connecting to 192.168.3.141 2181
2024-01-30 13:51:09.052  INFO 12 --- [kTP-6-thread-22] c.x.k.s.k.c.u.z.FourLetterWordUtil       : using secure socket
2024-01-30 13:51:09.063 ERROR 12 --- [kTP-6-thread-22] c.x.k.s.k.c.u.z.FourLetterWordUtil       : method=executeFourLetterCmd||clusterPhyId=1||host=192.168.3.141||port=2181||cmd=srvr||secure=true||timeout=5000||errMsg=exception!

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
	at com.xiaojukeji.know.streaming.km.common.utils.zookeeper.FourLetterWordUtil.send4LetterWord(FourLetterWordUtil.java:94)
	at com.xiaojukeji.know.streaming.km.common.utils.zookeeper.FourLetterWordUtil.executeFourLetterCmd(FourLetterWordUtil.java:48)
	at com.xiaojukeji.know.streaming.km.core.service.zookeeper.impl.ZookeeperServiceImpl.getFromZookeeperCluster(ZookeeperServiceImpl.java:150)
	at com.xiaojukeji.know.streaming.km.core.service.zookeeper.impl.ZookeeperServiceImpl.listFromZookeeper(ZookeeperServiceImpl.java:53)
	at com.xiaojukeji.know.streaming.km.task.kafka.metadata.SyncZookeeperTask.processClusterTask(SyncZookeeperTask.java:33)
	at com.xiaojukeji.know.streaming.km.task.kafka.metadata.AbstractAsyncMetadataDispatchTask.lambda$asyncProcessSubTask$0(AbstractAsyncMetadataDispatchTask.java:33)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
	at sun.security.ssl.InputRecord.read(InputRecord.java:505)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
	... 14 common frames omitted

2024-01-30 13:51:09.063  INFO 12 --- [kTP-6-thread-22] c.x.k.s.k.c.u.z.FourLetterWordUtil       : connecting to 192.168.3.142 2181
2024-01-30 13:51:09.063  INFO 12 --- [kTP-6-thread-22] c.x.k.s.k.c.u.z.FourLetterWordUtil       : using secure socket
2024-01-30 13:51:09.073  INFO 12 --- [kTP-5-thread-14] c.x.k.s.k.c.sink.AbstractMetricESSender  : method=send2es||indexName=ks_kafka_partition_metric||metricsSize=69||msg=send metrics to es
2024-01-30 13:51:09.080 ERROR 12 --- [kTP-6-thread-22] c.x.k.s.k.c.u.z.FourLetterWordUtil       : method=executeFourLetterCmd||clusterPhyId=1||host=192.168.3.142||port=2181||cmd=srvr||secure=true||timeout=5000||errMsg=exception!

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
	at com.xiaojukeji.know.streaming.km.common.utils.zookeeper.FourLetterWordUtil.send4LetterWord(FourLetterWordUtil.java:94)
	at com.xiaojukeji.know.streaming.km.common.utils.zookeeper.FourLetterWordUtil.executeFourLetterCmd(FourLetterWordUtil.java:48)
	at com.xiaojukeji.know.streaming.km.core.service.zookeeper.impl.ZookeeperServiceImpl.getFromZookeeperCluster(ZookeeperServiceImpl.java:150)
	at com.xiaojukeji.know.streaming.km.core.service.zookeeper.impl.ZookeeperServiceImpl.listFromZookeeper(ZookeeperServiceImpl.java:53)
	at com.xiaojukeji.know.streaming.km.task.kafka.metadata.SyncZookeeperTask.processClusterTask(SyncZookeeperTask.java:33)
	at com.xiaojukeji.know.streaming.km.task.kafka.metadata.AbstractAsyncMetadataDispatchTask.lambda$asyncProcessSubTask$0(AbstractAsyncMetadataDispatchTask.java:33)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
	at sun.security.ssl.InputRecord.read(InputRecord.java:505)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
	... 14 common frames omitted

Zookeeper中的报错信息如下:可以看到knowstreaming使用"kafka"的ID已经通过Zookeeper的SASL认证

2024-01-30 13:50:53,552 [myid:] - WARN  [NIOWorkerThread-8:o.a.z.s.NIOServerCnxn@388] - Close of session 0x0
java.io.IOException: Len error. A message from /192.168.3.143:50708 with advertised length of 369296128 is either a malformed message or too large to process (length is greater than jute.maxbuffer=1048575)
	at org.apache.zookeeper.server.NIOServerCnxn.readLength(NIOServerCnxn.java:557)
	at org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:347)
	at org.apache.zookeeper.server.NIOServerCnxnFactory$IOWorkRequest.doWork(NIOServerCnxnFactory.java:508)
	at org.apache.zookeeper.server.WorkerService$ScheduledWorkRequest.run(WorkerService.java:153)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:750)
2024-01-30 13:50:53,592 [myid:] - WARN  [NIOWorkerThread-1:o.a.z.s.NIOServerCnxn@388] - Close of session 0x0
java.io.IOException: Len error. A message from /192.168.3.143:50704 with advertised length of 369296128 is either a malformed message or too large to process (length is greater than jute.maxbuffer=1048575)
	at org.apache.zookeeper.server.NIOServerCnxn.readLength(NIOServerCnxn.java:557)
	at org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:347)
	at org.apache.zookeeper.server.NIOServerCnxnFactory$IOWorkRequest.doWork(NIOServerCnxnFactory.java:508)
	at org.apache.zookeeper.server.WorkerService$ScheduledWorkRequest.run(WorkerService.java:153)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:750)
2024-01-30 13:50:53,682 [myid:] - WARN  [NIOWorkerThread-5:o.a.z.s.NIOServerCnxn@388] - Close of session 0x0
java.io.IOException: Len error. A message from /192.168.3.143:50718 with advertised length of 369296128 is either a malformed message or too large to process (length is greater than jute.maxbuffer=1048575)
	at org.apache.zookeeper.server.NIOServerCnxn.readLength(NIOServerCnxn.java:557)
	at org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:347)
	at org.apache.zookeeper.server.NIOServerCnxnFactory$IOWorkRequest.doWork(NIOServerCnxnFactory.java:508)
	at org.apache.zookeeper.server.WorkerService$ScheduledWorkRequest.run(WorkerService.java:153)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:750)
2024-01-30 13:50:53,879 [myid:] - INFO  [CommitProcessor:1:o.a.z.s.q.LearnerSessionTracker@116] - Committing global session 0x100049bc4140002
2024-01-30 13:50:53,948 [myid:] - INFO  [NIOWorkerThread-7:o.a.z.s.a.SaslServerCallbackHandler@119] - Successfully authenticated client: authenticationID=kafka;  authorizationID=kafka.
2024-01-30 13:50:53,949 [myid:] - INFO  [NIOWorkerThread-7:o.a.z.s.a.SaslServerCallbackHandler@135] - Setting authorizedID: kafka
2024-01-30 13:50:53,949 [myid:] - INFO  [NIOWorkerThread-7:o.a.z.s.ZooKeeperServer@1738] - Session 0x100049bc4140002: adding SASL authorization for authorizationID: kafka
2024-01-30 13:51:23,309 [myid:] - WARN  [NIOWorkerThread-8:o.a.z.s.NIOServerCnxn@388] - Close of session 0x0
java.io.IOException: Len error. A message from /192.168.3.143:50844 with advertised length of 369296128 is either a malformed message or too large to process (length is greater than jute.maxbuffer=1048575)
	at org.apache.zookeeper.server.NIOServerCnxn.readLength(NIOServerCnxn.java:557)
	at org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:347)
	at org.apache.zookeeper.server.NIOServerCnxnFactory$IOWorkRequest.doWork(NIOServerCnxnFactory.java:508)
	at org.apache.zookeeper.server.WorkerService$ScheduledWorkRequest.run(WorkerService.java:153)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:750)

KnowStreaming页面上Zookeeper的状态显示异常(Zookeeper实际工作状态正常):

2

4

另外对ks_km_physical_cluster表zk_properties字段的openSecure值有些疑问,这是控制是否通过SSL Socket去连接Zookeeper(因为Zookeeper启用了secureClientPort?)执行4字指令的开关,文案里面写的是"是否开启认证",这和Zookeeper的SASL认证有什么关系?
@ZQKC ZQKC added the status: pending 待处理 label Mar 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: pending 待处理
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ZQKC @kaolaaz163