Invalid Keystore Format, BootStrap Broker Disconne

2019-08-21 10:02发布

I am trying to develop a Kafka Consumer in Spring Boot. I am able to setup the Kafka Cluster in Kafka Tool and able to read the messages from it manually. I am using the same configs in Spring Boot as well but ended up with the below errors and this warning.

2019-06-10 13:45:40.036  WARN 8364 --- [      id3-0-C-1] org.apache.kafka.clients.NetworkClient   : Bootstrap broker XXXXXX.DEVHADOOP.XXXX.COM:6768 disconnected
2019-06-10 13:45:40.038  WARN 8364 --- [      id1-0-C-1] org.apache.kafka.clients.NetworkClient   : Bootstrap broker XXXXXXX.DEVHADOOP.XXXXXXXXX.COM:6768 disconnected
2019-06-10 13:45:40.044  WARN 8364 --- [      id2-0-C-1] org.apache.kafka.clients.NetworkClient   : Bootstrap broker XXXXXXXXXXXXXX.DEVHADOOP.XXXXXX.COM:6768 disconnected
2019-06-10 13:45:40.045  WARN 8364 --- [      id4-0-C-1] org.apache.kafka.clients.NetworkClient   : Bootstrap broker XXXXXXXXX.DEVHADOOP.XXXXXXX.COM:6768 disconnected

Exception in thread "main" org.apache.kafka.common.KafkaException: Failed to construct kafka consumer
    at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:702)
    at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:587)
    at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:569)
    at com.howtoprogram.kafka.SpringKafkaExampleApplication.main(SpringKafkaExampleApplication.java:38)
Caused by: org.apache.kafka.common.KafkaException: org.apache.kafka.common.KafkaException: java.io.IOException: Invalid keystore format
    at org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:44)
    at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:70)
    at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:83)
    at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:623)
public Map<String, Object> consumerConfigs() {
        Map<String, Object> propsMap = new HashMap<>();
        propsMap.put(ConsumerConfig.BOOTSTRAP_SERVERS_CONFIG, "XXXXX.DEVHADOOP.XXXXXX.COM:6768");
        propsMap.put(ConsumerConfig.ENABLE_AUTO_COMMIT_CONFIG, false);
        propsMap.put(ConsumerConfig.AUTO_COMMIT_INTERVAL_MS_CONFIG, "100");
        propsMap.put(ConsumerConfig.SESSION_TIMEOUT_MS_CONFIG, "15000");
        propsMap.put(ConsumerConfig.KEY_DESERIALIZER_CLASS_CONFIG, StringDeserializer.class);
        propsMap.put(ConsumerConfig.VALUE_DESERIALIZER_CLASS_CONFIG, StringDeserializer.class);
        propsMap.put(ConsumerConfig.GROUP_ID_CONFIG, "group1");
        propsMap.put(ConsumerConfig.AUTO_OFFSET_RESET_CONFIG, "earliest");
        propsMap.put("ssl.truststore.location","C:/Users/PXXX/Documents/XXXXX/KafkaTool-for-v0.10/truststore.jks");
        propsMap.put("ssl.truststore.password", "XXXXXXX");
        propsMap.put("security.protocol", "SSL");
        propsMap.put("ssl.jaas.config","C:/Users/PXXXX/Documents/XXXXKafkaTool-for-v0.10/jaas_sdataflow_dev.conf");
        propsMap.put("ssl.kerberos.service.name", "kafka");
        propsMap.put("ssl.keystore.location", "C:/Users/PXXXXXX/Documents/XXXXXX/KafkaTool-for-v0.10/svc-bd-priscpqc-dev.keytab");
        propsMap.put("ssl.keystore.password", "XXXXXX");




2019-06-10 13:45:39.723  INFO 8364 --- [           main] o.a.k.clients.consumer.ConsumerConfig    : ConsumerConfig values: 
    metric.reporters = []
    metadata.max.age.ms = 300000
    partition.assignment.strategy = [org.apache.kafka.clients.consumer.RangeAssignor]
    reconnect.backoff.ms = 50
    sasl.kerberos.ticket.renew.window.factor = 0.8
    max.partition.fetch.bytes = 1048576
    bootstrap.servers = [XXXXXX.DEVHADOOP.XXXXXXX.COM:6768]
    ssl.keystore.type = JKS
    enable.auto.commit = false
    sasl.mechanism = GSSAPI
    interceptor.classes = null
    exclude.internal.topics = true
    ssl.truststore.password = [hidden]
    client.id = 
    ssl.endpoint.identification.algorithm = null
    max.poll.records = 2147483647
    check.crcs = true
    request.timeout.ms = 40000
    heartbeat.interval.ms = 3000
    auto.commit.interval.ms = 100
    receive.buffer.bytes = 65536
    ssl.truststore.type = JKS
    ssl.truststore.location = C:/Users/PXXXX/Documents/XXXXX/KafkaTool-for-v0.10/truststore.jks
    ssl.keystore.password = [hidden]
    fetch.min.bytes = 1
    send.buffer.bytes = 131072
    value.deserializer = class org.apache.kafka.common.serialization.StringDeserializer
    group.id = group1
    retry.backoff.ms = 100
    sasl.kerberos.kinit.cmd = /usr/bin/kinit
    sasl.kerberos.service.name = kafka
    sasl.kerberos.ticket.renew.jitter = 0.05
    ssl.trustmanager.algorithm = PKIX
    ssl.key.password = null
    fetch.max.wait.ms = 500
    sasl.kerberos.min.time.before.relogin = 60000
    connections.max.idle.ms = 540000
    session.timeout.ms = 15000
    metrics.num.samples = 2
    key.deserializer = class org.apache.kafka.common.serialization.StringDeserializer
    ssl.protocol = TLS
    ssl.provider = null
    ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1]
    ssl.keystore.location = C:/Users/PXXXXX/Documents/XXXXXX/KafkaTool-for-v0.10/svc-bd-priscpqc-dev.keytab
    ssl.cipher.suites = null
    security.protocol = SSL
    ssl.keymanager.algorithm = SunX509
    metrics.sample.window.ms = 30000
    auto.offset.reset = earliest

1条回答
Juvenile、少年°
2楼-- · 2019-08-21 10:22

Kerberos is different to SSL. SSL is for encryption, Kerberos is for authentication.

See Configuring Kafka Clients (for SSL).

See Authentication using SASL/Kerberos and Configuring Kafka Clients

查看更多
登录 后发表回答