无法与Apache pulsar独立集群中的代理建立启用TLS的连接

问题描述 投票:0回答:1

我配置了broker.conf并尝试创建启用了tls的客户端。从字面上看,我正确地提供了证书路径。当我尝试运行客户端时,它显示以下错误。

 2019-09-27 13:30:36.586 INFO  ConnectionPool:72 | Created connection for pulsar+ssl://broker.example.com:6651/
2019-09-27 13:30:36.605 ERROR ClientConnection:441 | [<none> -> pulsar+ssl://broker.example.com:6651/] Resolve error: asio.netdb:1 : Host not found (authoritative)
2019-09-27 13:30:36.605 INFO  ClientConnection:1337 | [<none> -> pulsar+ssl://broker.example.com:6651/] Connection closed
2019-09-27 13:30:36.605 ERROR ClientImpl:182 | Error Checking/Getting Partition Metadata while creating producer on persistent://public/default/demo -- 5
Traceback (most recent call last):
  File "producer.py", line 7, in <module>
    producer = client.create_producer('persistent://public/default/demo')
  File "/home/loghi/.local/lib/python2.7/site-packages/pulsar/__init__.py", line 476, in create_producer
    p._producer = self._client.create_producer(topic, conf)
Exception: Pulsar error: ConnectError
2019-09-27 13:30:36.608 INFO  ClientConnection:229 | [<none> -> pulsar+ssl://broker.example.com:6651/] Destroyed connection

这是我从apache pulsar文档中遵循的我的broker.conf身份验证配置。

### --- Authentication --- ###
# Role names that are treated as "proxy roles". If the broker sees a request with
#role as proxyRoles - it will demand to see a valid original principal.
proxyRoles=

# If this flag is set then the broker authenticates the original Auth data
# else it just accepts the originalPrincipal and authorizes it (if required).
authenticateOriginalAuthData=false

# Deprecated - Use webServicePortTls and brokerServicePortTls instead
tlsEnabled=true

# Tls cert refresh duration in seconds (set 0 to check on every new connection)
tlsCertRefreshCheckDurationSec=300

# Path for the TLS certificate file
tlsCertificateFilePath=/home/loghi/Downloads/apache-pulsar-2.4.1-bin/apache-pulsar-2.4.1/my-ca/broker.cert.pem

# Path for the TLS private key file
tlsKeyFilePath=/home/loghi/Downloads/apache-pulsar-2.4.1-bin/apache-pulsar-2.4.1/my-ca/broker.key.pem

# Path for the trusted TLS certificate file.
# This cert is used to verify that any certs presented by connecting clients
# are signed by a certificate authority. If this verification
# fails, then the certs are untrusted and the connections are dropped.
tlsTrustCertsFilePath=/home/loghi/Downloads/apache-pulsar-2.4.1-bin/apache-pulsar-2.4.1/my-ca/certs/ca.cert.pem

# Accept untrusted TLS certificate from client.
# If true, a client with a cert which cannot be verified with the
# 'tlsTrustCertsFilePath' cert will allowed to connect to the server,
# though the cert will not be used for client authentication.
tlsAllowInsecureConnection=false

# Specify the tls protocols the broker will use to negotiate during TLS handshake
# (a comma-separated list of protocol names).
# Examples:- [TLSv1.2, TLSv1.1, TLSv1]
tlsProtocols=

# Specify the tls cipher the broker will use to negotiate during TLS Handshake
# (a comma-separated list of ciphers).
# Examples:- [TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
tlsCiphers=

# Trusted client certificates are required for to connect TLS
# Reject the Connection if the Client Certificate is not trusted.
# In effect, this requires that all connecting clients perform TLS client
# authentication.
tlsRequireTrustedClientCertOnConnect=false

似乎没有通过代理中的端口6651发起主机连接。我检查了只有端口6650可以打开以进行连接。它可以在不启用TLS的情况下正常工作。

预先感谢您的帮助。

谢谢。

tls1.2 apache-pulsar python-pulsar
1个回答
0
投票
 2019-09-27 13:30:36.586 INFO  ConnectionPool:72 | Created connection for pulsar+ssl://broker.example.com:6651/
2019-09-27 13:30:36.605 ERROR ClientConnection:441 | [<none> -> pulsar+ssl://broker.example.com:6651/] Resolve error: asio.netdb:1 : Host not found (authoritative)

看起来服务主机名不正确:broker.example.com

© www.soinside.com 2019 - 2024. All rights reserved.