淘先锋技术网

首页 1 2 3 4 5 6 7

问题复现

近日针对某一客户需求开发了一个需要使用Kafka的功能,功能是什么暂且不论,在本地虚机的Kafka连接一切正常遂放到测试服务器上验证功能,以下是监听topic成功和警告报错:

2023-05-09 10:22:23 [localhost-startStop-1] INFO  org.apache.kafka.clients.consumer.ConsumerConfig - ConsumerConfig values: 
	allow.auto.create.topics = true
	auto.commit.interval.ms = 5000
	auto.offset.reset = earliest
	bootstrap.servers = [10.39.48.113:9092]
	check.crcs = true
	client.dns.lookup = use_all_dns_ips
	client.id = consumer-enn-jiuqi-1
	client.rack = 
	connections.max.idle.ms = 540000
	default.api.timeout.ms = 60000
	enable.auto.commit = false
	exclude.internal.topics = true
	fetch.max.bytes = 52428800
	fetch.max.wait.ms = 500
	fetch.min.bytes = 1
	group.id = enn-jiuqi
	group.instance.id = null
	heartbeat.interval.ms = 3000
	interceptor.classes = []
	internal.leave.group.on.close = true
	internal.throw.on.fetch.stable.offset.unsupported = false
	isolation.level = read_uncommitted
	key.deserializer = class org.apache.kafka.common.serialization.StringDeserializer
	max.partition.fetch.bytes = 1048576
	max.poll.interval.ms = 300000
	max.poll.records = 500
	metadata.max.age.ms = 300000
	metric.reporters = []
	metrics.num.samples = 2
	metrics.recording.level = INFO
	metrics.sample.window.ms = 30000
	partition.assignment.strategy = [class org.apache.kafka.clients.consumer.RangeAssignor, class org.apache.kafka.clients.consumer.CooperativeStickyAssignor]
	receive.buffer.bytes = 65536
	reconnect.backoff.max.ms = 1000
	reconnect.backoff.ms = 50
	request.timeout.ms = 30000
	retry.backoff.ms = 100
	sasl.client.callback.handler.class = null
	sasl.jaas.config = null
	sasl.kerberos.kinit.cmd = /usr/bin/kinit
	sasl.kerberos.min.time.before.relogin = 60000
	sasl.kerberos.service.name = null
	sasl.kerberos.ticket.renew.jitter = 0.05
	sasl.kerberos.ticket.renew.window.factor = 0.8
	sasl.login.callback.handler.class = null
	sasl.login.class = null
	sasl.login.refresh.buffer.seconds = 300
	sasl.login.refresh.min.period.seconds = 60
	sasl.login.refresh.window.factor = 0.8
	sasl.login.refresh.window.jitter = 0.05
	sasl.mechanism = GSSAPI
	security.protocol = PLAINTEXT
	security.providers = null
	send.buffer.bytes = 131072
	session.timeout.ms = 45000
	socket.connection.setup.timeout.max.ms = 30000
	socket.connection.setup.timeout.ms = 10000
	ssl.cipher.suites = null
	ssl.enabled.protocols = [TLSv1.2]
	ssl.endpoint.identification.algorithm = https
	ssl.engine.factory.class = null
	ssl.key.password = null
	ssl.keymanager.algorithm = SunX509
	ssl.keystore.certificate.chain = null
	ssl.keystore.key = null
	ssl.keystore.location = null
	ssl.keystore.password = null
	ssl.keystore.type = JKS
	ssl.protocol = TLSv1.2
	ssl.provider = null
	ssl.secure.random.implementation = null
	ssl.trustmanager.algorithm = PKIX
	ssl.truststore.certificates = null
	ssl.truststore.location = null
	ssl.truststore.password = null
	ssl.truststore.type = JKS
	value.deserializer = class org.apache.kafka.common.serialization.StringDeserializer

2023-05-09 10:22:23 [localhost-startStop-1] INFO  org.apache.kafka.common.utils.AppInfoParser - Kafka version: 3.0.1
2023-05-09 10:22:23 [localhost-startStop-1] INFO  org.apache.kafka.common.utils.AppInfoParser - Kafka commitId: 8e30984f43e64d8b
2023-05-09 10:22:23 [localhost-startStop-1] INFO  org.apache.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1683598943212
2023-05-09 10:22:23 [localhost-startStop-1] INFO  org.apache.kafka.clients.consumer.KafkaConsumer - [Consumer clientId=consumer-test-1, groupId=test-group] Subscribed to topic(s): sync_user


2023-05-09 10:23:50 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN  org.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-1, groupId=test-group] Bootstrap broker 10.39.48.113:9092 (id: -1 rack: null) disconnected

可以注意到日志最后有1条警告,其实我只放了一条,这个信息在日志里多滴很。

分析问题

客户对接方发送了一条消息问我们消费到没,我一查日志,满屏是WARN提示 Bootstrap broker 10.39.48.113:9092 (id: -1 rack: null) disconnected,真是小刀拉屁股——开了眼。

打开Google Bard机器人问问这是啥原因导致的:

可能是网络原因导致的,查了下其他博客说也有可能是开启了某种认证机制导致的。

通过ping发现能ping通broker,但是通过telnet却无法连接了,也就是说:这台测试服务器与kafka broker间的网络被限制为可以ping但不能访问broker的端口号!

解决办法

查看了下测试服务器的iptables链没发现问题,自己通过tcpdump抓包用wireshark分析发现只有SYN包没响应,找到客户网络工程师定位到是公司的网络策略限制了。至此问题解决,希望能给读者一个思路。