JUNIPER NETWORKS - tambariRouting Active Testing Streaming API
Jagora

Abubuwan da ke ciki boye
1 Gabatarwa
2 Ƙarsheview
3 Karin bayani
4 Gabaɗaya
5 Kafka Take Names
6 Takardu / Albarkatu
6.1 Magana

Gabatarwa

This guide describes how to extract data from Routing Active Testing via the product’s streaming API.
The API as well as the streaming client are included in the Routing Active Testing installation. However, a bit of configuration is needed before you can use the API. This is covered in the “Configuring the Streaming API” on page 1 chapter.
Ana saita API mai yawo

Ƙarsheview

Wannan babin yana bayyana yadda ake saita API mai yawo don ba da damar yin rajista ga saƙonnin awo ta hanyar Kafka.
A ƙasa za mu bi ta:

  • Yadda ake kunna API Streaming
  • Yadda ake saita Kafka don sauraron abokan ciniki na waje
  • Yadda ake saita Kafka don amfani da ACLs da saita ɓoyayyen SSL don abokan cinikin da aka ce

Menene Kafka?
Kafka wani dandali ne mai gudana wanda ke ba da damar kama bayanan da aka aiko daga tushen aukuwa daban-daban (na'urori masu auna bayanai, na'urorin wayar hannu) a cikin nau'ikan rafukan taron, da kuma dawwamammen adana waɗannan rafukan taron don dawo da su daga baya.
Tare da Kafka yana yiwuwa a gudanar da taron yawo karshen-zuwa-ƙarshe a cikin rarrabawa, mai girman gaske, na roba, rashin haƙuri, da amintaccen hanya.
NOTE: Kafka can be configured in many different ways and was designed for scalability and redundant systems. This document focuses only on how to configure it to make use of the Streaming API feature found in Routing Active Testing Control Center. For more advanced setups we refer to the official Kafka documentation: kafka.apache.org/26/documentation.html.
Kalmomi

  • Kafka: Dandali mai gudana.
  • Taken Kafka: Tarin abubuwan da suka faru.
  • Abokin biyan kuɗi/mabukaci Kafka: Bangaren da ke da alhakin dawo da abubuwan da aka adana a cikin jigon Kafka.
  • Dillalin Kafka: Sabar Layer Ma'aji na gungu Kafka.
  • SSL/TLS: SSL wata amintacciyar yarjejeniya ce da aka ƙera don aika bayanai amintattu akan Intanet. TLS shine magajin SSL, wanda aka gabatar a cikin 1999.
  • SASL: Tsarin da ke ba da hanyoyin tantance mai amfani, bincika amincin bayanai, da ɓoyewa.
  • Streaming API subscriber: Component responsible for retrieval of events stored in topics defined in Routing Active Testing and meant for external access.
  • Ikon Takaddun shaida: Amintaccen mahalli wanda ke ba da kuma soke takaddun takaddun maɓalli na jama'a.
  • Tushen takardar shedar shaida: Takaddun maɓalli na jama'a wanda ke gano Hukumar Takaddun shaida.

Yadda API Streaming ke Aiki
Kamar yadda aka ambata a baya, API ɗin yawo yana ba abokan ciniki na waje damar dawo da bayanai game da awo daga Kafka.
Duk ma'auni da Wakilan Gwaji suka tattara yayin gwaji ko aikin sa ido ana aika su zuwa sabis ɗin Rafi.
Bayan lokacin sarrafawa, sabis ɗin Rafi yana buga waɗannan ma'auni akan Kafka tare da ƙarin metadata.
Kafka Topics
Kafka has the concept of topics to which all data is published. In Routing Active Testing there are many such Kafka topics available; however, only a subset of these are meant for external access.
Each Routing Active Testing account in Control Center has two dedicated topics. Below, ACCOUNT is the account short name:

  • paa.accounts.{ACCOUNT}.metrics
  • Ana buga duk saƙonnin awo na asusun da aka bayar ga wannan batu
  • Yawancin bayanai
  • Mitar sabuntawa mai girma
  • paa.asusun jama'a.{ACCOUNT}.metadata
  • Ya ƙunshi metadata masu alaƙa da bayanan awo, misaliamphar zuwa gwajin, saka idanu ko Wakilin Gwaji masu alaƙa da awo
  • Ƙananan adadin bayanai
  • Ƙananan mitar sabuntawa

Ana kunna API mai yawo
NOTE: These instructions are to be run on the Control Center server using sudor.
Tunda API mai yawo yana ƙara wasu kan sama zuwa Cibiyar Sarrafa, ba a kunna ta ta tsohuwa. Don kunna API ɗin, dole ne mu fara ba da damar buga awo zuwa Kafka a cikin babban tsari file:

  • /etc/netrounds/netrounds.conf

KAFKA_METRICS_ENABLED = Gaskiya
KAFKA_PUBLISH_METADATA_FOR_STREAMS = True

Alamar Gargadin lantarki GARGADI: Ƙaddamar da wannan fasalin zai iya tasiri aikin Cibiyar Sarrafa. Tabbatar cewa kun daidaita misalin ku daidai.
Na gaba, don ba da damar isar da waɗannan ma'auni zuwa madaidaitan batutuwan Kafka:

  • /etc/netrounds/metrics.yaml

streaming-api: gaskiya
Don kunna da fara ayyukan API mai yawo, gudu:

  • sudo ncc sabis yana ba da damar ma'auni na timescaledb
  • sudo ncc ayyuka fara timescaledb awo

A ƙarshe, sake kunna ayyukan:

  • sudo ncc ayyuka sake farawa

NOTE: The KAFKA_PUBLISH_RESOURCES setting has been deprecated. It should be removed from your configuration. Use KAFKA_PUBLISH_METADATA_FOR_STREAMS = True instead.
Tabbatar da Cewa API ɗin Yawo yana Aiki a Cibiyar Sarrafa
NOTE: Dole ne a gudanar da waɗannan umarnin akan uwar garken Cibiyar Sarrafa.
You can now verify that you are receiving metrics on the correct Kafka topics. To do so, install the Kafka cat utility:

  • sudo apt-samun sabuntawa
  • sudo apt-samun shigar kafkacat

If you have a test or monitor running in Control Center, you should be able to use Kafka cat to receive metrics and metadata on these topics.
Sauya myaccount tare da gajeren sunan asusun ku (wannan shine abin da kuke gani a Cibiyar Sarrafa ku URL):

  • fitarwa METRICS_TOPIC=paa.public.accounts.myaccount.metrics
  • fitarwa METADATA_TOPIC=paa.public.accounts.myaccount.metadata

Ya kamata ku ga awoyi ta hanyar gudanar da wannan umarni:

  • kafkacat -b ${KAFKA_FQDN}:9092 -t ${METRICS_TOPIC} -C -e

Zuwa view metadata, gudanar da umarni mai zuwa (lura cewa wannan ba zai ɗaukaka akai-akai):

  • kafkacat -b ${KAFKA_FQDN}:9092 -t ${METADATA_TOPIC} -C -e

NOTE: This is just a sanity check to make sure things are being published correctly. The data you see being published will be in binary form, which kafkacat will not decode by default. For properly subscribing to these topics, please see the “Client Examples” on page 13 section.
Wannan yana tabbatar da cewa muna da API mai gudana mai aiki daga cikin Cibiyar Kulawa. Koyaya, wataƙila kuna sha'awar samun damar bayanai daga abokin ciniki na waje maimakon. Sashe na gaba yana bayanin yadda ake buɗe Kafka don samun damar waje.
Bude Kafka Don Masu Runduna Na Waje
NOTE: Waɗannan umarnin dole ne a gudanar dasu akan uwar garken Cibiyar Kulawa.
Ta hanyar tsoho Kafka da ke gudana akan Cibiyar Kulawa an saita shi don sauraron localhost kawai don amfanin cikin gida.
Yana yiwuwa a buɗe Kafka don abokan ciniki na waje ta hanyar gyara saitunan Kafka.
Haɗa zuwa Kafka: Caveats
Ikon faɗakarwa HANKALI: Da fatan za a karanta wannan a hankali, tunda yana da sauƙin shiga cikin batutuwan haɗi tare da Kafka idan ba ku fahimci waɗannan ra'ayoyin ba.
A cikin saitin Cibiyar Kulawa da aka bayyana a cikin wannan takaddar, akwai dillalin Kafka ɗaya kawai.
Koyaya, lura cewa dillalin Kafka yana nufin gudu a matsayin wani ɓangare na rukunin Kafka wanda zai iya ƙunshi dillalan Kafka da yawa.
Lokacin haɗawa zuwa dillalin Kafka, abokin ciniki na Kafka yana saita haɗin farko. A kan wannan haɗin kai dillalin Kafka zai dawo da jerin "masu sauraro da aka tallata", wanda shine jerin dillalan Kafka ɗaya ko fiye.
Lokacin karɓar wannan jeri, abokin ciniki na Kafka zai cire haɗin, sannan ya sake haɗawa da ɗayan waɗannan masu sauraron tallan. Masu sauraron da aka tallata dole ne su ƙunshi sunayen baƙi ko adiresoshin IP waɗanda ke da damar abokin ciniki na Kafka, ko abokin ciniki zai kasa haɗawa.
Idan an yi amfani da ɓoyayyen SSL, wanda ya haɗa da takardar shaidar SSL wanda ke daura da wani sunan mai masauki, yana da mahimmanci cewa abokin ciniki na Kafka ya karɓi adireshin daidai don haɗawa, tunda in ba haka ba ana iya ƙi haɗin.
Kara karantawa game da masu sauraron Kafka a nan: www.confluent.io/blog/kafka-listeners-explained
SSL/TLS boye-boye
Don tabbatar da amintattun abokan ciniki kawai aka ba su damar shiga Kafka da API mai yawo, dole ne mu saita masu zuwa:

  • Tabbatarwa: Abokan ciniki dole ne su samar da sunan mai amfani da kalmar wucewa ta hanyar amintacciyar hanyar SSL/TLS tsakanin abokin ciniki da Kafka.
  • Izini: Ingantattun abokan ciniki na iya yin ayyukan da ACLs suka tsara.

Anan an gamaview:
Don cikakken fahimtar yadda ɓoyewar SSL/TLS ke aiki don Kafka, da fatan za a koma zuwa takaddun hukuma: docs.confluent.io/platform/current/kafka/encryption.html
Takaddar SSL/TLS ta ƙareview
NOTE: A cikin wannan karamin sashe za mu yi amfani da kalmomi masu zuwa:
Takaddun shaida: Takaddun shaida ta SSL wacce Hukumar Takaddun shaida (CA) ta sanya hannu. Kowane dillali na Kafka yana da daya.
Keystore: Maɓalli file wanda ke adana takardar shaidar. Maɓallin maɓalli file ya ƙunshi maɓallin keɓaɓɓen takardar shaidar; don haka yana bukatar a kiyaye shi lafiya.
Aminiya: A file dauke da amintattun takaddun shaida na CA.
Don saita tabbatarwa tsakanin abokin ciniki na waje da Kafka da ke gudana a Cibiyar Kulawa, dole ne bangarorin biyu su sami ma'anar maɓalli tare da takardar shaidar da ke da alaƙa da Hukumar Takaddun shaida (CA) ta sanya hannu tare da tushen takardar shaidar CA.
Baya ga wannan, abokin ciniki kuma dole ne ya kasance yana da rumbun ajiya tare da takaddun tushen CA.
Tushen takardar shaidar CA gama gari ne ga dillalin Kafka da abokin ciniki na Kafka.
Ƙirƙirar Takaddun shaida da ake buƙata
An rufe wannan a cikin “Shafi” a shafi na 16.
Kafka Broker SSL/TLS Kanfigareshan a Cibiyar Sarrafa
NOTE: Dole ne a gudanar da waɗannan umarnin akan uwar garken Cibiyar Sarrafa.
NOTE: Before continuing, you must create the keystone which contains the SSL certificate by following the instructions in the “Appendix” on page 16. The paths mentioned below come from these instructions. The SSL keystore is a file adana a kan faifai tare da file tsawo .jks.
Da zarar kuna da takaddun takaddun da ake buƙata da aka ƙirƙira don dillalin Kafka da abokin ciniki na Kafka akwai, zaku iya ci gaba ta hanyar daidaita dillalin Kafka da ke gudana a Cibiyar Kulawa. Kuna buƙatar sanin waɗannan abubuwa:

  • : Sunan mai masaukin baki na Cibiyar Kulawa; wannan dole ne ya zama mai warwarewa kuma abokan cinikin Kafka za su iya samun su.
  • : Kalmar sirrin maɓalli da aka bayar lokacin ƙirƙirar takardar shaidar SSL.
  • kuma : Waɗannan su ne kalmomin shiga da kuke son saitawa ga admin da kuma abokin ciniki bi da bi. Lura cewa zaku iya ƙara ƙarin masu amfani, kamar yadda aka nuna a cikin tsohonample.

Edit or append (with sudo access) the properties below in /etc/kafka/server.properties, inserting the above
variables as shown:
Alamar Gargadin lantarki GARGADI: Kar a cire PLAINTEXT://localhost:9092; wannan zai karya ayyukan Cibiyar Kulawa tunda sabis na ciki ba zai iya sadarwa ba.

# Adireshin da dillalin Kafka ke saurare.
masu sauraro=PLAINTEXT:/localhost:9092,SASL_SSL://0.0.0.0:9093
# Waɗannan su ne rundunonin da aka tallata su ga kowane haɗin gwiwar abokin ciniki.
advertised.listeners=PLAINTEXT://localhost:9092,SASL_SSL:// :9093
… ####### CUSTOM CONFIG
# SIFFOFIN SALLAH
ssl.endpoint.identification.algorithm=
ssl.keystore.location=/var/ssl/private/kafka.server.keystore.jks
ssl.keystore.password=
ssl.key.password=
ssl.client.auth=babu
ssl.protocol=TLSv1.2
# Tsarin SASL
sasl.enabled.mechanisms=PLAIN
listener.name.sasl_ssl.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginMo
ana buqatar dule \
username = "admin" \
kalmar sirri =" ” \
User:admin=”<admin_pwd>” \
user client=”<client_pwd>”;
# NOTE ana iya ƙara ƙarin masu amfani tare da mai amfani_ =
# Izini, kunna ACLs
authorizer.class.name=kafka.security.authorizer.AclAuthorizer
superusers=User:admin
Ƙirƙirar Lissafin Sarrafa Hannu (ACLs)
Kunna ACLs akan localhost
Alamar Gargadin lantarki  GARGADI: Dole ne mu fara saita ACLs don localhost, ta yadda Cibiyar Kula da kanta zata iya samun damar shiga Kafka. Idan ba a yi haka ba, abubuwa za su karye.
######### Shigarwar ACLs don masu amfani da ba a san su ba
/usr/lib/kafka/bin/kafka-acls.sh
–authorizer kafka.security.authorizer.AclAuthorizer \
–authorizer-properties zookeeper.connect=localhost:2181 \
–add –allow-principal User: ANONYMOUS –allow-host 127.0.0.1 –cluster
/usr/lib/kafka/bin/kafka-acls.sh
–authorizer kafka.security.authorizer.AclAuthorizer \
–authorizer-properties zookeeper.connect=localhost:2181 \
– ƙara –allow-babban mai amfani: ANONYMOUS –allow-host 127.0.0.1 – topic '*'
/usr/lib/kafka/bin/kafka-acls.sh
–authorizer kafka.security.authorizer.AclAuthorizer \
–authorizer-properties zookeeper.connect=localhost:2181 \
–add –allow-principal User: ANONYMOUS –allow-host 127.0.0.1 –group ‘*’
Sannan muna buƙatar ba da damar ACLs don samun damar karantawa kawai na waje, domin masu amfani da waje su sami damar karanta batutuwan paa.jama'a.*.
NOTE: Don ƙarin iko mai kyau, da fatan za a koma zuwa takaddun Kafka na hukuma.
######### Shigarwar ACLs don masu amfani da waje
/usr/lib/kafka/bin/kafka-acls.sh
–authorizer kafka.security.authorizer.AclAuthorizer \
–authorizer-properties zookeeper.connect=localhost:2181 \
–add –allow-principal User:* –aiki karanta –aiki siffanta \
- kungiyar 'NCC'
/usr/lib/kafka/bin/kafka-acls.sh
–authorizer kafka.security.authorizer.AclAuthorizer \
–authorizer-properties zookeeper.connect=localhost:2181 \
–add –allow-principal User:* –aiki karanta –aiki siffanta \
-matun paa.jama'a. -nau'in albarkatun-samfurin-nau'in riga-kafi
Da zarar an gama da wannan, kuna buƙatar sake kunna ayyukan:
sudo ncc ayyuka sake farawa
Don tabbatar da cewa abokin ciniki zai iya kafa amintaccen haɗi, gudanar da umarni mai zuwa akan kwamfutar abokin ciniki na waje (ba akan uwar garken Cibiyar Sarrafa ba). A ƙasa, PUBLIC_HOSTNAME shine sunan mai masaukin baki:
openssl s_client -debug -connect ${PUBLIC_HOSTNAME}:9093 -tls1_2 | grep "Amintacce Sake Tattaunawa IS goyan bayan"
A cikin fitarwar umarni yakamata ku ga takardar shaidar uwar garke da kuma masu zuwa:
Amintaccen Sake tattaunawa IS yana goyan bayan
Don tabbatar da cewa an ba da dama ga sabis na cikin gida zuwa uwar garken Kafka, da fatan za a duba log ɗin mai zuwafiles:

  • /var/log/kafka/server.log
  • /var/log/kafka/kafka-authorizer.log

Tabbatar da Haɗin Abokin Ciniki na Waje
kafkatu
NOTE: Dole ne a gudanar da waɗannan umarnin akan kwamfutar abokin ciniki (ba akan uwar garken Cibiyar Sarrafa ba).
NOTE: Don nuna bayanan awo, tabbatar da cewa aƙalla saka idanu ɗaya yana gudana a Cibiyar Sarrafa.
Don tabbatarwa da tabbatar da haɗin kai azaman abokin ciniki na waje, yana yiwuwa a yi amfani da kayan aikin kafkacat wanda aka shigar a cikin sashin “Tabbatar da Cewa API ɗin Yawo yana Aiki a Cibiyar Sarrafa” a shafi na 4.
Yi matakai masu zuwa:
NOTE: A ƙasa, CLIENT_USER shine mai amfani da aka ƙayyade a baya a cikin file /etc/kafka/ server.properties in Control Center: namely, user_client and the password set there. The CA root certificate used to sign the server side SSL certificate must be present on the client.
Ƙirƙiri a file client.properties tare da abun ciki mai zuwa:
security.protocol=SASL_SSL
ssl.ca.location={PATH_TO_CA_CERT}
sasl.mechanisms=PLAIN
sasl.username={CLIENT_USER}
sasl.password={CLIENT_PASSWORD}
ina

  • {PATH_TO_CA_CERT} shine wurin da tushen takardar shaidar CA da dillalin Kafka ke amfani dashi
  • {CLIENT_USER} da {CLIENT_PASSWORD} sune masu amfani ga abokin ciniki.
  • Gudun umarni mai zuwa don ganin saƙon da kafkacat ke cinyewa:

fitarwa KAFKA_FQDN=
fitarwa METRICS_TOPIC=paa.public.accounts. .metrics
kafkacat -b ${KAFKA_FQDN}:9093 -F client.properties -t ${METRICS_TOPIC} -C -e
inda {METRICS_TOPIC} shine sunan taken Kafka tare da prefix "paa.public.".
NOTE: Tsofaffi na kafkacat ba sa samar da zaɓi na -F don karanta saitunan abokin ciniki daga a file. Idan kana amfani da irin wannan sigar, dole ne ka samar da saitunan iri ɗaya daga layin umarni kamar yadda aka nuna a ƙasa.
kafkacat -b ${KAFKA_FQDN}:9093 \
-X security.protocol=SASL_SSL \
-X ssl.ca.location={PATH_TO_CA_CERT} \
-X sasl.mechanisms=PLAIN \
-X sasl.username={CLIENT_USER} \
-X sasl.password={CLIENT_PASSWORD} \
-t ${METRICS_TOPIC} -C -e
Don cire haɗin haɗin, zaku iya amfani da zaɓin -d:
Kashe hanyoyin sadarwar mabukaci
kafkacat -d mabukaci -b ${KAFKA_FQDN}:9093 -F client.properties -t ${METRICS_TOPIC} -C -e
# Gyara hanyoyin sadarwar dillali
kafkacat -d dillali -b ${KAFKA_FQDN}:9093 -F client.properties -t ${METRICS_TOPIC} -C -e
Tabbatar da komawa zuwa takaddun don ɗakin karatu na abokin ciniki na Kafka da ake amfani da shi, kamar yadda kaddarorin na iya bambanta da waɗanda ke cikin abokin ciniki.properties.
Tsarin Saƙo
The messages used for the metrics and metadata topics are serialized in the Protocol buffers (protobuf)format (see developers.google.com/protocol-buffers). Tsare-tsare na waɗannan saƙonnin suna bin tsari mai zuwa:
Metrics Protobuf Schema
syntax = "proto3";
shigo da "google/protobuf/timestamp.proto”;
kunshin paa.streamingapi;
zaɓi go_package = ".;paa_streamingapi";
Ma'aunin saƙo {
google.protobuf.Timestamp lokutaamp = 1;
taswira dabi'u = 2;
int32 rafi_id = 3;
}
/**
* Ƙimar awo na iya zama ko dai lamba ko ta iyo.
*/
sakon MetricValue {
daya daga nau'in {
int64 int_val = 1;
float float_val = 2;
}
}
Metadata Protobuf Schema
syntax = "proto3";
kunshin paa.streamingapi;
zaɓi go_package = ".;paa_streamingapi";
Metadata sako {
int32 rafi_id = 1;
string stream_name = 2;
taswira tags = 13;
}
Abokin ciniki Examples
NOTE: Waɗannan umarnin an yi niyya don aiki akan abokin ciniki na waje, misaliampko kwamfutar tafi-da-gidanka ko makamancin haka, kuma ba cikin Cibiyar Kulawa ba.
NOTE: Don samun bayanan ma'auni, tabbatar da cewa aƙalla saka idanu ɗaya yana gudana a Cibiyar Sarrafa.
Ƙwallon kwando na Cibiyar Sarrafa ya haɗa da rumbun adana bayanan paa-streaming-api-client-examples.tar.gz (abokin ciniki-examples), wanda ya ƙunshi exampRubutun Python yana nuna yadda ake amfani da API Streaming.
Shigarwa da Haɓaka Client Examples
Kuna samun abokin ciniki-examples in the Routing Active Testing Control Center folder:
fitarwa CC_VERSION=4.6.0
cd ./paa-control-center_${CC_VERSION}
ls paa-streaming-api-abokin ciniki-example*
Don shigar abokin ciniki-exampa kan kwamfutar abokin ciniki na waje, ci gaba kamar haka:
# Ƙirƙiri adireshi don fitar da abun ciki na abokin ciniki tsohonamples kwalta
mkdir paa-streaming-api-abokin ciniki-examples
# Cire abun ciki na abokin ciniki examples kwalta
tar xzf paa-streaming-api-client-examples.tar.gz -C paa-streaming-api-abokin ciniki-examples
# Jeka sabon kundin adireshi
cd paa-streaming-api-abokin ciniki-examples
abokin ciniki-examples yana buƙatar Docker don gudu. Ana iya samun saukewa da umarnin shigarwa don Docker a https://docs.docker.com/engine/install.
Amfani da Client Examples
Abokin ciniki-examples kayan aikin na iya aiki a ko dai na asali ko na zamani don gina tsohonamples na bambance-bambancen rikitarwa. A cikin lokuta biyu, yana yiwuwa kuma a gudanar da tsohonamples tare da sanyi file dauke da ƙarin kaddarorin don ƙarin gyare-gyare na gefen abokin ciniki.
Yanayin asali
A cikin ainihin yanayin, awo da metadata suna gudana daban. Don wannan, abokin ciniki yana sauraron kowane batun Kafka da ke akwai don samun damar waje kuma kawai yana buga saƙonnin da aka karɓa zuwa na'ura wasan bidiyo.
Don fara aiwatar da ainihin exampgudu:
./build.sh run-basic -kafka-brokers localhost:9092 -account ACCOUNT_SHORTNAME
inda ACCOUNT_SHORTNAME shine gajeren sunan asusun da kake son samun ma'auni.
Don kawo karshen hukuncin kisa na tsohonample, latsa Ctrl + C. (Za a iya samun ɗan jinkiri kafin aiwatarwar ya tsaya saboda abokin ciniki yana jiran taron ƙarewar lokaci.)
Babban Yanayin
NOTE: Ana nuna ma'auni don masu sa ido na HTTP da ke gudana a Cibiyar Sarrafa.
Kisa a yanayin ci gaba yana nuna alaƙa tsakanin awo da saƙonnin metadata. Wannan yana yiwuwa godiya ga kasancewar kowane saƙon awo na filin id rafi wanda ke nufin saƙon metadata daidai.
Don aiwatar da ci-gaba exampgudu:
./build.sh run-ci gaba -kafka-brokers localhost:9092 -account ACCOUNT_SHORTNAME
inda ACCOUNT_SHORTNAME shine gajeren sunan asusun da kake son samun ma'auni.
Don kawo karshen hukuncin kisa na tsohonample, latsa Ctrl + C. (Za a iya samun ɗan jinkiri kafin aiwatarwar ya tsaya saboda abokin ciniki yana jiran taron ƙarewar lokaci.)
Ƙarin Saituna
Yana yiwuwa a gudanar da exampLes tare da ƙarin daidaitawar abokin ciniki ta amfani da –config-file zabin da a file suna mai ɗauke da kaddarori a cikin maɓallin tsari = ƙima.
./build.sh run-advanced \
–kafka-brokers localhost:9092 \
-asusu ACCOUNT_SHORTNAME \
-tsari-file client_config.properties
NOTE: Duka files da aka ambata a cikin umarnin da ke sama dole ne a kasance a cikin kundin adireshi na yanzu kuma a kira su ta amfani da hanyoyin dangi kawai. Wannan ya shafi duka biyu ga –config-file gardama da duk shigarwar a cikin tsarin file cewa siffanta file wurare.
Tabbatar da Tabbacin Abokin Ciniki na Waje
Don inganta amincin abokin ciniki daga wajen Cibiyar Kulawa ta amfani da abokin ciniki-exampdon haka, aiwatar da matakai masu zuwa:

  • From the Routing Active Testing Control Center folder, switch to the paa-streaming-api-client-examples folder:
    cd paa-streaming-api-abokin ciniki-examples
  • Kwafi ca-cert tushen tushen CA cikin kundin adireshi na yanzu.
  • Ƙirƙiri abokin ciniki.Properties file tare da abun ciki mai zuwa:
    security.protocol=SASL_SSL
    ssl.ca.location=ca-cert
    sasl.mechanism=PLAIN
    sasl.username={CLIENT_USER}
    sasl.password={CLIENT_PASSWORD}
    inda {CLIENT_USER} da {CLIENT_PASSWORD} sune masu amfani ga abokin ciniki.
  • Gudu na asali exampda:
    fitarwa KAFKA_FQDN=
    ./build.sh run-basic –kafka-brokers ${KAFKA_FQDN}:9093 \
    -asusu ACCOUNT_SHORTNAME
    -tsari-file abokin ciniki.dukiyoyi
    inda ACCOUNT_SHORTNAME shine gajeren sunan asusun da kake son samun ma'auni.
  • Gudu na gaba exampda:
    fitarwa KAFKA_FQDN=
    ./build.sh run-advanced –kafka-brokers ${KAFKA_FQDN}:9093 \
    -asusu ACCOUNT_SHORTNAME
    -tsari-file abokin ciniki.dukiyoyi

Karin bayani

A cikin wannan ƙarin mun bayyana yadda ake ƙirƙira:

  • maɓalli file don adana takardar shaidar SSL dillalin Kafka
  • kantin dogara file don adana tushen takaddun shaida (CA) da aka yi amfani da shi don sanya hannu kan takardar shaidar dillali ta Kafka.

Ƙirƙirar Takaddar Dillalan Kafka
Ƙirƙirar Takaddun shaida Ta Amfani da Hukuncin Takaddun Shaida na Gaskiya (An Shawarar)
Ana ba da shawarar cewa ku sami ainihin takardar shaidar SSL daga amintaccen CA.
Da zarar ka yanke shawara a kan CA, kwafi ca-cert tushen takardar shaidar su file zuwa hanyar ku kamar yadda aka nuna a kasa:
fitarwa CA_PATH=~/my-ca
mkdir ${CA_PATH}
cp ca-cert ${CA_PATH}
Ƙirƙiri Hukumar Takaddun Shaida ta Kanku
NOTE: A al'ada ya kamata ka sami sa hannun takardar shaidarka ta ainihin Hukumar Takaddun shaida; duba sashin da ya gabata. Abin da ke biyo baya shine kawai tsohonample.
Anan mun ƙirƙiri takaddun shaida na Hukumar Takaddun shaida (CA). file yana aiki na kwanaki 999 (ba a ba da shawarar samarwa ba):
# Ƙirƙiri adireshi don adana CA
fitarwa CA_PATH=~/my-ca
mkdir ${CA_PATH}
# Ƙirƙirar takardar shaidar CA
openssl req -new -x509 -keyout ${CA_PATH}/ca-key -out ${CA_PATH}/ca-cert -days 999
Ƙirƙirar kantin Amintaccen Abokin Ciniki
Yanzu zaku iya ƙirƙirar kantin sayar da amana file wanda ya ƙunshi ca-cert da aka samar a sama. Wannan file will be needed by the Kafka client that will access the Streaming API: keytool -keystore kafka.client.truststore.jks \
suna CARoot \
-mai shigo da kaya -file ${CA_PATH}/ca-cert
Yanzu da takardar shaidar CA ta kasance a cikin rumbun ajiya, abokin ciniki zai amince da kowace takardar shaidar da aka sanya hannu da ita.
Ya kamata ku kwafi file kafka.client.truststore.jks zuwa sanannen wuri a kan kwamfutarka abokin ciniki da kuma nuna shi a cikin saitunan.
Ƙirƙirar Maɓalli don Dillalin Kafka
Don samar da takardar shaidar SSL ta Kafka dillali sannan kuma maɓalli na kafka.server.keystore.jks, ci gaba kamar haka:
Samar da Takaddun shaida na SSL
Use these commands to generate the SSL certificate. Below, 999 is the number of days of validity of the keystore.
sudo mkdir -p /var/ssl/private
sudo chown -R $ USER: /var/ssl/private
cd /var/ssl/private
export CC_IP=<Control Center IP>
keytool -keystore kafka.server.keystore.jks \
uwar garke \
- inganci 999 \
-genkey -keyalg RSA -ext SAN=ip:${CC_IP}
To verify the SSL certificate, you can use the following command:
keytool -v -list -keystore kafka.server.keystore.jks -alias server
You should ensure that the port 9093 is accessible from external clients.
Ƙirƙiri buƙatun sa hannu na takaddun shaida kuma adana shi a cikin file mai suna cert-server-request:
keytool -keystore kafka.server.keystore.jks \
uwar garke \
-certreq \
-file buqatar sabar-server
Ya kamata ku aika yanzu file cert-server-request to your Certificate Authority (CA) idan kana amfani da na gaske daya. Sannan za su mayar da takardar shaidar da aka sanya hannu. Za mu koma ga wannan azaman sa hannun sabbabin sabar a ƙasa.
Shiga Takaddun shaida na SSL Amfani da Takaddun shaida na CA wanda ya ƙirƙira da kansa
NOTE: Bugu da ƙari, yin amfani da CA na ku ba a ba da shawarar ba a cikin tsarin samarwa.
Shiga takardar shaidar ta amfani da CA ta hanyar file buƙatun uwar garken, wanda ke samar da takardar shedar sa hannun sa hannun uwar garken. Duba ƙasa; ca-password shine kalmar sirri da aka saita lokacin ƙirƙirar takardar shaidar CA.
cd /var/ssl/private
openssl x509 -req \

  • -CA ${CA_PATH}/ca-cert \
  • -CAkey ${CA_PATH}/ca-key \
  • -a cikin cert-server-request \
  • -sa hannu-sa hannun sabar sabar \
  • -days 999 -CAcreateserial \
  • -passin pass: {ca-password}

Ana shigo da Takaddun Sa hannu a cikin Maɓalli
Shigo da tushen takardar shaidar ca-cert cikin maɓalli:
keytool -keystore kafka.server.keystore.jks \
-alias ca-cert \
-shigo da \
-file ${CA_PATH}/ca-cert
Shigo da sa hannun takardar shedar da ake magana a kai a matsayin sa hannun sabbabin sabbabin:
keytool -keystore kafka.server.keystore.jks \
uwar garke \
-shigo da \
-file sa hannun sabbabin sabar
The file kafka.server.keystore.jks ya kamata a kwafi zuwa sanannen wuri akan uwar garken Cibiyar Kulawa, sannan a koma cikin /etc/kafka/server.properties.
Amfani da API Streaming

Gabaɗaya

API ɗin yawo yana ɗaukar duka gwaji da saka idanu bayanai. Ba zai yiwu a ware ɗaya daga cikin waɗannan nau'ikan ba.
API ɗin yawo ba ya debo bayanai daga gwajin tushen rubutun (waɗanda ke wakilta ta rectangle maimakon guntun jigsaw a cikin Cibiyar Kulawa GUI), kamar gwaje-gwajen kunna sabis na Ethernet da gwaje-gwajen nuna gaskiya.

Kafka Take Names

Sunayen taken Kafka na API mai yawo sune kamar haka, inda %s shine gajeren sunan asusun Cibiyar Sarrafa (an nuna lokacin ƙirƙirar asusun):
const (
ExporterName = "kafka"
metadataTopicTpl = "paa.public.accounts.%s.metadata"
metricsTopicTpl = "paa.public.accounts.%s.metrics"
)
ExampAmfani da API Streaming
The exampAna samun abubuwan da ke biyo baya a cikin tarball paa-streaming-api-client-examples.tar.gz yana ƙunshe a cikin Cibiyar Kula da kwalta.
Na farko, akwai asali exampnuna yadda awo da metadata ke gudana daban kuma kawai buga saƙonnin da aka karɓa zuwa na'ura wasan bidiyo. Kuna iya gudanar da shi kamar haka:
sudo ./build.sh run-basic –kafka-brokers localhost:9092 –account ACCOUNT_SHORTNAME There is also a more advanced exampinda ake danganta awo da saƙonnin metadata. Yi amfani da wannan umarni don gudanar da shi:
sudo ./build.sh run-advanced –kafka-brokers localhost:9092 –account ACCOUNT_SHORTNAME You need to use sudo to run Docker commands such as the ones above. Optionally, you can follow the Linux post-installation steps to be able to run Docker commands without sudo. For details, go to docs.docker.com/engine/install/linux-postinstall.
Juniper Networks, alamar Juniper Networks, Juniper, da Junos alamun kasuwanci ne masu rijista na Juniper Networks, Inc. a Amurka da wasu ƙasashe. Duk sauran alamun kasuwanci, alamun sabis, alamun rajista, ko alamun sabis masu rijista mallakin masu su ne. Juniper Networks ba ta da alhakin kowane kuskure a cikin wannan takaddar. Juniper Networks suna da haƙƙin canzawa, gyaggyarawa, canja wuri, ko in ba haka ba sake duba wannan ɗaba'ar ba tare da sanarwa ba. Haƙƙin mallaka © 2025 Juniper Networks,
Inc. Duk haƙƙin mallaka.

JUNIPER NETWORKS - tambari

Takardu / Albarkatu

JUNIPER NETWORKS Routing Active Testing Solution Brief [pdf] Jagorar mai amfani
Routing Active Testing Solution Brief, Active Testing Solution Brief, Testing Solution Brief, Solution Brief

Magana

Bar sharhi

Ba za a buga adireshin imel ɗin ku ba. Ana yiwa filayen da ake buƙata alama *