I-JUNIPER NETWORKS - ilogoRouting Active Testing Streaming API
Umhlahlandlela

Okuqukethwe fihla
1 Isingeniso
2 Kuphelileview
3 Isithasiselo
4 Okujwayelekile
5 Kafka Isihloko Amagama
6 Amadokhumenti / Izinsiza
6.1 Izithenjwa

Isingeniso

This guide describes how to extract data from Routing Active Testing via the product’s streaming API.
The API as well as the streaming client are included in the Routing Active Testing installation. However, a bit of configuration is needed before you can use the API. This is covered in the “Configuring the Streaming API” on page 1 chapter.
Ilungiselela i-Streaming API

Kuphelileview

Lesi sahluko sichaza ukuthi ungayilungisa kanjani i-Streaming API ukuze uvumele ukubhalisa kumilayezo ye-metrics nge-Kafka.
Ngezansi sizodlula:

  • Uyenza kanjani i-Streaming API isebenze
  • Uyilungiselela kanjani i-Kafka ukuthi ilalele amaklayenti angaphandle
  • Uyilungiselela kanjani i-Kafka ukuthi isebenzise ama-ACL futhi usethe ukubethela kwe-SSL kumakhasimende ashiwo

Iyini i-Kafka?
I-Kafka iyinkundla yokusakaza imicimbi evumela ukuthwebula ngesikhathi sangempela kwedatha ethunyelwe kusuka emithonjeni ehlukahlukene yemicimbi (izinzwa, imininingwane egciniwe, amadivaysi eselula) ngendlela yokusakazwa kwemicimbi, kanye nokugcinwa okuqinile kwalokhu kusakazwa kwemicimbi ukuze kutholwe futhi kusetshenziswe kamuva.
Nge-Kafka kungenzeka ukuphatha ukusakazwa komcimbi ekupheleni-kuya-ekupheleni ngendlela esabalalisiwe, enwebekayo, enwebekayo, ebekezelela amaphutha, futhi evikelekile.
QAPHELA: Kafka can be configured in many different ways and was designed for scalability and redundant systems. This document focuses only on how to configure it to make use of the Streaming API feature found in Routing Active Testing Control Center. For more advanced setups we refer to the official Kafka documentation: kafka.apache.org/26/documentation.html.
Amagama

  • I-Kafka: Inkundla yokusakaza imicimbi.
  • Isihloko se-Kafka: Ukuqoqwa kwemicimbi.
  • Obhalisile/umthengi we-Kafka: Ingxenye ebhekele ukubuyiswa kwemicimbi egcinwe esihlokweni se-Kafka.
  • Umthengisi we-Kafka: Iseva yesendlalelo sesitoreji seqoqo le-Kafka.
  • I-SSL/TLS: I-SSL iphrothokholi evikelekile eyenzelwe ukuthumela imininingwane ngokuphephile nge-inthanethi. I-TLS ilandela i-SSL, eyethulwa ngo-1999.
  • I-SASL: Uhlaka oluhlinzeka ngezindlela zokuqinisekisa umsebenzisi, ukuhlola ubuqotho bedatha, kanye nokubethela.
  • Streaming API subscriber: Component responsible for retrieval of events stored in topics defined in Routing Active Testing and meant for external access.
  • Isiphathimandla sesitifiketi: Ibhizinisi elithenjwayo elikhipha futhi lihoxise izitifiketi zokhiye basesidlangalaleni.
  • Isitifiketi sempande Yegunya Lesitifiketi: Isitifiketi sikakhiye osesidlangalaleni esibonisa iziphathimandla zesitifiketi.

Isebenza kanjani i-Streaming API
Njengoba kushiwo ngaphambili, i-Streaming API ivumela amaklayenti angaphandle ukuthi athole ulwazi mayelana namamethrikhi avela e-Kafka.
Wonke amamethrikhi aqoqwe Abenzeli Bokuhlola ngesikhathi sokuhlolwa noma umsebenzi wokuqapha athunyelwa kusevisi yokusakaza.
Ngemva kwesigaba sokucubungula, isevisi yokusakaza ishicilela lawo mamethrikhi ku-Kafka kanye nemethadatha eyengeziwe.
Kafka Izihloko
Kafka has the concept of topics to which all data is published. In Routing Active Testing there are many such Kafka topics available; however, only a subset of these are meant for external access.
Each Routing Active Testing account in Control Center has two dedicated topics. Below, ACCOUNT is the account short name:

  • paa.public.accounts.{ACCOUNT}.metrics
  • Yonke imilayezo yamamethrikhi ye-akhawunti enikeziwe ishicilelwe kulesi sihloko
  • Amanani amakhulu edatha
  • Imvamisa yokubuyekeza ephezulu
  • paa.public.accounts.{ACCOUNT}.metadata
  • Iqukethe imethadatha ehlobene nedatha yamamethrikhi, ngokwesiboneloampukuhlola, ukuqapha noma Umenzeli Wokuhlola ohlotshaniswa namamethrikhi
  • Amanani amancane edatha
  • Imvamisa yokubuyekeza ephansi

Inika amandla i-Streaming API
QAPHELA: These instructions are to be run on the Control Center server using sudor.
Njengoba i-Streaming API yengeza i-overhead ku-Control Center, ayivunyelwe ngokuzenzakalelayo. Ukuze unike amandla i-API, kufanele siqale sinikeze amandla ukushicilelwa kwamamethrikhi ku-Kafka ekucushweni okuyinhloko. file:

  • /etc/netrounds/netrounds.conf

KAFKA_METRICS_ENABLED = Iqiniso
KAFKA_PUBLISH_METADATA_FOR_STREAMS = True

Isithonjana Sesixwayiso Sikagesi ISEXWAYISO: Ukunika lesi sici amandla kungase kuthinte ukusebenza Kwesikhungo Sokulawula. Qiniseka ukuthi usilinganisele isibonelo sakho ngokufanele.
Okulandelayo, ukuze unike amandla ukudluliselwa kwalawa mamethrikhi esihlokweni esifanele se-Kafka:

  • /etc/netrounds/metrics.yaml

ukusakaza-api: iqiniso
Ukuze unike amandla futhi uqale amasevisi e-Streaming API, sebenzisa:

  • Izinsizakalo ze-sudo ncc zinika amandla amamethrikhi we-timescaledb
  • Izinsizakalo ze-sudo ncc ziqala amamethrikhi we-timecaledb

Ekugcineni, qala kabusha amasevisi:

  • izinsiza ze-sudo ncc ziqala kabusha

QAPHELA: The KAFKA_PUBLISH_RESOURCES setting has been deprecated. It should be removed from your configuration. Use KAFKA_PUBLISH_METADATA_FOR_STREAMS = True instead.
Ukuqinisekisa Ukuthi I-API Yokusakaza Isebenza Esikhungweni Sokulawula
QAPHELA: Le miyalo kufanele isetshenziswe kuseva Yesikhungo Sokulawula.
You can now verify that you are receiving metrics on the correct Kafka topics. To do so, install the Kafka cat utility:

  • sudo apt-get update
  • sudo apt-get ukufaka i-kafkacat

If you have a test or monitor running in Control Center, you should be able to use Kafka cat to receive metrics and metadata on these topics.
Faka esikhundleni i-akhawunti yami igama elifushane le-akhawunti yakho (lokhu okubonayo Esikhungweni sakho Sokulawula URL):

  • thekelisa i-METRICS_TOPIC=paa.public.accounts.myaccount.metrics
  • thekelisa METADATA_TOPIC=paa.public.accounts.myaccount.metadata

Manje kufanele ubone amamethrikhi ngokusebenzisa lo myalo:

  • kafkacat -b ${KAFKA_FQDN}:9092 -t ${METRICS_TOPIC} -C -e

Kuya view metadata, sebenzisa umyalo olandelayo (qaphela ukuthi lokhu ngeke kubuyekezwe njalo):

  • kafkacat -b ${KAFKA_FQDN}:9092 -t ${METADATA_TOPIC} -C -e

QAPHELA: This is just a sanity check to make sure things are being published correctly. The data you see being published will be in binary form, which kafkacat will not decode by default. For properly subscribing to these topics, please see the “Client Examples” on page 13 section.
Lokhu kuqinisekisa ukuthi sine-API yokusakaza-bukhoma esebenzayo evela ngaphakathi kweSikhungo Sokulawula. Kodwa-ke, kungenzeka ukuthi ungathanda ukufinyelela idatha kusuka kuklayenti langaphandle kunalokho. Isigaba esilandelayo sichaza indlela yokuvula i-Kafka ukuze uthole ukufinyelela kwangaphandle.
Ivula i-Kafka yabasingathi bangaphandle
QAPHELA: Le miyalo kufanele isetshenziswe kuseva Yesikhungo Sokulawula.
Ngokuzenzakalelayo i-Kafka esebenza ku-Control Center ilungiselelwe ukuthi ilalele kuphela ku-localhost ukuze isetshenziswe ngaphakathi.
Kungenzeka ukuthi uvule i-Kafka kumakhasimende angaphandle ngokulungisa izilungiselelo ze-Kafka.
Ixhuma ku-Kafka: I-Caveats
Isithonjana sesixwayiso ISEXWAYISO: Sicela ufunde lokhu ngokucophelela, njengoba kulula ukungena ezindabeni zokuxhuma ne-Kafka uma ungayiqondi le mibono.
Ekusetheni Isikhungo Sokulawula esichazwe kulo mbhalo, kunomthengisi oyedwa we-Kafka.
Kodwa-ke, qaphela ukuthi umthengisi we-Kafka uhloselwe ukusebenza njengengxenye yeqoqo le-Kafka elingase libe nabathengi abaningi be-Kafka.
Uma uxhumeka kumthengisi we-Kafka, uxhumano lokuqala lusethwa iklayenti le-Kafka. Ngalokhu kuxhumana umthengisi we-Kafka uzobuyisela uhlu "lwabalaleli abakhangisiwe", okuwuhlu lwabathengi be-Kafka oyedwa noma ngaphezulu.
Lapho lithola lolu hlu, iklayenti le-Kafka lizonqamula, bese lixhuma kabusha komunye walaba balaleli abakhangisiwe. Abalaleli abakhangisiwe kufanele babe namagama omethuleli noma amakheli e-IP afinyeleleka kuklayenti le-Kafka, noma iklayenti lizohluleka ukuxhuma.
Uma ukubethela kwe-SSL kusetshenziswa, okuhlanganisa nesitifiketi se-SSL esiboshelwe egameni elithile lomethuleli, kubaluleke nakakhulu ukuthi iklayenti le-Kafka lithole ikheli elifanele ukuze lixhumeke kulo, njengoba kungenjalo ukuxhumeka kungase kwenqatshwe.
Funda kabanzi mayelana nabalaleli be-Kafka lapha: www.confluent.io/blog/kafka-listeners-explained
Ukubethela kwe-SSL/TLS
Ukuqinisekisa ukuthi amaklayenti athembekile kuphela avunyelwe ukufinyelela i-Kafka kanye ne-Streaming API, kufanele silungiselele okulandelayo:

  • Ukuqinisekisa: Amaklayenti kufanele anikeze igama lomsebenzisi nephasiwedi ngoxhumano oluvikelekile lwe-SSL/TLS phakathi kweklayenti ne-Kafka.
  • Ukugunyazwa: Amaklayenti aqinisekisiwe angenza imisebenzi elawulwa ama-ACL.

Nansi i-overview:
Ukuze uqonde ngokugcwele ukuthi ukubethela kwe-SSL/TLS kusebenza kanjani e-Kafka, sicela ubheke imibhalo esemthethweni: docs.confluent.io/platform/current/kafka/encryption.html
Isitifiketi se-SSL/TLS sesiphelileview
QAPHELA: Kulesi sigatshana sizosebenzisa lawa magama alandelayo:
Isitifiketi: Isitifiketi se-SSL esisayinwe Iziphathimandla Zesitifiketi (CA). Umthengisi we-Kafka ngamunye unoyedwa.
Keystore: I-keystore file egcina isitifiketi. Isitolo sikakhiye file iqukethe ukhiye oyimfihlo wesitifiketi; ngakho-ke, idinga ukugcinwa ngokuphepha.
Truststore: A file equkethe izitifiketi ze-CA ezithenjwayo.
Ukuze usethe ukuqinisekiswa phakathi kweklayenti langaphandle kanye ne-Kafka esebenza ku-Control Center, zombili izinhlangothi kufanele zibe nesitolo sokhiye esichazwe ngesitifiketi esihlobene esisayinwe Iziphathimandla Zesitifiketi (CA) kanye nesitifiketi sempande ye-CA.
Ngaphezu kwalokhu, iklayenti kufanele libe ne-truststore nesitifiketi sempande ye-CA.
Isitifiketi sempande ye-CA sijwayelekile kumthengisi we-Kafka kanye neklayenti le-Kafka.
Ukudala Izitifiketi Ezidingekayo
Lokhu kuvezwe “Esithasiselweni” ekhasini 16.
I-Kafka Broker SSL/TLS Configuration in Control Center
QAPHELA: Le miyalo kufanele isetshenziswe kuseva Yesikhungo Sokulawula.
QAPHELA: Before continuing, you must create the keystone which contains the SSL certificate by following the instructions in the “Appendix” on page 16. The paths mentioned below come from these instructions. The SSL keystore is a file egcinwe kudiski nge file extension .jks.
Uma usunezitifiketi ezidingekayo ezidalelwe kokubili umthengisi we-Kafka kanye neklayenti le-Kafka elitholakalayo, ungaqhubeka ngokumisa umthengisi we-Kafka osebenza ku-Control Center. Udinga ukwazi okulandelayo:

  • : Igama likasokhaya lomphakathi leSikhungo Sokulawula; lokhu kufanele kuxazululwe futhi kufinyeleleke amaklayenti e-Kafka.
  • : Iphasiwedi ye-keystore enikeziwe uma udala isitifiketi se-SSL.
  • futhi : Lawa amagama ayimfihlo ofuna ukuwasethela umlawuli kanye nomsebenzisi weklayenti ngokulandelanayo. Qaphela ukuthi ungangeza abasebenzisi abaningi, njengoba kuboniswe ku-example.

Edit or append (with sudo access) the properties below in /etc/kafka/server.properties, inserting the above
variables as shown:
Isithonjana Sesixwayiso Sikagesi ISEXWAYISO: Ungasusi i-PLAINTEXT://localhost:9092; lokhu kuzophula ukusebenza Kwesikhungo Sokulawula njengoba amasevisi angaphakathi ngeke akwazi ukuxhumana.

# Amakheli alalelwa ngumthengisi we-Kafka.
abalaleli=PLAINTEXT://localhost:9092,SASL_SSL://0.0.0.0:9093
# Laba ngabasingathi abakhangiswa emuva kunoma yiliphi iklayenti elixhumayo.
advertised.listeners=PLAINTEXT://localhost:9092,SASL_SSL:// :9093
… ####### CUSTOM CONFIG
# UKULUNGISWA kwe-SSL
ssl.endpoint.identification.algorithm=
ssl.keystore.location=/var/ssl/private/kafka.server.keystore.jks
ssl.keystore.password=
ssl.key.password=
ssl.client.auth=none
ssl.protocol=TLSv1.2
# Ukucushwa kwe-SASL
sasl.enabled.mechanisms=PLAIN
umlaleli.name.sasl_ssl.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginMo
iduli elidingekayo \
igama lomsebenzisi = "admin" \
iphasiwedi=” ” \
User:admin=”<admin_pwd>” \
user client=”<client_pwd>”;
# QAPHELA abasebenzisi abengeziwe bangangezwa ne-user_ =
# Ukugunyazwa, vula ama-ACL
authorizer.class.name=kafka.security.authorizer.AclAuthorizer
superusers=User:admin
Ukusetha Uhlu Lokulawula Ukufinyelela (ACLs)
Ivula ama-ACL ku-localhost
Isithonjana Sesixwayiso Sikagesi  ISEXWAYISO: Kufanele siqale simise ama-ACL okusingatha indawo, ukuze i-Control Center ngokwayo isakwazi ukufinyelela i-Kafka. Uma lokhu kungenziwa, izinto zizophuka.
######### ACLs okufakiwe kubasebenzisi abangaziwa
/usr/lib/kafka/bin/kafka-acls.sh \
-authorizer kafka.security.authorizer.AclAuthorizer \
-authorizer-properties zookeeper.connect=localhost:2181 \
–add –allow-principal User: ANONYMOUS –allow-host 127.0.0.1 –cluster
/usr/lib/kafka/bin/kafka-acls.sh \
-authorizer kafka.security.authorizer.AclAuthorizer \
-authorizer-properties zookeeper.connect=localhost:2181 \
-engeza -vumela-oyinhloko Umsebenzisi: ANONYMOUS -vumela-umsingathi 127.0.0.1 -isihloko '*'
/usr/lib/kafka/bin/kafka-acls.sh \
-authorizer kafka.security.authorizer.AclAuthorizer \
-authorizer-properties zookeeper.connect=localhost:2181 \
–add –allow-principal User: ANONYMOUS –allow-host 127.0.0.1 –group ‘*’
Sibe sesidinga ukunika amandla ama-ACL ukuze afinyelele ekufundeni kuphela, ukuze abasebenzisi bangaphandle bavunyelwe ukufunda izihloko ze-paa.public.*.
QAPHELA: Ukuze uthole olunye ulawulo oluhle, sicela ubheke amadokhumenti e-Kafka asemthethweni.
######### ACLs okufakiwe kubasebenzisi bangaphandle
/usr/lib/kafka/bin/kafka-acls.sh \
-authorizer kafka.security.authorizer.AclAuthorizer \
-authorizer-properties zookeeper.connect=localhost:2181 \
-engeza -vumela-uMsebenzisi oyinhloko:* -ukusebenza funda -kuchaza ukusebenza \
-iqembu 'NCC'
/usr/lib/kafka/bin/kafka-acls.sh \
-authorizer kafka.security.authorizer.AclAuthorizer \
-authorizer-properties zookeeper.connect=localhost:2181 \
-engeza -vumela-uMsebenzisi oyinhloko:* -ukusebenza funda -kuchaza ukusebenza \
-isihloko paa.public. -insiza-iphethini-uhlobo lwesiqalo
Uma usuqedile ngalokhu, udinga ukuqala kabusha izinsiza:
izinsiza ze-sudo ncc ziqala kabusha
Ukuze uqinisekise ukuthi iklayenti lingakwazi ukusungula uxhumano oluvikelekile, sebenzisa umyalo olandelayo kukhompuyutha yeklayenti yangaphandle (hhayi kuseva Yesikhungo Sokulawula). Ngezansi, i-PUBLIC_HOSTNAME igama likasokhaya Lesikhungo Sokulawula:
openssl s_client -debug -xhuma ${PUBLIC_HOSTNAME}:9093 -tls1_2 | grep "Ukuxoxisana Kabusha Okuvikelekile kusekelwa"
Ekuphumeni komyalo kufanele ubone isitifiketi seseva kanye nokulandelayo:
Ukuxoxisana Kabusha Okuvikelekile kusekelwa
Ukuqinisekisa ukuthi izinsiza zangaphakathi zinikezwe ukufinyelela kuseva ye-Kafka, sicela uhlole ilogu elandelayofiles:

  • /var/log/kafka/server.log
  • /var/log/kafka/kafka-authorizer.log

Ukuqinisekisa Ukuxhumana Kweklayenti Langaphandle
kafkacat
QAPHELA: Le miyalo kufanele isetshenziswe kukhompuyutha yeklayenti (hhayi kuseva Yesikhungo Sokulawula).
QAPHELA: Ukuze ubonise ulwazi lwamamethrikhi, qinisekisa ukuthi okungenani imonitha eyodwa iyasebenza ku-Control Center.
Ukuze uqinisekise futhi uqinisekise ukuxhumeka njengeklayenti langaphandle, kungenzeka ukusebenzisa insiza ye-kafkacat efakwe esigabeni “Ukuqinisekisa Ukuthi I-API Yokusakaza Isebenza Esikhungweni Sokulawula” ekhasini lesi-4.
Yenza lezi zinyathelo ezilandelayo:
QAPHELA: Ngezansi, u-CLIENT_USER umsebenzisi oshiwo ngaphambilini ku- file /etc/kafka/ server.properties in Control Center: namely, user_client and the password set there. The CA root certificate used to sign the server side SSL certificate must be present on the client.
Dala a file client.properties nokuqukethwe okulandelayo:
security.protocol=SASL_SSL
ssl.ca.location={PATH_TO_CA_CERT}
sasl.mechanisms=PLAIN
sasl.username={CLIENT_USER}
sasl.password={CLIENT_PASSWORD}
lapho

  • I-{PATH_TO_CA_CERT} indawo yesitifiketi sempande ye-CA esetshenziswa umthengisi we-Kafka
  • U-{CLIENT_USER} kanye no-{CLIENT_PASSWORD} yiziqinisekiso zomsebenzisi zeklayenti.
  • Qalisa umyalo olandelayo ukuze ubone umlayezo odliwe yi-kafkacat:

thekelisa i-KAFKA_FQDN=
thekelisa i-METRICS_TOPIC=paa.public.accounts. .amamethrikhi
kafkacat -b ${KAFKA_FQDN}:9093 -F client.properties -t ${METRICS_TOPIC} -C -e
lapho okuthi {METRICS_TOPIC} kuyigama lesihloko se-Kafka esinesiqalo esithi “paa.public.”.
QAPHELA: Izinguqulo ezindala ze-kafkacat azinikezi inketho -F yokufunda izilungiselelo zeklayenti ku-a file. Uma usebenzisa inguqulo enjalo, kufanele unikeze izilungiselelo ezifanayo ezivela emugqeni womyalo njengoba kukhonjisiwe ngezansi.
i-kafkacat -b ${KAFKA_FQDN}:9093 \
-X security.protocol=SASL_SSL \
-X ssl.ca.location={PATH_TO_CA_CERT} \
-X sasl.mechanisms=PLAIN \
-X sasl.username={CLIENT_USER} \
-X sasl.password={CLIENT_PASSWORD} \
-t ${METRICS_TOPIC} -C -e
Ukuze ulungise ukuxhumana, ungasebenzisa inketho -d:
Lungisa ukuxhumana kwabathengi
kafkacat -d umthengi -b ${KAFKA_FQDN}:9093 -F client.properties -t ${METRICS_TOPIC} -C -e
# Lungisa iphutha lokuxhumana nomthengisi
kafkacat -d broker -b ${KAFKA_FQDN}:9093 -F client.properties -t ${METRICS_TOPIC} -C -e
Qiniseka ukuthi ubhekisela kumadokhumenti omtapo wezincwadi weklayenti le-Kafka osebenzayo, njengoba izakhiwo zingahluka kulezo eziku-client.properties.
Ifomethi yomlayezo
The messages used for the metrics and metadata topics are serialized in the Protocol buffers (protobuf)format (see developers.google.com/protocol-buffers). Izikimu zale milayezo zihambisana nefomethi elandelayo:
I-Metrics Protobuf Schema
i-syntax = “proto3”;
ngenisa “google/protobuf/timestamp.proto”;
iphakheji paa.streamingapi;
inketho go_package = “.;paa_streamingapi”;
umlayezo we-Metrics {
google.protobuf.Timestamp izikhathiamp = 1;
imephu amanani = 2;
int32 stream_id = 3;
}
/**
* Inani lemethrikhi lingaba inombolo ephelele noma i-float.
*/
umlayezo we-MetricValue {
olunye lohlobo {
int64 int_val = 1;
iflothi_val = 2;
}
}
I-Metadata Protobuf Schema
i-syntax = “proto3”;
iphakheji paa.streamingapi;
inketho go_package = “.;paa_streamingapi”;
Imethadatha yomlayezo {
int32 stream_id = 1;
string stream_name = 2;
imephu tags = 13;
}
Iklayenti ExampLes
QAPHELA: Le miyalo ihloselwe ukusebenza kwiklayenti langaphandle, isiboneloampsebenzisa i-laptop yakho noma okufanayo, hhayi ku-Control Center.
QAPHELA: Ukuze kuboniswe ulwazi lwamamethrikhi, qiniseka ukuthi okungenani imonitha eyodwa iyasebenza Esikhungweni Sokulawula.
I-tarball Yesikhungo Sokulawula ihlanganisa ingobo yomlando i-paa-streaming-api-client-examples.tar.gz (iklayenti-examples), equkethe i-exampIskripthi se-Python esibonisa indlela yokusebenzisa i-Streaming API.
Ukufaka kanye Nokumisa Iklayenti ExampLes
Uthola iklayenti-examples in the Routing Active Testing Control Center folder:
thekelisa CC_VERSION=4.6.0
cd ./paa-control-center_${CC_VERSION}
ls paa-streaming-api-client-exampkancane*
Ukufaka iklayenti-exampkukhompyutha yakho yeklayenti yangaphandle, qhubeka kanje:
# Dala inkomba yokukhipha okuqukethwe kweklayenti exampi-tarball
mkdir paa-streaming-api-client-exampLes
# Khipha okuqukethwe kweklayenti exampi-tarball
i-tar xzf paa-streaming-api-client-examples.tar.gz -C paa-streaming-api-client-exampLes
# Iya kunkomba esanda kwakhiwa
cd paa-streaming-api-client-exampLes
iklayenti-isibampi-les idinga ukuthi i-Docker isebenze. Imiyalo yokulandwa kanye nokufaka i-Docker ingatholakala kokuthi https://docs.docker.com/engine/install.
Ukusebenzisa iKlayenti ExampLes
Iklayenti-exampLes amathuluzi angasebenza kumodi eyisisekelo noma ethuthukisiwe yokwakha i-exampubunkimbinkimbi obuhlukahlukene. Kuzo zombili izimo, kungenzeka futhi ukusebenzisa i-exampkancane ngokucushwa file equkethe izakhiwo ezengeziwe zokwenziwa ngokwezifiso okwengeziwe kohlangothi lweklayenti.
Imodi Eyisisekelo
Kumodi eyisisekelo, amamethrikhi kanye nemethadatha yakhona kusakazwa ngokuhlukene. Kulokhu, iklayenti lilalela isihloko ngasinye se-Kafka esitholakalayo ukuze sifinyeleleke ngaphandle futhi limane liphrinte imilayezo etholiwe kukhonsoli.
Ukuze uqale ukubulawa kwe-ex eyisisekeloamples, run:
./build.sh run-basic –kafka-brokers localhost:9092 –account ACCOUNT_SHORTNAME
lapho i-ACCOUNT_SHORTNAME kuyigama elifushane le-akhawunti ofuna ukuthola kuyo amamethrikhi.
Ukumisa ukukhishwa kwe-example, cindezela u-Ctrl + C. (Kungase kube khona ukubambezeleka okuncane ngaphambi kokuthi kume ukusebenza ngoba iklayenti lilinda umcimbi wokuvala isikhathi.)
Imodi Ethuthukisiwe
QAPHELA: Amamethrikhi aboniswa kuphela kumamonitha e-HTTP asebenza ku-Control Center.
Ukusebenzisa kumodi ethuthukisiwe kubonisa ukuhlobana phakathi kwamamethrikhi nemilayezo yemethadatha. Lokhu kungenzeka ngenxa yokuba khona kumlayezo wemethrikhi ngamunye wenkambu ye-id yokusakaza ebhekisela kumlayezo wemethadatha ohambisanayo.
Ukuze usayine i-ex ethuthukisiweamples, run:
./build.sh run-advanced –kafka-brokers localhost:9092 –account ACCOUNT_SHORTNAME
lapho i-ACCOUNT_SHORTNAME kuyigama elifushane le-akhawunti ofuna ukuthola kuyo amamethrikhi.
Ukumisa ukukhishwa kwe-example, cindezela u-Ctrl + C. (Kungase kube khona ukubambezeleka okuncane ngaphambi kokuthi kume ukusebenza ngoba iklayenti lilinda umcimbi wokuvala isikhathi.)
Izilungiselelo Ezengeziwe
Kungenzeka ukugijima i-exampkancane ngokucushwa okwengeziwe kweklayenti kusetshenziswa i- -config-file inketho elandelwa ngu-a file Igama eliqukethe izakhiwo efomini elithi key=value.
./build.sh run-advanced \
-kafka-brokers localhost:9092 \
-i-akhawunti ACCOUNT_SHORTNAME \
-config-file client_config.properties
QAPHELA: Konke fileOkubalulwe emyalweni ongenhla kufanele kube kuhla lwemibhalo lwamanje futhi kubhekiselwe kusetshenziswa izindlela ezihlobene kuphela. Lokhu kusebenza kokubili ku- -config-file i-agumenti nakho konke okufakiwe ekucushweni file ezichazayo file izindawo.
Ukuqinisekisa Ukuqinisekiswa Kwekhasimende Langaphandle
Ukuze uqinisekise ukuqinisekiswa kweklayenti ngaphandle kweSikhungo Sokulawula usebenzisa i-client-examples, yenza lezi zinyathelo ezilandelayo:

  • From the Routing Active Testing Control Center folder, switch to the paa-streaming-api-client-exampifolda encane:
    cd paa-streaming-api-client-exampLes
  • Kopisha isitifiketi sempande ye-CA kuhla lwemibhalo lwamanje.
  • Dala i-client.properties file nokuqukethwe okulandelayo:
    security.protocol=SASL_SSL
    ssl.ca.location=ca-cert
    sasl.mechanism=PLAIN
    sasl.username={CLIENT_USER}
    sasl.password={CLIENT_PASSWORD}
    lapho u-{CLIENT_USER} kanye no-{CLIENT_PASSWORD} kuyiziqinisekiso zomsebenzisi zeklayenti.
  • Qalisa i-ex eyisisekeloampkancane:
    thekelisa i-KAFKA_FQDN=
    ./build.sh run-basic –kafka-brokers ${KAFKA_FQDN}:9093 \
    –i-akhawunti ACCOUNT_SHORTNAME
    -config-file izakhiwo.zeklayenti
    lapho i-ACCOUNT_SHORTNAME kuyigama elifushane le-akhawunti ofuna ukuthola kuyo amamethrikhi.
  • Qalisa i-ex ethuthukisiweampkancane:
    thekelisa i-KAFKA_FQDN=
    ./build.sh run-advanced –kafka-brokers ${KAFKA_FQDN}:9093 \
    –i-akhawunti ACCOUNT_SHORTNAME
    -config-file izakhiwo.zeklayenti

Isithasiselo

Kulesi sithasiselo sichaza indlela yokudala:

  • i-keystore file ukuze ugcine isitifiketi se-SSL somthengisi we-Kafka
  • i-truststore file ukuze kugcinwe isitifiketi sempande Yesigunyazo Sesitifiketi (CA) esisetshenziselwa ukusayina isitifiketi somthengisi we-Kafka.

Ukudala Isitifiketi Se-Kafka Broker
Ukudala Isitifiketi Ngokusebenzisa Iziphathimandla Zesitifiketi Sangempela (Kunconyiwe)
Kunconywa ukuthi uthole isitifiketi sangempela se-SSL esivela ku-CA ethembekile.
Uma usunqume nge-CA, kopisha i-ca-cert yesitifiketi sabo sempande ye-CA file endleleni yakho njengoba kukhonjisiwe ngezansi:
thekelisa i-CA_PATH=~/my-ca
mkdir ${CA_PATH}
cp ca-cert ${CA_PATH}
Dala Isiphathimandla Sakho Sesitifiketi
QAPHELA: Ngokujwayelekile kufanele isitifiketi sakho sisayinwe yi-real Certificate Authority; bheka isigatshana esandulele. Okulandelayo yi-ex njeample.
Lapha sakha esethu isitifiketi sempande Yesitifiketi Segunya (CA). file isebenza izinsuku ezingama-999 (akunconyiwe ekukhiqizeni):
# Dala inkomba yokugcina i-CA
thekelisa i-CA_PATH=~/my-ca
mkdir ${CA_PATH}
# Khiqiza isitifiketi se-CA
openssl req -new -x509 -keyout ${CA_PATH}/ca-key -out ${CA_PATH}/ca-cert -days 999
Ukudala i-Client Truststore
Manje ungakha i-truststore file equkethe i-ca-cert ekhiqizwe ngenhla. Lokhu file will be needed by the Kafka client that will access the Streaming API: keytool -keystore kafka.client.truststore.jks \
-igama elithi CARoot \
-ngenisayo -file ${CA_PATH}/ca-cert
Manje njengoba isitifiketi se-CA siku-truststore, iklayenti lizothemba noma yisiphi isitifiketi esisayinwe ngaso.
Kufanele ukopishe ifayela file kafka.client.truststore.jks endaweni eyaziwayo kukhompuyutha yakho yeklayenti bese ukhomba kuyo kuzilungiselelo.
Ukudala i-Keystore ye-Kafka Broker
Ukuze ukhiqize isitifiketi se-SSL somthengisi we-Kafka kanye nesitolo sokhiye kafka.server.keystore.jks, qhubeka kanje:
Ukukhiqiza Isitifiketi se-SSL
Use these commands to generate the SSL certificate. Below, 999 is the number of days of validity of the keystore.
sudo mkdir -p /var/ssl/private
sudo chown -R $USER: /var/ssl/private
cd /var/ssl/private
export CC_IP=<Control Center IP>
keytool -keystore kafka.server.keystore.jks \
iseva ye-alias \
- ubuqiniso 999 \
-genkey -keyalg RSA -ext SAN=ip:${CC_IP}
To verify the SSL certificate, you can use the following command:
keytool -v -list -keystore kafka.server.keystore.jks -alias server
You should ensure that the port 9093 is accessible from external clients.
Dala isicelo sokusayina isitifiketi futhi usigcine ku- file okuqanjwe i-cert-server-sicelo:
keytool -keystore kafka.server.keystore.jks \
iseva ye-alias \
-certreq \
-file isicelo-cert-server
Manje kufanele uthumele i- file isicelo se-cert-server-kuMphathi Wesitifiketi sakho (CA) uma usebenzisa esangempela. Bazobe sebebuyisela isitifiketi esisayiniwe. Sizobhekisela kulokhu njenge-cert-server-esayinwe ngezansi.
Ukusayina Isitifiketi Se-SSL Ukusebenzisa Isitifiketi Se-CA Esizidalele Wena
QAPHELA: Futhi, ukusebenzisa i-CA yakho akunconyiwe ohlelweni lokukhiqiza.
Sayina isitifiketi usebenzisa i-CA ngokusebenzisa i file cert-server-request, ekhiqiza isitifiketi esisayiniwe esisayinwe yi-cert-server-. Bona ngezansi; I-ca-password igama eliyimfihlo elibekwe lapho udala isitifiketi se-CA.
cd /var/ssl/private
openssl x509 -req \

  • -CA ${CA_PATH}/ca-cert \
  • -CAkey ${CA_PATH}/ca-key \
  • -kusicelo se-cert-server-
  • -ngaphandle kwe-cert-server-signed \
  • -izinsuku 999 -CAcreateserial \
  • -passin pass:{ca-password}

Ukungenisa Isitifiketi Esisayiniwe ku-Keystore
Ngenisa isitifiketi sempande ye-ca-cert ku-keystore:
keytool -keystore kafka.server.keystore.jks \
-isibizo se-ca-cert \
-ngenisa \
-file ${CA_PATH}/ca-cert
Ngenisa isitifiketi esisayiniwe esibizwa ngokuthi i-cert-server-signed:
keytool -keystore kafka.server.keystore.jks \
iseva ye-alias \
-ngenisa \
-file i-cert-server-signed
I file kafka.server.keystore.jks kufanele ikopishelwe endaweni eyaziwayo kuseva Yesikhungo Sokulawula, bese kubhekiselwa kuyo kokuthi /etc/kafka/server.properties.
Ukusebenzisa i-Streaming API

Okujwayelekile

I-API yokusakaza ilanda kokubili idatha yokuhlola neyokuqapha. Akwenzeki ukuhlukanisa esisodwa salezi zigaba.
I-API yokusakaza ayilandi idatha ekuhlolweni okusekelwe kuskripthi (lezo ezimelelwe unxande esikhundleni socezu lwejigsaw ku-GUI Yesikhungo Sokulawula), njengokuhlolwa kokuvula isevisi ye-Ethernet nokuhlola obala.

Kafka Isihloko Amagama

Amagama esihloko se-Kafka se-API yokusakaza ami kanje, lapho %s kuyigama elifushane le-akhawunti Yesikhungo Sokulawula (elikhonjiswa lapho kwakhiwa i-akhawunti):
const (
exporterName = "kafka"
metadataTopicTpl = “paa.public.accounts.%s.metadata”
metricsTopicTpl = “paa.public.accounts.%s.metrics”
)
ExampOkuncane Kokusebenzisa i-Streaming API
I-exampOkulandelayo kutholakala ku-tarball paa-streaming-api-client-examples.tar.gz equkethwe ngaphakathi kwe-tarball Yesikhungo Sokulawula.
Okokuqala, kukhona i-ex eyisisekeloample ebonisa ukuthi amamethrikhi kanye nemethadatha yakhona kusakazwa kanjani ngokuhlukene futhi kumane kuphrinte imilayezo etholiwe kukhonsoli. Ungayiqhuba kanje:
sudo ./build.sh run-basic –kafka-brokers localhost:9092 –account ACCOUNT_SHORTNAME There is also a more advanced example lapho amamethrikhi nemilayezo yemethadatha kuhlotshaniswa khona. Sebenzisa lo myalo ukuyiqhuba:
sudo ./build.sh run-advanced –kafka-brokers localhost:9092 –account ACCOUNT_SHORTNAME You need to use sudo to run Docker commands such as the ones above. Optionally, you can follow the Linux post-installation steps to be able to run Docker commands without sudo. For details, go to docs.docker.com/engine/install/linux-postinstall.
I-Juniper Networks, ilogo ye-Juniper Networks, i-Juniper, ne-Junos yizimpawu zokuthengisa ezibhalisiwe ze-Juniper Networks, Inc. e-United States nakwamanye amazwe. Zonke ezinye izimpawu zokuthengisa, izimpawu zesevisi, amamaki abhalisiwe, noma izimpawu zesevisi ezibhalisiwe ziyimpahla yabanikazi bazo. IJuniper Networks ayinaso isibopho sanoma yikuphi ukungalungi kulo mbhalo. I-Juniper Networks igodla ilungelo lokushintsha, ukulungisa, ukudlulisa, noma ukubuyekeza lokhu kushicilelwa ngaphandle kwesaziso. Copyright © 2025 Juniper Networks,
Inc. Wonke amalungelo agodliwe.

I-JUNIPER NETWORKS - ilogo

Amadokhumenti / Izinsiza

JUNIPER NETWORKS Routing Active Testing Solution Brief [pdf] Umhlahlandlela Womsebenzisi
Routing Active Testing Solution Brief, Active Testing Solution Brief, Testing Solution Brief, Solution Brief

Izithenjwa

Shiya amazwana

Ikheli lakho le-imeyili ngeke lishicilelwe. Izinkambu ezidingekayo zimakiwe *