Python中文网

一个关于 编程问题的解答网站.

有 Java 编程相关的问题?

你可以在下面搜索框中键入要查询的问题!

java Kafka fips:BCFIPS无法升级到JAVA11

8 月,2 周 Questions & Answers

我有一个卡夫卡集群在FIPS模式下运行,配置如下

Brokers: 3, Zookeeper Nodes: 3
Kafka: 2.0.0, Scala: 2.12
Zookeeper: 3.4.14
Java - 8
bc-fips - 1.0.1

此群集运行正常,处于正常状态

目前我们已经升级了Kafka(2.4.0)和Java(11)版本,之后FIPS集群无法加载bc FIPS库并启动Kafka。新群集配置:

Brokers: 3, Zookeeper Nodes: 3
Kafka: 2.4.0, Scala: 2.12
Zookeeper: 3.4.14
Java - 11
bc-fips - 1.0.2

从目前的分析来看,问题似乎在于用新的JAVA版本加载bc fips jar(11),正如JAVA文档所说:

  • JDK9之后,通过jre/lib/ext添加外部jar的支持被删除
  • 在加载时向安全提供程序传递额外参数的功能被删除

因此,当我启动kafka服务时,它会出现以下错误:

org.apache.kafka.common.KafkaException: org.apache.kafka.common.KafkaException: java.security.NoSuchAlgorithmException: DEFAULT SecureRandom not available
    at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:158)
    at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:146)
    at org.apache.kafka.common.network.ChannelBuilders.serverChannelBuilder(ChannelBuilders.java:85)
    at kafka.network.Processor.<init>(SocketServer.scala:753)
    at kafka.network.SocketServer.newProcessor(SocketServer.scala:394)
    at kafka.network.SocketServer.$anonfun$addDataPlaneProcessors$1(SocketServer.scala:279)
    at scala.collection.immutable.Range.foreach$mVc$sp(Range.scala:158)
    at kafka.network.SocketServer.addDataPlaneProcessors(SocketServer.scala:278)
    at kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1(SocketServer.scala:241)
    at kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1$adapted(SocketServer.scala:238)
    at scala.collection.mutable.ResizableArray.foreach(ResizableArray.scala:62)
    at scala.collection.mutable.ResizableArray.foreach$(ResizableArray.scala:55)
    at scala.collection.mutable.ArrayBuffer.foreach(ArrayBuffer.scala:49)
    at kafka.network.SocketServer.createDataPlaneAcceptorsAndProcessors(SocketServer.scala:238)
    at kafka.network.SocketServer.startup(SocketServer.scala:121)
    at kafka.server.KafkaServer.startup(KafkaServer.scala:263)
    at kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:44)
    at kafka.Kafka$.main(Kafka.scala:84)
    at kafka.Kafka.main(Kafka.scala)
Caused by: org.apache.kafka.common.KafkaException: java.security.NoSuchAlgorithmException: DEFAULT SecureRandom not available
    at org.apache.kafka.common.security.ssl.SslEngineBuilder.createSecureRandom(SslEngineBuilder.java:126)
    at org.apache.kafka.common.security.ssl.SslEngineBuilder.<init>(SslEngineBuilder.java:86)
    at org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:95)
    at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:154)
    ... 18 more
Caused by: java.security.NoSuchAlgorithmException: DEFAULT SecureRandom not available
    at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
    at java.base/java.security.SecureRandom.getInstance(SecureRandom.java:364)
    at org.apache.kafka.common.security.ssl.SslEngineBuilder.createSecureRandom(SslEngineBuilder.java:124)
    ... 21 more
[2020-05-18 11:59:39,646] INFO [KafkaServer id=48] shutting down (kafka.server.KafkaServer)

注意:如上所述,相同的配置适用于java-8

任何帮助都将不胜感激


共 (1) 个答案

  1. # 1 楼答案

    好的,我在下面的设置中得到了这个

    Java:11.0.7

    BCFIPS:bc-fips-1.0.2。罐子

    在kafka lib目录中添加bcfips jar:<-卡夫卡根目录->/libs/bc-fips-1.0.2。罐子

    然后启动卡夫卡服务器,它将加载bcfips jar