java Kafka fips:BCFIPS无法升级到JAVA11
我有一个卡夫卡集群在FIPS模式下运行,配置如下
Brokers: 3, Zookeeper Nodes: 3
Kafka: 2.0.0, Scala: 2.12
Zookeeper: 3.4.14
Java - 8
bc-fips - 1.0.1
此群集运行正常,处于正常状态
目前我们已经升级了Kafka(2.4.0)和Java(11)版本,之后FIPS集群无法加载bc FIPS库并启动Kafka。新群集配置:
Brokers: 3, Zookeeper Nodes: 3
Kafka: 2.4.0, Scala: 2.12
Zookeeper: 3.4.14
Java - 11
bc-fips - 1.0.2
从目前的分析来看,问题似乎在于用新的JAVA版本加载bc fips jar(11),正如JAVA文档所说:
- JDK9之后,通过jre/lib/ext添加外部jar的支持被删除李>
- 在加载时向安全提供程序传递额外参数的功能被删除
因此,当我启动kafka服务时,它会出现以下错误:
org.apache.kafka.common.KafkaException: org.apache.kafka.common.KafkaException: java.security.NoSuchAlgorithmException: DEFAULT SecureRandom not available
at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:158)
at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:146)
at org.apache.kafka.common.network.ChannelBuilders.serverChannelBuilder(ChannelBuilders.java:85)
at kafka.network.Processor.<init>(SocketServer.scala:753)
at kafka.network.SocketServer.newProcessor(SocketServer.scala:394)
at kafka.network.SocketServer.$anonfun$addDataPlaneProcessors$1(SocketServer.scala:279)
at scala.collection.immutable.Range.foreach$mVc$sp(Range.scala:158)
at kafka.network.SocketServer.addDataPlaneProcessors(SocketServer.scala:278)
at kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1(SocketServer.scala:241)
at kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1$adapted(SocketServer.scala:238)
at scala.collection.mutable.ResizableArray.foreach(ResizableArray.scala:62)
at scala.collection.mutable.ResizableArray.foreach$(ResizableArray.scala:55)
at scala.collection.mutable.ArrayBuffer.foreach(ArrayBuffer.scala:49)
at kafka.network.SocketServer.createDataPlaneAcceptorsAndProcessors(SocketServer.scala:238)
at kafka.network.SocketServer.startup(SocketServer.scala:121)
at kafka.server.KafkaServer.startup(KafkaServer.scala:263)
at kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:44)
at kafka.Kafka$.main(Kafka.scala:84)
at kafka.Kafka.main(Kafka.scala)
Caused by: org.apache.kafka.common.KafkaException: java.security.NoSuchAlgorithmException: DEFAULT SecureRandom not available
at org.apache.kafka.common.security.ssl.SslEngineBuilder.createSecureRandom(SslEngineBuilder.java:126)
at org.apache.kafka.common.security.ssl.SslEngineBuilder.<init>(SslEngineBuilder.java:86)
at org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:95)
at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:154)
... 18 more
Caused by: java.security.NoSuchAlgorithmException: DEFAULT SecureRandom not available
at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at java.base/java.security.SecureRandom.getInstance(SecureRandom.java:364)
at org.apache.kafka.common.security.ssl.SslEngineBuilder.createSecureRandom(SslEngineBuilder.java:124)
... 21 more
[2020-05-18 11:59:39,646] INFO [KafkaServer id=48] shutting down (kafka.server.KafkaServer)
注意:如上所述,相同的配置适用于java-8
任何帮助都将不胜感激
# 1 楼答案
好的,我在下面的设置中得到了这个
Java:11.0.7
BCFIPS:bc-fips-1.0.2。罐子
在kafka lib目录中添加bcfips jar:<-卡夫卡根目录->/libs/bc-fips-1.0.2。罐子
然后启动卡夫卡服务器,它将加载bcfips jar