以下文章來源于DBAplus社群 康愤,作者小火牛
DBAplus社群
圍繞Database儡循、Bigdata、AiOps的企業(yè)級專業(yè)社群征冷。頂級大咖择膝、技術(shù)干貨,每天精品原創(chuàng)文章推送检激,每周線上技術(shù)分享肴捉,每月線下技術(shù)沙龍,受眾20W+呵扛。
Kafka概念
Kafka是分布式發(fā)布-訂閱消息系統(tǒng)。它最初由LinkedIn公司開發(fā)筐带,之后成為Apache項目的一部分今穿。Kafka是一個分布式的、可劃分的伦籍、冗余備份的蓝晒、持久性的日志服務(wù)。它主要用于處理活躍的流式數(shù)據(jù)帖鸦。分布式系統(tǒng)芝薇,易于向外擴展。所有的producer作儿、broker和consumer都會有多個洛二,均為分布式的。無需停機即可擴展機器攻锰。
Kafka設(shè)計方案
消息持久化及其緩存
磁盤性能:在傳統(tǒng)的磁盤寫入很慢晾嘶,因為它使用隨機寫入50k/s(6個7200轉(zhuǎn)的sata硬盤組成的raid-5),但是線性寫入速度有300ms/s的速度娶吞,所以Kafka利用線性寫入的方式垒迂。
線性寫入:將數(shù)據(jù)調(diào)用操作系統(tǒng)文件接口寫到文件系統(tǒng)里面去這樣就緩存到操作系統(tǒng)的頁面緩存中,然后傳統(tǒng)意思來說將其flush一下到磁盤中妒蛇,但是Kafka并沒有這樣机断,而是保存在頁面緩存中(相當(dāng)于放在內(nèi)存當(dāng)中)并沒有進行flush操作楷拳,這樣他就會提供比較高的讀的性能,下次讀就從內(nèi)核頁面緩存中讀數(shù)據(jù)吏奸,但是內(nèi)存中存儲數(shù)量不是無限大的欢揖,所以我們配置參數(shù)(每當(dāng)接收到N條信息或者每過M秒),進行一個flush操作苦丁,從而可以為系統(tǒng)硬件崩潰時“處于危險之中”的數(shù)據(jù)在量上加個上限浸颓。
Kafka的緩存不是在內(nèi)存中保存盡可能多的數(shù)據(jù)并在需要時將這些數(shù)刷新到文件系統(tǒng),而是做完全相反的事情旺拉,將所有的數(shù)據(jù)立即寫入文件系統(tǒng)中的持久化的日志中产上,但不進行刷新數(shù)據(jù)的調(diào)用,實際這么做意味著數(shù)據(jù)被傳輸?shù)給s內(nèi)核的頁面緩存中去了蛾狗,隨后在根據(jù)配置刷新到硬盤晋涣。
Kafka安裝
安裝優(yōu)化主要修改config目錄下的server.properties文件,需要修改的參數(shù)值主要有 broker.id沉桌、host.name谢鹊、log.dirs。
brokerid是對Kafka集群各個節(jié)點的一個標(biāo)識留凭,比如xx.xxx.xx.1 當(dāng)做節(jié)點一佃扼,則brokerid=1;xx.xxx.xx.2 當(dāng)做節(jié)點二蔼夜,則brokerid=2 兼耀;host.name需要配置的是本機ip或者主機名映射。如下圖:
log.dirs是配置Kafka數(shù)據(jù)日志的本地磁盤求冷。
生產(chǎn)集群中瘤运,我們還需要配置Kafka進程的啟動內(nèi)存,通過配置kafka-server-start.sh匠题,分配10g內(nèi)存拯坟,5g初始化內(nèi)存。如下圖:
啟動Kafka集群并檢查zk路徑上Kafka節(jié)點是否全部上線韭山。
Kafka優(yōu)化
以下為實際生產(chǎn)集群Kafka優(yōu)化配置項郁季,標(biāo)紅部分為權(quán)限控制配置,后續(xù)會有專門一章來描述钱磅。
下面兩個參數(shù)巩踏,如果在生產(chǎn)集群中寫死了無法批量修改配置。
broker.id=2
listeners=SASL_PLAINTEXT://hosip:9092
可以按如下配置续搀,將自動生成brokeid塞琼,自動識別host.name。
broker.id=2
listeners=SASL_PLAINTEXT://:9092
zookeeper.connect=zkip1:2181,zkip2:2181,zkip3:2181/kafka
Timeout in ms for connecting to zookeeper
delete.topic.enable=true
zookeeper.connection.timeout.ms=60000
zookeeper.session.timeout.ms=60000
controlled.shutdown.enable=true
很重要
unclean.leader.election.enable=true
auto.create.topics.enable=false
副本拉取線程數(shù)
num.replica.fetchers=4
auto.leader.rebalance.enable=true
leader.imbalance.per.broker.percentage=10
leader.imbalance.check.interval.seconds=3600
副本拉取的最小大小1mb
replica.fetch.min.bytes=1
副本拉取的最大大小20mb
replica.fetch.max.bytes=20971520
多長時間拉取一次副本
replica.fetch.wait.max.ms=500
超過多長時間副本退出isr
replica.socket.timeout.ms=60000
replica.fetch.wait.max.ms=1000
緩存大小
replica.socket.receive.buffer.bytes=131072
num.network.threads=7
num.io.threads=13
每當(dāng)producer寫入10000條消息時禁舷,刷數(shù)據(jù)到磁盤
log.flush.interval.messages=10000
每間隔1秒鐘時間彪杉,刷數(shù)據(jù)到磁盤
log.flush.interval.ms=1000
socket.receive.buffer.bytes=1048576
socket.send.buffer.bytes=1048576
queued.max.requests=10000
sasl.enabled.mechanisms=PLAIN
sasl.mechanism.inter.broker.protocol=PLAIN
allow.everyone.if.no.acl.found=false
super.users=User:admin
authorizer.class.name = kafka.security.auth.SimpleAclAuthorizer
security.inter.broker.protocol=SASL_PLAINTEXT
Kafka常用操作
啟動Kafka進程:
nohup kafka-server-start.sh /usr/local/kafka/config/server.properties >/dev/null 2>&1 & 注意
創(chuàng)建主題:
$KAFKA_HOME/bin/kafka-topics.sh --create --topic logstash-yarnnodelog --replication-factor 3 --partitions 9 --zookeeper zkip:2181/kafka
主題列表:
$KAFKA_HOME/bin/kafka-topics.sh --list --zookeeper zkip:2181
啟動消費者進程:
$KAFKA_HOME/bin/kafka-console-consumer.sh --zookeeper zkip:2181 --topic topic-test --from-beginning
kafka-console-consumer.sh --bootstrap-server brokerip:9092 --from-beginning --topic logstash --new-consumer --consumer.config=/opt/beh/core/kafka/config/consumer.properties
啟動生產(chǎn)者進程:
$KAFKA_HOME/bin/kafka-console-producer.sh --broker-list brokerip:9092 --topic topic-test
刪除主題:
$KAFKA_HOME/bin/kafka-topics.sh --zookeeper zkip:2181 --delete --topic topic-test
描述主題:
$KAFKA_HOME/bin/kafka-topics.sh --describe --zookeeper zkip:2181/ --topic test20160807
Kafka權(quán)限控制
配置服務(wù)端權(quán)限控制屬性server.properties:
vi /opt/beh/core/kafka/config/server.properties
修改brokerid
zookeeper.connect=zkip1:2181, zkip2:2181, zkip3:2181
Timeout in ms for connecting to zookeeper
zookeeper.connection.timeout.ms=6000
listeners=SASL_PLAINTEXT://:9092
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.enabled.mechanisms=PLAIN
sasl.mechanism.inter.broker.protocol=PLAIN
auto.create.topics.enable=false
allow.everyone.if.no.acl.found=false
delete.topic.enable=true
super.users=User:admin
authorizer.class.name = kafka.security.auth.SimpleAclAuthorizer
配置服務(wù)端權(quán)限控制用戶:
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin"
user_admin="admin"
user_hadoop="hadoop"
user_producer1="producer1_test"
user_consumer1="consumer1_test"
user_producer2="producer2_test"
user_consumer2="consumer2_test";
};
配置客戶端權(quán)限控制用戶:
vi kafka_client_consumer_jaas.conf
KafkaClient {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="consumer1"
password="consumer1_test";
};
Vi kafka_client_producer_jaas.conf
KafkaClient {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="producer1"
password="producer1_test";
};
配置生產(chǎn)及消費權(quán)限控制屬性producer.properties:
consumer.properties
echo security.protocol=SASL_PLAINTEXT >> producer.properties
echo sasl.mechanism=PLAIN >> producer.properties
echo security.protocol=SASL_PLAINTEXT >> consumer.properties
echo sasl.mechanism=PLAIN >> consumer.properties
vi producer.properties
security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
vi consumer.properties
security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
配置服務(wù)端啟動腳本:
/opt/beh/core/kafka/bin/
vi server-start
export KAFKA_OPTS="-Djava.security.auth.login.config=/opt/beh/core/kafka/config/kafka_server_jaas.conf"
nohup kafka-server-start.sh /opt/beh/core/kafka/config/server.properties &
配置生產(chǎn)消費運行腳本:
vi kafka-console-producer.sh
if [ "x$KAFKA_OPTS" ]; then
export KAFKA_OPTS="-Djava.security.auth.login.config=/opt/beh/core/kafka/config/kafka_client_jaas.conf"
fi
if [ "x$KAFKA_HEAP_OPTS" = "x" ]; then
export KAFKA_HEAP_OPTS="-Xmx512M"
fi
exec 0)/kafka-run-class.sh kafka.tools.ConsoleProducer "$@"
vi kafka-console-consumer.sh
if [ "x$KAFKA_OPTS" ]; then
export KAFKA_OPTS="-Djava.security.auth.login.config=/opt/beh/core/kafka/config/kafka_client_jaas.conf"
fi
if [ "x$KAFKA_HEAP_OPTS" = "x" ]; then
export KAFKA_HEAP_OPTS="-Xmx512M"
fi
exec 0)/kafka-run-class.sh kafka.tools.ConsoleConsumer "$@"
賦權(quán)命令
未賦予任何權(quán)限時:
測試命令:
啟動服務(wù):
nohup kafka-server-start.sh /opt/beh/core/kafka/config/server.properties &
確認(rèn)環(huán)境無授權(quán)信息:
kafka-acls.sh --list --authorizer-properties zookeeper.connect=localhost:2181
賦予某個用戶處理集群的權(quán)限:
kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --allow-principal User:admin --operation ClusterAction --cluster --add (更新metedata權(quán)限)
kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --allow-principal User:admin --cluster --add
創(chuàng)建主題:
$KAFKA_HOME/bin/kafka-topics.sh --create --topic topic-test1 --replication-factor 2 --partitions 4 --zookeeper localhost:2181
賦予topic權(quán)限:
kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:Bob --allow-principal User:Alice --allow-host xxx.xx.xx.0 --allow-host xxx.xx.xx.1 --operation Read --operation Write --topic Test-topic
- 指定主題指定用戶 -
為主題賦予某個用戶的生產(chǎn)權(quán)限:
kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --allow-principal User:producer1 --topic=topic-test --operation Write --add
kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --allow-principal User:producer1 --topic=test1 --operation Write --add
為主題賦予某個用戶在所有消費者組下消費*權(quán)限:
kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --allow-principal User:producer1 --consumer --topic=topic-test --group=* --add
為主題賦予某個用戶在某個消費者組下消費*權(quán)限:
kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --allow-principal User:hadoop --consumer --topic=topic-test1 --group=test-consumer-group --add
- 指定主題全部用戶 -
為主題賦予全部用戶的生產(chǎn)權(quán)限:
kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --allow-principal User:* --producer --topic=topic-test1 --add
為主題賦予全部用戶在所有消費者組下消費*權(quán)限:
kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --allow-principal User:* --consumer --topic=topic-test1 --group=* --add
為主題賦予全部用戶在某個消費者組下消費*權(quán)限:
kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --allow-principal User:* --consumer --topic=topic-test1 --group=test-consumer-group --add
- 所有主題指定用戶 -
為所有主題賦予某個用戶的生產(chǎn)權(quán)限:
kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --allow-principal User:producer1 --topic=* --operation Write --add
為所有主題賦予某個用戶在某個消費者組消費權(quán)限:
kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --allow-principal User:hadoop --consumer --topic=* --group=test-consumer-group --add
為所有主題賦予某個用戶在全部消費者組消費權(quán)限:
kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --allow-principal User:hadoop --consumer --topic=* --group=* --add
- 所有主題全部用戶 -
為所有主題賦予全部用戶的生產(chǎn)權(quán)限:
kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --allow-principal User:* --topic=* --operation Write --add
為所有主題賦予全部用戶在某個消費者組消費權(quán)限:
kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --allow-principal User:* --consumer --topic=* --group=topic-test --add
為所有主題賦予全部用戶在全部消費者組消費權(quán)限:
kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --allow-principal User:* --consumer --topic=* --group=* --add
移除權(quán)限:
bin/kafka-acls.sh --authorizer-properties zookeeper.connect=data-rt-dev02:2181/kafka_test10 --remove --allow-principal User:Bob --allow-principal User:Alice --allow-host xxx.xx.xx.0 --allow-host xxx.xx.xx.1 --operation Read --operation Write --topic test
查看權(quán)限:
查看所有用戶的所有權(quán)限:
kafka-acls.sh --list --authorizer-properties zookeeper.connect=localhost:2181
查看某個用戶所擁有的權(quán)限:
kafka-acls.sh --list --authorizer-properties zookeeper.connect=localhost:2181 User:hadoop
查看某個主題所擁有的權(quán)限:
kafka-acls.sh --list --authorizer-properties zookeeper.connect=localhost:2181 --topic=topic-test1
生產(chǎn)消費測試
啟動生產(chǎn)者:
$KAFKA_HOME/bin/kafka-console-producer.sh --broker-list broker1:9092 --topic topic-test --producer.config=/opt/beh/core/kafka/config/producer.properties
啟動消費者:
kafka-console-consumer.sh --bootstrap-server broker1:9092 --from-beginning --topic topic-test --new-consumer --consumer.config=/opt/beh/core/kafka/config/consumer.properties
Kafka權(quán)限控制的java代碼示例:
put("sasl.jaas.config", "org.apache.kafka.common.security.plain.PlainLoginModule required username="consumer1" password="consumer1_test";");
put("security.protocol", "SASL_PLAINTEXT");
put("sasl.mechanism", "PLAIN");
Kafka維護存儲均衡
評估數(shù)據(jù)量:要求研發(fā)提前評估topic一個周期全量的數(shù)據(jù)大小毅往。
計算磁盤總存儲:如一塊盤825g,一個節(jié)點20快盤派近,10個節(jié)點攀唯。那么磁盤總存儲就是165000g。
預(yù)估實際數(shù)據(jù)存儲占比:topic一個周期全量數(shù)據(jù)大小占磁盤總存儲的百分比渴丸,超過百分之六十侯嘀,即要求研發(fā)減少存儲周期。
計算磁盤總塊數(shù):一個節(jié)點20快盤谱轨,10個節(jié)點戒幔,總磁盤塊數(shù)200個。
合理預(yù)分區(qū):分區(qū)數(shù)量為磁盤總數(shù)的整數(shù)倍土童。如所有的topic總數(shù)據(jù)量為50000gb诗茎,磁盤個數(shù)為200,那么就可以設(shè)置總分區(qū)數(shù)為200,400,600.具體多少分區(qū)數(shù)視業(yè)務(wù)決定献汗。若分區(qū)數(shù)為400敢订,那么一個分區(qū)的大小約125g。例如某一個topic:cbss001的預(yù)估數(shù)據(jù)量是210g罢吃,那么通過計算可以將其分成兩個分區(qū)楚午。這樣根據(jù)Kafka副本落盤策略,各個主機磁盤就能保證最大限度的存儲均衡尿招。
Kafka常見故障處理
壞盤會導(dǎo)致節(jié)點宕掉矾柜,及時更換壞盤,重啟節(jié)點即可泊业。
unclean.leader.election.enable 該參數(shù)為true配置到topic中會引起消息重復(fù)消費把沼。但為false時啊易,會引起節(jié)點9092端口斷開連接吁伺,導(dǎo)致Kafka進程假死。
內(nèi)存溢出租谈,其會導(dǎo)致節(jié)點副本不能上線isr篮奄。
進程,文件數(shù)限制也會造成節(jié)點報錯割去,后續(xù)調(diào)優(yōu)中會給出優(yōu)化參數(shù)窟却。
flower副本不能及時同步leader副本,同步超時導(dǎo)致副本下線isr呻逆。
消費offset越界夸赫,這種情況首先重啟節(jié)點,若還是報錯咖城,則找到該offset越界的分區(qū)茬腿,刪除幾條message呼奢,再次查看。知道不報錯為止切平。
Kafka集群擴容下線節(jié)點
使用自動遷移工具
下面的示例將把foo1,foo2兩個主題的所有分區(qū)都遷移到新的broker機器5,6上握础。最后,foo1,foo2兩個主題的所有分區(qū)都厚在brokers 5,6上悴品。
vi topics-to-move.json
{"topics": [{"topic": "foo1"}, {"topic": "foo2"}], "version":1 }
bin/kafka-reassign-partitions.sh --zookeeper localhost:2181
--topics-to-move-json-file topics-to-move.json --broker-list "5,6" --generate Current partition replica assignment
{"version":1,
"partitions":[
{"topic":"foo1","partition":2,"replicas":[1,2]}, {"topic":"foo1","partition":0,"replicas":[3,4]}, {"topic":"foo2","partition":2,"replicas":[1,2]}, {"topic":"foo2","partition":0,"replicas":[3,4]}, {"topic":"foo1","partition":1,"replicas":[2,3]},{"topic":"foo2","partition":1,"replicas":[2,3]}
]
}
Proposed partition reassignment configuration
{"version":1,
"partitions":[
{"topic":"foo1","partition":2,"replicas":[5,6]},{"topic":"foo1","partition":0,"replicas":[5,6]},
{"topic":"foo2","partition":2,"replicas":[5,6]},{"topic":"foo2","partition":0,"replicas":[5,6]},
{"topic":"foo1","partition":1,"replicas":[5,6]},{"topic":"foo2","partition":1,"replicas":[5,6]}
]
}
工具生成了一個把主題foo1,foo2所有分區(qū)遷移到brokers 5,6上的計劃禀综。注意,分區(qū)遷移還沒有開始苔严。它只是告訴你當(dāng)前分配計劃和新計劃的提議定枷。為了防止萬一需要回滾,新的計劃應(yīng)該保存起來邦蜜。
新的調(diào)整計劃應(yīng)該保存成一個json文件(如:expand-cluster-reassignment.json)依鸥,并以–execute選項的方式,如下:
bin/kafka-reassign-partitions.sh --zookeeper localhost:2181 --reassignment-json-file expand-cluster-reassignment.json --execute
Current partition replica assignment
{"version":1,
"partitions":[
{"topic":"foo1","partition":2,"replicas":[1,2]}, {"topic":"foo1","partition":0,"replicas":[3,4]}, {"topic":"foo2","partition":2,"replicas":[1,2]}, {"topic":"foo2","partition":0,"replicas":[3,4]}, {"topic":"foo1","partition":1,"replicas":[2,3]}, {"topic":"foo2","partition":1,"replicas":[2,3]}
] }
Save this to use as the --reassignment-json-file option during rollback Successfully started reassignment of partitions
{"version":1,
"partitions":[
{"topic":"foo1","partition":2,"replicas":[5,6]}, {"topic":"foo1","partition":0,"replicas":[5,6]}, {"topic":"foo2","partition":2,"replicas":[5,6]}, {"topic":"foo2","partition":0,"replicas":[5,6]}, {"topic":"foo1","partition":1,"replicas":[5,6]}, {"topic":"foo2","partition":1,"replicas":[5,6]}
]
}
執(zhí)行驗證:–verify
bin/kafka-reassign-partitions.sh --zookeeper localhost:2181 --reassignment-json-file custom-reassignment.json --verify
Status of partition reassignment: Reassignment of partition [foo1,0]
completed successfully
Reassignment of partition [foo2,1]
completed successfully
Kafka日志保留周期設(shè)置
log.retention.bytes (一個topic的大小限制 =分區(qū)數(shù)*log.retention.bytes)
log.retention.minutes
log.retention.bytes和log.retention.minutes任意一個達到要求悼沈,都會執(zhí)行數(shù)據(jù)刪除
Kafka指定topic賦參
kafka-configs.sh --zookeeper zkip1:2181 --describe --entity-type topics --entity-name CdrNormal
Configs for topics:CdrNormal are retention.ms=86400000
Kafka集群監(jiān)控
Python腳本監(jiān)控Kafka存活節(jié)點:
!/usr/bin/python
coding:utf-8
import pycurl
import json
import StringIO
import time
import sys
import zookeeper
zk=zookeeper.init("zkip1:2181")
t = zookeeper.get_children(zk,"/brokers/ids")
d=0
for i in t:
d=d+1
b=16-d
if d == 16:
print "ok cb實時kafka1節(jié)點存活正常"
sys.exit(0)
else:
print "Critical cb實時kafka1節(jié)點有:",b,"個死去節(jié)點"
sys.exit(2)
Python腳本監(jiān)控Kafka各節(jié)點磁盤存儲:
!/usr/bin/python
coding:utf-8
import paramiko
import sys
hostname = ['IP1',' IP2']
username = sys.argv[1]
password = sys.argv[2]
percent = sys.argv[3]
disk={}
error=""
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
for i in range(0,len(hostname)):
ssh.connect(hostname[i],22,username,password)
stdin,stdout,stderr = ssh.exec_command("df -TPh|awk '+$6>%s {print $7}'" % percent)
path = stdout.readlines()
#print path
disk[hostname[i]]=path
#print disk
it=iter(disk.keys())
print disk.values()
for key in hostname:
print i
print disk[hostname[i]]
print disk[next(it)]
print len(disk[next(it)])
if len(disk[next(it)])==0:
if not disk:
print("未采集到集群信息!")
sys.exit(0)
else:
for i in disk.keys():
#print disk.get(i)
if not disk.get(i):
continue
else:
error += "節(jié)點"+i+":"
for j in range(0,len(disk[i])):
if j == len(disk[i])-1:
error += disk[i][j].encode('utf-8')+"贱迟。"
else:
error += disk[i][j].encode('utf-8')+","
if not error:
print("cb_rt_kafka業(yè)務(wù)數(shù)據(jù)采集集群正常")
sys.exit(0)
else:
#print ("cb_rt_kafka業(yè)務(wù)數(shù)據(jù)采集集群,%s,磁盤存儲超出百分之七十") % error.replace("\n", "")
print ("cb_rt_kafka業(yè)務(wù)數(shù)據(jù)采集集群,%s,磁盤存儲超出百分之%s") % (error.replace("\n", ""),percent)
sys.exit(2)
ssh.close()
