How to reach Cloudera Kafka Broker on private network from outside?












0














I have a cluster inside a VPN which contains a server with private IP. I'm trying to set up a Kafka communication between an external server to my private server. My approach is to set an IP table where a public IP is pointing my private IP. Also, I opened the port 9092 and 9093 to make it reachable from outside. Now I am available to connect successfully to my server with the public IP from the external server.



telnet <public_ip> 9092
Connected to <public_ip>


My kafka broker is under a cloudera cluster and I created it with Cloudera Manager. The configuration is the following:



kafka.properties:

listeners=PLAINTEXT://<private_ip>:9092,SSL://<private_ip>:9093
advertised.listeners=PLAINTEXT://<private_ip>:9092,SSL://<private_ip>:9093

advertised.host.name:

<public_ip>


Using this broker configuration the comunication works perfectly inside the cluster either using the public_ip or private_ip of the kafka broker host.



What I see now is that I have a working broker that can be used with a public_ip and a external server that is able to reach the public_ip and it's required ports. But when I try to connect to the broker from a external server, I have the following error:



NO BROKERS AVAILABLE


There's no more information of the error. On my external server I have the kafka python package where I configure the producer as:



"bootstrap_servers": ["<publi_ip>:9092"]


on a existing TOPIC of my kafka broker.



Especifications:



private host




cloudera: CDH 5.12.0



kafka: kafka 2.2.0-1.2.2.0



zookeeper: Zookeeper 3.4.5




external host




kafka Python package: kafka-python==1.4.2




The problem is very similar to this post. But in this case he uses a forwarded port with public ip. Is any possibility to do it with ip tables? Anyone has managed to do it on a cloudera cluster?



Thank you in advance.










share|improve this question



























    0














    I have a cluster inside a VPN which contains a server with private IP. I'm trying to set up a Kafka communication between an external server to my private server. My approach is to set an IP table where a public IP is pointing my private IP. Also, I opened the port 9092 and 9093 to make it reachable from outside. Now I am available to connect successfully to my server with the public IP from the external server.



    telnet <public_ip> 9092
    Connected to <public_ip>


    My kafka broker is under a cloudera cluster and I created it with Cloudera Manager. The configuration is the following:



    kafka.properties:

    listeners=PLAINTEXT://<private_ip>:9092,SSL://<private_ip>:9093
    advertised.listeners=PLAINTEXT://<private_ip>:9092,SSL://<private_ip>:9093

    advertised.host.name:

    <public_ip>


    Using this broker configuration the comunication works perfectly inside the cluster either using the public_ip or private_ip of the kafka broker host.



    What I see now is that I have a working broker that can be used with a public_ip and a external server that is able to reach the public_ip and it's required ports. But when I try to connect to the broker from a external server, I have the following error:



    NO BROKERS AVAILABLE


    There's no more information of the error. On my external server I have the kafka python package where I configure the producer as:



    "bootstrap_servers": ["<publi_ip>:9092"]


    on a existing TOPIC of my kafka broker.



    Especifications:



    private host




    cloudera: CDH 5.12.0



    kafka: kafka 2.2.0-1.2.2.0



    zookeeper: Zookeeper 3.4.5




    external host




    kafka Python package: kafka-python==1.4.2




    The problem is very similar to this post. But in this case he uses a forwarded port with public ip. Is any possibility to do it with ip tables? Anyone has managed to do it on a cloudera cluster?



    Thank you in advance.










    share|improve this question

























      0












      0








      0







      I have a cluster inside a VPN which contains a server with private IP. I'm trying to set up a Kafka communication between an external server to my private server. My approach is to set an IP table where a public IP is pointing my private IP. Also, I opened the port 9092 and 9093 to make it reachable from outside. Now I am available to connect successfully to my server with the public IP from the external server.



      telnet <public_ip> 9092
      Connected to <public_ip>


      My kafka broker is under a cloudera cluster and I created it with Cloudera Manager. The configuration is the following:



      kafka.properties:

      listeners=PLAINTEXT://<private_ip>:9092,SSL://<private_ip>:9093
      advertised.listeners=PLAINTEXT://<private_ip>:9092,SSL://<private_ip>:9093

      advertised.host.name:

      <public_ip>


      Using this broker configuration the comunication works perfectly inside the cluster either using the public_ip or private_ip of the kafka broker host.



      What I see now is that I have a working broker that can be used with a public_ip and a external server that is able to reach the public_ip and it's required ports. But when I try to connect to the broker from a external server, I have the following error:



      NO BROKERS AVAILABLE


      There's no more information of the error. On my external server I have the kafka python package where I configure the producer as:



      "bootstrap_servers": ["<publi_ip>:9092"]


      on a existing TOPIC of my kafka broker.



      Especifications:



      private host




      cloudera: CDH 5.12.0



      kafka: kafka 2.2.0-1.2.2.0



      zookeeper: Zookeeper 3.4.5




      external host




      kafka Python package: kafka-python==1.4.2




      The problem is very similar to this post. But in this case he uses a forwarded port with public ip. Is any possibility to do it with ip tables? Anyone has managed to do it on a cloudera cluster?



      Thank you in advance.










      share|improve this question













      I have a cluster inside a VPN which contains a server with private IP. I'm trying to set up a Kafka communication between an external server to my private server. My approach is to set an IP table where a public IP is pointing my private IP. Also, I opened the port 9092 and 9093 to make it reachable from outside. Now I am available to connect successfully to my server with the public IP from the external server.



      telnet <public_ip> 9092
      Connected to <public_ip>


      My kafka broker is under a cloudera cluster and I created it with Cloudera Manager. The configuration is the following:



      kafka.properties:

      listeners=PLAINTEXT://<private_ip>:9092,SSL://<private_ip>:9093
      advertised.listeners=PLAINTEXT://<private_ip>:9092,SSL://<private_ip>:9093

      advertised.host.name:

      <public_ip>


      Using this broker configuration the comunication works perfectly inside the cluster either using the public_ip or private_ip of the kafka broker host.



      What I see now is that I have a working broker that can be used with a public_ip and a external server that is able to reach the public_ip and it's required ports. But when I try to connect to the broker from a external server, I have the following error:



      NO BROKERS AVAILABLE


      There's no more information of the error. On my external server I have the kafka python package where I configure the producer as:



      "bootstrap_servers": ["<publi_ip>:9092"]


      on a existing TOPIC of my kafka broker.



      Especifications:



      private host




      cloudera: CDH 5.12.0



      kafka: kafka 2.2.0-1.2.2.0



      zookeeper: Zookeeper 3.4.5




      external host




      kafka Python package: kafka-python==1.4.2




      The problem is very similar to this post. But in this case he uses a forwarded port with public ip. Is any possibility to do it with ip tables? Anyone has managed to do it on a cloudera cluster?



      Thank you in advance.







      apache-kafka cloudera cloudera-cdh kafka-python






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 12 '18 at 12:46









      Marc

      72




      72
























          1 Answer
          1






          active

          oldest

          votes


















          2














          The question isn't specific to Cloudera or Python. And I don't think Cloudera Manager has some setting that'll set this up for you.



          advertised.listeners will have to be a publicly resolvable address that can be used to access each broker individually by clients (e.g two brokers cannot have the same listener setting and be used from a port forward from the public address to the internal address)



          Your setup is very similar to Kafka running in Docker or Cloud providers such as AWS, in that you're interacting over two networks, so refer to this blog for more information



          Also, unless you setup some other firewall settings to prevent random access, don't expose brokers in the plaintext protocol






          share|improve this answer























          • Thank you, you right. Changing advertised. listeners with the public IP solve the problem. Do you suggest to use other protocol than plain text for security issues?
            – Marc
            Nov 12 '18 at 17:04










          • Security. Yes, that is why
            – cricket_007
            Nov 12 '18 at 23:27











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53262507%2fhow-to-reach-cloudera-kafka-broker-on-private-network-from-outside%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          2














          The question isn't specific to Cloudera or Python. And I don't think Cloudera Manager has some setting that'll set this up for you.



          advertised.listeners will have to be a publicly resolvable address that can be used to access each broker individually by clients (e.g two brokers cannot have the same listener setting and be used from a port forward from the public address to the internal address)



          Your setup is very similar to Kafka running in Docker or Cloud providers such as AWS, in that you're interacting over two networks, so refer to this blog for more information



          Also, unless you setup some other firewall settings to prevent random access, don't expose brokers in the plaintext protocol






          share|improve this answer























          • Thank you, you right. Changing advertised. listeners with the public IP solve the problem. Do you suggest to use other protocol than plain text for security issues?
            – Marc
            Nov 12 '18 at 17:04










          • Security. Yes, that is why
            – cricket_007
            Nov 12 '18 at 23:27
















          2














          The question isn't specific to Cloudera or Python. And I don't think Cloudera Manager has some setting that'll set this up for you.



          advertised.listeners will have to be a publicly resolvable address that can be used to access each broker individually by clients (e.g two brokers cannot have the same listener setting and be used from a port forward from the public address to the internal address)



          Your setup is very similar to Kafka running in Docker or Cloud providers such as AWS, in that you're interacting over two networks, so refer to this blog for more information



          Also, unless you setup some other firewall settings to prevent random access, don't expose brokers in the plaintext protocol






          share|improve this answer























          • Thank you, you right. Changing advertised. listeners with the public IP solve the problem. Do you suggest to use other protocol than plain text for security issues?
            – Marc
            Nov 12 '18 at 17:04










          • Security. Yes, that is why
            – cricket_007
            Nov 12 '18 at 23:27














          2












          2








          2






          The question isn't specific to Cloudera or Python. And I don't think Cloudera Manager has some setting that'll set this up for you.



          advertised.listeners will have to be a publicly resolvable address that can be used to access each broker individually by clients (e.g two brokers cannot have the same listener setting and be used from a port forward from the public address to the internal address)



          Your setup is very similar to Kafka running in Docker or Cloud providers such as AWS, in that you're interacting over two networks, so refer to this blog for more information



          Also, unless you setup some other firewall settings to prevent random access, don't expose brokers in the plaintext protocol






          share|improve this answer














          The question isn't specific to Cloudera or Python. And I don't think Cloudera Manager has some setting that'll set this up for you.



          advertised.listeners will have to be a publicly resolvable address that can be used to access each broker individually by clients (e.g two brokers cannot have the same listener setting and be used from a port forward from the public address to the internal address)



          Your setup is very similar to Kafka running in Docker or Cloud providers such as AWS, in that you're interacting over two networks, so refer to this blog for more information



          Also, unless you setup some other firewall settings to prevent random access, don't expose brokers in the plaintext protocol







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Nov 12 '18 at 14:05

























          answered Nov 12 '18 at 13:37









          cricket_007

          79.3k1142109




          79.3k1142109












          • Thank you, you right. Changing advertised. listeners with the public IP solve the problem. Do you suggest to use other protocol than plain text for security issues?
            – Marc
            Nov 12 '18 at 17:04










          • Security. Yes, that is why
            – cricket_007
            Nov 12 '18 at 23:27


















          • Thank you, you right. Changing advertised. listeners with the public IP solve the problem. Do you suggest to use other protocol than plain text for security issues?
            – Marc
            Nov 12 '18 at 17:04










          • Security. Yes, that is why
            – cricket_007
            Nov 12 '18 at 23:27
















          Thank you, you right. Changing advertised. listeners with the public IP solve the problem. Do you suggest to use other protocol than plain text for security issues?
          – Marc
          Nov 12 '18 at 17:04




          Thank you, you right. Changing advertised. listeners with the public IP solve the problem. Do you suggest to use other protocol than plain text for security issues?
          – Marc
          Nov 12 '18 at 17:04












          Security. Yes, that is why
          – cricket_007
          Nov 12 '18 at 23:27




          Security. Yes, that is why
          – cricket_007
          Nov 12 '18 at 23:27


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53262507%2fhow-to-reach-cloudera-kafka-broker-on-private-network-from-outside%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Florida Star v. B. J. F.

          Danny Elfman

          Lugert, Oklahoma