ICode9
精准搜索请尝试: 精确搜索
首页
编程语言>
数据库
系统相关
互联网
其他分享
Python
Java
JavaScript
android
PHP
首页 > 系统相关> 文章详细

Kafka配置ACL+SASL的认证配置(windows版)

2021-10-18 13:34:16  阅读:328  来源: 互联网

标签:ACL windows zookeeper kafka org apache SASL server Kafka


如果希望Kafka支持ACL认证,我们需要完成如下的设置。

1.配置文件

 配置文件包括Zookeeper配置文件(Zookeeper.properties)。client配置文件(主要是consumer和producer:),kafka server配置文件(server.properties)

1.1 zookeeper.properties的配置文件内容是

authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
requireClientAuthScheme=sasl
jssaLoginRenew=3600000

1.2 consumer.properties和producer.properties的配置文件如下:

security.protocol=SAAL_PLAINTEXT
sasl.mechanism=PLAIN

1.3 Kafka Server的配置文件Server.properties的配置文件如下:

# Set ip & port
listeners=SASL_PLAINTEXT://localhost:9092
advertised.listeners=SASL_PLAINTEXT://localhost:9092
# Set protocol
zookeeper.set.acl=true
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.enabled.mechanisms=PLAIN
sasl.mechanism.inter.broker.protocol=PLAIN

# Add acl
allow.everyone.if.no.acl.found=true
auto.create.topics.enable=false
delete.topic.enable=true
advertised.host.name=localhost
super.users=User:admin

# Add class
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer

将以上localhost更改为目标IP地址。

2.创建JAAS文件

JAAS文件也是需要3份:Zookeeper、Kafka server和 Kafka Client。JAAS文件是位于Kafka目录下面的的Config文件夹下面。下面来分别介绍。

2.1 Zookeeper_jaas.conf文件,这个文件主要是给Zooke使用。内容如下:

Server {
   org.apache.kafka.common.security.plain.PlainLoginModule required
   username="admin"
   password="password"
   user_admin="password";
};

 

2.2 Kafka_server_jaas.conf文件,这个文件主要是给Kafka server使用的。内容如下:

KafkaServer {
   org.apache.kafka.common.security.plain.PlainLoginModule required
   username="admin"
   password="password"
   user_admin="password
   user_yd=password;
};

Client {
   org.apache.kafka.common.security.plain.PlainLoginModule required
   username="admin"
   password="password";
};

注意这个是两个用户配置分别是KafkaServer和Client,尽量不要写错。

Kafka Client使用的JAAS文件,可以参照上面的格式自己创建一个。

2.4 设置KAFKA_OPTS环境变量。

我们可以在Zookeeper-server-start.bat、kafka-server-start.bat、kafka-console-consumer.bat、kafka-console-producer.bat这几个文件的Setlocal下面添加

set KAFKA_OPTS=-Djava.security.auth.login.config=../../config/zookeeper_jaas.conf

上面的例子是zookeeper-server-start.bat,其他的bat可以参照上面来做。

3. 上面的配置做完后,就可以正常启动zookeeper和kafka了。

4.我在配置ACL的时候遇到一直报如下的错误:

[2021-10-18 13:12:38,363] INFO [ZooKeeperClient Kafka server] Connected. (kafka.zookeeper.ZooKeeperClient)
[2021-10-18 13:12:38,369] ERROR SASL authentication failed using login context 'Client' with exception: {} (org.apache.zookeeper.client.ZooKeeperSaslClient)
javax.security.sasl.SaslException: Error in authenticating with a Zookeeper Quorum member: the quorum member's saslToken is null.
        at org.apache.zookeeper.client.ZooKeeperSaslClient.createSaslToken(ZooKeeperSaslClient.java:312)
        at org.apache.zookeeper.client.ZooKeeperSaslClient.respondToServer(ZooKeeperSaslClient.java:275)
        at org.apache.zookeeper.ClientCnxn$SendThread.readResponse(ClientCnxn.java:882)
        at org.apache.zookeeper.ClientCnxnSocketNIO.doIO(ClientCnxnSocketNIO.java:103)
        at org.apache.zookeeper.ClientCnxnSocketNIO.doTransport(ClientCnxnSocketNIO.java:365)
        at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1223)
[2021-10-18 13:12:38,372] ERROR [ZooKeeperClient Kafka server] Auth failed. (kafka.zookeeper.ZooKeeperClient)
[2021-10-18 13:12:38,382] INFO EventThread shut down for session: 0x1000f723bdc0000 (org.apache.zookeeper.ClientCnxn)
[2021-10-18 13:12:38,419] ERROR Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)
org.apache.zookeeper.KeeperException$AuthFailedException: KeeperErrorCode = AuthFailed for /consumers
        at org.apache.zookeeper.KeeperException.create(KeeperException.java:130)
        at org.apache.zookeeper.KeeperException.create(KeeperException.java:54)
        at kafka.zookeeper.AsyncResponse.maybeThrow(ZooKeeperClient.scala:583)
        at kafka.zk.KafkaZkClient.createRecursive(KafkaZkClient.scala:1729)
        at kafka.zk.KafkaZkClient.makeSurePersistentPathExists(KafkaZkClient.scala:1627)
        at kafka.zk.KafkaZkClient.$anonfun$createTopLevelPaths$1(KafkaZkClient.scala:1619)
        at kafka.zk.KafkaZkClient.$anonfun$createTopLevelPaths$1$adapted(KafkaZkClient.scala:1619)
        at scala.collection.immutable.List.foreach(List.scala:431)
        at kafka.zk.KafkaZkClient.createTopLevelPaths(KafkaZkClient.scala:1619)
        at kafka.server.KafkaServer.initZkClient(KafkaServer.scala:457)
        at kafka.server.KafkaServer.startup(KafkaServer.scala:191)
        at kafka.Kafka$.main(Kafka.scala:109)
        at kafka.Kafka.main(Kafka.scala)
[2021-10-18 13:12:38,421] INFO shutting down (kafka.server.KafkaServer)

报这个错误的原因是zookeeper没有设置Kafka-OPTS,在zookeeper-server-start.bat中添加

set KAFKA_OPTS=-Djava.security.auth.login.config=../../config/zookeeper_jaas.conf就可以了正常了。

其他参考链接:https://blog.csdn.net/yhdeng11402/article/details/102645947

                          https://kafka.apachecn.org/intro.html

标签:ACL,windows,zookeeper,kafka,org,apache,SASL,server,Kafka
来源: https://www.cnblogs.com/VARForrest/p/15420194.html

本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享;
2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关;
3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关;
4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除;
5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。

关于我们 | 联系我们 | 留言反馈

专注分享技术,共同学习,共同进步。侵权联系[81616952@qq.com]

Copyright (C)ICode9.com, All Rights Reserved.

ICode9版权所有