当前位置: 首页 > news >正文

kafka认证部署

news 来源:原创 2025/4/20 6:04:52


首先启动 zookeeper
/home/kafka/bin/zookeeper-server-start.sh /home/kafka/config/zookeeper.properties

创建SCRAM证书
/home/kafka/bin/kafka-configs.sh --zookeeper localhost:2181 --alter --add-config SCRAM-SHA-256=[iterations=8192,password=liebe],SCRAM-SHA-512=[password=liebe] --entity-type users --entity-name liebe

/home/kafka/bin/kafka-configs.sh  --zookeeper 127.0.0.1:2181 --alter --add-config SCRAM-SHA-256=[password=admin],SCRAM-SHA-512=[password=admin] --entity-type users --entity-name admin


证书查看
/home/kafka/bin/kafka-configs.sh --zookeeper localhost:2181 --describe --entity-type users --entity-name admin


证书删除
/home/kafka/bin/kafka-configs.sh --zookeeper localhost:2181 --alter --delete-config SCRAM-SHA-512 --delete-config SCRAM-SHA-256 --entity-type users --entity-name liebe


服务端配置
在 kafka 配置文件目录 config 创建文件 kafka-server-jass.conf,如我的目录是:/home/kafka/config
文件内容为:
KafkaServer {
        org.apache.kafka.common.security.scram.ScramLoginModule required
        username="admin"
        password="admin";
};

kafka-run-class.sh文件追加内容
# Generic jvm settings you want to add
if [ -z "$KAFKA_OPTS" ]; then
  KAFKA_OPTS="-Djava.security.auth.login.config=/home/kafka/config/kafka-server-jass.conf"
fi

/home/kafka/config/server.properties设置配置
broker.id=0
listeners=SASL_PLAINTEXT://:9092
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=SCRAM-SHA-256
sasl.enabled.mechanisms=SCRAM-SHA-256
advertised.listeners=SASL_PLAINTEXT://10.10.10.99:9092
allow.everyone.if.no.acl.found=false
super.users=User:admin
authorizer.class.name=kafka.security.authorizer.AclAuthorizer
listener.security.protocol.map=PLAINTEXT:PLAINTEXT,SSL:SSL,SASL_PLAINTEXT:SASL_PLAINTEXT,SASL_SSL:SASL_SSL
zookeeper.set.acl=true
zookeeper.authProvider.sasl=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
zookeeper.sasl.client=true
zookeeper.sasl.clientconfig=Server
zookeeper.sasl.login.context=Server
num.network.threads=3
num.io.threads=8
socket.send.buffer.bytes=102400
socket.receive.buffer.bytes=102400
socket.request.max.bytes=104857600
log.dirs=/home/kafka/kafka-logs
num.partitions=1
num.recovery.threads.per.data.dir=1
offsets.topic.replication.factor=1
transaction.state.log.replication.factor=1
transaction.state.log.min.isr=1
log.flush.interval.messages=10000
log.flush.interval.ms=1000
log.retention.hours=168
log.retention.bytes=1073741824
log.segment.bytes=1073741824
log.retention.check.interval.ms=300000
zookeeper.connect=localhost:2181
zookeeper.connection.timeout.ms=18000
group.initial.rebalance.delay.ms=0
delete.topic.enable=true
auto.create.topics.enable=true


/home/kafka/config/producer.properties
/home/kafka/config/consumer.properties
/home/kafka/config/auth.conf

将下面的内容追加到producer.properties和consumer.properties,并创建auth.conf文件
security.protocol=SASL_PLAINTEXT
sasl.mechanism=SCRAM-SHA-256
sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="admin";


启动kafka
/home/kafka/bin/kafka-server-start.sh /home/kafka/config/server.properties

创建topic命令

/home/kafka/bin/kafka-topics.sh --bootstrap-server localhost:9092 --create --partitions 1 --replication-factor 1 --topic test --command-config /home/kafka/config/auth.conf


发送消息

/home/kafka/bin/kafka-console-producer.sh --broker-list localhost:9092 --topic test --producer.config /home/kafka/config/auth.conf


控制台监听消费消息

/home/kafka/bin/kafka-console-consumer.sh --bootstrap-server localhost:9092 --topic test --from-beginning --consumer.config /home/kafka/config/auth.conf


警告日志
[2024-04-19 22:36:49,196] WARN SASL configuration failed. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)
javax.security.auth.login.LoginException: No JAAS configuration section named 'Client' was found in specified JAAS configuration file: '/home/kafka/config/kafka-server-jass.conf'.
    at org.apache.zookeeper.client.ZooKeeperSaslClient.<init>(ZooKeeperSaslClient.java:189)
    at org.apache.zookeeper.ClientCnxn$SendThread.startConnect(ClientCnxn.java:1157)
    at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1207)
[2024-04-19 22:36:49,200] ERROR [ZooKeeperClient ConfigCommand] Auth failed, initialized=false connectionState=CONNECTING (kafka.zookeeper.ZooKeeperClient)
Completed updating config for entity: user-principal 'admin'.

相关文章:

  • 李宏毅NLP-5-RNNTNeural TransducerMoChA
  • LPDDR中读操作不存在Additive Latency(AL)的技术思考
  • Python scikit-learn 机器学习算法实践
  • 2025年KBS SCI1区TOP:增强天鹰算法EBAO,深度解析+性能实测
  • 指针函数和函数指针
  • C++游戏服务器开发之⑦redis的使用
  • MAUI项目iOS应用以进 App Store 分发
  • 免费将AI生成图像放大4倍的方法
  • 图像预处理-绘制图像轮廓与凸包
  • PyTorch `flatten()` 和 `squeeze()` 区别
  • c++ 类的语法1
  • 大学英语四级选词填空练习题解析
  • asp.net core webapi+efcore
  • 实现AWS Step Function安全地请求企业内部API返回数据
  • Windows Server .NET Core 应用程序部署到 IIS 解决首次访问加载慢的问题
  • 谷歌称LLMs.txt类似于关键词元标签:SEO影响与应对策略
  • 【轻松学会使用Redis基础命令】
  • 数据结构实验7.2:二叉树的基本运算
  • 直线轴承的正确安装方式是什么?
  • 服务治理-服务发现和负载均衡
  • 接续驰援,中国政府援缅卫生防疫队出发赴缅
  • 航行警告!南海部分水域进行军事训练,禁止驶入
  • 上海浦东:顶尖青年人才最高可获700万元资助及1亿元项目补贴
  • 遭遇FIFA三个转会窗禁令,申花有苦难言将选择赔偿
  • 一镇一链、一园一策,上海闵行发布重点产业区镇协同产业地图
  • 鲁比奥在法国只字不提关税,美国威胁下欧盟勉力维持统一战线