Ale*_*x.P 7 apache-kafka kafka-topic
我正在学习 Apache Kafka,但我不明白如何使 kafka-topics.sh 与服务器上配置的 SASL_PLAINTEXT 身份验证一起使用。
这是一个server.properties内容:
security.protocol=SASL_PLAINTEXT
sasl.enabled.mechanisms=PLAIN
sasl.mechanism.inter.broker.protocol=PLAIN
security.inter.broker.protocol=SASL_PLAINTEXT
listeners=SASL_PLAINTEXT://10.10.10.16:9092
advertised.listeners=SASL_PLAINTEXT://10.10.10.16:9092
listener.name.sasl_plaintext.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
username="admin" \
password="some-pass-1" \
user_admin="some-pass-1" \
user_myproducer="some-pass-2" \
user_myconsumer="some-pass-3";
这是我在运行 kafka-topics.sh 之前向 KAFKA_OPTS 提供的 JAAS 文件内容:
Client {
org.apache.kafka.common.security.plain.PlainLoginModule required
security_protocol="SASL_PLAINTEXT"
sasl_mechanism="PLAIN"
username="admin"
password="some-pass-1";
};
这是 kafka.log 内容和我不断收到的错误:
[2021-10-28 03:48:10,887] INFO [SocketServer listenerType=ZK_BROKER, nodeId=0] Failed authentication with /10.10.10.16 (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector)
[2021-10-28 03:48:11,100] INFO [SocketServer listenerType=ZK_BROKER, nodeId=0] Failed authentication with /10.10.10.16 (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector)
[2021-10-28 03:48:11,325] INFO [SocketServer listenerType=ZK_BROKER, nodeId=0] Failed authentication with /10.10.10.16 (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector)
[2021-10-28 03:48:11,730] INFO [SocketServer listenerType=ZK_BROKER, nodeId=0] Failed authentication with /10.10.10.16 (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector)
[2021-10-28 03:48:11,936] INFO [SocketServer listenerType=ZK_BROKER, nodeId=0] Failed authentication with /10.10.10.16 (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector)
任何线索表示赞赏
Mic*_*son 13
您只能从 JAAS 文件加载 SASL 凭证。其他客户端设置必须通过配置文件提供。您还可以通过配置文件提供 SASL 凭据。
例如,创建一个config.properties包含以下内容的文件:
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="USER" password="PASSWORD";
security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
然后kafka-topics.sh使用以下命令运行该工具:
./kafka-topics.sh --list --bootstrap-server 10.10.10.16:9092 --command-config config.properties
请注意,使用时SASL_PLAINTEXT,您的凭据将以明文形式通过网络发送。您应该启用 SSL 来加密客户端和代理之间的通信。
| 归档时间: |
|
| 查看次数: |
12025 次 |
| 最近记录: |