Kafka-topics.sh 认证
Kafka-topics.sh authentication
我正在学习 Apache Kafka,但我不明白如何让 kafka-topics.sh 使用服务器上配置的 SASL_PLAINTEXT 身份验证。
这是一个server.properties内容:
security.protocol=SASL_PLAINTEXT
sasl.enabled.mechanisms=PLAIN
sasl.mechanism.inter.broker.protocol=PLAIN
security.inter.broker.protocol=SASL_PLAINTEXT
listeners=SASL_PLAINTEXT://10.10.10.16:9092
advertised.listeners=SASL_PLAINTEXT://10.10.10.16:9092
listener.name.sasl_plaintext.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
username="admin" \
password="some-pass-1" \
user_admin="some-pass-1" \
user_myproducer="some-pass-2" \
user_myconsumer="some-pass-3";
这是我在 运行 kafka-topics.sh:
之前 KAFKA_OPTS 提供的 JAAS 文件内容
Client {
org.apache.kafka.common.security.plain.PlainLoginModule required
security_protocol="SASL_PLAINTEXT"
sasl_mechanism="PLAIN"
username="admin"
password="some-pass-1";
};
这是 kafka.log 内容和我不断收到的错误:
[2021-10-28 03:48:10,887] INFO [SocketServer listenerType=ZK_BROKER, nodeId=0] Failed authentication with /10.10.10.16 (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector)
[2021-10-28 03:48:11,100] INFO [SocketServer listenerType=ZK_BROKER, nodeId=0] Failed authentication with /10.10.10.16 (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector)
[2021-10-28 03:48:11,325] INFO [SocketServer listenerType=ZK_BROKER, nodeId=0] Failed authentication with /10.10.10.16 (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector)
[2021-10-28 03:48:11,730] INFO [SocketServer listenerType=ZK_BROKER, nodeId=0] Failed authentication with /10.10.10.16 (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector)
[2021-10-28 03:48:11,936] INFO [SocketServer listenerType=ZK_BROKER, nodeId=0] Failed authentication with /10.10.10.16 (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector)
感谢任何线索
您只能从 JAAS 文件加载 SASL 凭据。其他客户端设置必须通过配置文件提供。您还可以通过配置文件提供 SASL 凭据。
例如,创建一个包含以下内容的文件config.properties:
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="USER" password="PASSWORD";
security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
然后 运行 kafka-topics.sh 工具使用:
./kafka-topics.sh --list --bootstrap-server 10.10.10.16:9092 --command-config config.properties
请注意,使用 SASL_PLAINTEXT 时,您的凭据将以明文形式通过网络发送。您应该启用 SSL 来加密客户端和代理之间的通信。
我正在学习 Apache Kafka,但我不明白如何让 kafka-topics.sh 使用服务器上配置的 SASL_PLAINTEXT 身份验证。
这是一个server.properties内容:
security.protocol=SASL_PLAINTEXT
sasl.enabled.mechanisms=PLAIN
sasl.mechanism.inter.broker.protocol=PLAIN
security.inter.broker.protocol=SASL_PLAINTEXT
listeners=SASL_PLAINTEXT://10.10.10.16:9092
advertised.listeners=SASL_PLAINTEXT://10.10.10.16:9092
listener.name.sasl_plaintext.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
username="admin" \
password="some-pass-1" \
user_admin="some-pass-1" \
user_myproducer="some-pass-2" \
user_myconsumer="some-pass-3";
这是我在 运行 kafka-topics.sh:
之前 KAFKA_OPTS 提供的 JAAS 文件内容Client {
org.apache.kafka.common.security.plain.PlainLoginModule required
security_protocol="SASL_PLAINTEXT"
sasl_mechanism="PLAIN"
username="admin"
password="some-pass-1";
};
这是 kafka.log 内容和我不断收到的错误:
[2021-10-28 03:48:10,887] INFO [SocketServer listenerType=ZK_BROKER, nodeId=0] Failed authentication with /10.10.10.16 (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector)
[2021-10-28 03:48:11,100] INFO [SocketServer listenerType=ZK_BROKER, nodeId=0] Failed authentication with /10.10.10.16 (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector)
[2021-10-28 03:48:11,325] INFO [SocketServer listenerType=ZK_BROKER, nodeId=0] Failed authentication with /10.10.10.16 (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector)
[2021-10-28 03:48:11,730] INFO [SocketServer listenerType=ZK_BROKER, nodeId=0] Failed authentication with /10.10.10.16 (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector)
[2021-10-28 03:48:11,936] INFO [SocketServer listenerType=ZK_BROKER, nodeId=0] Failed authentication with /10.10.10.16 (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector)
感谢任何线索
您只能从 JAAS 文件加载 SASL 凭据。其他客户端设置必须通过配置文件提供。您还可以通过配置文件提供 SASL 凭据。
例如,创建一个包含以下内容的文件config.properties:
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="USER" password="PASSWORD";
security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
然后 运行 kafka-topics.sh 工具使用:
./kafka-topics.sh --list --bootstrap-server 10.10.10.16:9092 --command-config config.properties
请注意,使用 SASL_PLAINTEXT 时,您的凭据将以明文形式通过网络发送。您应该启用 SSL 来加密客户端和代理之间的通信。