Spring Cloud Stream 消费者启动
Spring Cloud Stream consumer startup
我最近将我的 spring 云流 kafka 消费者应用程序从注释迁移到函数式方法,现在它不会启动失败
org.springframework.cloud.stream.binder.AbstractMessageChannelBinder.doBindConsumer(AbstractMessageChannelBinder.java:403)\n\t... 33 common frames omitted\nCaused by:
org.apache.kafka.common.KafkaException: javax.security.auth.login.LoginException: Could not login: the client is being asked for a password,
but the Kafka client code does not currently support obtaining a password from the user. not available to garner authentication information
from the user
\n\tat org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:172)
\n\tat org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:157)
\n\tat org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:73)
\n\tat org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:105)\n
\tat org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:474)\n\
t... 40 common frames omitted\nCaused by: javax.security.auth.login.LoginException:
这是配置:
jaas:
options:
sauAlias: Vault/Conjur/Secret/service_account
useKeyTab: false
krbProvider: com.sun.security.auth.module.Krb5LoginModule
debug: true
loginModule: com.usaa.kafka.auth3.krb.SauKrbLoginModuleWrapper
bootstrapServers: >
someserver:0000, someserver:0001
是否需要设置一个属性来避免登录提示?
如果您查看文档,您将看到 Krb5LoginModule 如果使用:
useKeyTab:
Set this to true if you want the module to get the principal's key from the the keytab.(default value is False) If keytab is not set then the module will locate the keytab from the Kerberos configuration file. If it is not specified in the Kerberos configuration file then it will look for the file {user.home}{file.separator}krb5.keytab.
在你的情况下,我的假设是因为你正在使用 useKeyTab = false,它试图在默认位置找到 keytab 文件:{user.home}{file.separator}krb5.keytab. 但它可能不存在。
请参阅此 https://andriymz.github.io/kerberos/authentication-using-kerberos/#krb5loginmodule 了解可能的 Valid/Invalid 配置组合。
您的配置应该类似于:
spring:
cloud:
stream:
kafka:
binder:
brokers: localhost:9092 # path to kafka brokers
autoCreateTopics: false
jaas:
loginModule: com.sun.security.auth.module.Krb5LoginModule
controlFlag: required
options:
useKeyTab: true
storeKey: true
keyTab: /your/pathTokeytabFile
useTicketCache: false
principal: yourserviceaccount@domain
renewTicket: true
serviceName: kafka
configuration:
security:
protocol: SASL_PLAINTEXT
sasl:
kerberos:
service:
name: kafka
producerProperties:
retries: 3
bindings:
CONSUMER_ONE:
destination: TOPIC_1
contentType: application/json
CONSUMER_TWO:
destination: TOPIC_2
contentType: application/json
CONSUMER_ERROR:
destination: ERROR_TOPIC
contentType: application/json
PRODUCER_ONE:
destination: TOPIC_2
contentType: application/json
PRODUCER_TWO:
destination: TOPIC_3
contentType: application/json
PRODUCER_ERROR:
destination: ERROR_TOPIC
contentType: application/json
我最近将我的 spring 云流 kafka 消费者应用程序从注释迁移到函数式方法,现在它不会启动失败
org.springframework.cloud.stream.binder.AbstractMessageChannelBinder.doBindConsumer(AbstractMessageChannelBinder.java:403)\n\t... 33 common frames omitted\nCaused by:
org.apache.kafka.common.KafkaException: javax.security.auth.login.LoginException: Could not login: the client is being asked for a password,
but the Kafka client code does not currently support obtaining a password from the user. not available to garner authentication information
from the user
\n\tat org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:172)
\n\tat org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:157)
\n\tat org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:73)
\n\tat org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:105)\n
\tat org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:474)\n\
t... 40 common frames omitted\nCaused by: javax.security.auth.login.LoginException:
这是配置:
jaas:
options:
sauAlias: Vault/Conjur/Secret/service_account
useKeyTab: false
krbProvider: com.sun.security.auth.module.Krb5LoginModule
debug: true
loginModule: com.usaa.kafka.auth3.krb.SauKrbLoginModuleWrapper
bootstrapServers: >
someserver:0000, someserver:0001
是否需要设置一个属性来避免登录提示?
如果您查看文档,您将看到 Krb5LoginModule 如果使用:
useKeyTab:
Set this to true if you want the module to get the principal's key from the the keytab.(default value is False) If keytab is not set then the module will locate the keytab from the Kerberos configuration file. If it is not specified in the Kerberos configuration file then it will look for the file {user.home}{file.separator}krb5.keytab.
在你的情况下,我的假设是因为你正在使用 useKeyTab = false,它试图在默认位置找到 keytab 文件:{user.home}{file.separator}krb5.keytab. 但它可能不存在。
请参阅此 https://andriymz.github.io/kerberos/authentication-using-kerberos/#krb5loginmodule 了解可能的 Valid/Invalid 配置组合。
您的配置应该类似于:
spring:
cloud:
stream:
kafka:
binder:
brokers: localhost:9092 # path to kafka brokers
autoCreateTopics: false
jaas:
loginModule: com.sun.security.auth.module.Krb5LoginModule
controlFlag: required
options:
useKeyTab: true
storeKey: true
keyTab: /your/pathTokeytabFile
useTicketCache: false
principal: yourserviceaccount@domain
renewTicket: true
serviceName: kafka
configuration:
security:
protocol: SASL_PLAINTEXT
sasl:
kerberos:
service:
name: kafka
producerProperties:
retries: 3
bindings:
CONSUMER_ONE:
destination: TOPIC_1
contentType: application/json
CONSUMER_TWO:
destination: TOPIC_2
contentType: application/json
CONSUMER_ERROR:
destination: ERROR_TOPIC
contentType: application/json
PRODUCER_ONE:
destination: TOPIC_2
contentType: application/json
PRODUCER_TWO:
destination: TOPIC_3
contentType: application/json
PRODUCER_ERROR:
destination: ERROR_TOPIC
contentType: application/json