Kafka开启SASL认证 【windowe详细版】 - Acelin_H
source link: https://www.cnblogs.com/acelin/p/16715931.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
一、JAAS配置#
Zookeeper配置JAAS
zookeeper环境下新增一个配置文件,如zk_server_jass.conf,内容如下:
Server {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin"
user_admin="admin";
};
其作用是:在改zookeeper节点创建了一个Server节点,其中
org.apache.kafka.common.security.plain.PlainLoginModule required
是加密机制为PLAIN的处理类。在kafka-client包下username
、password
是zookeeper之间通讯的用户名和密码,user_admin="admin"
的结构是user_[username]=[password],定义kafka-broker(zookeeper客户端)连接到zookeeper时用的用户名和密码。
注意jaas配置都要以
;
结尾
Kafka-Broker配置JAAS
在kafka-broker环境下新增配置,如kafka_server_jaas.conf,内容如下:
# 用于broker和zookeeper之间的认证,对应zk_server_jass.conf中的【user_admin="admin"】配置
Client {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin";
};
# 定义kafka客户端与broker的认知信息
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin"
user_admin="admin"
user_alice="alice";
};
Client
:用于broker和zookeeper之间的认证,对应zk_server_jass.conf中的【user_admin="admin"】配置KafkaServer
:集群中,broker之间用节点中的username,password进行通讯KafkaServer
:kafka客户端(producer,consumer)连接broker时,用该配置下user_[username]=[password]结构配置的账号密码登录
Kafka-Producer配置JAAS
在kafka-broker环境下新增配置,如kafka_producer_jaas.conf,内容如下:
Client {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin";
};
Client
:客户端登录服务端认证信息,对应broker配置中user_[username]=[password]定义的配置
Kafka-Consumer配置JAAS
新增kafka_consumer_jaas.conf,配置同producer
从以上配置可以得出结论:
username="admin" password="admin"
配置格式有两种场景1、是用于服务端集群之间的认证信息,定义在Server节点里
2、用户登录服务端的认证信息,定义在Client节点里
user_[username]=[password]
配置定义在Server节点里,用于提供给客户端登录。以上关系是:Zookeeper:Kafka-Broker关系里,Zookeeper是服务端,Kafka-Broker是客户端;Kafka-Broker:Kafka-Producer、Kafka-Consumer关系里,Kafka-Broker是服务端,Kafka-Producer、Kafka-Consumer是客户端
二、SASL配置#
zookeeper的sasl配置
zookeeper.properties配置文件新增:
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
requireClientAuthScheme=sasl
jaasLoginRenew=3600000
修改zookeeper-server-start.bat,新增一个配置KAFKA_OPTS
SetLocal
set KAFKA_OPTS=-Djava.security.auth.login.config=【zk_server_jass.conf路径】
......
EndLocal
broker新增sasl配置
server.properties新增配置
listeners=SASL_PLAINTEXT://localhost:9092
#使用的认证协议
security.inter.broker.protocol=SASL_PLAINTEXT
#SASL机制
sasl.enabled.mechanisms=PLAIN
sasl.mechanism.inter.broker.protocol=PLAIN
# 完成身份验证的类
#authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
# 如果没有找到ACL(访问控制列表)配置,则允许任何操作。
allow.everyone.if.no.acl.found=false
#超级管理员权限用户
super.users=User:admin
advertised.listeners=SASL_PLAINTEXT://localhost:9092
修改kafka-server-start.bat ,新增一个配置KAFKA_OPTS:
SetLocal
set KAFKA_OPTS=-Djava.security.auth.login.config=【kafka_server_jass.conf路径】
......
EndLocal
producer的sasl配置
producer.properties新增配置
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="admin";
security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
producer的sasl配置
consumer.properties新增配置
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="admin";
security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
三、启动命令【示例】#
.\bin\windows\zookeeper-server-start.bat .\config\zookeeper.properties
broker:
.\bin\windows\kafka-server-start.bat .\config\server.properties
zookeeper日志显示kafka-broker认证成功信息
producer:
.\bin\windows\kafka-console-producer.bat --broker-list localhost:9092 --topic testTopic --producer.config .\config\producer.properties
consumer:
.\bin\windows\kafka-console-consumer.bat --bootstrap-server localhost:9092 --topic testTopic --consumer.config .\config\consumer.properties
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK