kafka认证部署

青春不流名2025-04-21 2:01

首先启动 zookeeper

/home/kafka/bin/zookeeper-server-start.sh /home/kafka/config/zookeeper.properties

创建SCRAM证书

/home/kafka/bin/kafka-configs.sh --zookeeper localhost:2181 --alter --add-config SCRAM-SHA-256=iterations=8192,password=liebe,SCRAM-SHA-512=password=liebe --entity-type users --entity-name liebe

/home/kafka/bin/kafka-configs.sh --zookeeper 127.0.0.1:2181 --alter --add-config SCRAM-SHA-256=password=admin,SCRAM-SHA-512=password=admin --entity-type users --entity-name admin

证书查看

/home/kafka/bin/kafka-configs.sh --zookeeper localhost:2181 --describe --entity-type users --entity-name admin

证书删除

/home/kafka/bin/kafka-configs.sh --zookeeper localhost:2181 --alter --delete-config SCRAM-SHA-512 --delete-config SCRAM-SHA-256 --entity-type users --entity-name liebe

服务端配置

在 kafka 配置文件目录 config 创建文件 kafka-server-jass.conf,如我的目录是:/home/kafka/config

文件内容为:

KafkaServer {

org.apache.kafka.common.security.scram.ScramLoginModule required

username="admin"

password="admin";

};

kafka-run-class.sh文件追加内容

Generic jvm settings you want to add

if -z "$KAFKA_OPTS" ; then

KAFKA_OPTS="-Djava.security.auth.login.config=/home/kafka/config/kafka-server-jass.conf"

fi

/home/kafka/config/server.properties设置配置

broker.id=0

listeners=SASL_PLAINTEXT://:9092

security.inter.broker.protocol=SASL_PLAINTEXT

sasl.mechanism.inter.broker.protocol=SCRAM-SHA-256

sasl.enabled.mechanisms=SCRAM-SHA-256

advertised.listeners=SASL_PLAINTEXT://10.10.10.99:9092

allow.everyone.if.no.acl.found=false

super.users=User:admin

authorizer.class.name=kafka.security.authorizer.AclAuthorizer

listener.security.protocol.map=PLAINTEXT:PLAINTEXT,SSL:SSL,SASL_PLAINTEXT:SASL_PLAINTEXT,SASL_SSL:SASL_SSL

zookeeper.set.acl=true

zookeeper.authProvider.sasl=org.apache.zookeeper.server.auth.SASLAuthenticationProvider

zookeeper.sasl.client=true

zookeeper.sasl.clientconfig=Server

zookeeper.sasl.login.context=Server

num.network.threads=3

num.io.threads=8

socket.send.buffer.bytes=102400

socket.receive.buffer.bytes=102400

socket.request.max.bytes=104857600

log.dirs=/home/kafka/kafka-logs

num.partitions=1

num.recovery.threads.per.data.dir=1

offsets.topic.replication.factor=1

transaction.state.log.replication.factor=1

transaction.state.log.min.isr=1

log.flush.interval.messages=10000

log.flush.interval.ms=1000

log.retention.hours=168

log.retention.bytes=1073741824

log.segment.bytes=1073741824

log.retention.check.interval.ms=300000

zookeeper.connect=localhost:2181

zookeeper.connection.timeout.ms=18000

group.initial.rebalance.delay.ms=0

delete.topic.enable=true

auto.create.topics.enable=true

/home/kafka/config/producer.properties

/home/kafka/config/consumer.properties

/home/kafka/config/auth.conf

将下面的内容追加到producer.properties和consumer.properties,并创建auth.conf文件

security.protocol=SASL_PLAINTEXT

sasl.mechanism=SCRAM-SHA-256

sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="admin" password="admin";

启动kafka

/home/kafka/bin/kafka-server-start.sh /home/kafka/config/server.properties

创建topic命令

/home/kafka/bin/kafka-topics.sh --bootstrap-server localhost:9092 --create --partitions 1 --replication-factor 1 --topic test --command-config /home/kafka/config/auth.conf

发送消息

/home/kafka/bin/kafka-console-producer.sh --broker-list localhost:9092 --topic test --producer.config /home/kafka/config/auth.conf

控制台监听消费消息

/home/kafka/bin/kafka-console-consumer.sh --bootstrap-server localhost:9092 --topic test --from-beginning --consumer.config /home/kafka/config/auth.conf

警告日志

2024-04-19 22:36:49,196 WARN SASL configuration failed. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)

javax.security.auth.login.LoginException: No JAAS configuration section named 'Client' was found in specified JAAS configuration file: '/home/kafka/config/kafka-server-jass.conf'.

at org.apache.zookeeper.client.ZooKeeperSaslClient.<init>(ZooKeeperSaslClient.java:189)

at org.apache.zookeeper.ClientCnxn$SendThread.startConnect(ClientCnxn.java:1157)

at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1207)

2024-04-19 22:36:49,200 ERROR ZooKeeperClient ConfigCommand Auth failed, initialized=false connectionState=CONNECTING (kafka.zookeeper.ZooKeeperClient)

Completed updating config for entity: user-principal 'admin'.

相关推荐
Unbelievabletobe2 小时前
解决了股票api接口盘后数据更新慢的问题
大数据·开发语言·python
Promise微笑4 小时前
2026年中国驱鸟器市场格局与主流品牌技术
大数据·人工智能
幽络源小助理6 小时前
最新知识付费系统网站源码 PC+H5双端 附安装教程 – 幽络源源码网
大数据·数据库
luweis6 小时前
企智孪生 ETA(3.3 认知算法层:ETA 的思维内核 3.4 基础架构:算力与弹性)【浙江联保网络 卢伟舜】
大数据·运维·线性代数·ai·矩阵·学习方法
阿汤猫6667 小时前
基于OpenCode的Harness架构实战验收指南v3.0 (windows系统)
windows·prompt
暴躁小师兄数据学院7 小时前
【AI大数据工程师特训笔记】第14讲:Linux操作系统与shell脚本
大数据·人工智能·笔记
阿汤猫6668 小时前
基于OpenCode的Harness架构实战v2.2(windows系统)
windows·prompt
2601_959986248 小时前
M4Markets:把工具可用性做到位——逻辑梳理与提示整理
大数据·人工智能
薛定猫AI9 小时前
Codex 与 Claude Code 安装配置完全指南
大数据·人工智能·架构
热门推荐
01GitHub 镜像站点022026 年 AI 编程工具终极横评:Cursor vs Claude Code vs Copilot vs Windsurf03Codex 下载安装指南:Windows 和 macOS 官方版下载04【踩坑记录 | 第一篇】微软商店无法使用时,如何手动安装 OpenAI Codex?附`.msix`文件系统错误解决方法05裂开!ChatGPT 居然开始要手机号验证,附详细解决方法06【AI】2026 年具身智能模型和世界模型总结07CC-Switch 下载、安装与使用配置指南【2026.5.29】08CC-Switch & Claude 基于 Linux 服务器安装使用指南09Codex 接入 DeepSeek API 完整配置文档10几个好用的ip纯净度检测网站