Authentication 启用Zookeeper身份验证后无法启动代理
使用以下属性启动Zookeeper,即Zookeeper.propertiesAuthentication 启用Zookeeper身份验证后无法启动代理,authentication,apache-kafka,apache-zookeeper,acl,Authentication,Apache Kafka,Apache Zookeeper,Acl,使用以下属性启动Zookeeper,即Zookeeper.properties dataDir=/tmp/zookeepeeer clientPort=2186 maxClientCnxns=0 auto.offset.reset=smallest authProvider.1=org.apache.zookeeper.server.auth.DigestAuthenticationProvider jaa
dataDir=/tmp/zookeepeeer
clientPort=2186
maxClientCnxns=0
auto.offset.reset=smallest
authProvider.1=org.apache.zookeeper.server.auth.DigestAuthenticationProvider
jaasLoginRenew=3600000
requireClientAuthScheme=sasl
Server {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_admin="admin-secret";
};
group.initial.rebalance.delay.ms=0
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
listeners=SASL_PLAINTEXT://localhost:9092
security.inter.broker.protocol= SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=PLAIN
sasl.enabled.mechanisms=PLAIN
super.users=User:admin
zookeeper.set.acl=true
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_admin="admin-secret";
};
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_admin="admin-secret";
};
Client {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret";
};
zookeeper_jaas.conf
dataDir=/tmp/zookeepeeer
clientPort=2186
maxClientCnxns=0
auto.offset.reset=smallest
authProvider.1=org.apache.zookeeper.server.auth.DigestAuthenticationProvider
jaasLoginRenew=3600000
requireClientAuthScheme=sasl
Server {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_admin="admin-secret";
};
group.initial.rebalance.delay.ms=0
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
listeners=SASL_PLAINTEXT://localhost:9092
security.inter.broker.protocol= SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=PLAIN
sasl.enabled.mechanisms=PLAIN
super.users=User:admin
zookeeper.set.acl=true
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_admin="admin-secret";
};
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_admin="admin-secret";
};
Client {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret";
};
服务器属性
dataDir=/tmp/zookeepeeer
clientPort=2186
maxClientCnxns=0
auto.offset.reset=smallest
authProvider.1=org.apache.zookeeper.server.auth.DigestAuthenticationProvider
jaasLoginRenew=3600000
requireClientAuthScheme=sasl
Server {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_admin="admin-secret";
};
group.initial.rebalance.delay.ms=0
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
listeners=SASL_PLAINTEXT://localhost:9092
security.inter.broker.protocol= SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=PLAIN
sasl.enabled.mechanisms=PLAIN
super.users=User:admin
zookeeper.set.acl=true
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_admin="admin-secret";
};
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_admin="admin-secret";
};
Client {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret";
};
Kafka\u server\u jaaz.conf
dataDir=/tmp/zookeepeeer
clientPort=2186
maxClientCnxns=0
auto.offset.reset=smallest
authProvider.1=org.apache.zookeeper.server.auth.DigestAuthenticationProvider
jaasLoginRenew=3600000
requireClientAuthScheme=sasl
Server {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_admin="admin-secret";
};
group.initial.rebalance.delay.ms=0
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
listeners=SASL_PLAINTEXT://localhost:9092
security.inter.broker.protocol= SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=PLAIN
sasl.enabled.mechanisms=PLAIN
super.users=User:admin
zookeeper.set.acl=true
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_admin="admin-secret";
};
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_admin="admin-secret";
};
Client {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret";
};
错误如下所示
java.lang.SecurityException:zookeeper.set.acl为true,但JAAS登录文件验证失败。
我已经尝试了下面的解决方案,但它再次失败,并出现以下错误,尽管进行了更改
kafka\u server\u jaaz.conf
dataDir=/tmp/zookeepeeer
clientPort=2186
maxClientCnxns=0
auto.offset.reset=smallest
authProvider.1=org.apache.zookeeper.server.auth.DigestAuthenticationProvider
jaasLoginRenew=3600000
requireClientAuthScheme=sasl
Server {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_admin="admin-secret";
};
group.initial.rebalance.delay.ms=0
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
listeners=SASL_PLAINTEXT://localhost:9092
security.inter.broker.protocol= SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=PLAIN
sasl.enabled.mechanisms=PLAIN
super.users=User:admin
zookeeper.set.acl=true
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_admin="admin-secret";
};
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_admin="admin-secret";
};
Client {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret";
};
server.properties与上述相同但它失败了,出现以下错误:
[2018-02-23 10:16:04459]错误无效ACL(kafka.utils.ZKCheckedEphemeral)
[2018-02-23 10:16:04459]错误无效ACL(kafka.utils.ZKCheckedEphemeral)
[2018-02-23 10:16:04460]致命[卡夫卡服务器0],卡夫卡服务器运行期间发生致命错误
启动。准备关闭(kafka.server.KafkaServer)
org.I0Itec.zkclient.exception.ZkException:
org.apache.zookeeper.KeeperException$InvalidACLException:keeperrrorcode=InvalidACL在Kafka中,您还需要配置连接到zookeeper时将使用的SASL客户端。这是使用Kafka JAAS配置中的
客户机上下文完成的,例如
Client {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret";
};
如果需要,可以使用zookeeper.sasl.clientconfig
系统属性更改上下文名称。谢谢您的回复,我们会尝试一下并回复您