kafka 3.4.0 sasl_PLAINTEXT kafka-metadata-quorum.sh Unexpected Kafka request of type METADATA during SASL handshake.

西贝 发表于: 2023-05-30   最后更新时间: 2023-05-30 18:32:17   2,408 游览

1、kafka 3.4.0配置broker sasl_PLAINTEXT,在执行

./kafka-metadata-quorum.sh --bootstrap-server 192.168.3.138:9092 --command-config kafka_server_config.conf describe --status

执行上面命令时,无内容输出,日志信息显示为:

[2023-05-30 16:21:36,542] INFO [SocketServer listenerType=BROKER, nodeId=2] Failed authentication with /192.168.3.138 (channelId=192.168.3.139:9092-192.168.3.138:36074-41) (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector)

2、kafka server主要配置信息

process.roles=broker,controller
node.id=1
controller.quorum.voters=1@192.168.3.138:9093,2@192.168.3.139:9093,3@192.168.3.140:9093
listeners=BROKER://:9092,CONTROLLER://:9093
inter.broker.listener.name=BROKER
controller.listener.names=CONTROLLER
listener.security.protocol.map=BROKER:SASL_PLAINTEXT,CONTROLLER:PLAINTEXT  ### broker配置SASL_PLAINTEXT,controller设置为PLAINTEXT
sasl.mechanism.inter.broker.protocol=PLAIN
sasl.enabled.mechanisms=PLAIN

3、kafka_server_jaas.conf配置信息

broker.KafkaServer { 
    org.apache.kafka.common.security.plain.PlainLoginModule required
    username="admin"
    password="admin-secret"
    user_admin="admin-secret"
    user_alice="alice-secret";
};

4、kafka_server_config.conf配置信息

sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
    username="admin" \
    password="admin-secret";
security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN

5、查看创建的topic

[root@opensource01 kafka_2.13-3.4.0]# bin/kafka-topics.sh --describe --topic enmotech  --bootstrap-server 192.168.3.138:9092 --command-config kafka_server_config.conf
Topic: enmotech    TopicId: ZXVFSBuUT7e_xYWKk4rV9A    PartitionCount: 5    ReplicationFactor: 3    Configs: segment.bytes=1073741824
    Topic: enmotech    Partition: 0    Leader: 3    Replicas: 3,1,2    Isr: 3,1,2
    Topic: enmotech    Partition: 1    Leader: 1    Replicas: 1,2,3    Isr: 3,1,2
    Topic: enmotech    Partition: 2    Leader: 2    Replicas: 2,3,1    Isr: 3,1,2
    Topic: enmotech    Partition: 3    Leader: 3    Replicas: 3,1,2    Isr: 3,1,2
    Topic: enmotech    Partition: 4    Leader: 1    Replicas: 1,2,3    Isr: 3,1,2

执行查看创建的topic命令时,指定kafka_server_config.conf配置文件,能够正常输出topic的信息,但是执行kafka-metadata-quorum.sh却出现Failed authentication 认证失败问题

PS: 如果不启动sasl_plaintext模式,执行kafka-metadata-quorum.sh命令时没有问题的,

[root@opensource02 bin]# ./kafka-metadata-quorum.sh  --bootstrap-server 192.168.3.139:9092  describe --replication
NodeId    LogEndOffset    Lag    LastFetchTimestamp    LastCaughtUpTimestamp    Status      
1         96191           0      1685433493877         1685433493877            Leader      
2         96191           0      1685433493482         1685433493482            Follower    
3         96191           0      1685433493474         1685433493474            Follower
发表于 2023-05-30
添加评论

该问题为kafka的产品bug,参考链接:https://issues.apache.org/jira/browse/KAFKA-14711

你的答案

查看kafka相关的其他问题或提一个您自己的问题