Kafka动态授权+ACL认证,出现了报错。Authentication failed during authentication due to invalid credentials with SASL mechanism SCRAM-SHA-512

谁能凭爱意将富士山私有丶 发表于: 2024-11-14   最后更新时间: 2024-11-19 17:03:34   129 游览

提问说明

我使用traft协议安装kafka3.8.1版本的集群。在搭建的过程中,我将broker和controller分开部署,可以正常启动并且授权,当我将broker和controller合在一起的时候,出现报错。
server.properties

log.dirs=/portal/data/kafka
process.roles=broker,controller
node.id=1
controller.quorum.voters=1@192.168.1.41:9093,2@192.168.1.42:9093,3@192.168.1.43:9093
listeners=CONTROLLER://:9093,CLIENT://:9092,BROKER://:9091
advertised.listeners=CLIENT://192.168.1.41:9092,BROKER://192.168.1.41:9091
inter.broker.listener.name=BROKER
controller.listener.names=CONTROLLER

# 监听器安全协议映射
listener.security.protocol.map=CLIENT:SASL_PLAINTEXT,BROKER:SASL_PLAINTEXT,CONTROLLER:SASL_PLAINTEXT

# 添加 SCRAM 认证机制
sasl.enabled.mechanisms=SCRAM-SHA-512

# 设置集群内通信的认证机制
inter.broker.listener.name=BROKER
sasl.mechanism.inter.broker.protocol=SCRAM-SHA-512

sasl.mechanism.controller.protocol=SCRAM-SHA-512

# 仅在 broker 上启用授权器
authorizer.class.name=org.apache.kafka.metadata.authorizer.StandardAuthorizer

allow.everyone.if.no.acl.found=true

# 超级用户配置
super.users=User:admin,User:kafkaadmin12345

这是我的jass配置 broker-jaas

KafkaServer {
    org.apache.kafka.common.security.scram.ScramLoginModule required username="kafkaadmin12345" password="kafkaadmin12345" serviceName="kafka";
};

我在创建和格式化的同时添加了账户

bin/kafka-storage.sh format -t Mu_PwVjLQGGYBcE_EjCfmA -c config/kraft/server.properties \
  --add-scram 'SCRAM-SHA-256=[name="kafkaadmin12345",password="kafkaadmin12345"]'

执行查看用户命令如下

[root@master kraft]# /portal/kafka-3.8.1/bin/kafka-configs.sh --bootstrap-server 192.168.1.41:9092 --describe --entity-type users

SCRAM credential configs for user-principal 'kafkaadmin12345' are SCRAM-SHA-256=iterations=4096

报错如下:

[2024-11-14 15:55:10,749] INFO [MetadataLoader id=3] initializeNewPublishers: the loader is still catching up because we still don't know the high water mark yet. (org.apache.kafka.image.loader.MetadataLoader)
[2024-11-14 15:55:10,764] ERROR [kafka-3-raft-outbound-request-thread]: Failed to send the following request due to authentication error: ClientRequest(expectResponse=true, callback=org.apache.kafka.raft.KafkaNetworkChannel$$Lambda$614/0x00000001004ba840@11ef81f9, destination=1, correlationId=377, clientId=raft-client-3, createdTimeMs=1731570910742, requestBuilder=VoteRequestData(clusterId='0C-YfIwtSIKjLDSoEIMhpw', topics=[TopicData(topicName='__cluster_metadata', partitions=[PartitionData(partitionIndex=0, candidateEpoch=305, candidateId=3, lastOffsetEpoch=65, lastOffset=774)])])) (org.apache.kafka.raft.KafkaNetworkChannel$SendThread)
[2024-11-14 15:55:10,764] ERROR Request OutboundRequest(correlationId=377, data=VoteRequestData(clusterId='0C-YfIwtSIKjLDSoEIMhpw', topics=[TopicData(topicName='__cluster_metadata', partitions=[PartitionData(partitionIndex=0, candidateEpoch=305, candidateId=3, lastOffsetEpoch=65, lastOffset=774)])]), createdTimeMs=1731570910742, destination=192.168.1.41:9093 (id: 1 rack: null)) failed due to authentication error (org.apache.kafka.raft.KafkaNetworkChannel)
org.apache.kafka.common.errors.SaslAuthenticationException: Authentication failed during authentication due to invalid credentials with SASL mechanism SCRAM-SHA-512
[2024-11-14 15:55:10,765] ERROR [RaftManager id=3] Unexpected error NETWORK_EXCEPTION in VOTE response: InboundResponse(correlationId=377, data=VoteResponseData(errorCode=13, topics=[]), source=192.168.1.41:9093 (id: 1 rack: null)) (org.apache.kafka.raft.KafkaRaftClient)
[2024-11-14 15:55:10,786] ERROR [kafka-3-raft-outbound-request-thread]: Failed to send the following request due to authentication error: ClientRequest(expectResponse=true, callback=org.apache.kafka.raft.KafkaNetworkChannel$$Lambda$614/0x00000001004ba840@4d7d7d0d, destination=2, correlationId=378, clientId=raft-client-3, createdTimeMs=1731570910763, requestBuilder=VoteRequestData(clusterId='0C-YfIwtSIKjLDSoEIMhpw', topics=[TopicData(topicName='__cluster_metadata', partitions=[PartitionData(partitionIndex=0, candidateEpoch=305, candidateId=3, lastOffsetEpoch=65, lastOffset=774)])])) (org.apache.kafka.raft.KafkaNetworkChannel$SendThread)
[2024-11-14 15:55:10,786] ERROR Request OutboundRequest(correlationId=378, data=VoteRequestData(clusterId='0C-YfIwtSIKjLDSoEIMhpw', topics=[TopicData(topicName='__cluster_metadata', partitions=[PartitionData(partitionIndex=0, candidateEpoch=305, candidateId=3, lastOffsetEpoch=65, lastOffset=774)])]), createdTimeMs=1731570910763, destination=192.168.1.42:9093 (id: 2 rack: null)) failed due to authentication error (org.apache.kafka.raft.KafkaNetworkChannel)
org.apache.kafka.common.errors.SaslAuthenticationException: Authentication failed during authentication due to invalid credentials with SASL mechanism SCRAM-SHA-512
[2024-11-14 15:55:10,786] ERROR [RaftManager id=3] Unexpected error NETWORK_EXCEPTION in VOTE response: InboundResponse(correlationId=378, data=VoteResponseData(errorCode=13, topics=[]), source=192.168.1.42:9093 (id: 2 rack: null)) (org.apache.kafka.raft.KafkaRaftClient)
[2024-11-14 15:55:10,806] ERROR [kafka-3-raft-outbound-request-thread]: Failed to send the following request due to authentication error: ClientRequest(expectResponse=true, callback=org.apache.kafka.raft.KafkaNetworkChannel$$Lambda$614/0x00000001004ba840@9d86d20, destination=1, correlationId=379, clientId=raft-client-3, createdTimeMs=1731570910785, requestBuilder=VoteRequestData(clusterId='0C-YfIwtSIKjLDSoEIMhpw', topics=[TopicData(topicName='__cluster_metadata', partitions=[PartitionData(partitionIndex=0, candidateEpoch=305, candidateId=3, lastOffsetEpoch=65, lastOffset=774)])])) (org.apache.kafka.raft.KafkaNetworkChannel$SendThread)
[2024-11-14 15:55:10,806] ERROR Request OutboundRequest(correlationId=379, data=VoteRequestData(clusterId='0C-YfIwtSIKjLDSoEIMhpw', topics=[TopicData(topicName='__cluster_metadata', partitions=[PartitionData(partitionIndex=0, candidateEpoch=305, candidateId=3, lastOffsetEpoch=65, lastOffset=774)])]), createdTimeMs=1731570910785, destination=192.168.1.41:9093 (id: 1 rack: null)) failed due to authentication error (org.apache.kafka.raft.KafkaNetworkChannel)
org.apache.kafka.common.errors.SaslAuthenticationException: Authentication failed during authentication due to invalid credentials with SASL mechanism SCRAM-SHA-512
[2024-11-14 15:55:10,807] ERROR [RaftManager id=3] Unexpected error NETWORK_EXCEPTION in VOTE response: InboundResponse(correlationId=379, data=VoteResponseData(errorCode=13, topics=[]), source=192.168.1.41:9093 (id: 1 rack: null)) (org.apache.kafka.raft.KafkaRaftClient)
[2024-11-14 15:55:10,816] INFO [RaftManager id=3] Election has timed out, backing off for 1000ms before becoming a candidate again (org.apache.kafka.raft.KafkaRaftClient)
[2024-11-14 15:55:10,849] INFO [MetadataLoader id=3] initializeNewPublishers: the loader is still catching up because we still don't know the high water mark yet. (org.apache.kafka.image.loader.MetadataLoader)
[2024-11-14 15:55:10,950] INFO [MetadataLoader id=3] initializeNewPublishers: the loader is still catching up because we still don't know the high water mark yet. (org.apache.kafka.image.loader.MetadataLoader)
[2024-11-14 15:55:10,971] INFO [SocketServer listenerType=CONTROLLER, nodeId=3] Failed authentication with /192.168.1.41 (channelId=192.168.1.43:9093-192.168.1.41:45188-16) (Authentication failed during authentication due to invalid credentials with SASL mechanism SCRAM-SHA-512) (org.apache.kafka.common.network.Selector)
[2024-11-14 15:55:11,036] ERROR [kafka-3-raft-outbound-request-thread]: Failed to send the following request due to authentication error: ClientRequest(expectResponse=true, callback=org.apache.kafka.raft.KafkaNetworkChannel$$Lambda$614/0x00000001004ba840@185757c5, destination=2, correlationId=380, clientId=raft-client-3, createdTimeMs=1731570910806, requestBuilder=VoteRequestData(clusterId='0C-YfIwtSIKjLDSoEIMhpw', topics=[TopicData(topicName='__cluster_metadata', partitions=[PartitionData(partitionIndex=0, candidateEpoch=305, candidateId=3, lastOffsetEpoch=65, lastOffset=774)])])) (org.apache.kafka.raft.KafkaNetworkChannel$SendThread)
[2024-11-14 15:55:11,037] ERROR Request OutboundRequest(correlationId=380, data=VoteRequestData(clusterId='0C-YfIwtSIKjLDSoEIMhpw', topics=[TopicData(topicName='__cluster_metadata', partitions=[PartitionData(partitionIndex=0, candidateEpoch=305, candidateId=3, lastOffsetEpoch=65, lastOffset=774)])]), createdTimeMs=1731570910806, destination=192.168.1.42:9093 (id: 2 rack: null)) failed due to authentication error (org.apache.kafka.raft.KafkaNetworkChannel)
org.apache.kafka.common.errors.SaslAuthenticationException: Authentication failed during authentication due to invalid credentials with SASL mechanism SCRAM-SHA-512
[2024-11-14 15:55:11,037] ERROR [RaftManager id=3] Unexpected error NETWORK_EXCEPTION in VOTE response: InboundResponse(correlationId=380, data=VoteResponseData(errorCode=13, topics=[]), source=192.168.1.42:9093 (id: 2 rack: null)) (org.apache.kafka.raft.KafkaRaftClient)
添加评论
你的答案

查看kafka相关的其他问题或提一个您自己的问题