docker部署kafka集群开启SCRAM报错

& 发表于: 2025-10-11   最后更新时间: 2025-10-13 09:23:44   75 游览

docker部署kafka集群开启SCRAM后连接zookeeper报错

这个是kafka里面报错

docker部署kafka集群开启SCRAM后连接zookeeper报错

我一开始以为是我没有配置client,后面看了下jaas文件配置了。

我的jass文件

KafkaServer {
   org.apache.kafka.common.security.scram.ScramLoginModule required
   username="admin"
   password="admin-secret";
};

Client {
   org.apache.zookeeper.server.auth.DigestLoginModule required
   username="admin"
   password="admin-secret";
};

还是说我少开了什么配置,第一次搞SCRAM,不太清楚里面关系。希望大佬们指点一下。

我的docker-compose.yml配置

version: '3.8'

services:
  zookeeper:
    image: confluentinc/cp-zookeeper:7.6.1
    container_name: zookeeper
    environment:
      ZOOKEEPER_CLIENT_PORT: 2181
      ZOOKEEPER_TICK_TIME: 2000
    ports:
      - "2181:2181"

  kafka:
    image: confluentinc/cp-kafka:7.6.1
    container_name: kafka
    depends_on:
      - zookeeper
    ports:
      - "9092:9092"
      - "9093:9093"
    environment:
      KAFKA_BROKER_ID: 1
      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,SASL_PLAINTEXT:SASL_PLAINTEXT
      KAFKA_LISTENERS: PLAINTEXT://0.0.0.0:9092,SASL_PLAINTEXT://0.0.0.0:9093
      KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://localhost:9092,SASL_PLAINTEXT://localhost:9093
      KAFKA_INTER_BROKER_LISTENER_NAME: SASL_PLAINTEXT
      KAFKA_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512
      KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: SCRAM-SHA-512
      KAFKA_OPTS: "-Djava.security.auth.login.config=/etc/kafka/jaas/kafka_server_jaas.conf"
      KAFKA_SASL_ZOOKEEPER_ENABLED: "false"
    volumes:
      - ./kafka_jaas:/etc/kafka/jaas
kafka docker
发表于 2025-10-11
&
¥5.0

你的KAFKA_SASL_ZOOKEEPER_ENABLED:false没有生效,依然需要zk认证才能生效,但是我并没有找到相关的配置,所以在zk上添加认证,如下:

version: '3.8'

services:
  zookeeper:
    image: confluentinc/cp-zookeeper:7.6.1
    hostname: zookeeper
    container_name: zookeeper
    environment:
      ZOOKEEPER_CLIENT_PORT: 2181
      ZOOKEEPER_TICK_TIME: 2000
      ZOOKEEPER_MAXCLIENTCNXNS: 0
      ZOOKEEPER_AUTHPROVIDER.1: org.apache.zookeeper.server.auth.SASLAuthenticationProvider
      ZOOKEEPER_REQUIRECLIENTAUTHSCHEME: sasl
      ZOOKEEPER_JAASLOGINRENEW: 3600000
      KAFKA_OPTS: -Djava.security.auth.login.config=/etc/kafka/jaas/zk_server_jaas.conf
    ports:
      - "2181:2181"
    volumes:
      - ./zoo_jaas:/etc/kafka/jaas
  kafka:
    image: confluentinc/cp-kafka:7.6.1
    hostname: broker
    container_name: kafka
    depends_on:
      - zookeeper
    ports:
      - "9092:9092"
      - "9093:9093"
    environment:
      KAFKA_BROKER_ID: 1
      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
      KAFKA_LISTENERS: PLAINTEXT://0.0.0.0:9092,SASL_PLAINTEXT://0.0.0.0:9093
      KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://broker:9092,SASL_PLAINTEXT://broker:9093
      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,SASL_PLAINTEXT:SASL_PLAINTEXT
      KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT
      KAFKA_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512
      KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: SCRAM-SHA-512
      KAFKA_OPTS: "-Djava.security.auth.login.config=/etc/kafka/jaas/kafka_server_jaas.conf"
    volumes:
      - ./kafka_jaas:/etc/kafka/jaas

zoo_jaas/zk_server_jaas.conf

Server {
    org.apache.zookeeper.server.auth.DigestLoginModule required
    user_admin="admin-secret";
};

kafka_jaas/kafka_server_jaas.conf

KafkaServer {
    org.apache.kafka.common.security.plain.PlainLoginModule required
    username="admin"
    password="admin-secret"
    user_admin="admin-secret"
    user_alice="alice-secret";
};

Client {
    org.apache.zookeeper.server.auth.DigestLoginModule required
    username="admin"
    password="admin-secret";
};

测试命令:

telnet localhost 9092
telnet localhost 9093

你可以对比一下,我已经运行成功。

回复
回答于 3天前
半兽人
& -> 半兽人 2天前

谢谢大佬,我起来了

0 0 回复
你的答案

查看kafka相关的其他问题或提一个您自己的问题
提问

找不到想要的答案?提一个您自己的问题。