大神,我新搭建一套kafka集群,zookeeper是单部署三节点,想使用SASL / SCRAM,配置如下:
broker server.properties:
listeners=SASL_PLAINTEXT://10.5.5.16:9093
advertised.listeners=SASL_PLAINTEXT://10.5.5.16:9093
###################### SASL #########################
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=SCRAM-SHA-256
sasl.enabled.mechanisms=SCRAM-SHA-256
###################### ACL #########################
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
super.users=User:kafka
allow.everyone.if.no.acl.found=false
kafka_server_jaas.conf
KafkaServer {
org.apache.kafka.common.security.scram.ScramLoginModule required
username="kafka"
password="bigdatakafka";
};
KafkaClient {
org.apache.kafka.common.security.scram.ScramLoginModule required
username="kafka"
password="bigdatakafka";
};
kafka启动脚本也加了 export KAFKA_OPTS="-Djava.security.auth.login.config=jaas.conf"
kafka可以正常启动,但是日志里面报错如下:
[2020-02-27 19:32:36,818] WARN SASL configuration failed: javax.security.auth.login.LoginException: No JAAS configuration section named 'Client' was found in specified JAAS configuration file: '/opt/bigdata/queue/kafka/config/kafka_server_jaas.conf'. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)
[2020-02-27 19:32:36,819] INFO Opening socket connection to server nfi5-sr.com/10.5.5.9:2181 (org.apache.zookeeper.ClientCnxn)
[2020-02-27 19:32:36,821] ERROR [ZooKeeperClient] Auth failed. (kafka.zookeeper.ZooKeeperClient)
我要是在jaas.conf文件中加上
KafkaClient {
org.apache.kafka.common.security.scram.ScramLoginModule required
username="kafka"
password="bigdatakafka";
};
kafka节点会shutdown:
[2020-02-27 19:50:25,444] INFO [ZooKeeperClient] Connected. (kafka.zookeeper.ZooKeeperClient)
[2020-02-27 19:50:25,446] ERROR SASL authentication failed using login context 'Client' with exception: {} (org.apache.zookeeper.client.ZooKeeperSaslClient)
javax.security.sasl.SaslException: Error in authenticating with a Zookeeper Quorum member: the quorum member's saslToken is null.
at org.apache.zookeeper.client.ZooKeeperSaslClient.createSaslToken(ZooKeeperSaslClient.java:279)
at org.apache.zookeeper.client.ZooKeeperSaslClient.respondToServer(ZooKeeperSaslClient.java:242)
at org.apache.zookeeper.ClientCnxn$SendThread.readResponse(ClientCnxn.java:805)
at org.apache.zookeeper.ClientCnxnSocketNIO.doIO(ClientCnxnSocketNIO.java:94)
at org.apache.zookeeper.ClientCnxnSocketNIO.doTransport(ClientCnxnSocketNIO.java:366)
at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1145)
[2020-02-27 19:50:25,450] ERROR [ZooKeeperClient] Auth failed. (kafka.zookeeper.ZooKeeperClient)
[2020-02-27 19:50:25,494] ERROR Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)
org.apache.zookeeper.KeeperException$AuthFailedException: KeeperErrorCode = AuthFailed for /kafka-product
at org.apache.zookeeper.KeeperException.create(KeeperException.java:126)
at org.apache.zookeeper.KeeperException.create(KeeperException.java:54)
at kafka.zookeeper.AsyncResponse.maybeThrow(ZooKeeperClient.scala:544)
at kafka.zk.KafkaZkClient.createRecursive(KafkaZkClient.scala:1610)
at kafka.zk.KafkaZkClient.makeSurePersistentPathExists(KafkaZkClient.scala:1532)
at kafka.server.KafkaServer$$anonfun$initZkClient$2.apply(KafkaServer.scala:380)
at kafka.server.KafkaServer$$anonfun$initZkClient$2.apply(KafkaServer.scala:377)
at scala.Option.foreach(Option.scala:257)
at kafka.server.KafkaServer.initZkClient(KafkaServer.scala:377)
at kafka.server.KafkaServer.startup(KafkaServer.scala:205)
at kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:38)
at kafka.Kafka$.main(Kafka.scala:75)
at kafka.Kafka.main(Kafka.scala)
[2020-02-27 19:50:25,495] INFO shutting down (kafka.server.KafkaServer)
想请问我这样配置SASL / SCRAM认证是否有什么问题呢?怎么就是不成功呢?
对比下配置吧:
https://www.orchome.com/1966
您好,kafka broker之间的通信证书是需要broker和zookeeper都不能启动状态下创建么?创建完成后,集群如果添加节点的话,配置同集群节点一样启动后新节点就可以加入集群了么?
我也和你同样的问题,不知道你解决了吗
你的答案