梦中的真
这家伙太懒,什么都没留下
这家伙太懒,什么都没留下
这个问题已经解决,分享一下
我原先是在/bin/zkServer.sh里添加了KAFKA_OPTS,后来在别的资料上看到有的配的名字是JVMFLAGS,改成JVMFLAGS后,重新启动就好了
看到zookeeper日志有如下提示,cnxn.saslServer is null: cnxn object did not initialize its saslServer properly,不知道是不是需要对zookeeper做什么操作
2020-01-09 10:08:34,162 [myid:] - ERROR [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2182:ZooKeeperServer@968] - cnxn.saslServer is null: cnxn object did not initialize its saslServer properly.
2020-01-09 10:08:34,583 [myid:] - WARN [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2182:NIOServerCnxn@360] - caught end of stream exception
EndOfStreamException: Unable to read additional data from client sessionid 0x16f880d50a70001, likely client has closed socket
at org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:231)
at org.apache.zookeeper.server.NIOServerCnxnFactory.run(NIOServerCnxnFactory.java:208)
at java.lang.Thread.run(Thread.java:748)
谢谢,我看配置基本都一样,zookeeper报以下错误,cnxn.saslServer is null: cnxn object did not initialize its saslServer properly,不知道是不是需要对zookeeper做什么操作
2020-01-09 10:08:34,162 [myid:] - ERROR [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2182:ZooKeeperServer@968] - cnxn.saslServer is null: cnxn object did not initialize its saslServer properly.
2020-01-09 10:08:34,583 [myid:] - WARN [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2182:NIOServerCnxn@360] - caught end of stream exception
EndOfStreamException: Unable to read additional data from client sessionid 0x16f880d50a70001, likely client has closed socket
at org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:231)
at org.apache.zookeeper.server.NIOServerCnxnFactory.run(NIOServerCnxnFactory.java:208)
at java.lang.Thread.run(Thread.java:748)
是的,应该是kafka连接zookeeper时认证出现问题,我看了kerberos的日志没有出现问题,用zkCii访问zookeeper也没有出现问题。现在可以看到有问题的日志就只有这两个了。配置已经仔细对了好多次,都从新搭建了两次,还是同样的问题,不知道是什么原因
已经解决了,由于时间较长,不记得如何解决的这个问题。大致告诉你一下开启zookeeper的kerberos的步骤:
1、修改conf/zookeeper.properties 添加如下内容:
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
jaasLoginRenew=3600000
2、新建zookeeper的认证配置文件 vi conf/zookeeper_server_jass.conf
Server{
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
useTicketCache=false
keyTab="/etc/security/keytabs/zookeeper.keytab"
principal="zookeeper/xxx@EXAMPLE.COM";
};
3、修改启动脚本zookeeper-server-start.sh 添加如下内容:
export KAFKA_OPTS="-Djava.security.krb5.conf=/etc/krb5.conf -Djava.security.auth.login.config=/DATA/kafka/config/zookeeper_jaas.conf"
kafka的kerberos启动步骤如下:
1、修改配置文件vi conf/server.properties,添加或修改如下内容:
host=xxx.xxx.xxx.xxx
port=9092
listeners=SASL_PLAINTEXT://xxx.xxx.xxx.xxx:9092
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=GSSAPI
sasl.enabled.mechanisms=GSSAPI
sasl.kerberos.service.name=kafka
advertised.host=xxx.xxx.xxx.xxx
advertised.port=9092
advertised.listeners=SASL_PLAINTEXT://xxx.xxx.xxx.xxx:9092
2、建立kafka的认证配置文件kafka_server_jaas.conf
KafkaServer {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="/etc/security/keytabs/krb.keytab"
principal="kafka/xxxxxxxx@EXAMPLE.COM";
};
// Zookeeper client authentication
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="/etc/security/keytabs/zookeeperclient.keytab"
principal="zookeeperclient/xxxxxxxx@EXAMPLE.COM";
};
3、修改启动脚本kafka-server-start.sh,添加如下内容:
export KAFKA_OPTS="-Djava.security.krb5.conf=/etc/krb5.conf -Djava.security.auth.login.config=/DATA/kafka/config/kafka_server_jaas.conf"
祝你好运
