梦中的真

0 声望

这家伙太懒,什么都没留下

个人动态

梦中的真 回复 梦中的真 kafka实战kerberos(笔记) 中 :
这个问题已经解决,分享一下 我原先是在/bin/zkServer.sh里添加了KAFKA_OPTS,后来在别的资料上看到有的配的名字是JVMFLAGS,改成JVMFLAGS后,重新启动就好了
6月前
梦中的真 回复 半兽人 kafka实战kerberos(笔记) 中 :
看到zookeeper日志有如下提示,cnxn.saslServer is null: cnxn object did not initialize its saslServer properly,不知道是不是需要对zookeeper做什么操作 ``` 2020-01-09 10:08:34,162 [myid:] - ERROR [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2182:ZooKeeperServer@968] - cnxn.saslServer is null: cnxn object did not initialize its saslServer properly. 2020-01-09 10:08:34,583 [myid:] - WARN [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2182:NIOServerCnxn@360] - caught end of stream exception EndOfStreamException: Unable to read additional data from client sessionid 0x16f880d50a70001, likely client has closed socket at org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:231) at org.apache.zookeeper.server.NIOServerCnxnFactory.run(NIOServerCnxnFactory.java:208) at java.lang.Thread.run(Thread.java:748) ```
6月前
梦中的真 回复 张小生 Kafka使用kerberos连接zookeeper时无法连接,帮忙看看,感谢! 中 :
谢谢,我看配置基本都一样,zookeeper报以下错误,cnxn.saslServer is null: cnxn object did not initialize its saslServer properly,不知道是不是需要对zookeeper做什么操作 2020-01-09 10:08:34,162 [myid:] - ERROR [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2182:ZooKeeperServer@968] - cnxn.saslServer is null: cnxn object did not initialize its saslServer properly. 2020-01-09 10:08:34,583 [myid:] - WARN [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2182:NIOServerCnxn@360] - caught end of stream exception EndOfStreamException: Unable to read additional data from client sessionid 0x16f880d50a70001, likely client has closed socket at org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:231) at org.apache.zookeeper.server.NIOServerCnxnFactory.run(NIOServerCnxnFactory.java:208) at java.lang.Thread.run(Thread.java:748)
6月前
梦中的真 回复 半兽人 kafka实战kerberos(笔记) 中 :
是的,应该是kafka连接zookeeper时认证出现问题,我看了kerberos的日志没有出现问题,用zkCii访问zookeeper也没有出现问题。现在可以看到有问题的日志就只有这两个了。配置已经仔细对了好多次,都从新搭建了两次,还是同样的问题,不知道是什么原因
6月前
张小生 回复 梦中的真 Kafka使用kerberos连接zookeeper时无法连接,帮忙看看,感谢! 中 :
已经解决了,由于时间较长,不记得如何解决的这个问题。大致告诉你一下开启zookeeper的kerberos的步骤: 1、修改conf/zookeeper.properties 添加如下内容: authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider jaasLoginRenew=3600000 2、新建zookeeper的认证配置文件 vi conf/zookeeper_server_jass.conf Server{ com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true useTicketCache=false keyTab="/etc/security/keytabs/zookeeper.keytab" principal="zookeeper/xxx@EXAMPLE.COM"; }; 3、修改启动脚本zookeeper-server-start.sh 添加如下内容: export KAFKA_OPTS="-Djava.security.krb5.conf=/etc/krb5.conf -Djava.security.auth.login.config=/DATA/kafka/config/zookeeper_jaas.conf" kafka的kerberos启动步骤如下: 1、修改配置文件vi conf/server.properties,添加或修改如下内容: host=xxx.xxx.xxx.xxx port=9092 listeners=SASL_PLAINTEXT://xxx.xxx.xxx.xxx:9092 security.inter.broker.protocol=SASL_PLAINTEXT sasl.mechanism.inter.broker.protocol=GSSAPI sasl.enabled.mechanisms=GSSAPI sasl.kerberos.service.name=kafka advertised.host=xxx.xxx.xxx.xxx advertised.port=9092 advertised.listeners=SASL_PLAINTEXT://xxx.xxx.xxx.xxx:9092 2、建立kafka的认证配置文件kafka_server_jaas.conf KafkaServer { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true keyTab="/etc/security/keytabs/krb.keytab" principal="kafka/xxxxxxxx@EXAMPLE.COM"; }; // Zookeeper client authentication Client { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true keyTab="/etc/security/keytabs/zookeeperclient.keytab" principal="zookeeperclient/xxxxxxxx@EXAMPLE.COM"; }; 3、修改启动脚本kafka-server-start.sh,添加如下内容: export KAFKA_OPTS="-Djava.security.krb5.conf=/etc/krb5.conf -Djava.security.auth.login.config=/DATA/kafka/config/kafka_server_jaas.conf" 祝你好运
6月前
赞了 半兽人 的评论 · 6月前

(゚∀゚ )
暂时没有任何数据