运行安全Kafka集群时无法生成broker.id

时间:2016-06-15 22:33:23

标签: apache-kafka

我正在尝试使用SASL(通过Kerberos)身份验证运行3台计算机的Kafka群集。第一个节点启动正常,并创建所有相关的Zookeeper节点(/ brokers,/ consumer等)。

但是,由于这些znode上的身份验证问题,没有其他代理可以成功启动。具体来说,我看到以下异常导致其他代理在启动时失败:

[2016-06-15 22:27:04,365] DEBUG Reading reply sessionid:0x355561ae10f0008, packet:: clientPath:null serverPath:null finished:false header:: 13,5 replyHeader:: 13,4294967436,-102 request:: '/brokers/seqid,,-1 response:: (org.apache.zookeeper.ClientCnxn) [2016-06-15 22:27:04,372] ERROR Failed to generate broker.id due to (kafka.server.KafkaServer) org.I0Itec.zkclient.exception.ZkException: org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /brokers/seqid at org.I0Itec.zkclient.exception.ZkException.create(ZkException.java:68) at org.I0Itec.zkclient.ZkClient.retryUntilConnected(ZkClient.java:1000) at org.I0Itec.zkclient.ZkClient.writeDataReturnStat(ZkClient.java:1147) at kafka.utils.ZkUtils.getSequenceId(ZkUtils.scala:799) at kafka.utils.ZkUtils.getBrokerSequenceId(ZkUtils.scala:214) at kafka.server.KafkaServer.generateBrokerId(KafkaServer.scala:677) at kafka.server.KafkaServer.getBrokerId(KafkaServer.scala:653) at kafka.server.KafkaServer.startup(KafkaServer.scala:187) at kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:37) at kafka.Kafka$.main(Kafka.scala:67) at kafka.Kafka.main(Kafka.scala) Caused by: org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /brokers/seqid at org.apache.zookeeper.KeeperException.create(KeeperException.java:113) at org.apache.zookeeper.KeeperException.create(KeeperException.java:51) at org.apache.zookeeper.ZooKeeper.setData(ZooKeeper.java:1270) at org.I0Itec.zkclient.ZkConnection.writeDataReturnStat(ZkConnection.java:138) at org.I0Itec.zkclient.ZkClient$13.call(ZkClient.java:1151) at org.I0Itec.zkclient.ZkClient.retryUntilConnected(ZkClient.java:990) ... 9 more

我可以在日志中看到这些经纪人对kerberos进行身份验证。

如果我获得了/brokers/seqid的acl,它对成功运行的一个kafka代理只有cdrwa个权限: getAcl /brokers/seqid 'world,'anyone : r 'sasl,'kafka_stage/running.kafka.node@REALM : cdrwa

我确定我配置了一些错误的东西,但是我搜索了一些有同样问题并且做得很短的人。任何帮助将不胜感激。

1 个答案:

答案 0 :(得分:0)

Welp,事实证明他们在documentation - It is necessary to have the same principal name across all brokers.

中提到了它
相关问题
最新问题