使用以下属性启动Zookeeper,即zookeeper.properties
dataDir=/tmp/zookeepeeer
clientPort=2186
maxClientCnxns=0
auto.offset.reset=smallest
authProvider.1=org.apache.zookeeper.server.auth.DigestAuthenticationProvider
jaasLoginRenew=3600000
requireClientAuthScheme=sasl
zookeeper_jaas.conf
Server {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_admin="admin-secret";
};
Server.properties
group.initial.rebalance.delay.ms=0
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
listeners=SASL_PLAINTEXT://localhost:9092
security.inter.broker.protocol= SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=PLAIN
sasl.enabled.mechanisms=PLAIN
super.users=User:admin
zookeeper.set.acl=true
Kafka_server_jaaz.conf
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_admin="admin-secret";
};
错误如下
java.lang.SecurityException: zookeeper.set.acl is true, but the verification of the JAAS login file failed.
我已经尝试了以下解决方案但是它再次失败,并且在进行更改时会出现以下错误
kafka_server_jaaz.conf
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_admin="admin-secret";
};
Client {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret";
};
server.properties与上面相同
但它失败并出现以下错误:
[2018-02-23 10:16:04,459]错误无效的ACL(kafka.utils.ZKCheckedEphemeral)
[2018-02-23 10:16:04,459]错误无效的ACL(kafka.utils.ZKCheckedEphemeral)
[2018-02-23 10:16:04,460]致命[Kafka Server 0],KafkaServer期间发生致命错误
启动。准备关机(kafka.server.KafkaServer)
org.I0Itec.zkclient.exception.ZkException:
org.apache.zookeeper.KeeperException $ InvalidACLException:KeeperErrorCode = InvalidACL
答案 0 :(得分:0)
在Kafka中,您还需要配置将在连接Zookeeper时使用的SASL客户端。这是使用Kafka JAAS配置中的Client上下文完成的,例如
Client {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret";
};
如果需要,可以使用zookeeper.sasl.clientconfig系统属性更改上下文名称。