Docker kafka开启SASL权限认证设置方法

发表于 更新于 分类于 阅读次数:

Docker kafka开启SASL权限认证设置方法

第一步:停止kafka

1
bin/kafka-server-stop.sh

执行该命令会报错No kafka server to stop,修改bin/kafka-server-stop.sh脚本如下

1
2
- PIDS=$(ps ax | grep -i 'kafka\.Kafka' | grep java | grep -v grep | awk '{print $1}') 
+ PIDS=$(jps -lm | grep -i 'kafka.Kafka' | awk '{print $1}')

第二步:添加权限配置

1
vi kafka_server_jaas.conf

添加如下配置

1
2
3
4
5
6
7
KafkaServer {
  org.apache.kafka.common.security.plain.PlainLoginModule required
  username="test"
  password="test1234"
  user_admin="admin"
  user_alice="alice";
};
1
vi kafka_client_jaas.conf

添加如下配置

1
2
3
4
5
KafkaClient {
  org.apache.kafka.common.security.plain.PlainLoginModule required
  username="test"
  password="test1234";
};

更改server.properties配置文件

kafka配置SASL步骤

参考资料 :

https://blog.csdn.net/pandani/article/details/86714393

已记录的部分经手工验证

下述所有操作目录中 除特别说明的外均在/opt/kafka_2.12-2.3.0中进行

  1. ./config目录下添加kafka_client_jaas.conf /kafka_server_jaas.conf /kafka_zoo_jaas.conf 配置用户时 admin用户必须配置

    • kafka_client_jaas.conf内容如下
1
2
3
4
5
6
7
vi kafka_client_jaas.conf

KafkaClient {  
org.apache.kafka.common.security.plain.PlainLoginModule required  
    username="admin"  
    password="admin";  
};

kafka_server_jaas.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
vi kafka_server_jaas.conf

KafkaServer {
	org.apache.kafka.common.security.plain.PlainLoginModule required
		username="admin"
		password="admin"
		user_admin="admin"
		user_test="test#2018";
};
KafkaClient {
	org.apache.kafka.common.security.plain.PlainLoginModule required
		username="admin"
		password="admin";
};

Client {
	org.apache.kafka.common.security.plain.PlainLoginModule required
		username="admin"
		password="admin";
};

kafka_zoo_jaas.conf

1
2
3
4
5
6
7
8
vi kafka_zoo_jaas.conf

ZKServer{
	org.apache.kafka.common.security.plain.PlainLoginModule required
		username="admin"
		password="admin"
		user_admin="admin";
};

  1. 修改bin目录下的zookeeper-server-start.sh

    添加

    1
    export KAFKA_OPTS=" -Djava.security.auth.login.config=/opt/kafka_2.12-2.3.0/config/kafka_zoo_jaas.conf -Dzookeeper.sasl.serverconfig=ZKServer"

  1. 修改bin目录下kafka-server-start.sh

    添加

    1
    export KAFKA_OPTS=" -Djava.security.auth.login.config=/opt/kafka_2.12-2.3.0/config/kafka_server_jaas.conf"