Kafka
安全认证配置 SASL
常规配置(kafka和zk)
kafka server配置
#进入kafka的配置目录config
cd /mnt/data/kafka/config
#新建配置文件
touch kafka_server.jaas.conf
vim kafka_server.jaas.conf
#注意password后边有;
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_admin="admin-secret";
};
KafkaClient {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret";
};
Client {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret";
};
修改server.properties
vim server.properties
# 允许外部端口连接
listeners=SASL_PLAINTEXT://0.0.0.0:9092
# 外部代理地址 外网地址
advertised.listeners=SASL_PLAINTEXT://101.xx.xx.xx:29092
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.enabled.mechanisms=PLAIN
sasl.mechanism.inter.broker.protocol=PLAIN
# Add acl
allow.everyone.if.no.acl.found=true
auto.create.topics.enable=true
delete.topic.enable=true
advertised.host.name=dn1
super.users=User:admin
# Add class
#authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
#kafka3.0之后版本弃用了SimpleAclAuthorizer验证,改为
authorizer.class.name=kafka.security.authorizer.AclAuthorizer
修改kafka/bin
进入kafka的bin目录bin:
vim kafka-server-start.sh
export KAFKA_OPTS="-Djava.security.auth.login.config=file:$base_dir/../config/kafka_server_jaas.conf"
配置zookeeper
kafka_zoo.jaas.conf
touch kafka_zoo.jaas.conf
vim kafka_zoo.jaas.conf
ZKServer{
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_kafka="admin-secret";
};
修改zookeeper-server-start.sh
export KAFKA_OPTS="-Djava.security.auth.login.config=file:$base_dir/../config/kafka_zoo_jaas.conf -Dzookeeper.allowSaslFailedClients=false"
如果需要使用kafka自带客户端 需要配置
kafka client配置 kafka/config目录
touch kafka_client.jaas.conf
vim kafka_client.jaas.conf
Client {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_kafka="admin-secret";
};
修改producer.properties
vim producer.properties
security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
修改consumer.properties
vim consumer.properties
security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
新增consumer-group-ssl.properties
security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="账号" password="密码";
修改启动脚本 kafka/bin目录
vim kafka-console-producer.sh
export KAFKA_OPTS="-Djava.security.auth.login.config=file:$base_dir/../config/kafka_client_jaas.conf"
vim kafka-console-consumer.sh
export KAFKA_OPTS="-Djava.security.auth.login.config=file:$base_dir/../config/kafka_client_jaas.conf"
kafka-java配置
1.properties配置
properties.put(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, "SASL_PLAINTEXT");
properties.put(SaslConfigs.SASL_MECHANISM,"PLAIN");
properties.put(SaslConfigs.SASL_JAAS_CONFIG,"org.apache.kafka.common.security.plain.PlainLoginModule required username=\"admin\" password=\"admin_secret\";");
kafka脚本
windows
#kafka\bin\windows目录
.\zookeeper-server-start.bat ..\..\config\zookeeper.properties
.\kafka-server-start.bat ..\..\config\server.properties
linux
#kafka/bin目录
#启动zookeeper
./zookeeper-server-start.sh -daemon /mnt/data/kafka/config/zookeeper.properties
#启动kafka
./kafka-server-start.sh -daemon /mnt/data/kafka/config/server.properties
#启动eagle
./ke.sh start
#查询topic信息
./kafka-topics.sh --describe --zookeeper localhost:2181 --topic member_modify_model
#查询topic内容
./kafka-console-consumer.sh --bootstrap-server localhost:9092 --topic member_modify_model --from-beginning
查看指定的消费者
./kafka-consumer-groups.sh --bootstrap-server 192.168.0.75:9092 --command-config config/consumer-group-ssl.properties --group PROVINCE_KAFKA_GROUP --describe
查看所有的消费者组
./kafka-consumer-groups.sh --bootstrap-server 192.168.31.253:9092 --all-groups --describe
查看指定组里的成员
./kafka-consumer-groups.sh --bootstrap-server 192.168.31.253:9092 --group CountryCounter --describe --members
查看有那些 group ID 正在进行消费:
./kafka-consumer-groups.sh --new-consumer --bootstrap-server 192.168.75.128:9092 --list
查看指定group.id 的消费者消费情况
./kafka-consumer-groups.sh --bootstrap-server 192.168.0.75:9092 --command-config config/consumer-group-ssl.properties --group PROVINCE_KAFKA_GROUP --describe
删除消费者组的偏移量
./kafka-consumer-groups.sh --bootstrap-server 192.168.31.253:9092 --delete-offsets --group CountryCounter --topic t1