kafka3.4.0单机环境搭建(请替换{CONFIG_PATH}为真实路径)
一.SASL_TEXTPLAIN认证模式
1.创建kafka_server_jaas.conf
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_admin="admin-secret" //这里的用户和密码必须和上面配置的username、password一致
user_alice="alice-secret";
};
2.配置server.properties,在文件最后追加如下参数
listeners=SASL_PLAINTEXT://localhost:9092
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=PLAIN
sasl.enabled.mechanisms=PLAIN
3.创建client_kafka.properties
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
username="alice" \
password="alice-secret";
security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
4.修改kafka启动脚本kafka-server-start.sh
export KAFKA_OPTS="-Djava.security.auth.login.config={CONFIG_PATH}/kafka_server_jaas.conf"
此处配置的用户名和密码要和kafka_server_jaas.conf保持一致
5.启动环境验证
-
启动zookeeper
bin/zookeeper-server-start.sh zookeeper.properties
-
启动kafka
bin/kafka-server-start.sh {CONFIG_PATH}/server.properties
-
测试生产和消费
bin/kafka-topics.sh --bootstrap-server=localhost:9092 --create --topic test --command-config {CONFIG_PATH}/client_kafka.properties bin/kafka-console-producer.sh --topic test --bootstrap-server localhost:9092 --producer.config {CONFIG_PATH}/client_kafka.properties bin/kafka-console-consumer.sh --topic test --from-beginning --bootstrap-server localhost:9092 --consumer.config {CONFIG_PATH}/client_kafka.properties
一.SASL_SCRAM ACL认证模式
1.创建用户
bin/kafka-configs.sh --zookeeper localhost:2181 --alter --add-config 'SCRAM-SHA-256=[iterations=8192,password=alice-secret],SCRAM-SHA-512=[pass
word=alice-secret]' --entity-type users --entity-name alice
bin/kafka-configs.sh --zookeeper localhost:2181 --alter --add-config 'SCRAM-SHA-256=[password=admin-secret],SCRAM-SHA-512=[password=admin-secre
t]' --entity-type users --entity-name admin
2.查看用户
bin/kafka-configs.sh --zookeeper localhost:2181 --describe --entity-type users --entity-name alice
bin/kafka-configs.sh --zookeeper localhost:2181 --describe --entity-type users --entity-name admin
3.创建kafka_server_jaas.conf
KafkaServer {
org.apache.kafka.common.security.scram.ScramLoginModule required
username="admin"
password="admin-secret";
};
4.修改kafka启动脚本kafka-server-start.sh
export KAFKA_OPTS="-Djava.security.auth.login.config={CONFIG_PATH}/kafka_server_jaas.conf"
5.配置server.properties,在文件最后追加如下参数
listeners=SASL_PLAINTEXT://localhost:9092
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=SCRAM-SHA-512
sasl.enabled.mechanisms=SCRAM-SHA-512
authorizer.class.name=kafka.security.authorizer.AclAuthorizer
super.users=User:admin;User:alice
6.创建client_kafka.properties
sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required \
username="alice" \
password="alice-secret";
security.protocol=SASL_PLAINTEXT
sasl.mechanism=SCRAM-SHA-512
7.启动环境验证
-
启动zookeeper
bin/zookeeper-server-start.sh zookeeper.properties
-
启动kafka
bin/kafka-server-start.sh {CONFIG_PATH}/server.properties
-
管理员测试生产和消费
bin/kafka-topics.sh --bootstrap-server=localhost:9092 --create --topic test --command-config {CONFIG_PATH}/client_kafka.properties bin/kafka-console-producer.sh --topic test --bootstrap-server localhost:9092 --producer.config {CONFIG_PATH}/client_kafka.properties bin/kafka-console-consumer.sh --topic test --from-beginning --bootstrap-server localhost:9092 --consumer.config {CONFIG_PATH}/client_kafka.properties
-
普通用户测试消费
-
创建普通用户
bin/kafka-configs.sh --zookeeper localhost:2181 --alter --add-config 'SCRAM-SHA-256=[iterations=8192,password=test123456],SCRAM-SHA-512=[password=test123456]' --entity-type users --entity-name test
-
授权
bin/kafka-acls.sh --bootstrap-server localhost:9092 --add --allow-principal User:test --allow-host 127.0.0.1 --operation Read --operation Write --topic test --command-config={CONFIG_PATH}/client_kafka.properties bin/kafka-acls.sh --bootstrap-server localhost:9092 --add --allow-principal User:test --allow-host 127.0.0.1 --operation All --group test --command-config={CONFIG_PATH}/client_kafka.properties ```
-
创建client_kafka_test.properties
sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required \ username="test" \ password="test123456"; security.protocol=SASL_PLAINTEXT sasl.mechanism=SCRAM-SHA-512
-
测试消费
bin/kafka-console-consumer.sh --topic test --from-beginning --bootstrap-server localhost:9092 --consumer.config {CONFIG_PATH}/client_kafka_test.properties
-