kafka的权限管理之ACL权限控制
1.broker acl configuration
2.producer acl write
3.consumer acl read
4.programming acl (consumer & producer)
一、配置 broker sasl(acl) configuration
1.1 分别复制server.properties为sasl-server.properties,修改sasl-server.properties增加如下配置
advertised.listeners=PLAINTEXT://120.26.198.248:9092,SASL_PLAINTEXT://120.26.198.248:9093
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
security.inter.broker.protocol= SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=PLAIN
sasl.enabled.mechanisms=PLAIN
super.users=User:admin
1.2分别在config下创建文件kafka_cluster_jaas.conf
配置如下
kafkaServer{
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin"
user_admin="admin"
user_reader="reader"
user_writer="writer";
};
1.3分别修改启动脚本
bin/kafka-server-start.sh
exec $base_dir/kafka-run-class.sh $EXTRA_ARGS -Djava.security.auth.login.config=/usr/local/kafka/kafka_2.11-0.11.0.1/config/kafka_cl
uster_jaas.conf kafka.Kafka "$@"
1.4启动kafka服务
[root@iZbp1c8mn5lner8nhvreblZ kafka_2.11-0.11.0.1]# bin/kafka-server-start.sh -daemon config/sasl-server.properties
二、kafka ACL命令
2.1 查看topic的权限信息
[root@iZbp14ouog5ocoeakj39prZ kafka_2.11-0.11.0.1]# bin/kafka-acls.sh --list --authorizer-properties zookeeper.connect=10.174.32.122:2181,10.117.15.224:2181,10.168.96.248:9092
[2018-08-29 11:32:52,490] WARN Client session timed out, have not heard from server in 2011ms for sessionid 0x0 (org.apache.z