启动zookeeper
./zookeeper-server-start.sh ../config/zookeeper.properties
config文件夹新建文件 kafka_server_jaas.conf
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin"
user_admin="admin"
user_read="read";
};
修改kafka-server-start.sh在最前面添加
export KAFKA_OPTS=" -Djava.security.auth.login.config=/kafka/config/kafka_server_jaas.conf"
修改server.properties添加
listeners=SASL_PLAINTEXT://192.168.186.138:9092
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=PLAIN
sasl.enabled.mechanisms=PLAIN
allow.everyone.if.no.acl.found=false
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
allow.everyone.if.no.acl.found=true
auto.create.topics.enable=false
delete.topic.enable=true
super.users=User:admin
启动服务
./kafka-server-start.sh ../config/server.properties
启动时警告和报错,但是没关系,因为zookeeper没设置权限,这是正常的
WARN SASL configuration failed: javax.security.auth.login.LoginException: No JAAS configuration section named 'Client' was found in specified JAAS configuration file: '/home/muc/Downloads/kafka/config/kafka_server_jaas.conf'. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)
[2020-03-30 19:52:10,580] INFO Opening socket connection to server localhost/0:0:0:0:0:0:0:1:2181 (org.apache.zookeeper.ClientCnxn)
[2020-03-30 19:52:10,591] INFO [ZooKeeperClient Kafka server] Waiting until connected. (kafka.zookeeper.ZooKeeperClient)
[2020-03-30 19:52:10,598] ERROR [ZooKeeperClient Kafka server] Auth failed. (kafka.zookeeper.ZooKeeperClient)
新建topic
./kafka-topics.sh --create --zookeeper localhost:2181 --replication-factor 1 --partitions 1 --topic test1
给read增加读权限
./kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:read --operation Read --topic test1
查看权限
./kafka-acls.sh --list --authorizer-properties zookeeper.connect=localhost:2181
python脚本示例
kafka_consumer.py
from kafka import KafkaConsumer
consumer = KafkaConsumer('test1',bootstrap_servers=['192.168.186.138:9092'],sasl_mechanism="PLAIN",security_protocol='SASL_PLAINTEXT',sasl_plain_username="read",sasl_plain_password="read")
#consumer = KafkaConsumer('test1',bootstrap_servers=['localhost:9092'])
for message in consumer:
value = message.value
key = message.key
print (value)
kafka_producer.py
from kafka import KafkaProducer
producer = KafkaProducer(bootstrap_servers=['192.168.186.138:9092'],sasl_mechanism="PLAIN",security_protocol='SASL_PLAINTEXT',sasl_plain_username="admin",sasl_plain_password="admin")
producer.send('test1','data1')
producer.flush()