Kafka配置SASL/PLAIN认证
1、安装zk,kafka
2、配置server.properties
security.inter.broker.protocol=SASL_PLAINTEXT sasl.mechanism.inter.broker.protocol=PLAIN sasl.enabled.mechanisms=PLAIN listeners=SASL_PLAINTEXT://0.0.0.0:9092 advertised.listeners=SASL_PLAINTEXT://host:9092
3、config下配置kafka_server_jaas.conf
KafkaServer { org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="admin" user_admin="admin" user_alice="alice"; };
4、在kafka-run-class.sh添加下面配置(其实只需添加KAFKA_SASL_OPTS和$KAFKA_SASL_OPTS部分)
KAFKA_SASL_OPTS='-Djava.security.auth.login.config=/opt/kafka/config/kafka_server_jaas.conf' # Launch mode if [ "x$DAEMON_MODE" = "xtrue" ]; then nohup $JAVA $KAFKA_HEAP_OPTS $KAFKA_JVM_PERFORMANCE_OPTS $KAFKA_GC_LOG_OPTS $KAFKA_SASL_OPTS $KAFKA_JMX_OPTS $KAFKA_LOG4J_OPTS -cp $CLASSPATH $KAFKA_OPTS "$@" > "$CONSOLE_OUTPUT_FILE" 2>&1 < /dev/null & else exec $JAVA $KAFKA_HEAP_OPTS $KAFKA_JVM_PERFORMANCE_OPTS $KAFKA_GC_LOG_OPTS $KAFKA_SASL_OPTS $KAFKA_JMX_OPTS $KAFKA_LOG4J_OPTS -cp $CLASSPATH $KAFKA_OPTS "$@" fi
这样,kafka已经开启了SASL/PLAIN权限认证,在这种情况下,producer和consumer是如果不做配置是无法连接kafka的。
如果是用kafka的命令行连接,需要做如下设置:
5、在config目录下创建kafka_client_jaas.conf
KafkaClient { org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="admin"; };
6、在config下的producer.properties和consumer.properties添加下面配置:
security.protocol=SASL_PLAINTEXT sasl.mechanism=PLAIN
7、在bin下的kafka-console-producer.sh和kafka-console-consumer.sh下添加下面配置:
if [ "x$KAFKA_OPTS" ]; then export KAFKA_OPTS="-Djava.security.auth.login.config=/usr/local/src/kafka_2.10-0.10.1.0/config/kafka_client_jaas.conf" fi
8、配置完成后,测试下
./bin/kafka-console-producer.sh --broker-list mysql1:9092 --topic test1 --producer.config ./config/producer.properties
./bin/kafka-console-consumer.sh --bootstrap-server mysql1:9092 --topic test1 --consumer.config ./config/consumer.properties