kafka sasl java,Kafka SASL Zookeeper认证

最新推荐文章于 2024-06-24 07:30:00 发布
最新推荐文章于 2024-06-24 07:30:00 发布
阅读量1.1k 收藏 1
点赞数
文章标签: kafka sasl java

I am facing the following error while enabling SASL on Zookeeper and broker authentication.

[2017-04-18 15:54:10,476] DEBUG Size of client SASL token: 0

(org.apache.zookeeper.server.ZooKeeperServer)

[2017-04-18 15:54:10,476] ERROR cnxn.saslServer is null: cnxn object did not initialize its saslServer properly. (org.apache.zookeeper.server. ZooKeeperServer)

[2017-04-18 15:54:10,478] ERROR SASL authentication failed using login context 'Client'. (org.apache.zookeeper.client.ZooKeeperSaslClient)

[2017-04-18 15:54:10,478] DEBUG Received event: WatchedEvent state:AuthFailed type:None path:null (org.I0Itec.zkclient.ZkClient)

[2017-04-18 15:54:10,478] INFO zookeeper state changed (AuthFailed) (org.I0Itec.zkclient.ZkClient)

[2017-04-18 15:54:10,478] DEBUG Leaving process event (org.I0Itec.zkclient.ZkClient)

[2017-04-18 15:54:10,478] DEBUG Closing ZkClient... (org.I0Itec.zkclient.ZkClient)

[2017-04-18 15:54:10,478] INFO Terminate ZkClient event thread. (org.I0Itec.zkclient.ZkEventThread)

[2017-04-18 15:54:10,478] DEBUG Closing ZooKeeper connected to localhost:2181 (org.I0Itec.zkclient.ZkConnection)

[2017-04-18 15:54:10,478] DEBUG Close called on already closed client (org.apache.zookeeper.ZooKeeper)

[2017-04-18 15:54:10,478] DEBUG Closing ZkClient...done (org.I0Itec.zkclient.ZkClient)

[2017-04-18 15:54:10,480] FATAL Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)

org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure

at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:947)

at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:924)

at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1231)

at org.I0Itec.zkclient.ZkClient.(ZkClient.java:157)

at org.I0Itec.zkclient.ZkClient.(ZkClient.java:131)

at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:79)

at kafka.utils.ZkUtils$.apply(ZkUtils.scala:61)

at kafka.server.KafkaServer.initZk(KafkaServer.scala:329)

at kafka.server.KafkaServer.startup(KafkaServer.scala:187)

at kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:39)

at kafka.Kafka$.main(Kafka.scala:67)

at kafka.Kafka.main(Kafka.scala)

[2017-04-18 15:54:10,482] INFO shutting down (kafka.server.KafkaServer)

Following configuration is given in the JAAS file, which is passed as KAFKA_OPTS to take it as JVM parameter:-

KafkaServer {

org.apache.kafka.common.security.plain.PlainLoginModule required

username="admin"

password="admin-secret"

user_admin="admin-secret";

};

Client {

org.apache.kafka.common.security.plain.PlainLoginModule required

username="admin"

password="admin-secret";

};

kafka broker's server.properties has following extra fields set:-

zookeeper.set.acl=true

security.inter.broker.protocol=SASL_PLAINTEXT

sasl.mechanism.inter.broker.protocol=PLAIN

sasl.enabled.mechanisms=PLAIN

ssl.client.auth=required

ssl.endpoint.identification.algorithm=HTTPS

ssl.keystore.location=path

ssl.keystore.password=anything

ssl.key.password=anything

ssl.truststore.location=path

ssl.truststore.password=anything

Zookeeper properties are as follows:

authProvider.1=org.apache.zookeeper.server.auth.DigestAuthenticationProvider

jaasLoginRenew=3600000

requireClientAuthScheme=sasl

解决方案

I found the issue by increasing the log level to DEBUG. Basically follow the steps below. I don't use SSL but you will integrate it without any issue.

Following are my configuration files:

server.properties

security.inter.broker.protocol=SASL_PLAINTEXT

sasl.mechanism.inter.broker.protocol=PLAIN

sasl.enabled.mechanisms=PLAIN

authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer

allow.everyone.if.no.acl.found=true

auto.create.topics.enable=false

broker.id=0

listeners=SASL_PLAINTEXT://localhost:9092

advertised.listeners=SASL_PLAINTEXT://localhost:9092

num.network.threads=3

num.io.threads=8

socket.send.buffer.bytes=102400

socket.receive.buffer.bytes=102400

socket.request.max.bytes=104857600

advertised.host.name=localhost

num.partitions=1

num.recovery.threads.per.data.dir=1

log.flush.interval.messages=30000000

log.flush.interval.ms=1800000

log.retention.minutes=30

log.segment.bytes=1073741824

log.retention.check.interval.ms=300000

delete.topic.enable=true

zookeeper.connect=localhost:2181

zookeeper.connection.timeout.ms=6000

super.users=User:admin

zookeeper.properties

dataDir=/tmp/zookeeper

clientPort=2181

maxClientCnxns=0

authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider

requireClientAuthScheme=sasl

jaasLoginRenew=3600000

producer.properties

security.protocol=SASL_PLAINTEXT

sasl.mechanism=PLAIN

bootstrap.servers=localhost:9092

compression.type=none

consumer.properties

security.protocol=SASL_PLAINTEXT

sasl.mechanism=PLAIN

zookeeper.connect=localhost:2181

zookeeper.connection.timeout.ms=6000

group.id=test-consumer-group

Now are the most important files for making your server starting without any issue:

zookeeper_jaas.conf

Server {

org.apache.kafka.common.security.plain.PlainLoginModule required

username="admin"

password="admin-secret"

user_admin="admin-secret";

};

kafka_server_jaas.conf

KafkaServer {

org.apache.kafka.common.security.plain.PlainLoginModule required

username="admin"

password="admin-secret"

user_admin="admin-secret";

};

Client {

org.apache.kafka.common.security.plain.PlainLoginModule required

username="admin"

password="admin-secret";

};

After doing all these configuration, on a first terminal window:

Terminal 1

From kafka root directory

$ export KAFKA_OPTS="-Djava.security.auth.login.config=/home/usename/Documents/kafka_2.11-0.10.1.0/config/zookeeper_jaas.conf"

$ bin/zookeeper-server-start.sh config/zookeeper.properties

Terminal 2

From kafka root directory

$ export KAFKA_OPTS="-Djava.security.auth.login.config=/home/usename/Documents/kafka_2.11-0.10.1.0/config/kafka_server_jaas.conf"

$ bin/kafka-server-start.sh config/server.properties

[BEGIN UPDATE]

kafka_client_jaas.conf

KafkaClient {

org.apache.kafka.common.security.plain.PlainLoginModule required

username="admin"

password="admin-secret";

};

Terminal 3

On a client terminal, export client jaas conf file and start consumer:

$ export KAFKA_OPTS="-Djava.security.auth.login.config=/home/username/Documents/kafka_2.11-0.10.1.0/kafka_client_jaas.conf"

$ ./bin/kafka-console-consumer.sh --new-consumer --zookeeper localhost:2181 --topic test-topic --from-beginning --consumer.config=config/consumer.properties --bootstrap-server=localhost:9092

Terminal 4

If you also want to produce, do this on another terminal window:

$ export KAFKA_OPTS="-Djava.security.auth.login.config=/home/username/Documents/kafka_2.11-0.10.1.0/kafka_client_jaas.conf"

$ ./bin/kafka-console-producer.sh --broker-list localhost:9092 --topic test-topic --producer.config=config/producer.properties

[END UPDATE]

乔德地
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
Zookeeper】cnxn.saslServer is null cnxn object did not init its saslServer properly
九师兄
08-26 1469
1.背景 kafka报错这个的时候,参考:【Kafka】Kakfa KeeperErrorCode = AuthFailed for /consumers 对应的zk报错了这个,如下 cnxn.saslServer is null cnxn object did not init its saslServer properly
kafka sasl java_Kafka SASL 安全认证
weixin_32563347的博客
02-27 1413
java client 中添加 SASL 设置信息:Java client consumer properties配置.png注意 sasl.jaas.config 配置中的分号必不可少。package kafka;import java.time.Duration;import java.util.Arrays;import java.util.Properties;import org.apa...
java auth fail_java连接zookeeper报 KeeperErrorCode = AuthFailed
weixin_33631305的博客
03-04 1858
java连接zookeeper报 KeeperErrorCode = AuthFailed问题出现的环境背景及自己尝试过哪些方法zookeeper已经启动相关代码import java.util.HashMap;import java.util.List;import java.util.Map;import java.util.Properties;import kafka.consumer.C...
(一)Kafka 安全之使用 SASL 进行身份验证 —— JAAS 配置、SASL 配置
最新发布
流华追梦的专栏
06-24 1299
SASL 是用来认证 C/S 模式也就是服务器与客户端的一种认证机制,全称 Simple Authentication and Security Layer。这就是一种凭据认证方式。通俗的话来讲就是让服务器知道连接进来的客户端的身份是谁。比如凭借阅证到图书馆借书,而每个借阅证都有独立的 ID,通过 ID 定位谁是谁,而不是特别关心谁拿到了借阅证,只需要正确的借阅证即可。所以 SASL 就是服务器存储了客户端的身份证书和如何校验密码是否正确,而且仅在于身份认证过程,认证完毕后即可进行相关的服务操作。
kafka SASL认证失败原因(failed authentication due to: Authentication failed: Invalid username or password)
热门推荐
攻防人生3722的博客
08-14 2万+
最近在Linux系统搭建kafka的过程中,为了安全性,使用了SASL的认证模式,遇到如下报错? ERROR [KafkaServer id=0] Connection to node 0 (hh.com/ip:9092) failed authentication due to: Authentication failed: Invalid username or password (org.apache.kafka.clients.NetworkClient) [2021-7-14 16:52:]
mysql sasl_SASL认证失败的原因(authentication failed)
weixin_42549154的博客
02-07 4096
SASL认证失败的原因(authenticationfailed)(2012-06-15 00:45:43)标签:杂谈authentication failed)SASL认证失败的原因可分为如下几个可能的方面:Permission问题:对系统用户的SASLAuth尤其重要,要保证postfix用户(smtpd)对/etc/shadow有读权限,这必须将postfix加到root组并将shadow...
安装zookeeperkafka过程中遇到的问题
qq_42057890的博客
01-18 1736
安装zookeeperkafka过程中遇到的问题 一、zookeeper中遇到的问题 1、版本问题 docker安装时不建议使用zookeeper:last 这版,建议使用wurstmeister/zookeeper:last 这版。 二、kafka中遇到的问题 1、版本问题 docker安装时不建议使用kafka:last 这版,建议使用wurstmeister/kafka:last 这版。 2、org.apache.kafka.co...
kafka报错解决:kafka.zookeeper.ZooKeeperClientTimeoutException: Timed out waiting for connection
anzhenxi3529的博客
01-06 2万+
出现上述问题,在其他错误都没有的情况下,zookeeper的版本和kafka的libs目录下的zookeeper版本不一致导致的,如图 版本是3.5.6 启动成功如下所示: D:\kafka\kafka_2.12-2.4.0>.\bin\windows\kafka-server-start.bat .\config\server.properties [2020-01-...
KAFKA权限配置SASL/PLAIN身份验证
01-07
zookeeper集群SASL认证&KAFKA权限配置SASL/PLAIN身份验证 配置环境 JKD: 1.8 Kafka: 2.3.0 Zookeeper: 3.4.14 服务器名 kafka内网IP:PORT kafka外网IP:PORT zookeeper内网IP:PORT KAFKA01 192.168.1.157:...
Kafka 配置用户名密码例子
09-10
在本文中,我们将深入探讨如何在Apache Kafka中配置SASL/PLAIN认证机制,并通过具体的密码验证实现安全的通信。Kafka是一个分布式流处理平台,它在数据传输中扮演着重要角色,而安全性是其核心考量之一。SASL...
kafka-2.13-3.5.1.tgz
07-25
- 编写生产者和消费者程序,利用Kafka提供的Java、Python等语言的客户端库进行数据交互。 5. **Kafka的应用场景** - **日志收集**:Kafka常用于收集各种系统的日志数据,提供统一的数据入口。 - **流处理**:...
Java 类图大全(包含Java 1.4.2以来绝大部分JDK类的类图)
03-03
这是 Java 1.4.2 以来绝大部分类的UML类图,通过类图学习 Java 是提升读者 Java 能力的一个极佳的途径。给读者以把握全局的感觉。当然读者要下功夫去理解这些类图才行。 类图共2种,一种是黑白图片,一种是彩色图片,绝对值得学习 Java 的读者拥有。
kafka 3.6.1 安装包
02-21
6. **安全性**:Kafka支持SSL/TLS加密和SASL认证,保障通信安全。 ### 四、总结 Kafka 3.6.1的安装和配置涉及多个环节,理解其核心概念有助于更好地利用这个强大的流处理平台。从创建主题到设置生产者和消费者,再...
kafka整套安装文件.rar
10-23
在生产环境中,可能需要为KafkaZookeeper配置SSL加密通信,以及设置权限控制(SASL、SSL等),确保数据传输的安全性。 8. **扩展性** Kafka支持水平扩展,可以通过添加更多的broker节点来提高吞吐量和容错性。 ...
ACL+SASL的认证配置后的Kafka命令操作(Windows版)
yhdeng11402的博客
10-20 2803
设置了ACL+SASL认证后的Kafka,在使用Kafka的bin目录下自带的命令时,会频繁报错,需要传入SASL相应设置参数值,才能像非ACL认证Kafka那样正常使用自带命令。本文简单介绍kafka-console-consumer和kafka-consumer-groups在ACL+SASL下的操作,并且列出我在实现过程中遇到的故障信息以及解决方案,供日后故障排除参考。
pyxmpp自带的demo 连接服务器出现SASL authentication failed
YANGJINBIN的博客
12-12 654
C:\Users\Jackie\Downloads\pyxmpp2\examples>send_message_client.py Your jid: yang@10.2.*.*2 Your password: Target jid: feng@10.2.*.* Message: sfsdf INFO:root:-- Connecting to 10.2.*.*:5222... INF...
zookeeper SASL 认证错误排除
yangguorong123456的博客
03-19 1万+
1.现象:预发布环境zookeeper频繁的抛出 {0={error=2018-03-08 13:40:34 318 INFO [http-bio-8080-exec-8-SendThread(172.31.0.3:2181)] org.apache.zookeeper.ClientCnxn - Opening socket connection to server 172.31.0.3/172....
kafka开启SASL认证配置并开启外网访问
05-27
要在Kafka中开启SASL认证配置并开启外网访问,需要按照以下步骤进行配置: 1. 在Kafka配置文件server.properties中,设置以下属性: ``` listeners=SASL_PLAINTEXT://<your-kafka-hostname>:9092 advertised.listeners=SASL_PLAINTEXT://<your-kafka-external-ip>:9092 security.inter.broker.protocol=SASL_PLAINTEXT sasl.mechanism.inter.broker.protocol=PLAIN ``` 2. 生成Kafka所需的SASL凭证文件。可以使用kafka-configs.sh脚本来创建SASL用户和密码,如下所示: ``` bin/kafka-configs.sh --zookeeper <your-zookeeper-hostname>:2181 --alter --add-config 'SCRAM-SHA-256=[password=your-password],SCRAM-SHA-512=[password=your-password]' --entity-type users --entity-name your-user ``` 3. 启动Kafka服务,并使用Kafka的JAAS配置文件来指定SASL认证。JAAS文件的内容如下所示: ``` KafkaServer { org.apache.kafka.common.security.scram.ScramLoginModule required username="<your-user>" password="<your-password>"; }; ``` 4. 启动Kafka服务时,指定Kafka的JAAS配置文件,如下所示: ``` export KAFKA_OPTS="-Djava.security.auth.login.config=/path/to/kafka_server_jaas.conf" bin/kafka-server-start.sh config/server.properties ``` 5. 配置防火墙规则,允许外部IP地址访问KafkaSASL认证端口(默认为9092)。 以上是在Kafka中开启SASL认证配置并开启外网访问的步骤。注意,在配置时需要确保安全性,并且根据实际情况对配置进行调整。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值