1、Schema
1.1 Schema开启kerberos
- 拷贝schema.service.keytab到schema安装目录下的etc中
- 修改schema.service.keytab文件的权限
- 创建schema_server_jaas.conf并添加如下内容
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="/opt/schema/etc/schema.service.keytab"
principal="schema/henghe-100-64@HENGHE.COM";
};
KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="/opt/schema/etc/schema.service.keytab"
principal="schema/henghe-100-64@HENGHE.COM";
};
- 在部署的Schema集群中$Schema_HOME/bin/schema-registry-run-class文件。在schema-registry-run-class文件中找到SCHEMA_REGISTRY_LOG4J_OPTS,并增加两个JVM参数:
-Djava.security.krb5.conf=/etc/krb5.conf -Djava.security.auth.login.config=/opt/schema/etc/schema_server_jaas.conf
- 修改schema-registry.properties配置文件
kafkastore.security.protocol=SASL_PLAINTEXT
kafkastore.sasl.kerberos.service.name=kafka
kafkastore.sasl.mechanism=GSSAPI
1.2 启动Schema服务
curl -X POST -H "Content-Type: application/vnd.schemaregistry.v1+json" --data '{"schema": "{\"type\": \"string\"}"}' http://hostname:18081/subjects/Kafka-key/versions
curl -X GET http://hostname:18081/subjects