KAFKA版本:kafka 2.12-3.3.1.tgz
ssl证书生成:请查看我的其他文章
server.properties配置
#开启自动创建主题
auto.create.topics.enable=true
listeners=PLAINTEXT://192.168.1.176:9092,SSL://192.168.1.176:9093
ssl.keystore.location=/home/soft/ssl/server.keystore.jks
ssl.keystore.password=cnki1234
ssl.key.password=cnki1234
ssl.truststore.location=/home/soft/ssl/server.truststore.jks
ssl.truststore.password=cnki1234
ssl.client.auth=required
ssl.endpoint.identification.algorithm=
#kafka broker之间通信
security.inter.broker.protocol=PLAINTEXT
sasl.enabled.mechanisms=PLAIN
sasl.mechanism.inter.broker.protocol=PLAIN
allow.everyone.if.no.acl.found=true
#客户端也需要认证(看需要)
authorizer.class.name=kafka.security.authorizer.AclAuthorizer
super.users=User:server;User:client1
ssl.principal.mapping.rules=RULE:^CN=([^,]*?),.*$/$1/
创建文件 kafka_client_scram_server.conf并添加一下内容:
KafkaClient {
org.apache.kafka.common.security.scram.ScramLoginModule required
username="server"
password="cnki1234";
};
在kafka-server-start.sh文件最后一行添加:
exec $(dirname $0)/kafka-run-class.sh -Djava.security.auth.login.config=/home/soft/kafka_2.12-3.3.1/config/kafka_client_scram_server_jaas.conf
配置完成后启动即可
Zookeeper启动 进入bin目录下使用 ./zkServer.sh start 启动服务
kafka启动 进入bin目录下使用 ./kafka-server-start.sh -daemon ../config/server.properties