kafka配置SASL_PLAINTEXT用户认证
搞了几天,不得不说官方文档有些不友好, 趟了很多坑,密码认证官网提供了几种,这里用最简单的一种,首先装好zookeeper,解压kafka
然后在kafka的config下面建立配置文件
vim config/kafka_server_jaas.conf
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_admin="admin-secret"
user_alice="alice-secret";
};
然后添加KAFKA_OPTS环境变量,这里我修改用户的环境变量,当然也可以修改/etc/profile
vim ~/.bashrc ,在末尾添加
export KAFKA_OPTS="-Djava.security.auth.login.config=/www/kafka/config/kafka_server_jaas.conf"
添加完成之后source ~/.bashrc
vim config/server.properties , 配置broker
listeners=SASL_PLAINTEXT://localhost:9092
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=PLAIN
sasl.enabled.mechanisms=PLAIN
authorizer.class.name=kafka.security.authorizer.AclAuthorizer
allow.everyone.if.no.acl.found=true
super.users=User:admin
配置消费者和生产者的配置文件
vim config/con-pro-acl.properties
security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="alice" password="alice-secret";
先启动zookeeper,再启动kafka,zk先不需要做什么配置
bin/zkServer.sh start
再启动kafka,如果启动不终止,就报一个err说zk权限错误,没事,不影响
bin/kafka-server-start.sh -daemon config/server.properties
生产者命令和消费者命令
bin/kafka-console-producer.sh --bootstrap-server localhost:9092 --topic test --producer.config config/con-pro-acl.properties
bin/kafka-console-consumer.sh --bootstrap-server localhost:9092 --topic test --group your-group --consumer.config config/con-pro-acl.properties
可以看到控制台能正常生产和消费
