我尝试复制在以下位置描述的SASL_PLAIN或SASL_SSL身份验证: docs.confluent.io/3.0.0/kafka/sasl.html#sasl-configuration-for-kafka-经纪人
I am try to replicate the SASL_PLAIN or SASL_SSL authentication described at: docs.confluent.io/3.0.0/kafka/sasl.html#sasl-configuration-for-kafka-brokers
在config/server.properties中,我添加了以下4行:
In config/server.properties, I added the following 4 lines:
listeners=SASL_SSL://localhost:9092 security.inter.broker.protocol=SASL_SSL sasl.mechanism.inter.broker.protocol=PLAIN sasl.enabled.mechanisms=PLAIN在config/producer.properties中,我添加了以下两行:
In config/producer.properties, I added the following two lines:
security.protocol=SASL_SSL sasl.mechanism=PLAIN然后我在服务器终端中设置以下环境变量:
Then I set the following environment variable in the server terminal:
KAFKA_OPTS=/home/kafka/kafka_server_jaas.conf此文件包含以下内容:
KafkaServer { org.apache.kafkamon.security.plain.PlainLoginModule required username="admin" password="admin-secret" user_admin="admin-secret" user_alice="alice-secret"; };然后在生产者终端中定义以下env变量:
And in the producer terminal I define the following env variable:
KAFKA_OPTS=/home/kafka/kafka_client_jaas.conf此文件具有以下内容:
KafkaClient { org.apache.kafkamon.security.plain.PlainLoginModule required username="alice" password="alice-dsecret"; };我使用以下命令启动服务器:
I start the server with the following command:
./bin/kafka-server-start.sh config/server.properties和生产者使用以下命令:
And the producer with following command:
bin/kafka-console-producer.sh --broker-list localhost:9092 --topic test两次启动都没有问题.但是,一旦在生产者控制台上键入内容,我就会得到以下消息,该消息一直在滚动:
Both start without problems. But, as soon as I type something on the producer console, I get the following message that keeps scrolling:
WARN Bootstrap broker localhost:9092 disconnected (org.apache.kafka.clients.NetworkClient) Bootstrap broker localhost:9092 disconnected (org.apache.kafka.clients.NetworkClient) WARN Bootstrap broker localhost:9092 disconnected (org.apache.kafka.clients.NetworkClient) WARN Bootstrap broker localhost:9092 disconnected (org.apache.kafka.clients.NetworkClient) WARN Bootstrap broker localhost:9092 disconnected (org.apache.kafka.clients.NetworkClient) WARN Bootstrap broker localhost:9092 disconnected (org.apache.kafka.clients.NetworkClient) WARN Bootstrap broker localhost:9092 disconnected (org.apache.kafka.clients.NetworkClient) WARN Bootstrap broker localhost:9092 disconnected (org.apache.kafka.clients.NetworkClient)如果我从服务器和生产者配置中删除了安全配置,那么一切都会按预期进行.我正在使用Kafka 0.10.0.1.
If I remove the security configuration from the server and the producer configuration, everything works as expected. I am using Kafka 0.10.0.1.
更新: 我进行了更多调查,将服务器上的日志级别更改为DEBUG会发现有些奇怪.一旦在server.properties中指定了listeners字段,服务器就会进入怪异状态.它建立了无法验证的与其自身的连接.在这种情况下,协议为SASL_PLAINTEXT.
UPDATE: I did some more investigations, turning log levels to DEBUG on server reveals something weird. As soon as I specify the listeners field in server.properties, the server goes in a weird state. It establishes connection to itsself that it cannot authenticate. The protocol in this case was SASL_PLAINTEXT.
此处的日志:
2016-09-15 21:43:02 DEBUG SaslClientAuthenticator:204 - Set SASL client state to RECEIVE_HANDSHAKE_RESPONSE 2016-09-15 21:43:02 DEBUG NetworkClient:476 - Completed connection to node 0 2016-09-15 21:43:02 DEBUG Acceptor:52 - Accepted connection from /127.0.0.1 on /127.0.0.1:9092. sendBufferSize [actual|requested]: [102400|102400] recvBufferSize [actual|requested]: [102400|102400] 2016-09-15 21:43:02 DEBUG Processor:52 - Processor 2 listening to new connection from /127.0.0.1:42815 2016-09-15 21:43:02 DEBUG SaslServerAuthenticator:269 - Set SASL server state to HANDSHAKE_REQUEST 2016-09-15 21:43:02 DEBUG SaslServerAuthenticator:310 - Handle Kafka request SASL_HANDSHAKE 2016-09-15 21:43:02 DEBUG SaslServerAuthenticator:354 - Using SASL mechanism 'PLAIN' provided by client 2016-09-15 21:43:02 DEBUG SaslServerAuthenticator:269 - Set SASL server state to AUTHENTICATE 2016-09-15 21:43:02 DEBUG SaslClientAuthenticator:204 - Set SASL client state to INITIAL 2016-09-15 21:43:02 DEBUG SaslClientAuthenticator:204 - Set SASL client state to INTERMEDIATE 2016-09-15 21:43:02 DEBUG SaslServerAuthenticator:269 - Set SASL server state to FAILED 2016-09-15 21:43:02 DEBUG Selector:345 - Connection with /127.0.0.1 disconnected java.io.IOException: javax.security.sasl.SaslException: Authentication failed: Invalid JAAS configuration [Caused by javax.security.sasl.SaslException: Authentication failed: Invalid username or password] at org.apache.kafkamon.security.authenticator.SaslServerAuthenticator.authenticate(SaslServerAuthenticator.java:243) at org.apache.kafkamonwork.KafkaChannel.prepare(KafkaChannel.java:64) at org.apache.kafkamonwork.Selector.pollSelectionKeys(Selector.java:318) at org.apache.kafkamonwork.Selector.poll(Selector.java:283) at kafkawork.Processor.poll(SocketServer.scala:472)绝对没有其他客户端或服务器在运行.这是一台服务器在自言自语.
There is absolutely no other client or server running. This is one server talking to himself.
有什么想法吗?
推荐答案帮助来自Kafka论坛.请参阅 -archives.apache/mod_mbox/kafka-users/201609.mbox/%3CCAHX2Snk11vg7DXNVUr9oE97ikFSQUoT3kBLAxYymEDj7E14XrQ%40mail.gmail%3E
Help came from the Kafka forum. See mail-archives.apache/mod_mbox/kafka-users/201609.mbox/%3CCAHX2Snk11vg7DXNVUr9oE97ikFSQUoT3kBLAxYymEDj7E14XrQ%40mail.gmail%3E
我的凭据错误.他们是:
I had the credentials wrong. They were:
KafkaServer { org.apache.kafkamon.security.plain.PlainLoginModule required username="admin" password="admin-secret" user_admin="alice-secret" user_alice="alice-secret"; };代替:
KafkaServer { org.apache.kafkamon.security.plain.PlainLoginModule required username="admin" password="admin-secret" user_admin="admin-secret" user_alice="alice-secret"; };此外,还必须确定控制台使用者.首先,应提供--new-consumer标志.其次,应指定引导服务器.导致这一点:
Also, the console consumer needs to be called in a certain. First the flag --new-consumer should be provided. Second, bootstrap server should be specified. Leading to this:
bin/kafka-console-consumer.sh --new-consumer --zookeeper localhost:2181 --topic test --from-beginning --consumer.config=config/consumer.properties --bootstrap-server=localhost:9092更多推荐
Kafka身份验证生产者无法连接生产者
发布评论