[英]Kafka “Login module not specified in JAAS config”
I have a problem communicating with Kafka secured with sasl
using console scripts. 我使用控制台脚本与使用sasl
保护的Kafka进行通信时遇到问题。 Kafka is secured with sasl
, listener is SASL_PLAINTEXT
and mechanism is PLAIN
. Kafka用sasl
,监听器是SASL_PLAINTEXT
,机制是PLAIN
。
What I did: I tried listing some data using one of kafka scripts: 我做了什么:我尝试使用一个kafka脚本列出一些数据:
bin/kafka-consumer-groups.sh --bootstrap-server (address) --list
However I get 但是我得到了
WARN Bootstrap broker (address) disconnected (org.apache.kafka.clients.NetworkClient)
and command fails, which is understandable because it's secured with sasl. 和命令失败,这是可以理解的,因为它是用sasl保护的。
So I tried how to add client username/password to that command. 所以我尝试了如何在该命令中添加客户端用户名/密码。 First, I tried to run kafka-console-consumer
script, I used --command-config
to add necessary file. 首先,我尝试运行kafka-console-consumer
脚本,我使用--command-config
添加必要的文件。 I quickly discovered that I can't add jaas
file directly and I needed to use .properties
file, so I did. 我很快发现我不能直接添加jaas
文件,我需要使用.properties
文件,所以我做到了。
My properties file(keep in mind that brackets indicate "censored" data, I can't put all real data here): 我的属性文件(请记住括号表示“删失”数据,我不能在这里放置所有真实数据):
bootstrap.servers=(address)
zookeeper.connect=127.0.0.1:2181
zookeeper.connection.timeout.ms=6000
sasl.jaas.config=(path)/consumer_jaas.conf
security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
group.id=(group)
My jaas file: 我的jaas文件:
KafkaClient {
org.apache.kafka.common.security.plain.PlainLoginModule required
username=(username)
password=(password);
};
This jaas
file works in my standard java applications. 这个jaas
文件适用于我的标准java应用程序。
However, when I'm trying to run either kafka-consumer-groups
script or kafka-console-consumer
, I get this error: 但是,当我尝试运行kafka-consumer-groups
脚本或kafka-console-consumer
,我收到此错误:
Exception in thread "main" org.apache.kafka.common.KafkaException: java.lang.IllegalArgumentException: Login module not specified in JAAS config
at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:94)
at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:93)
at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:51)
at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:84)
at kafka.admin.AdminClient$.create(AdminClient.scala:229)
at kafka.admin.AdminClient$.create(AdminClient.scala:223)
at kafka.admin.AdminClient$.create(AdminClient.scala:221)
at kafka.admin.ConsumerGroupCommand$KafkaConsumerGroupService.createAdminClient(ConsumerGroupCommand.scala:454)
at kafka.admin.ConsumerGroupCommand$KafkaConsumerGroupService.<init>(ConsumerGroupCommand.scala:389)
at kafka.admin.ConsumerGroupCommand$.main(ConsumerGroupCommand.scala:65)
at kafka.admin.ConsumerGroupCommand.main(ConsumerGroupCommand.scala)
Caused by: java.lang.IllegalArgumentException: Login module not specified in JAAS config
at org.apache.kafka.common.security.JaasConfig.<init>(JaasConfig.java:68)
at org.apache.kafka.common.security.JaasUtils.jaasConfig(JaasUtils.java:59)
at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:85)
This jaas
file is a direct copy of a file that I'm using in java app that communicates with kafka and it works, however here, using console tools, it just doesn't work. 这个jaas
文件是我在java应用程序中使用的文件的直接副本,它与kafka通信并且它可以工作,但是在这里,使用控制台工具,它只是不起作用。 I tried searching for a solution but I can't find anything useful. 我试着寻找解决方案,但我找不到任何有用的东西。
Can anyone help me with this? 谁能帮我这个?
There are 2 ways to provide the JAAS configuration to the Kafka clients. 有两种方法可以为Kafka客户端提供JAAS配置。
Via the client property: sasl.jaas.config
. 通过客户端属性: sasl.jaas.config
。 In that case you set it to the actual JAAS configuration entry. 在这种情况下,您将其设置为实际的JAAS配置条目。 For example, your configuration file becomes: 例如,您的配置文件变为:
bootstrap.servers=(address) zookeeper.connect=127.0.0.1:2181 zookeeper.connection.timeout.ms=6000 sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="(username)" password="(password)"; security.protocol=SASL_PLAINTEXT sasl.mechanism=PLAIN group.id=(group)
As you've already figured out, you can use --command-config
to pass a properties file to kafka-consumer-groups.sh
. 正如您已经想到的那样,您可以使用--command-config
将属性文件传递给kafka-consumer-groups.sh
。
Via the Java property: java.security.auth.login.config
. 通过Java属性: java.security.auth.login.config
。 In this case, you set it to the path of your JAAS file. 在这种情况下,您将其设置为JAAS文件的路径。 Also if you set it in KAFKA_OPTS
, kafka-consumer-groups.sh
will pick it up automatically. 此外,如果您在KAFKA_OPTS
设置它, kafka-consumer-groups.sh
将自动拾取它。
export KAFKA_OPTS="-Djava.security.auth.login.config=(path)/consumer_jaas.conf"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.