如何在启用 SASL 的 Zookeeper 上创建 Kafka 主题?
[英]How to create a Kafka topics on a SASL enabled Zookeeper?
问题描述
We have a kafka cluster and are in the process of locking down the specific nodes based on these standards: https://docs.hortonworks.com/HDPDocuments/HDP3/HDP-3.1.0/zookeeper-acls/content/zookeeper_acls_best_practices_kafka.html
我们有一个 kafka 集群,正在根据这些标准锁定特定节点: https : //docs.hortonworks.com/HDPDocuments/HDP3/HDP-3.1.0/zookeeper-acls/content/zookeeper_acls_best_practices_kafka.html
Once we lock down the /broker/topics node with SASL:kafka:cdrwa, we are unable to use the kafka-topics.sh tool to create topics.一旦我们使用 SASL:kafka:cdrwa 锁定 /broker/topics 节点,我们将无法使用 kafka-topics.sh 工具来创建主题。 We tried using these tools on the broker, which has the correct KafkaClient in the jaas file, but it appears zookeeper treats the cmd tools as a separate client.我们尝试在代理上使用这些工具,它在 jaas 文件中有正确的 KafkaClient,但看起来 zookeeper 将 cmd 工具视为单独的客户端。 We are experiencing the same thing when locking down /kafka-acls and using the kafka-acls.sh tool.我们在锁定 /kafka-acls 并使用 kafka-acls.sh 工具时遇到了同样的事情。
How can we pass our jaas file in the command line tools?我们如何在命令行工具中传递我们的 jaas 文件?
UPDATE Here are the contents of the jaas file (passwords removed).更新 这里是 jaas 文件的内容(密码已删除)。 Both the tools and the broker exist on the same machine.工具和代理都存在于同一台机器上。 The broker is not having issue authenticating with zookeeper.经纪人在与动物园管理员进行身份验证时没有问题。
KafkaServer {
org.apache.kafka.common.security.scram.ScramLoginModule required
username="admin"
password="---";
};
KafkaClient {
org.apache.kafka.common.security.scram.ScramLoginModule required
username="controlcenter"
password="---";
};
Client {
org.apache.zookeeper.server.auth.DigestLoginModule required
username="admin"
password="---";
};
1 个解决方案
解决方案1
1 已采纳 2019-08-13 21:07:32
Does simple environment setting not work?简单的环境设置不起作用吗?
$ export KAFKA_OPTS="-Djava.security.auth.login.config=<your_jaas.conf>"
$ kafka-topics --create ...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.