[英]Spring Cloud Stream consumer startup
I recently migrated my spring cloud stream kafka consumer application from annotations to a functional approach and now it won't start up with the failure我最近将我的 spring 云 stream kafka 消费者应用程序从注释迁移到功能方法,现在它不会因失败而启动
org.springframework.cloud.stream.binder.AbstractMessageChannelBinder.doBindConsumer(AbstractMessageChannelBinder.java:403)\n\t... 33 common frames omitted\nCaused by:
org.apache.kafka.common.KafkaException: javax.security.auth.login.LoginException: Could not login: the client is being asked for a password,
but the Kafka client code does not currently support obtaining a password from the user. not available to garner authentication information
from the user
\n\tat org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:172)
\n\tat org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:157)
\n\tat org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:73)
\n\tat org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:105)\n
\tat org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:474)\n\
t... 40 common frames omitted\nCaused by: javax.security.auth.login.LoginException:
This is the configuration:这是配置:
jaas:
options:
sauAlias: Vault/Conjur/Secret/service_account
useKeyTab: false
krbProvider: com.sun.security.auth.module.Krb5LoginModule
debug: true
loginModule: com.usaa.kafka.auth3.krb.SauKrbLoginModuleWrapper
bootstrapServers: >
someserver:0000, someserver:0001
Is there an attribute that needs to be set to avoid the login prompt?是否需要设置一个属性来避免登录提示?
If you look at the documentation, you will see that for Krb5LoginModule if use:如果您查看文档,您将看到 Krb5LoginModule 如果使用:
useKeyTab:
Set this to true if you want the module to get the principal's key from the the keytab.(default value is False) If keytab is not set then the module will locate the keytab from the Kerberos configuration file. If it is not specified in the Kerberos configuration file then it will look for the file {user.home}{file.separator}krb5.keytab.
In your case, my assumption is that because you are using useKeyTab = false
, it is trying to find the keytab file in the default location: {user.home}{file.separator}krb5.keytab.
在您的情况下,我的假设是因为您使用的是useKeyTab = false
,它试图在默认位置找到密钥表文件: {user.home}{file.separator}krb5.keytab.
and it probably does not exist.它可能不存在。
https://docs.oracle.com/javase/8/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html https://docs.oracle.com/javase/8/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.ZFC35FDC70D5FCC69D2E362
Please see this https://andriymz.github.io/kerberos/authentication-using-kerberos/#krb5loginmodule for possible Valid/Invalid configuration combinations.请参阅此https://andriymz.github.io/kerberos/authentication-using-kerberos/#krb5loginmodule了解可能的有效/无效配置组合。
Your Configuration should look something like:您的配置应类似于:
spring:
cloud:
stream:
kafka:
binder:
brokers: localhost:9092 # path to kafka brokers
autoCreateTopics: false
jaas:
loginModule: com.sun.security.auth.module.Krb5LoginModule
controlFlag: required
options:
useKeyTab: true
storeKey: true
keyTab: /your/pathTokeytabFile
useTicketCache: false
principal: yourserviceaccount@domain
renewTicket: true
serviceName: kafka
configuration:
security:
protocol: SASL_PLAINTEXT
sasl:
kerberos:
service:
name: kafka
producerProperties:
retries: 3
bindings:
CONSUMER_ONE:
destination: TOPIC_1
contentType: application/json
CONSUMER_TWO:
destination: TOPIC_2
contentType: application/json
CONSUMER_ERROR:
destination: ERROR_TOPIC
contentType: application/json
PRODUCER_ONE:
destination: TOPIC_2
contentType: application/json
PRODUCER_TWO:
destination: TOPIC_3
contentType: application/json
PRODUCER_ERROR:
destination: ERROR_TOPIC
contentType: application/json
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.