启用 SASL 身份验证时，Kafka 从 Zookeeper 收到 Sasl 异常

Question

我正在尝试建立一个开源 Kafka 集群。 集群由 2 个 Kafka 节点和 1 个 zookeeper 组成。 当我尝试启用 zookeeper SASL 身份验证时，出现以下异常。 提供 Zookeeper 和 Kafka 配置文件。 请帮助我在哪里做错了。

ERROR SASL authentication failed using login context 'Client' with exception: {} (org.apache.zookeeper.client.ZooKeeperSaslClient)
javax.security.sasl.SaslException: Error in authenticating with a Zookeeper Quorum member: the quorum member's saslToken is null.
at org.apache.zookeeper.client.ZooKeeperSaslClient.createSaslToken(ZooKeeperSaslClient.java:279)
at org.apache.zookeeper.client.ZooKeeperSaslClient.respondToServer(ZooKeeperSaslClient.java:242)
at org.apache.zookeeper.ClientCnxn$SendThread.readResponse(ClientCnxn.java:805)
at org.apache.zookeeper.ClientCnxnSocketNIO.doIO(ClientCnxnSocketNIO.java:94)
at org.apache.zookeeper.ClientCnxnSocketNIO.doTransport(ClientCnxnSocketNIO.java:366)
at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1145)

我的 Zookeeper 设置如下

1）zookeeper_jaas.conf

Server {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="/tmp/zookeeper.service.keytab"
principal="zookeeper/<<Zookeeper-SERVER-INTERNAL-DNS>>@EXAMPLE.COM";
};

2）zookeeper.properties

dataDir=/home/ubuntu/zookeeper
clientPort=2181
maxClientCnxns=0

authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
jaasLoginRenew=3600000

3）导出“ZOOKEEPER_OPTS=-Djava.security.auth.login.config=/home/ubuntu/kafka/config/zookeeper_jaas.conf”

4）使用zookeeper Keytab创建票证

5）成功启动zookeeper服务器，绑定2181端口。

卡夫卡经纪人设置

1) kafka_server_jaas.conf

KafkaServer {
    com.sun.security.auth.module.Krb5LoginModule required
    useKeyTab=true
    storeKey=true
    keyTab="/tmp/kafka.service.keytab"
    principal="kafka/<<KAFKA-SERVER-PUBLIC-DNS>>@EXAMPLE.COM";
};

Client {
    com.sun.security.auth.module.Krb5LoginModule required
    useKeyTab=true
    storeKey=true
    servicename="zookeeper"
    keyTab="/tmp/kafka.service.keytab"
    principal="kafka/<<KAFKA-SERVER-PUBLIC-DNS>>@EXAMPLE.COM";
};

2) Kafka_client_jass.conf

KafkaClient {
 com.sun.security.auth.module.Krb5LoginModule required
 useTicketCache=true;
 };

3)server.properties

broker.id=0

listeners=PLAINTEXT://0.0.0.0:9092,SSL://0.0.0.0:9093,SASL_SSL://0.0.0.0:9094
advertised.listeners=PLAINTEXT://<<KAFKA-SERVER-PUBLIC-DNS>>:9092,SSL://<<KAFKA-SERVER-PUBLIC-DNS>>:9093,SASL_SSL://<<KAFKA-SERVER-PUBLIC-DNS>>:9094

zookeeper.connect=<<ZOOKEEPER-SERVER-PRIVATE-DNS>>:2181

sasl.enabled.mechanisms=GSSAPI
sasl.kerberos.service.name=kafka

ssl.keystore.location=/home/ubuntu/ssl/kafka.server.keystore.jks
ssl.keystore.password=serversecret
ssl.key.password=serversecret
ssl.truststore.location=/home/ubuntu/ssl/kafka.server.truststore.jks
ssl.truststore.password=serversecret

ssl.client.auth=required

num.network.threads=3
num.io.threads=8
socket.send.buffer.bytes=102400
socket.receive.buffer.bytes=102400
socket.request.max.bytes=104857600
auto.create.topics.enable=false
log.dirs=/home/ubuntu/kafka-logs
num.partitions=1
num.recovery.threads.per.data.dir=1
offsets.topic.replication.factor=1
transaction.state.log.replication.factor=1
transaction.state.log.min.isr=1
log.retention.hours=168
log.segment.bytes=1073741824
log.retention.check.interval.ms=300000
zookeeper.connection.timeout.ms=6000

4）导出“KAFKA_OPTS=-Djava.security.auth.login.config=/home/ubuntu/kafka/config/kafka_server_jaas.conf”

5) 使用 Kafka Keytab 创建票证。

6）我启动了Kafka经纪人并得到了上面提到的异常。

Answer 1

在 Zookeeper 设置（第 3 点）中使用 KAFKA_OPTS 代替 ZOOKEEPER_OPTS。 这将起作用。 谢谢！

启用 SASL 身份验证时，Kafka 从 Zookeeper 收到 Sasl 异常

问题描述

1 个解决方案

解决方案1
0 已采纳 2020-06-02 01:11:41

启用 SASL 身份验证时，Kafka 从 Zookeeper 收到 Sasl 异常

问题描述

1 个解决方案

解决方案1 0 已采纳 2020-06-02 01:11:41

解决方案1
0 已采纳 2020-06-02 01:11:41