kafka 配置 SASL_PLAINTEXT 校验

1.配置zookeeper

在kafka的config目录中创建 test.properties

security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="test" password="user123456";
security.protocol=sasl_plaintext

 

在kafka的config目录创建 jaas-kafka-client.conf

KafkaClient {
    org.apache.kafka.common.security.plain.PlainLoginModule required
    username="test"
    password="user123456";
};

 

在kafka的bin目录中zookeeper-server-start.sh开头加上,将配置文件路径指向上面jaas-kafka-client.conf

export KAFKA_OPTS="-Djava.security.auth.login.config=/data/software/kafka_2.12-3.4.0/config/jaas-kafka-client.conf"

 

启动zookeeper

bin/zookeeper-server-start.sh config/zookeeper.properties

 

2.配置kafka

修改kafka的config目录下server.properties, 添加下面配置

listeners=SASL_PLAINTEXT://:9092
advertised.listeners=SASL_PLAINTEXT://localhost:9092
authorizer.class.name=kafka.security.authorizer.AclAuthorizer
security.inter.broker.protocol= SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=PLAIN
sasl.enabled.mechanisms=PLAIN
super.users=User:test

 

在kafka的config目录下新建jaas-kafka-server.conf

KafkaServer {
    org.apache.kafka.common.security.plain.PlainLoginModule required
    username="test"
    password="user123456"
    user_test="user123456";
};

 

修改kafka的bin目录下kafka-server-start.sh，在开头添加如下配置指向jaas-kafka-server.conf

export KAFKA_OPTS="-Djava.security.auth.login.config=/data/software/kafka_2.12-3.4.0/config/jaas-kafka-server.conf"

 

启动kafka

bin/kafka-server-start.sh config/server.properties

 

3.配置用户权限

给用户test分配topic权限

bin/kafka-acls.sh  --bootstrap-server localhost:9092 --add --allow-principal User:test --operation Write --operation Create --topic flume_topic1 --command-config config/test.properties

 

 

 

 创建topic

 

 4.外网访问

修改config目录下server.properties

advertised.listeners=SASL_PLAINTEXT://localhost:9092

 localhost改成服务器外网的ip

 

5.修改flume配置 

在flume的config目录新建 jaas-client.conf

KafkaClient {
    org.apache.kafka.common.security.plain.PlainLoginModule required
    username="test"
    password="123456";
};

修改sink配置

# Describe/configure the sink
agent1.sinks.sink1.type = org.apache.flume.sink.kafka.KafkaSink
agent1.sinks.sink1.kafka.topic = flume_topic
agent1.sinks.sink1.kafka.bootstrap.servers = localhost:9092
agent1.sinks.sink1.kafka.producer.security.protocol = SASL_PLAINTEXT
agent1.sinks.sink1.kafka.producer.sasl.mechanism = PLAIN
agent1.sinks.sink1.kafka.producer.sasl.kerberos.service.name = kafka

在flume-env.sh添加

export JAVA_OPTS="-Djava.security.auth.login.config=/data/software/apache-flume-1.11.0-bin/conf/jaas-client.conf"

启动flume

bin/flume-ng agent --conf /data/software/apache-flume-1.11.0-bin/conf --conf-file conf/flume-kafka.conf --name agent1

 

 

参考：

https://developer.ibm.com/tutorials/kafka-authn-authz/