kafka 启动_使用用户密码连接kafka
使用kafka用户密码配置访问权限
01
—
配置jaas 文件
配置server jaas 文件
[root@web148 kafka]# cat config/kafka_server_jaas.conf KafkaServer { org.apache.kafka.common.security.plain.PlainLoginModule required username="ydwydy" password="ydwydy#_$" user_ydwydy="ydwydy#_$";};KafkaClient { org.apache.kafka.common.security.plain.PlainLoginModule required username="ydwydy" password="ydwydy#_$";};Client { org.apache.kafka.common.security.plain.PlainLoginModule required username="ydwydy" password="ydwydy#_$";};username:用户名,连接kafka时需要提供的账号信息
password:密码,连接kafka 提供的密码
user_usernmae:user_ + username,等号后是跟此用户的密码
client jaas配置文件:
[root@web148 kafka]# cat config/kafka_client_jaas.conf KafkaClient { org.apache.kafka.common.security.plain.PlainLoginModule required username="ydwb2b" password="ydwb2b@_@" user_ydwb2b="ydwb2b@_@";};zk jaas 配置文件
[root@web148 kafka]# cat config/kafka_zoo_jaas.conf Server{ org.apache.kafka.common.security.plain.PlainLoginModule required username="ydwb2b" password="ydwb2b@_@" user_ydwb2b="ydwb2b@_@";};02
—
kafka启动命令修改
启动配置位置随自己的的路径和名称变动
zookeeper-server-start.sh 启动文件配置
[root@web148 kafka]# cat bin/zookeeper-server-start.shexport KAFKA_OPTS=" -Djava.security.auth.login.config=/home/app/kafka/config/kafka_zoo_jaas.conf -Dzookeeper.sasl.client.username=admin"# 如果使用的是外部zookeeper的话配置不同的地方是启动脚本的地方[root@web148 kafka]# bin/zkEnv.shSERVER_JVMFLAGS=" -Djava.security.auth.login.config=/opt/zookeeper-3.4.13/conf/zk_server_jaas.conf"kafka-server-start.sh 启动文件配置
[root@web148 kafka]# cat bin/kafka-server-start.shexport KAFKA_OPTS=" -Djava.security.auth.login.config=/home/app/kafka/config/kafka_server_jaas.conf"kafka-run-class.sh
[root@web148 kafka]# more bin/kafka-run-class.shKAFKA_SASL_OPTS='-Djava.security.auth.login.config=/home/app/kafka/config/kafka_server_jaas.conf'如果你需要通过kafka提供的命令连接带有用户密码的kafka的话需要进行下面2个文件的修改
(可选)kafka-console-producer.sh
[root@web148 kafka]# cat bin/kafka-console-producer.shexport KAFKA_OPTS=" -Djava.security.auth.login.config=/home/app/kafka/config/kafka_client_jaas.conf"(可选)kafka-console-consumer.sh
[root@web148 kafka]# cat bin/kafka-console-consumer.shexport KAFKA_OPTS=" -Djava.security.auth.login.config=/opt/kafka/config/kafka_client_jaas.conf"03
—
主配置文件修改
server.properties
[root@web148 kafka]# cat config/server.propertieslisteners=SASL_PLAINTEXT://:9092security.inter.broker.protocol=SASL_PLAINTEXTsasl.enabled.mechanisms=PLAINsasl.mechanism.inter.broker.protocol=PLAINadvertised.listeners=SASL_PLAINTEXT://127.0.0.1:9092advertised.host.name=127.0.0.1advertised.port=9092zookeeper.properties
[root@web148 kafka]# cat config/zookeeper.propertiesauthProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProviderrequireClientAuthScheme=sasljaasLoginRenew=3600000(可选)producer.properties
[root@web148 kafka]# tail config/producer.propertiessecurity.protocol=SASL_PLAINTEXTsasl.mechanism=PLAIN(可选)consumer.properties
[root@web148 kafka]# tail config/consumer.properties security.protocol=SASL_PLAINTEXTsasl.mechanism=PLAIN启动kafka
04
—
测试kafka连接
启动消费者
./bin/kafka-console-consumer.sh --bootstrap-server ip:9092 --topic test --consumer-property security.protocol=SASL_PLAINTEXT --consumer-property sasl.mechanism=PLAIN --from-beginning启动生产者
./bin/kafka-console-producer.sh --broker-list ip:9092 --topic test --producer-property security.protocol=SASL_PLAINTEXT --producer-property sasl.mechanism=PLAIN使用python方式进行测试
# 生产数据脚本from kafka import KafkaProducertopic_name = 'test'producer = KafkaProducer( sasl_mechanism="PLAIN", security_protocol='SASL_PLAINTEXT', sasl_plain_username="ydwb2b", sasl_plain_password="ydwb2b@_@", bootstrap_servers=['10.0.0.10:9092'])for i in range(5): producer.send(topic_name, 'create data: '+ str(i) )producer.close()#消费脚本from kafka import KafkaConsumertopic_name = 'test'consumer = KafkaConsumer(topic_name, sasl_mechanism="PLAIN", security_protocol='SASL_PLAINTEXT', sasl_plain_username="ydwb2b", sasl_plain_password="ydwb2b@_@", bootstrap_servers=['127.0.0.1:9092'],)for msg in consumer: print("%s:%d:%d: key=%s value=%s" % (msg.topic, msg.partition, msg.offset, msg.key, msg.value.decode()))