启动 Kafka 服务器时出错

tag-icon tag-icon kafka
启动 Kafka 服务器时出错

我尝试使用 sasl_ssl 制作 kafka。我进行了一些配置,但 Kafka 服务器在某些问题上失败了,我不知道如何解决。我使用 Kafka 2.13-3.6.0。

我的 zookeeper.properties

quorum.auth.enableSasl=true

quorum.auth.learnerRequireSasl=true

quorum.auth.serverRequireSasl=true

quorum.auth.learner.loginContext=QuorumLearner

quorum.auth.server.loginContext=QuorumServer

uorum.cnxn.threads.size=20

requireClientAuthScheme=sasl

zookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider

serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
authProvider.x509=org.apache.zookeeper.server.auth.X509AuthenticationProvider
ssl.keyStore.location=C:/apps/certs/keystore.jks
ssl.keyStore.password=sepultura1
ssl.trustStore.location=C:/apps/certs/truststore.jks
ssl.trustStore.password=sepultura1

我的 zookepr_jass.conf

Client{
  org.apache.kafka.common.security.scram.ScramLoginModule required
username=“user”
password=“sepultura1”;
};
QuorumServer {
         org.apache.kafka.common.security.scram.ScramLoginModule required
       user_user="user";
};
 
QuorumLearner {
         org.apache.kafka.common.security.scram.ScramLoginModule required
       username="user"
       password="sepultura1";
};
Server{
  org.apache.kafka.common.security.scram.ScramLoginModule required
username=“user”
password=“sepultura1”;
};

我的服务器.属性:

group.initial.rebalance.delay.ms=0

sasl.enabled.mechanisms=SCRAM-SHA-256

listeners=SASL_SSL://localhost:9092
advertised.listeners=SASL_SSL://localhost:9092

sasl.mechanism.inter.broker.protocol=SCRAM-SHA-256
security.inter.broker.protocol=SASL_SSL
ssl.keystore.location=C:/apps/certs/keystore.jks
ssl.keystore.password=sepultura1
ssl.key.password=sepultura1
ssl.truststore.location=C:/apps/certs/truststore.jks
ssl.truststore.password=sepultura1
ssl.client.auth=required
ssl.endpoint.identification.algorithm=

我的kafka.server.jaas.conf:

KafkaServer {
   org.apache.kafka.common.security.scram.ScramLoginModule required
   username="user"
   password="sepultura1";
};
Client {
    org.apache.kafka.common.security.scram.ScramLoginModule required
    username="user"
    password="sepultura1";
};
zkClient {
  org.apache.kafka.common.security.scram.ScramLoginModule required 
  username="user" 
  password="sepultura1";
};

当我启动 kafka 服务器时,它无法连接到 zookeeper,并且 zookeeper 日志中的内容为:

javax.security.sasl.SaslException: DIGEST-MD5: cannot acquire password for user in realm : zk-sasl-md5
        at java.security.sasl/com.sun.security.sasl.digest.DigestMD5Server.validateClientResponse(DigestMD5Server.java:601)
        at java.security.sasl/com.sun.security.sasl.digest.DigestMD5Server.evaluateResponse(DigestMD5Server.java:247)
        at org.apache.zookeeper.server.ZooKeeperSaslServer.evaluateResponse(ZooKeeperSaslServer.java:49)
        at org.apache.zookeeper.server.ZooKeeperServer.processSasl(ZooKeeperServer.java:1735)
        at org.apache.zookeeper.server.ZooKeeperServer.processPacket(ZooKeeperServer.java:1676)
        at org.apache.zookeeper.server.NettyServerCnxn.receiveMessage(NettyServerCnxn.java:482)
        at org.apache.zookeeper.server.NettyServerCnxn.processMessage(NettyServerCnxn.java:374)
        at org.apache.zookeeper.server.NettyServerCnxnFactory$CnxnChannelHandler.channelRead(NettyServerCnxnFactory.java:357)
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442)
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
        at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
        at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788)
        at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:724)
        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:650)
        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562)
        at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
        at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
        at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
        at java.base/java.lang.Thread.run(Thread.java:833)

有人能告诉我如何解决这个问题吗?互联网上只有带 kerberos 的 sasl,而我需要不带 kerberos 的 SASL,只有用户名 + 密码。谢谢你的帮助。

答案1

zookeper.jaas.conf 有变化:

Server{
     org.apache.zookeeper.server.auth.DigestLoginModule required
     user_user="sepultura1";
};

以及在server.jaas.conf中:

Client {
    org.apache.zookeeper.server.auth.DigestLoginModule required
    username="user"
    password="sepultura1";
};

相关内容