在最后一天左右,我尝试使用Confluent Docker镜像在本地进行设置,Kafka集群只有一个节点。很不幸,我没能做到。下面是我所有的配置文件:/etc/kafka/secrets/zookeeper_server_jaas.conf
Server {
org.apache.zookeeper.server.auth.DigestLoginModule required
user_admin="admin_secret";
};
/etc/kafka/secrets/kafka_server_jaas.conf
KafkaServer {
org.apache.kafka.common.security.scram.ScramLoginModule required
username="admin"
password="admin_secret";
};
Client {
org.apache.zookeeper.server.auth.DigestLoginModule required
username="admin"
password="admin_secret";
};
docker-compose.yml
version: '3.5'
services:
zookeeper:
image: confluentinc/cp-zookeeper:latest
container_name: zookeeper
ports:
- "2181:2181"
environment:
ZOOKEEPER_CLIENT_PORT: 2181
ZOOKEEPER_TICK_TIME: 2000
KAFKA_OPTS: -Djava.security.auth.login.config=/etc/kafka/secrets/zookeeper_server_jaas.conf
-Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
-Dzookeeper.allowSaslFailedClients=false
-Dzookeeper.requireClientAuthScheme=sasl
volumes:
- ./secrets:/etc/kafka/secrets
broker:
image: confluentinc/cp-kafka:latest
container_name: broker
depends_on:
- zookeeper
ports:
- "9092:9092"
environment:
KAFKA_BROKER_ID: 1
KAFKA_ZOOKEEPER_CONNECT: 'zookeeper:2181'
KAFKA_LISTENERS: SASL_SSL://:9092
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: SASL_SSL:SASL_SSL
KAFKA_ADVERTISED_LISTENERS: SASL_SSL://broker:9092
KAFKA_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512
KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: SCRAM-SHA-512
KAFKA_INTER_BROKER_LISTENER_NAME: SASL_SSL
KAFKA_SSL_KEYSTORE_FILENAME: kafka.broker.keystore.jks
KAFKA_SSL_KEYSTORE_CREDENTIALS: broker_keystore_creds
KAFKA_SSL_KEY_CREDENTIALS: broker_sslkey_creds
KAFKA_SSL_TRUSTSTORE_FILENAME: kafka.broker.truststore.jks
KAFKA_SSL_TRUSTSTORE_CREDENTIALS: broker_truststore_creds
KAFKA_OPTS: -Djava.security.auth.login.config=/etc/kafka/secrets/kafka_server_jaas.conf
KAFKA_AUTO_CREATE_TOPICS_ENABLE: false
KAFKA_SSL_CLIENT_AUTH: "required"
KAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: "HTTPS"
volumes:
- ./secrets:/etc/kafka/secrets
我在docker compose中引用的证书位于我本地机器上的/secrets
目录下,下一个docker compose文件本身。
我在运行docker-compose up
时得到的错误是:
broker | [2023-06-23 09:22:15,816] INFO [Controller id=1, targetBrokerId=1] Failed authentication with broker/192.168.16.3 (channelId=1) (Authentication failed during authentication due to invalid credentials with SASL mechanism SCRAM-SHA-512) (org.apache.kafka.common.network.Selector)
broker | [2023-06-23 09:22:15,818] INFO [Controller id=1, targetBrokerId=1] Node 1 disconnected. (org.apache.kafka.clients.NetworkClient)
broker | [2023-06-23 09:22:15,818] ERROR [Controller id=1, targetBrokerId=1] Connection to node 1 (broker/192.168.16.3:9092) failed authentication due to: Authentication failed during authentication due to invalid credentials with SASL mechanism SCRAM-SHA-512 (org.apache.kafka.clients.NetworkClient)
1条答案
按热度按时间wz1wpwve1#
虽然我没有亲自尝试过,但您可以将
user_admin
字段更新为/etc/kafka/secrets/zookeeper_server_jaas.conf
中的admin
值吗?据我所知,Kafka和zookeeper应该有相同的用户信息。也许我错了