SASL认证在《码头Zookeeper》和《Kafka》中的运用

zsbz8rwp 于 2022-12-09 发布在 Apache

关注(0)|答案(1)|浏览(186)

有人能帮助在docker compose中启用wurstmeister/zookeeper和wurstmeister/kafka的SASL身份验证吗？我在没有身份验证的情况下运行这些，一切都很好，但是我不能设置简单的用户名/密码身份验证。

zookeeper:
    image: wurstmeister/zookeeper
    ports:
      - "2181:2181"

  kafka:
    build: ./kafka
    depends_on:
      - zookeeper        
    ports:
      - "9095:9095"
    hostname: kafka
    environment:
      KAFKA_ADVERTISED_PORT: 9095 
      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
      KAFKA_ADVERTISED_HOST_NAME: kafka
      KAFKA_LISTENERS: SASL_PLAINTEXT://:9095
      KAFKA_ADVERTISED_LISTENERS: SASL_PLAINTEXT://kafka:9095
      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
      KAFKA_OPTS: "-Djava.security.auth.login.config=/etc/kafka/kafka_server_jaas.conf"
      KAFKA_INTER_BROKER_LISTENER_NAME: SASL_PLAINTEXT
      KAFKA_SASL_ENABLED_MECHANISMS: PLAIN
      KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN      
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock  
      - ./kafka_server_jaas.conf:/etc/kafka/kafka_server_jaas.conf

jaas. conf文件的名称

KafkaServer {
  org.apache.kafka.common.security.plain.PlainLoginModule required
  username="admin"
  password="admin-secret"
  user_admin="admin-secret";
};

Client {
  org.apache.kafka.common.security.plain.PlainLoginModule required
  username="admin"
  password="admin-secret"
  user_admin="admin-secret";
};

我计划连接到在Node.js上运行Kafkajs的Docker容器中的Kafka

apache-zookeeper

来源：https://stackoverflow.com/questions/61924877/sasl-authentication-in-docker-zookeeper-and-kafka

1条答案

按热度按时间

t1rydlwq1#

我得到了SASL身份验证工作与wurstmeister图像与以下配置。

停靠-撰写.yml：

version: '3.7'
services:
  zookeeper:
    image: wurstmeister/zookeeper:3.4.6
    environment:
      JVMFLAGS: "-Djava.security.auth.login.config=/etc/zookeeper/zookeeper_jaas.conf"
    volumes:
      - ./zookeeper_jaas.conf:/etc/zookeeper/zookeeper_jaas.conf
    ports:
     - 2181:2181
     
  kafka:
    image: wurstmeister/kafka:2.13-2.8.1
    depends_on:
      - zookeeper
    ports:
      - 9092:9092
    environment:
      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
      KAFKA_LISTENERS: INTERNAL://:9093,EXTERNAL://:9092
      KAFKA_ADVERTISED_LISTENERS: INTERNAL://kafka:9093,EXTERNAL://localhost:9092
      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: INTERNAL:SASL_PLAINTEXT,EXTERNAL:SASL_PLAINTEXT
      ALLOW_PLAINTEXT_LISTENER: 'yes'
      KAFKA_AUTO_CREATE_TOPICS_ENABLE: 'true'
      KAFKA_INTER_BROKER_LISTENER_NAME: INTERNAL
      KAFKA_SASL_ENABLED_MECHANISMS: PLAIN
      KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
      KAFKA_OPTS: "-Djava.security.auth.login.config=/etc/kafka/kafka_jaas.conf"
    volumes:
      - ./kafka_server_jaas.conf:/etc/kafka/kafka_jaas.conf

Zookeeper_jaas.配置文件：

Server {
    org.apache.zookeeper.server.auth.DigestLoginModule required
    user_admin="admin-secret";
};

Kafka_服务器_jaas.配置文件：

KafkaServer {
  org.apache.kafka.common.security.plain.PlainLoginModule required
  username="admin"
  password="admin-secret"
  user_admin="admin-secret";
};

Client {
  org.apache.kafka.common.security.plain.PlainLoginModule required
  username="admin"
  password="admin-secret";
};

需要在生产者/消费者中设置以下附加Kafka客户端属性：

security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="admin-secret";

赞(0）回复(0）举报 2022-12-09

我来回答

SASL认证在《码头Zookeeper》和《Kafka》中的运用

1条答案

相关问题

热门标签

最新问答