英文:
Configure kafka_server_jaas.conf for multiple listeners
问题
我正在尝试迁移到将我的SASL身份验证从server.properties
文件中移出,而是放到我的kafka_server_jaas.conf
文件中。但是,我有点困惑,因为server.properties
中使用的设置似乎不对应于kafka_server_jaas.conf
中使用的设置。
以下是现有的设置。
server.properties:
listener.security.protocol.map=EXTERNAL_SASL:SASL_SSL,INTERNAL:SASL_SSL,EXTERNAL_SSL:SSL,EXTERNAL_PLAINTEXT:PLAINTEXT
listeners=EXTERNAL_SASL://:9094,INTERNAL://:9091,EXTERNAL_SSL://:9093,EXTERNAL_PLAINTEXT://:9092
advertised.listeners=OMITTED
listener.name.external_sasl.sasl.enabled.mechanisms=PLAIN
listener.name.external_sasl.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
username="broker-admin" password="xx" \
user_admin="xx"\
user_broker="xx";
listener.name.internal.sasl.enabled.mechanisms=PLAIN
listener.name.internal_sasl.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
username="broker-admin" password="xx" \
user_admin="xx"\
user_broker="xx";
这按照我的预期工作。我可以使用server.properties
文件中的凭据与集群进行交互。
在配置kafka_server_jaas.conf
时,所有示例都指示我的配置应如下所示:
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="broker-admin" password="xx"
user_admin="xx"
user_broker="xx";
};
这引发了我的问题,我不需要指定kafka_server_jaas.conf
应该使用哪个侦听器(external_sasl或internal)吗?对我来说,配置应该是:
KafkaServer {
listener.name.external_sasl.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required
username="broker-admin" password="xx"
user_admin="xx"
user_broker="xx";
};
但这不起作用。
有人能指出我漏掉了什么吗?
英文:
I am trying to migrate away from keeping my SASL authentication within my server.properties
file and instead in my kafka_server_jaas.conf
file. However I am getting slightly confused as the settings used in server.properties
do not seem to map to the settings used in kafka_server_jaas.conf
.
Here is the existing setup.
server.properties:
listener.security.protocol.map=EXTERNAL_SASL:SASL_SSL,INTERNAL:SASL_SSL,EXTERNAL_SSL:SSL,EXTERNAL_PLAINTEXT:PLAINTEXT
listeners=EXTERNAL_SASL://:9094,INTERNAL://:9091,EXTERNAL_SSL://:9093,EXTERNAL_PLAINTEXT://:9092
advertised.listeners=OMITTED
listener.name.external_sasl.sasl.enabled.mechanisms=PLAIN
listener.name.external_sasl.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
username="broker-admin" password="xx" \
user_admin="xx"\
user_broker="xx";
listener.name.internal.sasl.enabled.mechanisms=PLAIN
listener.name.internal_sasl.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
username="broker-admin" password="xx" \
user_admin="xx"\
user_broker="xx";
This works as I would expect. I am able to interact with the cluster using the credentials in the server.properties
file.
When configuring kafka_server_jaas.conf
all of the examples indicate that my config needs to look like this:
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="broker-admin" password="xx"
user_admin="xx"
user_broker="xx";
};
This leads to my question, do I not need to specify which listener (external_sasl or internal) that kafka_server_jaas.conf
should use? To me, the config should be:
KafkaServer {
listener.name.external_sasl.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required
username="broker-admin" password="xx"
user_admin="xx"
user_broker="xx";
};
But this does not work.
Is anyone able to point out what I am missing here?
答案1
得分: 1
我能找到这个答案:
在kafka_server_jaas.conf
文件中指定监听的正确配置如下:
external_sasl.KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="broker-admin" password="xx"
user_admin="xx"
user_broker="xx";
};
internal.KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="broker-admin" password="xx"
user_admin="xx"
user_broker="xx";
};
英文:
I was able to find the answer to this:
The correct configuration for specifying the listen in the kafka_server_jaas.conf
file is:
external_sasl.KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="broker-admin" password="xx"
user_admin="xx"
user_broker="xx";
};
internal.KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="broker-admin" password="xx"
user_admin="xx"
user_broker="xx";
};
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论