1.配置zookeeper
在kafka的config目录中创建 test.properties
security.protocol=SASL_PLAINTEXT sasl.mechanism=PLAIN sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="test" password="user123456"; security.protocol=sasl_plaintext
在kafka的config目录创建 jaas-kafka-client.conf
KafkaClient { org.apache.kafka.common.security.plain.PlainLoginModule required username="test" password="user123456"; };
在kafka的bin目录中zookeeper-server-start.sh开头加上,将配置文件路径指向上面jaas-kafka-client.conf
export KAFKA_OPTS="-Djava.security.auth.login.config=/data/software/kafka_2.12-3.4.0/config/jaas-kafka-client.conf"
启动zookeeper
bin/zookeeper-server-start.sh config/zookeeper.properties
2.配置kafka
修改kafka的config目录下server.properties, 添加下面配置
listeners=SASL_PLAINTEXT://:9092 advertised.listeners=SASL_PLAINTEXT://localhost:9092 authorizer.class.name=kafka.security.authorizer.AclAuthorizer security.inter.broker.protocol= SASL_PLAINTEXT sasl.mechanism.inter.broker.protocol=PLAIN sasl.enabled.mechanisms=PLAIN super.users=User:test
在kafka的config目录下新建jaas-kafka-server.conf
KafkaServer { org.apache.kafka.common.security.plain.PlainLoginModule required username="test" password="user123456" user_test="user123456"; };
修改kafka的bin目录下kafka-server-start.sh,在开头添加如下配置指向jaas-kafka-server.conf
export KAFKA_OPTS="-Djava.security.auth.login.config=/data/software/kafka_2.12-3.4.0/config/jaas-kafka-server.conf"
启动kafka
bin/kafka-server-start.sh config/server.properties
3.配置用户权限
给用户test分配topic权限
bin/kafka-acls.sh --bootstrap-server localhost:9092 --add --allow-principal User:test --operation Write --operation Create --topic flume_topic1 --command-config config/test.properties
创建topic
4.外网访问
修改config目录下server.properties
advertised.listeners=SASL_PLAINTEXT://localhost:9092
localhost改成服务器外网的ip
5.修改flume配置
在flume的config目录新建 jaas-client.conf
KafkaClient { org.apache.kafka.common.security.plain.PlainLoginModule required username="test" password="123456"; };
修改sink配置
# Describe/configure the sink agent1.sinks.sink1.type = org.apache.flume.sink.kafka.KafkaSink agent1.sinks.sink1.kafka.topic = flume_topic agent1.sinks.sink1.kafka.bootstrap.servers = localhost:9092 agent1.sinks.sink1.kafka.producer.security.protocol = SASL_PLAINTEXT agent1.sinks.sink1.kafka.producer.sasl.mechanism = PLAIN agent1.sinks.sink1.kafka.producer.sasl.kerberos.service.name = kafka
在flume-env.sh添加
export JAVA_OPTS="-Djava.security.auth.login.config=/data/software/apache-flume-1.11.0-bin/conf/jaas-client.conf"
启动flume
bin/flume-ng agent --conf /data/software/apache-flume-1.11.0-bin/conf --conf-file conf/flume-kafka.conf --name agent1
参考:
https://developer.ibm.com/tutorials/kafka-authn-authz/
标签:flume,PLAINTEXT,kafka,conf,SASL,security,server,config From: https://www.cnblogs.com/AwenDF/p/17130972.html