目录
二、kafka的安全认证配置(如果需要开启Kafka的安全认证则配置该项)
一、应用版本:
应用名称 | 下载链接 |
apache_zookeeper-3.7.0-bin.tar.gz |
|
https://dlcdn.apache.org/zookeeper/zookeeper-3.7.0/apache-zookeeper-3.7.0-bin.tar.gz | |
https://downloads.apache.org/zookeeper/zookeeper-3.7.0/apache-zookeeper-3.7.0-bin.tar.gz | |
下载链接哪个快用哪个,我用的是第二个 | |
kafka_2.12-2.8.1.tgz |
https://archive.apache.org/dist/kafka/2.8.1/kafka_2.13-2.8.1.tgz |
Ubuntu18.04 (其他linux也可以) (点击进入官网) |
https://mirrors.hit.edu.cn/ubuntu-releases/18.04.6/ubuntu-18.04.6-live-server-amd64.iso |
1.应用下载、解压、目录重命名(也可以提前下载好以后上传到 /opt 目录下)
cd /opt && \
wget https://downloads.apache.org/zookeeper/zookeeper-3.7.0/apache-zookeeper-3.7.0-bin.tar.gz && \
wget https://archive.apache.org/dist/kafka/2.8.1/kafka_2.13-2.8.1.tgz && \
tar -zxvf apache-zookeeper-3.7.0-bin.tar.gz && \
tar -zxvf kafka_2.13-2.8.1.tgz && \
mv apache-zookeeper-3.7.0-bin zookeeper && \
mv kafka_2.13-2.8.1 kafka &&\
cp /opt/zookeeper/conf/zoo_sample.cfg /opt/zookeeper/conf/zoo.cfg
一、zookeeper的安全认证配置
说明:这里的kafka和zookeeper的目录是你(解压/重命名)的那个目录。
1、将 ” /op/kafka/libs “ 目录下的相关jar包,复制到 “ /opt/zookeeper/libs ” 目录下。相关包如下:
kafka-clients-2.8.1.jar
lz4-java-1.7.1.jar
slf4j-api-1.7.30.jar
slf4j-log4j12-1.7.30.jar
snappy-java-1.1.8.1.jar
也可直接执行下面命令
cd /opt/kafka/libs && cp -r kafka-clients-2.8.1.jar lz4-java-1.7.1.jar slf4j-api-1.7.30.jar slf4j-log4j12-1.7.30.jar snappy-java-1.1.8.1.jar /opt/zookeeper/lib
2、zoo.cfg文件配置
在/opt/zookeeper/conf目录下,在配置文件zoo.cfg中添加如下配置
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider #开启认证功能
requireClientAuthScheme=sasl #认证方式为sasl
jaasLoginRenew=3600000
zookeeper.sasl.client=true
3、在/opt/zookeeper目录下创建文件“zk_server_jaas.conf”,内容如下
Server {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="testadmin"
password="testadmin-2021"
user_kafka="testkafka-2021"
user_producer="testprod-2021";
};
4、修改/opt/zookeeper/bin 目录下的 zkEnv.sh 配置文件,在原参数上添加如下内容
#export SERVER_JVMFLAGS="-Xmx${ZK_SERVER_HEAP}m $SERVER_JVMFLAGS"
export SERVER_JVMFLAGS="-Xmx${ZK_SERVER_HEAP}m $SERVER_JVMFLAGS -Djava.security.auth.login.config=/opt/zookeeper/zk_server_jaas.conf"
5、在/opt/kafka目录下创建文件“kafka_server_jaas.conf”,内容如下
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="testadmin"
password="testadmin-2021"
user_admin="testadmin-2021"
user_producer="testprod-2021"
user_consumer="testcons-2021";
};
Client {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="kafka"
password="testkafka-2021";
};
6、配置/opt/kafka/config目录下的server.properties配置文件,内容如下
listeners=PLAINTEXT://0.0.0.0:9092
advertised.listeners=PLAINTEXT://:9092
security.inter.broker.protocol=PLAINTEXT
sasl.enabled.mechanisms=PLAIN
sasl.mechanism.inter.broker.protocol=PLAIN
7、修改目录/opt/kafka/bin下的“kafka-server-start.sh”脚本,内容如下
# export KAFKA_HEAP_OPTS="-Xmx1G -Xms1G"
export KAFKA_HEAP_OPTS="-Xmx1G -Xms1G -Djava.security.auth.login.config=/opt/kafka/kafka_server_jaas.conf"
二、kafka的安全认证配置(如果需要开启Kafka的安全认证则配置该项)
配置/opt/kafka/config目录下的server.properties配置文件,内容如下
listeners=SASL_PLAINTEXT://0.0.0.0:9092
advertised.listeners=SASL_PLAINTEXT://:9092
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.enabled.mechanisms=PLAIN
sasl.mechanism.inter.broker.protocol=PLAIN
authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
allow.everyone.if.no.acl.found=true
三、重启zookeeper和kafka
zookeeper启动,进入/opt/zookeeper/bin目录执行 ./zkServer.sh start
kafka启动,进入/opt/kafka/bin目录执行 ./kafka-server-start.sh -daemon ../config/server.properties