2

为了只提供对 kafka 的访问以创建、删除主题,我正在 kafka 和 zookeeper 之间创建一个纯文本 SASL 安全性。我收到以下错误,无法弄清楚原因。

zookeeper_1  | 2020-07-20 10:19:06,907 [myid:] - ERROR [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@1063] - cnxn.saslServer is null: cnxn object did not initialize its saslServer properly.
kafka_1      | [2020-07-20 10:19:06,909] ERROR SASL authentication failed using login context 'Client' with exception: {} (org.apache.zookeeper.client.ZooKeeperSaslClient) 
kafka_1      | javax.security.sasl.SaslException: Error in authenticating with a Zookeeper
Quorum member: the quorum member's saslToken is null.
kafka_1      |  at org.apache.zookeeper.client.ZooKeeperSaslClient.createSaslToken(ZooKeeperSaslClient.java:279)
kafka_1      |  at org.apache.zookeeper.client.ZooKeeperSaslClient.respondToServer(ZooKeeperSaslClient.java:242)
kafka_1      |  at org.apache.zookeeper.ClientCnxn$SendThread.readResponse(ClientCnxn.java:805)
kafka_1      |  at org.apache.zookeeper.ClientCnxnSocketNIO.doIO(ClientCnxnSocketNIO.java:94)
kafka_1      |  at org.apache.zookeeper.ClientCnxnSocketNIO.doTransport(ClientCnxnSocketNIO.java:366)
kafka_1      |  at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1141)
kafka_1      | [2020-07-20 10:19:06,912] ERROR [ZooKeeperClient Kafka server] Auth failed. (kafka.zookeeper.ZooKeeperClient)

docker-compose-sasl-plaintext.yml

version: '3'
services:
  zookeeper:
    image: wurstmeister/zookeeper
    ports:
      - "2181:2181"
    environment:
      KAFKA_OPTS: '-Djava.security.auth.login.config=/opt/kafka/config/kafka_server_jaas.conf -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider'
    volumes:
      - ./sasl-plaintext/kafka_server_jaas.conf:/opt/kafka/config/kafka_server_jaas.conf

  kafka:
    build: .
    ports:
      - "9092:9092"
    environment:
      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
      KAFKA_LISTENERS: "SASL_PLAINTEXT://kafka:9092"
      KAFKA_ADVERTISED_LISTENERS: "SASL_PLAINTEXT://kafka:9092"
      KAFKA_SECURITY_INTER_BROKER_PROTOCOL: "SASL_PLAINTEXT"
      KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: "PLAIN"
      KAFKA_SASL_ENABLED_MECHANISMS: "PLAIN"
      KAFKA_OPTS: "-Djava.security.auth.login.config=/opt/kafka/config/kafka_server_jaas.conf"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./sasl-plaintext/kafka_server_jaas.conf:/opt/kafka/config/kafka_server_jaas.conf

kafka_server_jaas.conf

KafkaServer {
    org.apache.kafka.common.security.plain.PlainLoginModule required
    username="wl"
    password="wl-secret"
    user_wl="wl-secret";
};
Server {
  org.apache.kafka.common.security.plain.PlainLoginModule required
  username="wl"
  password="wl-secret"
  user_wl="wl-secret";
};
Client {
  org.apache.kafka.common.security.plain.PlainLoginModule required
  username="wl"
  password="wl-secret";
};
4

0 回答 0