为了只访问kafka来创建和删除主题,我在kafka和zookeeper之间创建了一个明文SASL安全性。我得到以下错误,不知道为什么。
zookeeper_1 | 2020-07-20 10:19:06,907 [myid:] - ERROR [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@1063] - cnxn.saslServer is null: cnxn object did not initialize its saslServer properly.
kafka_1 | [2020-07-20 10:19:06,909] ERROR SASL authentication failed using login context 'Client' with exception: {} (org.apache.zookeeper.client.ZooKeeperSaslClient)
kafka_1 | javax.security.sasl.SaslException: Error in authenticating with a Zookeeper
Quorum member: the quorum member's saslToken is null.
kafka_1 | at org.apache.zookeeper.client.ZooKeeperSaslClient.createSaslToken(ZooKeeperSaslClient.java:279)
kafka_1 | at org.apache.zookeeper.client.ZooKeeperSaslClient.respondToServer(ZooKeeperSaslClient.java:242)
kafka_1 | at org.apache.zookeeper.ClientCnxn$SendThread.readResponse(ClientCnxn.java:805)
kafka_1 | at org.apache.zookeeper.ClientCnxnSocketNIO.doIO(ClientCnxnSocketNIO.java:94)
kafka_1 | at org.apache.zookeeper.ClientCnxnSocketNIO.doTransport(ClientCnxnSocketNIO.java:366)
kafka_1 | at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1141)
kafka_1 | [2020-07-20 10:19:06,912] ERROR [ZooKeeperClient Kafka server] Auth failed. (kafka.zookeeper.ZooKeeperClient)
docker-compose-sas-pintext.yml
version: '3'
services:
zookeeper:
image: wurstmeister/zookeeper
ports:
- "2181:2181"
environment:
KAFKA_OPTS: '-Djava.security.auth.login.config=/opt/kafka/config/kafka_server_jaas.conf -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider'
volumes:
- ./sasl-plaintext/kafka_server_jaas.conf:/opt/kafka/config/kafka_server_jaas.conf
kafka:
build: .
ports:
- "9092:9092"
environment:
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
KAFKA_LISTENERS: "SASL_PLAINTEXT://kafka:9092"
KAFKA_ADVERTISED_LISTENERS: "SASL_PLAINTEXT://kafka:9092"
KAFKA_SECURITY_INTER_BROKER_PROTOCOL: "SASL_PLAINTEXT"
KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: "PLAIN"
KAFKA_SASL_ENABLED_MECHANISMS: "PLAIN"
KAFKA_OPTS: "-Djava.security.auth.login.config=/opt/kafka/config/kafka_server_jaas.conf"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./sasl-plaintext/kafka_server_jaas.conf:/opt/kafka/config/kafka_server_jaas.conf
kafka_server_jaas.conf
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="wl"
password="wl-secret"
user_wl="wl-secret";
};
Server {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="wl"
password="wl-secret"
user_wl="wl-secret";
};
Client {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="wl"
password="wl-secret";
};
您的kafka_server_jaas.conf配置了"客户端"选项,用于kafka使用sasl连接到zookeeper。但是你的动物园管理员没有配置服务器用户&客户端用户。