kafka3.4.x配置sasl认证

背景这里kafka使用的是单独部署的zookeeper 需要走认证配置

我这里使用的zookeeper版本是3.8.3 kafka 3.4.0

kafka安装目录：/usr/local/bin/xx/kafka

zookeeper安装目录：/usr/local/bin/xx/zookeeper

1. 修改配置文件 1. 找到kafka的/usr/local/bin/xx/kafka/config/server.properties文件2. 修改配置 1.KAFKA:在server.properties 调整改动之前：listeners=SASL_PLAINTEXT://0.0.0.0:9092advertised.listeners=SASL_PLAINTEXT://x.x.x.x:9092改动之后：listeners=SASL_PLAINTEXT://0.0.0.0:9092advertised.listeners=SASL_PLAINTEXT://x.x.x.x:9092security.inter.broker.protocol=SASL_PLAINTEXT sasl.enabled.mechanisms=PLAIN sasl.mechanism.inter.broker.protocol=PLAIN authorizer.class.name=kafka.security.authorizer.AclAuthorizerallow.everyone.if.no.acl.found=truezookeeper.client.sasl=true2.ZOOKEEPER:直接在zoo.cfg 最后增加authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProviderrequireClientAuthScheme=sasljaasLoginRenew=3600000
2. 增加认证jaas.conf文件 1. 1.在kafka安装目录创建文件/usr/local/bin/xx/kafka/config/touch kafka_server_jaas.conf内容如下：KafkaServer { org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="xx" user_admin="xx" user_kafka="xx";};Client { org.apache.kafka.common.security.plain.PlainLoginModule required username="kafka" password="xx";};KafkaClient { org.apache.kafka.common.security.plain.PlainLoginModule required username="kafka" password="xx";};2.在zookeeper安装目录创建文件/usr/local/bin/xx/zookeeper/conf/touch zk_server_jaas.conf内容如下：Server { org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="xx" user_kafka="xx";};ps：这里创建了两个账户 admin和kafka3.全部设置完毕，重启zookeeper和kafka
3. 消费验证 1. 1.在kafka安装目录的config目录下创建鉴权文件cd /usr/local/bin/xx/kafka/configtouch sasl.config内容如下：security.protocol=SASL_PLAINTEXT sasl.mechanism=PLAIN sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="kafka" password="xx";2.启动消费者/usr/local/bin/xx/kafka/bin/kafka-console-consumer.sh --bootstrap-server 127.0.0.1:9092 --topic test -consumer.config /usr/local/bin/xx/kafka/config/sasl.config3.启动生产者/usr/local/bin/cscmc/app/kafka/bin/kafka-console-producer.sh --broker-list 127.0.0.1:9092 --topic test -producer.config /usr/local/bin/xx/kafka/config/sasl.config4.自产自消能够成功说明配置全部正确
4. 注意事项 1. 单独部署的zookeeper 开启认证缺少依赖包，直接将kafka/libs下的kafka-client和lz4-java拷贝到zookeeer/lib下2. 新版本的kafka配置文件的类有更改由authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer --> kafka.security.authorizer.AclAuthorizer