我登陆到 zookeeper 后通过下方命令新增一个账号密码
addauth digest admin:123456
setAcl / auth:admin:cdrwa
通过下方测试看到 zookeeper 的账号密码应是生效了
[root@local-test bin]# ./zookeeper-shell.sh localhost:2181
Connecting to localhost:2181
Welcome to ZooKeeper!
JLine support is disabled
WATCHER::
WatchedEvent state:SyncConnected type:None path:null
ls /
Insufficient permission : /
addauth digest admin:123456
ls /
[admin, brokers, cluster, config, consumers, controller, controller_epoch, feature, isr_change_notification, latest_producer_id_block, log_dir_event_notification, zookeeper]
可我未对 kafka 做任何修改,为什么 kafka 创建 topic 、生产、消费依旧正常?
理论上 zookeeper 作为服务端添加了认证,kafka 作为客户端也需要修改一些配置吗。很是奇怪。
PS:我用的是 kafka v3.6.0 版本,zookeeper 使用的是 kafka 安装包中内置的。
1
OneXT OP 重启了 kafka 后发现 kafka 起不来了。去掉 zookeeper 的 acl 后正常。
[2024-04-02 01:23:53,752] INFO Initiating client connection, connectString=127.0.0.1:2181 sessionTimeout=18000 watcher=kafka.zookeeper.ZooKeeperClient$ZooKeeperClientWatcher$@13c9d689 (org.apache.zookeeper.ZooKeeper) [2024-04-02 01:23:53,757] INFO jute.maxbuffer value is 4194304 Bytes (org.apache.zookeeper.ClientCnxnSocket) [2024-04-02 01:23:53,769] INFO zookeeper.request.timeout value is 0. feature enabled=false (org.apache.zookeeper.ClientCnxn) [2024-04-02 01:23:53,772] INFO [ZooKeeperClient Kafka server] Waiting until connected. (kafka.zookeeper.ZooKeeperClient) [2024-04-02 01:23:53,774] INFO Opening socket connection to server /127.0.0.1:2181. (org.apache.zookeeper.ClientCnxn) [2024-04-02 01:23:53,779] INFO Socket connection established, initiating session, client: /127.0.0.1:33298, server: /127.0.0.1:2181 (org.apache.zookeeper.ClientCnxn) [2024-04-02 01:23:53,788] INFO Session establishment complete on server /127.0.0.1:2181, session id = 0x100197062f30039, negotiated timeout = 18000 (org.apache.zookeeper.ClientCnxn) [2024-04-02 01:23:53,792] INFO [ZooKeeperClient Kafka server] Connected. (kafka.zookeeper.ZooKeeperClient) [2024-04-02 01:23:53,877] ERROR Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer) org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /consumers at org.apache.zookeeper.KeeperException.create(KeeperException.java:120) at org.apache.zookeeper.KeeperException.create(KeeperException.java:54) at kafka.zookeeper.AsyncResponse.maybeThrow(ZooKeeperClient.scala:570) at kafka.zk.KafkaZkClient.createRecursive(KafkaZkClient.scala:1883) at kafka.zk.KafkaZkClient.makeSurePersistentPathExists(KafkaZkClient.scala:1781) at kafka.zk.KafkaZkClient.$anonfun$createTopLevelPaths$1(KafkaZkClient.scala:1773) at kafka.zk.KafkaZkClient.$anonfun$createTopLevelPaths$1$adapted(KafkaZkClient.scala:1773) at scala.collection.immutable.List.foreach(List.scala:333) at kafka.zk.KafkaZkClient.createTopLevelPaths(KafkaZkClient.scala:1773) at kafka.server.KafkaServer.initZkClient(KafkaServer.scala:658) at kafka.server.KafkaServer.startup(KafkaServer.scala:222) at kafka.Kafka$.main(Kafka.scala:113) at kafka.Kafka.main(Kafka.scala) [2024-04-02 01:23:53,882] INFO shutting down (kafka.server.KafkaServer) [2024-04-02 01:23:53,900] INFO [ZooKeeperClient Kafka server] Closing. (kafka.zookeeper.ZooKeeperClient) [2024-04-02 01:23:54,005] INFO Session: 0x100197062f30039 closed (org.apache.zookeeper.ZooKeeper) |
2
test123321 227 天前
authorizer.class.name=kafka.security.authorizer.AclAuthorizer
|
3
OneXT OP @test123321 大佬好,我的环境是仅 zookeeper 开启了 acl ,kakfa 并不需要配置 acl 。
现在就是 zookeeper 开启 acl 后,不知道改怎么修改 kafka 去连接有 acl 的 zookeeper ,kafka 启动失败。 |