docker部署kafka集群带密码sasl认证
一、部署kafka 节点
- 1、配置dockerc-compose 修改路径等(见 docker-compse文件)
- 2、 配置好kafka 验证文件kafka_server_jaas.conf
- 说明: KafkaServer 用于 kafka 集群验证, Client 用于链接zookeeper
# cat kafka_server_jaas.conf
kafka_server_jaas.conf
KafkaServer {
org.apache.kafka.common.security.scram.ScramLoginModule required
username="admin"
password="admin2024"
user_admin="admin2024"
user_kafka="kafka@2024";
};
Client {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="kafka"
password="kafka@2024";
};
- 3、配置好zookeeper配置文件zk_server.conf ,zk_client.conf
cat /data/kafka/zookeeper-config/zk_server.conf
Server{
org.apache.zookeeper.server.auth.DigestLoginModule required
username="admin"
password="admin2024"
user_admin="admin2024"
user_kafka="kafka@2024";
};
QuorumServer {
org.apache.zookeeper.server.auth.DigestLoginModule required
user_zookeeper="zookeeper@2024";
};
QuorumLearner {
org.apache.zookeeper.server.auth.DigestLoginModule required
username="zookeeper"
password="zookeeper@2024";
};
cat /data/kafka/zookeeper-config/zk_client.conf
Client {
org.apache.zookeeper.server.auth.DigestLoginModule required
username="zookeeper"
password="zookeeper@2024";
};
- 4、配置过程
先注释掉 docker-compose 中的config 挂载路径
将容器先启动,然后将容器中的config 等配置文件cp 到本地
docker cp pro-zookeeper-001:/conf /data/kafka/zookeeper-config
docker cp pro-kafka-001:/opt/kafka_2.12-2.5.0/config /data/kafka/kafka-config
- 5、docker-compose 挂载config 目录:多个节点 相同操作
- 6、进入kafka 容器配置 admin 密码验证,不然节点会一直报密码错误
kafka-configs.sh --zookeeper 192.168.10.21:2181,192.168.10.22:2181,192.168.10.23:2181 --alter --add-config 'SCRAM-SHA-256=[password=admin2024]' --entity-type users --entity-name admin
-
7、相关的docker-compose文件
version: '3.1' services: zoo1: image: docker.io/zookeeper:3.7.0 restart: always container_name: pro-zookeeper-001 ports: - 2181:2181 - 2888:2888 - 3888:3888 volumes: - /etc/localtime:/etc/localtime - ./zookeeper-data:/data - ./zookeeper-datalog:/datalog - ./zookeeper-config:/conf environment: ZOO_MY_ID: 1 ZOO_SERVERS: server.1=0.0.0.0:2888:3888;2181 server.2=192.168.10.22:2888:3888;2181 server.3=192.168.10.23:2888:3888;2181 ZOO_CFG_EXTRA: "requireClientAuthScheme=sasl authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider" SERVER_JVMFLAGS: "-Djava.security.auth.login.config=/conf/zk_server.conf" CLIENT_JVMFLAGS: "-Djava.security.auth.login.config=/conf/zk_client.conf" kafka1: image: docker.io/wurstmeister/kafka:2.12-2.5.0 restart: always container_name: pro-kafka-001 ports: - 9092:9092 environment: KAFKA_ADVERTISED_HOST_NAME: 192.168.10.21 KAFKA_HOST_NAME: 192.168.10.21 KAFKA_ADVERTISED_PORT: 9092 KAFKA_BROKER_ID: 1 KAFKA_ZOOKEEPER_CONNECT: 192.168.10.21:2181,192.168.10.22:2181,192.168.10.23:2181 KAFKA_ADVERTISED_LISTENERS: SASL_PLAINTEXT://192.168.10.21:9092 KAFKA_LISTENERS: SASL_PLAINTEXT://:9092 KAFKA_SECURITY_INTER_BROKER_PROTOCOL: SASL_PLAINTEXT KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: SCRAM-SHA-256 KAFKA_SASL_ENABLED_MECHANISMS: SCRAM-SHA-256 KAFKA_OPTS: -Djava.security.auth.login.config=/opt/kafka_2.12-2.5.0/config/kafka_server_jaas.conf KAFKA_JVM_PERFORMANCE_OPTS: -Xmx2G -Xms1G KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 3 KAFKA_DEFAULT_REPLICATION_FACTOR: 3 volumes: - ./kafka-data:/kafka - ./kafka-config:/opt/kafka_2.12-2.5.0/config - /etc/localtime:/etc/localtime
-
8、本文采用3节点,每个节点docker-compose需要修改对应节点的id:KAFKA_BROKER_ID: ,ZOO_MY_ID:
本文是原创文章,转载请注明来自 知识殿堂
评论
匿名评论
隐私政策
你无需删除空行,直接评论以获取最佳展示效果